source: examples/python_tests/alumni3_ctxt_rt1/query.py @ 2e9455f

mei_rt2
Last change on this file since 2e9455f was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 4.2 KB
Line 
1#!/usr/bin/env python
2
3"""
4Run the queries described in README
5
6cmd1:env keystore=`pwd` ./query.py
7cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py
8
9"""
10
11import os
12import ABAC
13
14##########################################
15# dump the loaded principals/policies
16#
17def dumpCred(CTXT, STRING):
18   out = CTXT.context_principals()
19   print "\n...%s principals" %STRING
20   for x in out[1]:
21       print "%s " % x.string()
22   out = CTXT.context_credentials()
23   print "\n...%s attributes" %STRING
24   for c in out[1]:
25       print "%s <- %s" % (c.head_string(), c.tail_string())
26   return 
27   
28##########################################
29# role=[keyid:stateU].role:foundingAlumni
30# p=[keyid:WHO]
31def askAbout(CTXT, WHO, STRING):
32   print "\n%s" %STRING
33   role = ABAC.Role(stateU,"foundingAlumni")
34   p = ABAC.Role(WHO)
35   out = CTXT.query(role, p)
36   for c in out[1]:
37       print "%s <- %s" % (c.head_string(), c.tail_string())
38   return
39
40###############################
41ctxtA = ABAC.Context()
42ctxtA.set_no_partial_proof()
43
44ctxtC = ABAC.Context()
45ctxtC.set_no_partial_proof()
46###############################
47
48# retrieve principals' keyid value from local credential files
49stateUID=ABAC.ID("StateU_ID.pem")
50stateUID.id_load_privkey_file("StateU_private.pem")
51stateU=stateUID.id_keyid()
52
53bobID=ABAC.ID("Bob_ID.pem")
54bob=bobID.id_keyid()
55
56markID=ABAC.ID("Mark_ID.pem")
57mark=markID.id_keyid()
58
59joeID=ABAC.ID("Joe_ID.pem")
60joe=joeID.id_keyid()
61
62maryannID=ABAC.ID("Maryann_ID.pem")
63maryann=maryannID.id_keyid()
64
65janID=ABAC.ID("Jan_ID.pem")
66jan=janID.id_keyid()
67
68ctxtA.load_id(stateUID)
69ctxtA.load_id(bobID)
70ctxtA.load_id(markID)
71
72ctxtC.load_id(stateUID)
73
74################################################
75# Credential 1, this policy has two range constraints on different parameters
76# [keyid:stateU].role:foundingAlumni
77#              <- [keyid:stateU].role:diploma([string:?D:['mathmatics','psychology']],
78#                                             [integer:?Year:[1960,1961,1963]])
79ctxtA.load_attribute_file("StateU_foundingAlumni__stateU_diploma_q_qY_attr.der")
80ctxtC.load_attribute_file("StateU_foundingAlumni__stateU_diploma_q_qY_attr.der")
81
82#################################################
83# Credential 2
84# [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1961]) <- [keyid:bob]
85ctxtA.load_attribute_file("StateU_diploma_m__Bob_attr.der")
86
87#################################################
88# Credential 3
89# [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1965]) <- [keyid:mark]
90ctxtA.load_attribute_file("StateU_diploma_m__Mark_attr.der")
91
92###############################
93ctxtB = ABAC.Context(ctxtA)
94ctxtB.set_no_partial_proof()
95
96ctxtB.load_id(joeID)
97ctxtB.load_id(maryannID)
98ctxtB.load_id(janID)
99###############################
100ctxtC.load_id(maryannID)
101ctxtC.load_id(janID)
102###############################
103
104##########################################################################
105# Credential 4
106# [keyid:stateU].role:diploma([string:'zoology'],[integer:1961]) <- [keyid:joe]
107ctxtB.load_attribute_file("StateU_diploma_z__Joe_attr.der")
108
109#################################################
110# Credential 5
111# [keyid:stateU].role:diploma([string:'psychology'],[integer:1962])
112#                             <- [keyid:maryann]
113ctxtB.load_attribute_file("StateU_diploma_p__Maryann_attr.der")
114ctxtC.load_attribute_file("StateU_diploma_p__Maryann_attr.der")
115
116#################################################
117# Credential 6
118# [keyid:stateU].role:diploma([string:'psychology'],[integer:1960])
119#                              <- [keyid:jan]
120ctxtB.load_attribute_file("StateU_diploma_p__Jan_attr.der")
121ctxtC.load_attribute_file("StateU_diploma_p__Jan_attr.der")
122
123###############################
124dumpCred(ctxtA, "ctxtA")
125dumpCred(ctxtB, "ctxtB")
126dumpCred(ctxtC, "ctxtC")
127
128askAbout(ctxtA, bob, "\n===good============ ctxtA,stateU.foundingAlumni <- Bob")
129askAbout(ctxtB, bob, "\n===good============ ctxtB,stateU.foundingAlumni <- Bob")
130askAbout(ctxtC, bob, "\n===bad============ ctxtC,stateU.foundingAlumni <- Bob")
131
132askAbout(ctxtA, jan, "\n===bad============ ctxtA,stateU.foundingAlumni <- Jan")
133askAbout(ctxtB, jan, "\n===good============ ctxtB,stateU.foundingAlumni <- Jan")
134askAbout(ctxtC, jan, "\n===good============ ctxtC,stateU.foundingAlumni <- Jan")
135
Note: See TracBrowser for help on using the repository browser.