source: examples/python_tests/balltime_rt2/attr.py @ efd7ebe

mei_rt2mei_rt2_fix_1
Last change on this file since efd7ebe was f824a9e, checked in by Mei <mei@…>, 13 years ago

1) add more doc to python_tests

  • Property mode set to 100755
File size: 6.1 KB
Line 
1#!/usr/bin/env python
2
3"""
4See README in this directory for the semantics of the example.  This file
5constructs the credentials described and puts copies into this directory
6
7cmd1:env keystore=`pwd` ./attr.py
8"""
9
10import os
11import ABAC
12
13ctxt = ABAC.Context()
14print "ABAC version %s" % ctxt.version()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21
22out = ctxt.context_principals()
23print "...initial principal set..."
24for x in out[1]:
25    print "%s " % x.string()
26print "\n" 
27
28out = ctxt.context_credentials()
29print "...initial policy attribute set..."
30for c in out[1]:
31    print "%s <- %s" % (c.head_string(), c.tail_string())
32print "\n"
33
34# retrieve principals' keyid value from local credential files
35leagueID=ABAC.ID("League_ID.pem");
36leagueID.id_load_privkey_file("League_private.pem");
37league=leagueID.id_keyid()
38
39johnID=ABAC.ID("John_ID.pem");
40johnID.id_load_privkey_file("John_private.pem");
41john=johnID.id_keyid()
42
43markID=ABAC.ID("Mark_ID.pem");
44markID.id_load_privkey_file("Mark_private.pem");
45mark=markID.id_keyid()
46
47################################################
48# Credential 1, oset constraint on a time parameter
49#[keyid:league].role:stadium([string:'access'],[boolean:true],
50#          [time:?F:[keyid:league].oset.gametime([string:?T])])
51#                <-[keyid:league].role:players([string:?T])
52param1=ABAC.DataTerm("string","'access'")
53param2=ABAC.DataTerm("boolean","true")
54
55# setup the uninstantiated variable as the oset constraint's parameter
56param=ABAC.DataTerm("string","T")
57
58# make the oset condition
59condoset=ABAC.Oset(league,"gametime")
60
61# add the parameter for the constraint
62condoset.oset_add_data_term(param)
63
64# create the constraint with the oset condition
65cond=ABAC.Constraint(condoset)
66
67# make the data term that is being constrained
68param3=ABAC.DataTerm("time", "F", cond)
69head = ABAC.Role(league,"stadium")
70head.role_add_data_term(param1)
71head.role_add_data_term(param2)
72head.role_add_data_term(param3)
73param=ABAC.DataTerm("string", "T")
74tail = ABAC.Role(league,"players")
75tail.role_add_data_term(param)
76
77# build up the attribute policy
78attr=ABAC.Attribute(head, 1800)
79attr.attribute_add_tail(tail)
80
81# finalize the policy
82attr.attribute_bake()
83
84# create the credential file for this policy
85attr.attribute_write_cert("League_access_qFqT__League_players_qT_attr.der")
86ctxt.load_attribute_file("League_access_qFqT__League_players_qT_attr.der")
87print attr.string() 
88print attr.typed_string()
89print "\n"
90
91################################################
92# Credential 2, 2 different range constraints, one on a boolean and
93#               and the other is on a time
94#[keyid:league].role:stadium([string:'access'],[boolean:?B:[true],
95#              [time:?F:[20120228T080000..20120228T090000]])
96#               <- [keyid:league].role:players(string:?T)
97param1=ABAC.DataTerm("string","'access'")
98
99# generate a range constraint with a single target value
100cond=ABAC.Constraint("boolean")
101cond.constraint_add_boolean_target("true")
102param2=ABAC.DataTerm("boolean", "B", cond)
103
104# generate a range constraint with a min and a max
105cond=ABAC.Constraint("time")
106cond.constraint_add_time_min("20120228T080000")
107cond.constraint_add_time_max("20120228T090000")
108param3=ABAC.DataTerm("time", "F", cond)
109head = ABAC.Role(league,"stadium")
110head.role_add_data_term(param1)
111head.role_add_data_term(param2)
112head.role_add_data_term(param3)
113
114param=ABAC.DataTerm("string", "T")
115tail = ABAC.Role(league,"players")
116tail.role_add_data_term(param)
117
118attr=ABAC.Attribute(head, 1800)
119attr.attribute_add_tail(tail)
120attr.attribute_bake()
121attr.attribute_write_cert("League_access_qR__League_players_qT_attr.der")
122ctxt.load_attribute_file("League_access_qR__League_players_qT_attr.der")
123print attr.string() 
124print attr.typed_string()
125print "\n"
126
127#################################################
128# Credential 3
129# [keyid:league].oset:gametime([string:'north'])
130#                    <- [time:20120228T130000]
131param=ABAC.DataTerm("string","'north'")
132head = ABAC.Oset(league,"gametime")
133head.oset_add_data_term(param)
134term=ABAC.DataTerm("time", "20120228T130000")
135tail = ABAC.Oset(term)
136attr=ABAC.Attribute(head, 1800)
137attr.attribute_add_tail(tail)
138attr.attribute_bake()
139attr.attribute_write_cert("League_gametime_north__timeT_attr.der")
140ctxt.load_attribute_file("League_gametime_north__timeT_attr.der")
141print attr.string() 
142print attr.typed_string()
143print "\n"
144
145#################################################
146# Credential 4
147# [keyid:league].oset:gametime([string:'south'])
148#                    <-[time:20120228T140000]
149param=ABAC.DataTerm("string","'south'")
150head = ABAC.Oset(league,"gametime")
151head.oset_add_data_term(param)
152term=ABAC.DataTerm("time", "20120228T140000")
153tail = ABAC.Oset(term)
154attr=ABAC.Attribute(head, 1800)
155attr.attribute_add_tail(tail)
156attr.attribute_bake()
157attr.attribute_write_cert("League_gametime_south__time2T_attr.der")
158ctxt.load_attribute_file("League_gametime_south__time2T_attr.der")
159print attr.string() 
160print attr.typed_string()
161print "\n"
162
163#################################################
164# Credential 5
165# [keyid:league].role:players([string:'north'])<-[keyid:John]
166param=ABAC.DataTerm("string", "'north'")
167head = ABAC.Role(league,"players")
168head.role_add_data_term(param)
169tail = ABAC.Role(john)
170attr=ABAC.Attribute(head, 1800)
171attr.attribute_add_tail(tail)
172attr.attribute_bake()
173attr.attribute_write_cert("League_players_north__John_attr.der")
174ctxt.load_attribute_file("League_players_north__John_attr.der")
175print attr.string()
176print attr.typed_string()
177print "\n"
178
179#################################################
180# Credential 6
181# [keyid:league].role:players([string:'south'])<-[keyid:Mark]
182param=ABAC.DataTerm("string", "'south'")
183head = ABAC.Role(league,"players")
184head.role_add_data_term(param)
185tail = ABAC.Role(mark)
186attr=ABAC.Attribute(head, 1800)
187attr.attribute_add_tail(tail)
188attr.attribute_bake()
189attr.attribute_write_cert("League_players_south__Mark_attr.der")
190ctxt.load_attribute_file("League_players_north__John_attr.der")
191print attr.string()
192print attr.typed_string()
193print "\n"
194
195
Note: See TracBrowser for help on using the repository browser.