source: examples/python_tests/balltime_rt2/attr.py @ 20eaefe

mei_rt2mei_rt2_fix_1
Last change on this file since 20eaefe was 646e57e, checked in by Mei <mei@…>, 12 years ago

1) add partial proof

  • Property mode set to 100755
File size: 6.1 KB
Line 
1#!/usr/bin/env python
2
3"""
4See README in this directory for the semantics of the example.  This file
5constructs the credentials described and puts copies into this directory
6
7cmd1:env keystore=`pwd` ./attr.py
8"""
9
10import os
11import ABAC
12
13ctxt = ABAC.Context()
14print "ABAC version %s" % ctxt.version()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set...")
23    exit(1)
24
25out = ctxt.context_principals()
26print "...initial principal set..."
27for x in out[1]:
28    print "%s " % x.string()
29print "\n" 
30
31out = ctxt.context_credentials()
32print "...initial policy attribute set..."
33for c in out[1]:
34    print "%s <- %s" % (c.head_string(), c.tail_string())
35print "\n"
36
37# retrieve principals' keyid value from local credential files
38leagueID=ABAC.ID("League_ID.pem");
39leagueID.id_load_privkey_file("League_private.pem");
40league=leagueID.id_keyid()
41
42johnID=ABAC.ID("John_ID.pem");
43johnID.id_load_privkey_file("John_private.pem");
44john=johnID.id_keyid()
45
46markID=ABAC.ID("Mark_ID.pem");
47markID.id_load_privkey_file("Mark_private.pem");
48mark=markID.id_keyid()
49
50################################################
51# Credential 1, oset constraint on a time parameter
52#[keyid:league].role:stadium([string:'access'],[boolean:true],
53#          [time:?F:[keyid:league].oset.gametime([string:?T])])
54#                <-[keyid:league].role:players([string:?T])
55param1=ABAC.DataTerm("string","'access'")
56param2=ABAC.DataTerm("boolean","true")
57
58# setup the uninstantiated variable as the oset constraint's parameter
59param=ABAC.DataTerm("string","T")
60
61# make the oset condition
62condoset=ABAC.Oset(league,"gametime")
63
64# add the parameter for the constraint
65condoset.oset_add_data_term(param)
66
67# create the constraint with the oset condition
68cond=ABAC.Constraint(condoset)
69
70# make the data term that is being constrained
71param3=ABAC.DataTerm("time", "F", cond)
72head = ABAC.Role(league,"stadium")
73head.role_add_data_term(param1)
74head.role_add_data_term(param2)
75head.role_add_data_term(param3)
76param=ABAC.DataTerm("string", "T")
77tail = ABAC.Role(league,"players")
78tail.role_add_data_term(param)
79
80# build up the attribute policy
81attr=ABAC.Attribute(head, 1800)
82attr.attribute_add_tail(tail)
83
84# finalize the policy
85attr.attribute_bake()
86
87# create the credential file for this policy
88attr.attribute_write_cert("League_access_qFqT__League_players_qT_attr.der")
89ctxt.load_attribute_file("League_access_qFqT__League_players_qT_attr.der")
90print attr.string() 
91print attr.typed_string()
92print "\n"
93
94################################################
95# Credential 2, 2 different range constraints, one on a boolean and
96#               and the other is on a time
97#[keyid:league].role:stadium([string:'access'],[boolean:?B:[true],
98#              [time:?F:[20120228T080000..20120228T090000]])
99#               <- [keyid:league].role:players(string:?T)
100param1=ABAC.DataTerm("string","'access'")
101
102# generate a range constraint with a single target value
103cond=ABAC.Constraint("boolean")
104cond.constraint_add_boolean_target("true")
105param2=ABAC.DataTerm("boolean", "B", cond)
106
107# generate a range constraint with a min and a max
108cond=ABAC.Constraint("time")
109cond.constraint_add_time_min("20120228T080000")
110cond.constraint_add_time_max("20120228T090000")
111param3=ABAC.DataTerm("time", "F", cond)
112head = ABAC.Role(league,"stadium")
113head.role_add_data_term(param1)
114head.role_add_data_term(param2)
115head.role_add_data_term(param3)
116
117param=ABAC.DataTerm("string", "T")
118tail = ABAC.Role(league,"players")
119tail.role_add_data_term(param)
120
121attr=ABAC.Attribute(head, 1800)
122attr.attribute_add_tail(tail)
123attr.attribute_bake()
124attr.attribute_write_cert("League_access_qR__League_players_qT_attr.der")
125ctxt.load_attribute_file("League_access_qR__League_players_qT_attr.der")
126print attr.string() 
127print attr.typed_string()
128print "\n"
129
130#################################################
131# Credential 3
132# [keyid:league].oset:gametime([string:'north'])
133#                    <- [time:20120228T130000]
134param=ABAC.DataTerm("string","'north'")
135head = ABAC.Oset(league,"gametime")
136head.oset_add_data_term(param)
137term=ABAC.DataTerm("time", "20120228T130000")
138tail = ABAC.Oset(term)
139attr=ABAC.Attribute(head, 1800)
140attr.attribute_add_tail(tail)
141attr.attribute_bake()
142attr.attribute_write_cert("League_gametime_north__timeT_attr.der")
143ctxt.load_attribute_file("League_gametime_north__timeT_attr.der")
144print attr.string() 
145print attr.typed_string()
146print "\n"
147
148#################################################
149# Credential 4
150# [keyid:league].oset:gametime([string:'south'])
151#                    <-[time:20120228T140000]
152param=ABAC.DataTerm("string","'south'")
153head = ABAC.Oset(league,"gametime")
154head.oset_add_data_term(param)
155term=ABAC.DataTerm("time", "20120228T140000")
156tail = ABAC.Oset(term)
157attr=ABAC.Attribute(head, 1800)
158attr.attribute_add_tail(tail)
159attr.attribute_bake()
160attr.attribute_write_cert("League_gametime_south__time2T_attr.der")
161ctxt.load_attribute_file("League_gametime_south__time2T_attr.der")
162print attr.string() 
163print attr.typed_string()
164print "\n"
165
166#################################################
167# Credential 5
168# [keyid:league].role:players([string:'north'])<-[keyid:John]
169param=ABAC.DataTerm("string", "'north'")
170head = ABAC.Role(league,"players")
171head.role_add_data_term(param)
172tail = ABAC.Role(john)
173attr=ABAC.Attribute(head, 1800)
174attr.attribute_add_tail(tail)
175attr.attribute_bake()
176attr.attribute_write_cert("League_players_north__John_attr.der")
177ctxt.load_attribute_file("League_players_north__John_attr.der")
178print attr.string()
179print attr.typed_string()
180print "\n"
181
182#################################################
183# Credential 6
184# [keyid:league].role:players([string:'south'])<-[keyid:Mark]
185param=ABAC.DataTerm("string", "'south'")
186head = ABAC.Role(league,"players")
187head.role_add_data_term(param)
188tail = ABAC.Role(mark)
189attr=ABAC.Attribute(head, 1800)
190attr.attribute_add_tail(tail)
191attr.attribute_bake()
192attr.attribute_write_cert("League_players_south__Mark_attr.der")
193ctxt.load_attribute_file("League_players_north__John_attr.der")
194print attr.string()
195print attr.typed_string()
196print "\n"
197
198
Note: See TracBrowser for help on using the repository browser.