#!/usr/bin/env python """ Run the queries described in README cmd1:env keystore=`pwd` ./query.py cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py """ import os import ABAC ctxt = ABAC.Context() # Keystore is the directory containing the principal credentials. # Load existing principals and/or policy credentials if (os.environ.has_key("keystore")) : keystore=os.environ["keystore"] ctxt.load_directory(keystore) else: print("keystore is not set...") exit(1) # retrieve principals' keyid value from local credential files leagueID=ABAC.ID("League_ID.pem"); leagueID.id_load_privkey_file("League_private.pem"); league=leagueID.id_keyid() johnID=ABAC.ID("John_ID.pem"); johnID.id_load_privkey_file("John_private.pem"); john=johnID.id_keyid() markID=ABAC.ID("Mark_ID.pem"); markID.id_load_privkey_file("Mark_private.pem"); mark=markID.id_keyid() ########################################################################## # dump the loaded principals/policies # out = ctxt.context_principals() print "\n...final principal set..." for x in out[1]: print "%s " % x.string() out = ctxt.context_credentials() print "\n...final policy attribute set..." for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # can john go to stadium at 1pm? # role=[keyid:league].role:stadium([string:'access'],[boolean:true],[time:20120228T130000]) # p=[keyid:john] param1=ABAC.DataTerm("string", "'access'") param2=ABAC.DataTerm("boolean", "true") param3=ABAC.DataTerm("time", "20120228T130000") role = ABAC.Role(league,"stadium") role.role_add_data_term(param1) role.role_add_data_term(param2) role.role_add_data_term(param3) p=ABAC.Role(john) print "\n===good============ league.stadium(access,true,20120128T130000)<-?-john" out = ctxt.query(role, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # can mark go to stadium at 11am? # role=[keyid:league].role:stadium([string:'access'],[boolean:true],[time:20120228T110000]) # p=[keyid:mark] param1=ABAC.DataTerm("string", "'access'") param2=ABAC.DataTerm("boolean", "true") param3=ABAC.DataTerm("time", "20120228T110000") role = ABAC.Role(league,"stadium") role.role_add_data_term(param1) role.role_add_data_term(param2) role.role_add_data_term(param3) p=ABAC.Role(mark) print "\n===bad============ league.stadium(access,true,20120128T110000)<-?-mark" out = ctxt.query(role, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # can mark go to stadium at 8am then? # role=[keyid:league].role:stadium([string:'access'],[boolean:true],[time:20120228T080000]) # p=[keyid:mark] param1=ABAC.DataTerm("string", "'access'") param2=ABAC.DataTerm("boolean", "true") param3=ABAC.DataTerm("time", "20120228T080000") role = ABAC.Role(league,"stadium") role.role_add_data_term(param1) role.role_add_data_term(param2) role.role_add_data_term(param3) p=ABAC.Role(mark) print "\n===good============ league.stadium(access,true,20120128T080000)<-?-mark" out = ctxt.query(role, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string())