#!/usr/bin/env python """ to test with python cmd1:env keystore=`pwd` ./attr.py """ import os import ABAC ctxt = ABAC.Context() def print_p(ctxt, tt, msg): os.environ["ABAC_CN"]="1" out = ctxt.context_principals() print "%s principal set..." % tt for x in out[1]: print "%s%s " % (msg,x.string()) os.environ.clear() def print_a(ctxt, tt, msg): os.environ["ABAC_CN"]="1" print "%s rule set..." % tt out = ctxt.context_credentials() for x in out[1]: print "%s%s " % (msg,x.string()) os.environ.clear() ##wrint db with ABAC_CN enabled def print_db(ctxt): ctxt.dump_yap_db() # Keystore is the directory containing the principal credentials. # Load existing principals and/or policy credentials if (os.environ.has_key("keystore")) : keystore=os.environ["keystore"] else: print("keystore is not set...") exit(1) superKID=ABAC.ID("SuperK_ID.pem"); superKID.id_load_privkey_file("SuperK_private.pem"); ctxt.load_id(superKID) superK=superKID.id_keyid() jackID=ABAC.ID("Jack_ID.pem"); jackID.id_load_privkey_file("Jack_private.pem"); ctxt.load_id(jackID) jack=jackID.id_keyid() bobID=ABAC.ID("Bob_ID.pem"); bobID.id_load_privkey_file("Bob_private.pem"); ctxt.load_id(bobID) bob=bobID.id_keyid() maryID=ABAC.ID("Mary_ID.pem"); maryID.id_load_privkey_file("Mary_private.pem"); ctxt.load_id(maryID) mary=maryID.id_keyid() #case 1: #Only employee of SuperK can park #[keyid:SuperK].role:park <- [keyid:SuperK].role:employee head = ABAC.Role(superK,"park") tail = ABAC.Role(superK,"employee") attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() attr.attribute_write_cert("SuperK_park__SuperK_employee_attr.der") ctxt.load_attribute_file("SuperK_park__SuperK_employee_attr.der") print_a(ctxt,"case1", "..") #case 2: #Jack is an employee of SuperK #[keyid:SuperK].role:employee <- [keyid:Jack] head = ABAC.Role(superK,"employee") tail = ABAC.Role(jack) attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() # create a policy file at the file system attr.attribute_write_cert("SuperK_employee__Jack_attr.der") ctxt.load_attribute(attr); print_a(ctxt,"case2", "....") #case 3: #Bob is an employee of SuperK #[keyid:SuperK].role:employee <- [keyid:Jack] head = ABAC.Role(superK,"employee") tail = ABAC.Role(bob) attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() chunk=attr.cert_chunk() nattr=ABAC.Attribute_chunk(chunk) ctxt.load_attribute(nattr); print_a(ctxt,"case3", "....") #case 4: #Mary is an employee of SuperK #[keyid:SuperK].role:employee <- [keyid:Mary] head = ABAC.Role(superK,"employee") tail = ABAC.Role(mary) attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() chunk=attr.cert_chunk() ctxt.load_attribute_chunk(chunk); print_a(ctxt,"case4", "......")