1 | #!/usr/bin/env python |
---|
2 | |
---|
3 | """ |
---|
4 | to test with python |
---|
5 | |
---|
6 | cmd1:env keystore=`pwd` ./attr.py |
---|
7 | """ |
---|
8 | |
---|
9 | import os |
---|
10 | import ABAC |
---|
11 | |
---|
12 | keystore=os.environ["keystore"] |
---|
13 | |
---|
14 | ctxt = ABAC.Context() |
---|
15 | print "ABAC version %s" % ctxt.version() |
---|
16 | |
---|
17 | ctxt.load_directory(keystore) |
---|
18 | |
---|
19 | out = ctxt.context_principals() |
---|
20 | print "...initial principal set..." |
---|
21 | for x in out[1]: |
---|
22 | print "%s " % x.string() |
---|
23 | print "\n" |
---|
24 | |
---|
25 | out = ctxt.context_credentials() |
---|
26 | print "...initial policy attribute set..." |
---|
27 | for c in out[1]: |
---|
28 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
29 | print "\n" |
---|
30 | |
---|
31 | isiID=ABAC.ID("ISI_ID.pem") |
---|
32 | isiID.id_load_privkey_file("ISI_private.pem"); |
---|
33 | isi=isiID.id_keyid() |
---|
34 | |
---|
35 | uscID=ABAC.ID("USC_ID.pem") |
---|
36 | uscID.id_load_privkey_file("USC_private.pem"); |
---|
37 | usc=uscID.id_keyid() |
---|
38 | |
---|
39 | maryannID=ABAC.ID("Maryann_ID.pem") |
---|
40 | maryannID.id_load_privkey_file("Maryann_private.pem"); |
---|
41 | maryann=maryannID.id_keyid() |
---|
42 | |
---|
43 | johnID=ABAC.ID("John_ID.pem") |
---|
44 | johnID.id_load_privkey_file("John_private.pem"); |
---|
45 | john=johnID.id_keyid() |
---|
46 | |
---|
47 | ################################################ |
---|
48 | #[keyid:USC].role:evaluatorOf([principal:?K]) |
---|
49 | # <-[keyid:USC].role:managerOf([principal:?K]) |
---|
50 | param=ABAC.DataTerm("principal", "K") |
---|
51 | head = ABAC.Role(usc,"evaluatorOf") |
---|
52 | head.role_add_data_term(param) |
---|
53 | param=ABAC.DataTerm("principal","K") |
---|
54 | tail = ABAC.Role(usc,"managerOf") |
---|
55 | tail.role_add_data_term(param) |
---|
56 | attr=ABAC.Attribute(head, 1800) |
---|
57 | attr.attribute_add_tail(tail) |
---|
58 | attr.attribute_bake() |
---|
59 | attr.attribute_write_cert("USC_evaluatorof_qK__USC_managerof_qK_attr.der") |
---|
60 | ctxt.load_attribute_file("USC_evaluatorof_qK__USC_managerof_qK_attr.der") |
---|
61 | print attr.string() |
---|
62 | print attr.typed_string() |
---|
63 | print "\n" |
---|
64 | |
---|
65 | ################################################# |
---|
66 | # [keyid:USC].role:managerOf([principal:?K]) |
---|
67 | # <-[keyid:ISI].role:managerOf([principal:?K]) |
---|
68 | # |
---|
69 | param=ABAC.DataTerm("principal", "K") |
---|
70 | head = ABAC.Role(usc,"managerOf") |
---|
71 | head.role_add_data_term(param) |
---|
72 | param=ABAC.DataTerm("principal", "K") |
---|
73 | tail = ABAC.Role(isi,"managerOf") |
---|
74 | tail.role_add_data_term(param) |
---|
75 | attr=ABAC.Attribute(head, 1800) |
---|
76 | attr.attribute_add_tail(tail) |
---|
77 | attr.attribute_bake() |
---|
78 | attr.attribute_write_cert("USC_managerof_qK__USC_employee_attr.der") |
---|
79 | ctxt.load_attribute_file("USC_managerof_qK__USC_employee_attr.der") |
---|
80 | print attr.string() |
---|
81 | print attr.typed_string() |
---|
82 | print "\n" |
---|
83 | |
---|
84 | ################################################# |
---|
85 | # [keyid:ISI].role:managerOf([keyid:Maryann]) |
---|
86 | # <- [keyid:John] |
---|
87 | param=ABAC.DataTerm(maryannID) |
---|
88 | head = ABAC.Role(isi,"managerOf") |
---|
89 | head.role_add_data_term(param) |
---|
90 | tail = ABAC.Role(john) |
---|
91 | attr=ABAC.Attribute(head, 1800) |
---|
92 | attr.attribute_add_tail(tail) |
---|
93 | attr.attribute_bake() |
---|
94 | attr.attribute_write_cert("ISI_manageof_Maryann__John_attr.der") |
---|
95 | ctxt.load_attribute_file("ISI_manageof_Maryann__John_attr.der") |
---|
96 | print attr.string() |
---|
97 | print attr.typed_string() |
---|
98 | print "\n" |
---|
99 | |
---|
100 | ################################################ |
---|
101 | # [keyid:USC].role:employee <- [keyid:ISI].role:employee |
---|
102 | head=ABAC.Role(usc,"employee") |
---|
103 | tail = ABAC.Role(isi,"employee") |
---|
104 | attr=ABAC.Attribute(head, 1800) |
---|
105 | attr.attribute_add_tail(tail) |
---|
106 | attr.attribute_bake() |
---|
107 | attr.attribute_write_cert("USC_employee__ISI_employee_attr.der") |
---|
108 | #ctxt.load_attribute_file("USC_employee__ISI_employee_attr.der") |
---|
109 | ctxt.load_attribute(attr) |
---|
110 | #print attr.string() |
---|
111 | #print attr.typed_string() |
---|
112 | #print "\n" |
---|
113 | |
---|
114 | |
---|
115 | ################################################# |
---|
116 | # [keyid:ISI].role:employee <- [keyid:Maryann] |
---|
117 | head = ABAC.Role(isi,"employee") |
---|
118 | tail= ABAC.Role(maryann) |
---|
119 | attr=ABAC.Attribute(head, 1800) |
---|
120 | attr.attribute_add_tail(tail) |
---|
121 | attr.attribute_bake() |
---|
122 | attr.attribute_write_cert("ISI_employee__Maryann_attr.der") |
---|
123 | #ctxt.load_attribute_file("ISI_employee__Maryann_attr.der") |
---|
124 | ctxt.load_attribute(attr) |
---|
125 | print attr.string() |
---|
126 | print attr.typed_string() |
---|
127 | print "\n" |
---|
128 | |
---|
129 | ################################################# |
---|
130 | # [keyid:ISI].role:employee <- [keyid:John] |
---|
131 | head = ABAC.Role(isi,"employee") |
---|
132 | tail= ABAC.Role(john) |
---|
133 | attr=ABAC.Attribute(head, 1800) |
---|
134 | attr.attribute_add_tail(tail) |
---|
135 | attr.attribute_bake() |
---|
136 | attr.attribute_write_cert("ISI_employee__John_attr.der") |
---|
137 | #ctxt.load_attribute_file("ISI_employee__John_attr.der") |
---|
138 | ctxt.load_attribute(attr) |
---|
139 | print attr.string() |
---|
140 | print attr.typed_string() |
---|
141 | print "\n" |
---|
142 | |
---|
143 | ctxt.dump_yap_db() |
---|
144 | ## |
---|