Context Navigation

source: examples/python_tests/experiment_create_rt0/attr.py @ 052e76b

mei_rt2mei_rt2_fix_1

Last change on this file since 052e76b was f824a9e, checked in by Mei <mei@…>, 12 years ago
1) add more doc to python_tests
Property mode set to `100755`
File size: 4.1 KB

Rev	Line
[5f551d3]	1	#!/usr/bin/env python
	2
	3	"""
[f824a9e]	4	See README in this directory for the semantics of the example. This file
	5	constructs the credentials described and puts copies into this directory
[5f551d3]	6
	7	cmd1:env keystore=`pwd` ./attr.py
	8	"""
	9
	10	import os
	11	import ABAC
	12
	13	ctxt = ABAC.Context()
	14	print "ABAC version %s" % ctxt.version()
	15
[f824a9e]	16	# Keystore is the directory containing the principal credentials.
	17	# Load existing principals and/or policy credentials
	18	if (os.environ.has_key("keystore")) :
	19	keystore=os.environ["keystore"]
	20	ctxt.load_directory(keystore)
[5f551d3]	21
	22	out = ctxt.context_principals()
	23	print "...initial principal set..."
	24	for x in out[1]:
	25	print "%s " % x.string()
	26	print "\n"
	27
	28	out = ctxt.context_credentials()
	29	print "...initial policy attribute set..."
	30	for c in out[1]:
	31	print "%s <- %s" % (c.head_string(), c.tail_string())
	32	print "\n"
	33
[f824a9e]	34	# retrieve principals' keyid value from local credential files
[5f551d3]	35	acmeID=ABAC.ID("Acme_ID.pem");
	36	acmeID.id_load_privkey_file("Acme_private.pem");
	37	acme=acmeID.id_keyid()
	38
	39	bobID=ABAC.ID("Bob_ID.pem");
	40	bobID.id_load_privkey_file("Bob_private.pem");
	41	bob=bobID.id_keyid()
	42
	43	aliceID=ABAC.ID("Alice_ID.pem");
	44	aliceID.id_load_privkey_file("Alice_private.pem");
	45	alice=aliceID.id_keyid()
	46
	47	globotronID=ABAC.ID("Globotron_ID.pem");
	48	globotronID.id_load_privkey_file("Globotron_private.pem");
	49	globotron=globotronID.id_keyid()
	50
	51	################################################
[f824a9e]	52	# Credential 1, Anyone who is allowed to create experiment by Acme's
	53	# partners can create experiment at Acme
[5f551d3]	54	# [keyid:Acme].role:experiment_create
	55	# <- [keyid:Acme].role:partner.role:experiment_create
	56	head=ABAC.Role(acme,"experiment_create")
[f824a9e]	57
	58	# creating a linking role
[5f551d3]	59	tail = ABAC.Role(acme,"partner","experiment_create")
[f824a9e]	60
	61	# compose the policy attribute
[5f551d3]	62	attr=ABAC.Attribute(head, 1800)
	63	attr.attribute_add_tail(tail)
[f824a9e]	64
	65	# finalize the policy
[5f551d3]	66	attr.attribute_bake()
[f824a9e]	67
	68	# write out the policy to an external file
[5f551d3]	69	attr.attribute_write_cert("Acme_experiment_create__Acme_partner_experiment_create_attr.der")
[f824a9e]	70
	71	# load the policy into the context by accessing that external file
[5f551d3]	72	ctxt.load_attribute_file("Acme_experiment_create__Acme_partner_experiment_create_attr.der")
	73	print attr.string()
	74	print attr.typed_string()
	75	print "\n"
	76
	77	#################################################
[f824a9e]	78	# Credential 2
[5f551d3]	79	# [keyid:Acme].role:partner <- [keyid:Globotron]
	80	#
	81	head=ABAC.Role(acme,"partner")
	82	tail = ABAC.Role(globotron)
	83	attr=ABAC.Attribute(head, 1800)
	84	attr.attribute_add_tail(tail)
	85	attr.attribute_bake()
	86	attr.attribute_write_cert("Acme_partner__Globotron_attr.der")
	87	ctxt.load_attribute_file("Acme_partner__Globotron_attr.der")
	88	print attr.string()
	89	print attr.typed_string()
	90	print "\n"
	91
	92	#################################################
[f824a9e]	93	# Credential 3
[5f551d3]	94	# [keyid:Globotron].role:expriment_create
	95	# <- [keyid:Globotron].role:admin.role:power_user
	96	head = ABAC.Role(acme,"experiment_create")
[f824a9e]	97
	98	# a linking role
[5f551d3]	99	tail = ABAC.Role(globotron,"admin","power_user")
	100	attr=ABAC.Attribute(head, 1800)
	101	attr.attribute_add_tail(tail)
	102	attr.attribute_bake()
	103	attr.attribute_write_cert("Globotron_experiment_create__Globotron_admin_power_user_attr.der")
	104	ctxt.load_attribute_file("Globotron_experiment_create__Globotron_admin_power_user_attr.der")
	105	print attr.string()
	106	print attr.typed_string()
	107	print "\n"
	108
	109	#################################################
[f824a9e]	110	# Credential 4, named term at the right
[5f551d3]	111	# [keyid:Globotron].role:admin <- [keyid:Alice]
	112	head = ABAC.Role(globotron,"admin")
[f824a9e]	113
	114	# the named role is using keyid of alice
[5f551d3]	115	tail = ABAC.Role(alice)
	116	attr=ABAC.Attribute(head, 1800)
	117	attr.attribute_add_tail(tail)
	118	attr.attribute_bake()
	119	attr.attribute_write_cert("Globotron_admin__Alice_attr.der")
	120	ctxt.load_attribute_file("Globotron_admin__Alice_attr.der")
	121	print attr.string()
	122	print attr.typed_string()
	123	print "\n"
	124
	125	#################################################
	126	# [keyid:Alice].role:power_user <- [keyid:Bob]
	127	head = ABAC.Role(alice,"power_user")
	128	tail = ABAC.Role(bob)
	129	attr=ABAC.Attribute(head, 1800)
	130	attr.attribute_add_tail(tail)
	131	attr.attribute_bake()
	132	attr.attribute_write_cert("Alice_power_user__Bob_attr.der")
	133	ctxt.load_attribute_file("Alice_power_user__Bob_attr.der")
	134	print attr.string()
	135	print attr.typed_string()
	136	print "\n"
	137

Note: See TracBrowser for help on using the repository browser.

Download in other formats: