Context Navigation

source: examples/python_tests/experiment_create_rt0/attr.py @ 20eaefe

mei_rt2mei_rt2_fix_1

Last change on this file since 20eaefe was 646e57e, checked in by Mei <mei@…>, 12 years ago
1) add partial proof
Property mode set to `100755`
File size: 4.1 KB

Rev	Line
[5f551d3]	1	#!/usr/bin/env python
	2
	3	"""
[f824a9e]	4	See README in this directory for the semantics of the example. This file
	5	constructs the credentials described and puts copies into this directory
[5f551d3]	6
	7	cmd1:env keystore=`pwd` ./attr.py
	8	"""
	9
	10	import os
	11	import ABAC
	12
	13	ctxt = ABAC.Context()
	14	print "ABAC version %s" % ctxt.version()
	15
[f824a9e]	16	# Keystore is the directory containing the principal credentials.
	17	# Load existing principals and/or policy credentials
	18	if (os.environ.has_key("keystore")) :
	19	keystore=os.environ["keystore"]
	20	ctxt.load_directory(keystore)
[646e57e]	21	else:
	22	print("keystore is not set...")
	23	exit(1)
	24
[5f551d3]	25
	26	out = ctxt.context_principals()
	27	print "...initial principal set..."
	28	for x in out[1]:
	29	print "%s " % x.string()
	30	print "\n"
	31
	32	out = ctxt.context_credentials()
	33	print "...initial policy attribute set..."
	34	for c in out[1]:
	35	print "%s <- %s" % (c.head_string(), c.tail_string())
	36	print "\n"
	37
[f824a9e]	38	# retrieve principals' keyid value from local credential files
[5f551d3]	39	acmeID=ABAC.ID("Acme_ID.pem");
	40	acmeID.id_load_privkey_file("Acme_private.pem");
	41	acme=acmeID.id_keyid()
	42
	43	bobID=ABAC.ID("Bob_ID.pem");
	44	bobID.id_load_privkey_file("Bob_private.pem");
	45	bob=bobID.id_keyid()
	46
	47	aliceID=ABAC.ID("Alice_ID.pem");
	48	aliceID.id_load_privkey_file("Alice_private.pem");
	49	alice=aliceID.id_keyid()
	50
	51	globotronID=ABAC.ID("Globotron_ID.pem");
	52	globotronID.id_load_privkey_file("Globotron_private.pem");
	53	globotron=globotronID.id_keyid()
	54
	55	################################################
[f824a9e]	56	# Credential 1, Anyone who is allowed to create experiment by Acme's
	57	# partners can create experiment at Acme
[5f551d3]	58	# [keyid:Acme].role:experiment_create
	59	# <- [keyid:Acme].role:partner.role:experiment_create
	60	head=ABAC.Role(acme,"experiment_create")
[f824a9e]	61
	62	# creating a linking role
[5f551d3]	63	tail = ABAC.Role(acme,"partner","experiment_create")
[f824a9e]	64
	65	# compose the policy attribute
[5f551d3]	66	attr=ABAC.Attribute(head, 1800)
	67	attr.attribute_add_tail(tail)
[f824a9e]	68
	69	# finalize the policy
[5f551d3]	70	attr.attribute_bake()
[f824a9e]	71
	72	# write out the policy to an external file
[5f551d3]	73	attr.attribute_write_cert("Acme_experiment_create__Acme_partner_experiment_create_attr.der")
[f824a9e]	74
	75	# load the policy into the context by accessing that external file
[5f551d3]	76	ctxt.load_attribute_file("Acme_experiment_create__Acme_partner_experiment_create_attr.der")
	77	print attr.string()
	78	print attr.typed_string()
	79	print "\n"
	80
	81	#################################################
[f824a9e]	82	# Credential 2
[5f551d3]	83	# [keyid:Acme].role:partner <- [keyid:Globotron]
	84	#
	85	head=ABAC.Role(acme,"partner")
	86	tail = ABAC.Role(globotron)
	87	attr=ABAC.Attribute(head, 1800)
	88	attr.attribute_add_tail(tail)
	89	attr.attribute_bake()
	90	attr.attribute_write_cert("Acme_partner__Globotron_attr.der")
	91	ctxt.load_attribute_file("Acme_partner__Globotron_attr.der")
	92	print attr.string()
	93	print attr.typed_string()
	94	print "\n"
	95
	96	#################################################
[f824a9e]	97	# Credential 3
[5f551d3]	98	# [keyid:Globotron].role:expriment_create
	99	# <- [keyid:Globotron].role:admin.role:power_user
	100	head = ABAC.Role(acme,"experiment_create")
[f824a9e]	101
	102	# a linking role
[5f551d3]	103	tail = ABAC.Role(globotron,"admin","power_user")
	104	attr=ABAC.Attribute(head, 1800)
	105	attr.attribute_add_tail(tail)
	106	attr.attribute_bake()
	107	attr.attribute_write_cert("Globotron_experiment_create__Globotron_admin_power_user_attr.der")
	108	ctxt.load_attribute_file("Globotron_experiment_create__Globotron_admin_power_user_attr.der")
	109	print attr.string()
	110	print attr.typed_string()
	111	print "\n"
	112
	113	#################################################
[f824a9e]	114	# Credential 4, named term at the right
[5f551d3]	115	# [keyid:Globotron].role:admin <- [keyid:Alice]
	116	head = ABAC.Role(globotron,"admin")
[f824a9e]	117
	118	# the named role is using keyid of alice
[5f551d3]	119	tail = ABAC.Role(alice)
	120	attr=ABAC.Attribute(head, 1800)
	121	attr.attribute_add_tail(tail)
	122	attr.attribute_bake()
	123	attr.attribute_write_cert("Globotron_admin__Alice_attr.der")
	124	ctxt.load_attribute_file("Globotron_admin__Alice_attr.der")
	125	print attr.string()
	126	print attr.typed_string()
	127	print "\n"
	128
	129	#################################################
	130	# [keyid:Alice].role:power_user <- [keyid:Bob]
	131	head = ABAC.Role(alice,"power_user")
	132	tail = ABAC.Role(bob)
	133	attr=ABAC.Attribute(head, 1800)
	134	attr.attribute_add_tail(tail)
	135	attr.attribute_bake()
	136	attr.attribute_write_cert("Alice_power_user__Bob_attr.der")
	137	ctxt.load_attribute_file("Alice_power_user__Bob_attr.der")
	138	print attr.string()
	139	print attr.typed_string()
	140	print "\n"
	141

Note: See TracBrowser for help on using the repository browser.

Download in other formats: