Context Navigation

source: examples/python_tests/experiment_create_rt0/attr.py @ 20eaefe

mei_rt2mei_rt2_fix_1

Last change on this file since 20eaefe was 646e57e, checked in by Mei <mei@…>, 12 years ago
1) add partial proof
Property mode set to `100755`
File size: 4.1 KB

Line
1	#!/usr/bin/env python
2
3	"""
4	See README in this directory for the semantics of the example. This file
5	constructs the credentials described and puts copies into this directory
6
7	cmd1:env keystore=`pwd` ./attr.py
8	"""
9
10	import os
11	import ABAC
12
13	ctxt = ABAC.Context()
14	print "ABAC version %s" % ctxt.version()
15
16	# Keystore is the directory containing the principal credentials.
17	# Load existing principals and/or policy credentials
18	if (os.environ.has_key("keystore")) :
19	keystore=os.environ["keystore"]
20	ctxt.load_directory(keystore)
21	else:
22	print("keystore is not set...")
23	exit(1)
24
25
26	out = ctxt.context_principals()
27	print "...initial principal set..."
28	for x in out[1]:
29	print "%s " % x.string()
30	print "\n"
31
32	out = ctxt.context_credentials()
33	print "...initial policy attribute set..."
34	for c in out[1]:
35	print "%s <- %s" % (c.head_string(), c.tail_string())
36	print "\n"
37
38	# retrieve principals' keyid value from local credential files
39	acmeID=ABAC.ID("Acme_ID.pem");
40	acmeID.id_load_privkey_file("Acme_private.pem");
41	acme=acmeID.id_keyid()
42
43	bobID=ABAC.ID("Bob_ID.pem");
44	bobID.id_load_privkey_file("Bob_private.pem");
45	bob=bobID.id_keyid()
46
47	aliceID=ABAC.ID("Alice_ID.pem");
48	aliceID.id_load_privkey_file("Alice_private.pem");
49	alice=aliceID.id_keyid()
50
51	globotronID=ABAC.ID("Globotron_ID.pem");
52	globotronID.id_load_privkey_file("Globotron_private.pem");
53	globotron=globotronID.id_keyid()
54
55	################################################
56	# Credential 1, Anyone who is allowed to create experiment by Acme's
57	# partners can create experiment at Acme
58	# [keyid:Acme].role:experiment_create
59	# <- [keyid:Acme].role:partner.role:experiment_create
60	head=ABAC.Role(acme,"experiment_create")
61
62	# creating a linking role
63	tail = ABAC.Role(acme,"partner","experiment_create")
64
65	# compose the policy attribute
66	attr=ABAC.Attribute(head, 1800)
67	attr.attribute_add_tail(tail)
68
69	# finalize the policy
70	attr.attribute_bake()
71
72	# write out the policy to an external file
73	attr.attribute_write_cert("Acme_experiment_create__Acme_partner_experiment_create_attr.der")
74
75	# load the policy into the context by accessing that external file
76	ctxt.load_attribute_file("Acme_experiment_create__Acme_partner_experiment_create_attr.der")
77	print attr.string()
78	print attr.typed_string()
79	print "\n"
80
81	#################################################
82	# Credential 2
83	# [keyid:Acme].role:partner <- [keyid:Globotron]
84	#
85	head=ABAC.Role(acme,"partner")
86	tail = ABAC.Role(globotron)
87	attr=ABAC.Attribute(head, 1800)
88	attr.attribute_add_tail(tail)
89	attr.attribute_bake()
90	attr.attribute_write_cert("Acme_partner__Globotron_attr.der")
91	ctxt.load_attribute_file("Acme_partner__Globotron_attr.der")
92	print attr.string()
93	print attr.typed_string()
94	print "\n"
95
96	#################################################
97	# Credential 3
98	# [keyid:Globotron].role:expriment_create
99	# <- [keyid:Globotron].role:admin.role:power_user
100	head = ABAC.Role(acme,"experiment_create")
101
102	# a linking role
103	tail = ABAC.Role(globotron,"admin","power_user")
104	attr=ABAC.Attribute(head, 1800)
105	attr.attribute_add_tail(tail)
106	attr.attribute_bake()
107	attr.attribute_write_cert("Globotron_experiment_create__Globotron_admin_power_user_attr.der")
108	ctxt.load_attribute_file("Globotron_experiment_create__Globotron_admin_power_user_attr.der")
109	print attr.string()
110	print attr.typed_string()
111	print "\n"
112
113	#################################################
114	# Credential 4, named term at the right
115	# [keyid:Globotron].role:admin <- [keyid:Alice]
116	head = ABAC.Role(globotron,"admin")
117
118	# the named role is using keyid of alice
119	tail = ABAC.Role(alice)
120	attr=ABAC.Attribute(head, 1800)
121	attr.attribute_add_tail(tail)
122	attr.attribute_bake()
123	attr.attribute_write_cert("Globotron_admin__Alice_attr.der")
124	ctxt.load_attribute_file("Globotron_admin__Alice_attr.der")
125	print attr.string()
126	print attr.typed_string()
127	print "\n"
128
129	#################################################
130	# [keyid:Alice].role:power_user <- [keyid:Bob]
131	head = ABAC.Role(alice,"power_user")
132	tail = ABAC.Role(bob)
133	attr=ABAC.Attribute(head, 1800)
134	attr.attribute_add_tail(tail)
135	attr.attribute_bake()
136	attr.attribute_write_cert("Alice_power_user__Bob_attr.der")
137	ctxt.load_attribute_file("Alice_power_user__Bob_attr.der")
138	print attr.string()
139	print attr.typed_string()
140	print "\n"
141

Note: See TracBrowser for help on using the repository browser.

Download in other formats: