#!/usr/bin/env python """ See README in this directory for the semantics of the example. This file constructs the credentials described and puts copies into this directory cmd1:env keystore=`pwd` ./attr.py """ import os import ABAC ctxt = ABAC.Context() print "ABAC version %s" % ctxt.version() # Keystore is the directory containing the principal credentials. # Load existing principals and/or policy credentials if (os.environ.has_key("keystore")) : keystore=os.environ["keystore"] ctxt.load_directory(keystore) out = ctxt.context_principals() print "...initial principal set..." for x in out[1]: print "%s " % x.string() print "\n" out = ctxt.context_credentials() print "...initial policy attribute set..." for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) print "\n" # retrieve principals' keyid value from local credential files acmeID=ABAC.ID("Acme_ID.pem"); acmeID.id_load_privkey_file("Acme_private.pem"); acme=acmeID.id_keyid() bobID=ABAC.ID("Bob_ID.pem"); bobID.id_load_privkey_file("Bob_private.pem"); bob=bobID.id_keyid() aliceID=ABAC.ID("Alice_ID.pem"); aliceID.id_load_privkey_file("Alice_private.pem"); alice=aliceID.id_keyid() globotronID=ABAC.ID("Globotron_ID.pem"); globotronID.id_load_privkey_file("Globotron_private.pem"); globotron=globotronID.id_keyid() ################################################ # Credential 1, Anyone who is allowed to create experiment by Acme's # partners can create experiment at Acme # [keyid:Acme].role:experiment_create # <- [keyid:Acme].role:partner.role:experiment_create head=ABAC.Role(acme,"experiment_create") # creating a linking role tail = ABAC.Role(acme,"partner","experiment_create") # compose the policy attribute attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) # finalize the policy attr.attribute_bake() # write out the policy to an external file attr.attribute_write_cert("Acme_experiment_create__Acme_partner_experiment_create_attr.der") # load the policy into the context by accessing that external file ctxt.load_attribute_file("Acme_experiment_create__Acme_partner_experiment_create_attr.der") print attr.string() print attr.typed_string() print "\n" ################################################# # Credential 2 # [keyid:Acme].role:partner <- [keyid:Globotron] # head=ABAC.Role(acme,"partner") tail = ABAC.Role(globotron) attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() attr.attribute_write_cert("Acme_partner__Globotron_attr.der") ctxt.load_attribute_file("Acme_partner__Globotron_attr.der") print attr.string() print attr.typed_string() print "\n" ################################################# # Credential 3 # [keyid:Globotron].role:expriment_create # <- [keyid:Globotron].role:admin.role:power_user head = ABAC.Role(acme,"experiment_create") # a linking role tail = ABAC.Role(globotron,"admin","power_user") attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() attr.attribute_write_cert("Globotron_experiment_create__Globotron_admin_power_user_attr.der") ctxt.load_attribute_file("Globotron_experiment_create__Globotron_admin_power_user_attr.der") print attr.string() print attr.typed_string() print "\n" ################################################# # Credential 4, named term at the right # [keyid:Globotron].role:admin <- [keyid:Alice] head = ABAC.Role(globotron,"admin") # the named role is using keyid of alice tail = ABAC.Role(alice) attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() attr.attribute_write_cert("Globotron_admin__Alice_attr.der") ctxt.load_attribute_file("Globotron_admin__Alice_attr.der") print attr.string() print attr.typed_string() print "\n" ################################################# # [keyid:Alice].role:power_user <- [keyid:Bob] head = ABAC.Role(alice,"power_user") tail = ABAC.Role(bob) attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() attr.attribute_write_cert("Alice_power_user__Bob_attr.der") ctxt.load_attribute_file("Alice_power_user__Bob_attr.der") print attr.string() print attr.typed_string() print "\n"