source: examples/python_tests/experiment_multi_rt0/attr.py @ 20eaefe

mei_rt2mei_rt2_fix_1
Last change on this file since 20eaefe was 646e57e, checked in by Mei <mei@…>, 12 years ago

1) add partial proof
  • Property mode set to 100755
File size: 5.2 KB
RevLine 
[abf8d5d]1#!/usr/bin/env python
2
3"""
4See README in this directory for the semantics of the example.  This file
5constructs the credentials described and puts copies into this directory
6
7cmd1:env keystore=`pwd` ./attr.py
8"""
9
10import os
11import ABAC
12
13ctxt = ABAC.Context()
14print "ABAC version %s" % ctxt.version()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
[646e57e]21else:
22    print("keystore is not set...")
23    exit(1)
24
[abf8d5d]25
26out = ctxt.context_principals()
27print "...initial principal set..."
28for x in out[1]:
29    print "%s " % x.string()
30print "\n" 
31
32out = ctxt.context_credentials()
33print "...initial policy attribute set..."
34for c in out[1]:
35    print "%s <- %s" % (c.head_string(), c.tail_string())
36print "\n"
37
38# retrieve principals' keyid value from local credential files
39acmeID=ABAC.ID("Acme_ID.pem");
40acmeID.id_load_privkey_file("Acme_private.pem");
41acme=acmeID.id_keyid()
42
43bobID=ABAC.ID("Bob_ID.pem");
44bobID.id_load_privkey_file("Bob_private.pem");
45bob=bobID.id_keyid()
46
47aliceID=ABAC.ID("Alice_ID.pem");
48aliceID.id_load_privkey_file("Alice_private.pem");
49alice=aliceID.id_keyid()
50
51daveID=ABAC.ID("Dave_ID.pem");
52daveID.id_load_privkey_file("Dave_private.pem");
53dave=daveID.id_keyid()
54
55globotronID=ABAC.ID("Globotron_ID.pem");
56globotronID.id_load_privkey_file("Globotron_private.pem");
57globotron=globotronID.id_keyid()
58
59################################################
60# Credential 1, Anyone who is allowed to create experiment by Acme's
61#               partners can create experiment at Acme
62# [keyid:Acme].role:experiment_create
63#           <- [keyid:Acme].role:partner.role:experiment_create
64head=ABAC.Role(acme,"experiment_create")
65
66# creating a linking role
67tail = ABAC.Role(acme,"partner","experiment_create")
68
69# compose the policy attribute
70attr=ABAC.Attribute(head, 1800)
71attr.attribute_add_tail(tail)
72
73# finalize the policy
74attr.attribute_bake()
75
76# write out the policy to an external file
77attr.attribute_write_cert("Acme_experiment_create__Acme_partner_experiment_create_attr.der")
78
79# load the policy into the context by accessing that external file
80ctxt.load_attribute_file("Acme_experiment_create__Acme_partner_experiment_create_attr.der")
81print attr.string() 
82print attr.typed_string()
83print "\n"
84
85#################################################
86# Credential 2
87# [keyid:Acme].role:partner <- [keyid:Globotron]
88#
89head=ABAC.Role(acme,"partner")
90tail = ABAC.Role(globotron)
91attr=ABAC.Attribute(head, 1800)
92attr.attribute_add_tail(tail)
93attr.attribute_bake()
94attr.attribute_write_cert("Acme_partner__Globotron_attr.der")
95ctxt.load_attribute_file("Acme_partner__Globotron_attr.der")
96print attr.string() 
97print attr.typed_string()
98print "\n"
99
100#################################################
101# Credential 3
102# [keyid:Globotron].role:expriment_create
103#           <- [keyid:Globotron].role:admin.role:power_user
104head = ABAC.Role(acme,"experiment_create")
105
106# a linking role
107tail = ABAC.Role(globotron,"admin","power_user")
108attr=ABAC.Attribute(head, 1800)
109attr.attribute_add_tail(tail)
110attr.attribute_bake()
111attr.attribute_write_cert("Globotron_experiment_create__Globotron_admin_power_user_attr.der")
112ctxt.load_attribute_file("Globotron_experiment_create__Globotron_admin_power_user_attr.der")
113print attr.string() 
114print attr.typed_string()
115print "\n"
116
117#################################################
118# Credential 4, named term at the right
119# [keyid:Globotron].role:admin <- [keyid:Alice]
120head = ABAC.Role(globotron,"admin")
121
122# the named role is using keyid of alice
123tail = ABAC.Role(alice)
124attr=ABAC.Attribute(head, 1800)
125attr.attribute_add_tail(tail)
126attr.attribute_bake()
127attr.attribute_write_cert("Globotron_admin__Alice_attr.der")
128ctxt.load_attribute_file("Globotron_admin__Alice_attr.der")
129print attr.string() 
130print attr.typed_string()
131print "\n"
132
133#################################################
134# Credential 5,
135# [keyid:Alice].role:power_user <- [keyid:Bob]
136head = ABAC.Role(alice,"power_user")
137tail = ABAC.Role(bob)
138attr=ABAC.Attribute(head, 1800)
139attr.attribute_add_tail(tail)
140attr.attribute_bake()
141attr.attribute_write_cert("Alice_power_user__Bob_attr.der")
142ctxt.load_attribute_file("Alice_power_user__Bob_attr.der")
143print attr.string() 
144print attr.typed_string()
145print "\n"
146
147
148#################################################
149# Credential 6, named term at the right
150# [keyid:Globotron].role:admin <- [keyid:Dave]
151head = ABAC.Role(globotron,"admin")
152
153# the named role is using keyid of alice
154tail = ABAC.Role(dave)
155attr=ABAC.Attribute(head, 1800)
156attr.attribute_add_tail(tail)
157attr.attribute_bake()
158attr.attribute_write_cert("Globotron_admin__Dave_attr.der")
159ctxt.load_attribute_file("Globotron_admin__Dave_attr.der")
160print attr.string() 
161print attr.typed_string()
162print "\n"
163
164#################################################
165# Credential 7,
166# [keyid:Dave].role:power_user <- [keyid:Bob]
167head = ABAC.Role(dave,"power_user")
168tail = ABAC.Role(bob)
169attr=ABAC.Attribute(head, 1800)
170attr.attribute_add_tail(tail)
171attr.attribute_bake()
172attr.attribute_write_cert("Dave_power_user__Bob_attr.der")
173ctxt.load_attribute_file("Dave_power_user__Bob_attr.der")
174print attr.string() 
175print attr.typed_string()
176print "\n"
177
Note: See TracBrowser for help on using the repository browser.