source: examples/python_tests/fruits_rt2/attr.py @ 20eaefe

#!/usr/bin/env python

"""
See README in this directory for the semantics of the example.  This file
constructs the credentials described and puts copies into this directory

cmd1:env keystore=`pwd` ./attr.py 
"""

import os
import ABAC

ctxt = ABAC.Context()
print "ABAC version %s" % ctxt.version()

# Keystore is the directory containing the principal credentials.
# Load existing principals and/or policy credentials
if (os.environ.has_key("keystore")) :
    keystore=os.environ["keystore"]
    ctxt.load_directory(keystore)
else:
    print("keystore is not set...")
    exit(1)


out = ctxt.context_principals()
print "...initial principal set..."
for x in out[1]:
    print "%s " % x.string()
print "\n" 

out = ctxt.context_credentials()
print "...initial policy attribute set..."
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
print "\n"

# retrieve principals' keyid value from local credential files
ralphsID=ABAC.ID("Ralphs_ID.pem");
ralphsID.id_load_privkey_file("Ralphs_private.pem");
ralphs=ralphsID.id_keyid()

bobID=ABAC.ID("Bob_ID.pem");
bobID.id_load_privkey_file("Bob_private.pem");
bob=bobID.id_keyid()

maryID=ABAC.ID("Mary_ID.pem");
maryID.id_load_privkey_file("Mary_private.pem");
mary=maryID.id_keyid()

################################################
# Credential 1, what kind of fruit Mary would eat. Anything not costing more
#               than 2 dollars
# [keyid:mary].oset:what2eat
#      <- [keyid:ralphs].oset:fruitprice([float:?P:[..2.00]])
head = ABAC.Oset(mary,"what2eat")

# initialize a float range constraint
cond=ABAC.Constraint("float")

# add the upper max to the range, and only the max
cond.constraint_add_float_max(2.00)

# create the data term with the constraint
param=ABAC.DataTerm("float", "P", cond)
tail = ABAC.Oset(ralphs,"fruitprice")
tail.oset_add_data_term(param)

# compose the attribute policy
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)

#finalize the policy
attr.attribute_bake()

#write out the policy to a credential file
attr.attribute_write_cert("mary_what2eat__ralphs_fruitprice_qP_attr.der")

# load the rule back into context via credential file
ctxt.load_attribute_file("mary_what2eat__ralphs_fruitprice_qP_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

################################################
# Credential 2,
# [keyid:bob].oset:what2eat
#      <- [keyid:ralphs].oset:fruitprice([float:?P:[1.00..5.00]])
head = ABAC.Oset(bob,"what2eat")

# initialze a float range constraint
cond=ABAC.Constraint("float")

# add the min and max value to the range
cond.constraint_add_float_min(1.00)
cond.constraint_add_float_max(5.00)
param=ABAC.DataTerm("float", "P", cond)
tail = ABAC.Oset(ralphs,"fruitprice")
tail.oset_add_data_term(param)

#create attribute policy
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)

#finalize the policy
attr.attribute_bake()
attr.attribute_write_cert("bob_what2eat__ralphs_fruitprice_qP_attr.der")
ctxt.load_attribute_file("bob_what2eat__ralphs_fruitprice_qP_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 3
# [keyid:ralphs].oset:fruitprice([float:1.50]) <- [string:'apple']
param=ABAC.DataTerm("float", "1.50")
head = ABAC.Oset(ralphs,"fruitprice")
head.oset_add_data_term(param)
param=ABAC.DataTerm("string", "'apple'")
tail = ABAC.Oset(param)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Ralphs_fruitprice__apple_attr.der")
ctxt.load_attribute_file("Ralphs_fruitprice__apple_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 4
# [keyid:ralphs].oset:fruitprice([float:1.50]) <- [string:'kiwi']
param=ABAC.DataTerm("float", "1.50")
head = ABAC.Oset(ralphs,"fruitprice")
head.oset_add_data_term(param)
param=ABAC.DataTerm("string", "'kiwi'")
tail = ABAC.Oset(param)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Ralphs_fruitprice__kiwi_attr.der")
ctxt.load_attribute_file("Ralphs_fruitprice__kiwi_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 5
# [keyid:ralphs].oset:fruitprice([float:2.50]) <- [string:'black berry']
param=ABAC.DataTerm("float", "2.50")
head = ABAC.Oset(ralphs,"fruitprice")
head.oset_add_data_term(param)
param=ABAC.DataTerm("string", "'black berry'")
tail = ABAC.Oset(param)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Ralphs_fruitprice__blackberry_attr.der")
ctxt.load_attribute_file("Ralphs_fruitprice__blackberry_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 6
# [keyid:ralphs].oset:fruitprice([float:0.50]) <- [string:'navel orange']
param=ABAC.DataTerm("float", "0.50")
head = ABAC.Oset(ralphs,"fruitprice")
head.oset_add_data_term(param)
param=ABAC.DataTerm("string", "'navel orange'")
tail = ABAC.Oset(param)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Ralphs_fruitprice__navelorange_attr.der")
ctxt.load_attribute_file("Ralphs_fruitprice__navelorange_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"