source: examples/python_tests/leader_rt1/attr.py @ 888df49

mei_rt2mei_rt2_fix_1
Last change on this file since 888df49 was f824a9e, checked in by Mei <mei@…>, 12 years ago

1) add more doc to python_tests

  • Property mode set to 100755
File size: 3.5 KB
Line 
1#!/usr/bin/env python
2
3"""
4See README in this directory for the semantics of the example.  This file
5constructs the credentials described and puts copies into this directory
6
7cmd1:env keystore=`pwd` ./attr.py
8"""
9
10import os
11import ABAC
12
13ctxt = ABAC.Context()
14print "ABAC version %s" % ctxt.version()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21
22out = ctxt.context_principals()
23print "...initial principal set..."
24for x in out[1]:
25    print "%s " % x.string()
26print "\n" 
27
28out = ctxt.context_credentials()
29print "...initial policy attribute set..."
30for c in out[1]:
31    print "%s <- %s" % (c.head_string(), c.tail_string())
32print "\n"
33
34# retrieve principals' keyid value from local credential files
35geniID=ABAC.ID("Geni_ID.pem");
36geniID.id_load_privkey_file("Geni_private.pem");
37geni=geniID.id_keyid()
38
39bobID=ABAC.ID("Bob_ID.pem");
40bobID.id_load_privkey_file("Bob_private.pem");
41bob=bobID.id_keyid()
42
43jackID=ABAC.ID("Jack_ID.pem");
44jackID.id_load_privkey_file("Jack_private.pem");
45jack=jackID.id_keyid()
46
47joeID=ABAC.ID("Joe_ID.pem");
48joeID.id_load_privkey_file("Joe_private.pem");
49joe=joeID.id_keyid()
50
51################################################
52# Credential 1,
53# [keyid:geni].role:leader
54#         <- [keyid:geni].role:equivalent([principal:?P[keyid:geni].role:leader])
55head=ABAC.Role(geni,"leader")
56
57# initialize the role constraint on a principlal
58condrole=ABAC.Role(geni,"leader")
59cond=ABAC.Constraint(condrole)
60
61# make the data term with the role constraint
62param=ABAC.DataTerm("principal","P", cond)
63tail = ABAC.Role(geni,"equivalent")
64tail.role_add_data_term(param)
65
66# build he attribute policy
67attr=ABAC.Attribute(head, 1800)
68attr.attribute_add_tail(tail)
69
70# finalize the policy
71attr.attribute_bake()
72
73# write the policy out to a credential file
74attr.attribute_write_cert("geni_leader__geni_leader_qP_attr.der")
75
76# load the policy into the context using the credential file
77ctxt.load_attribute_file("geni_leader__geni_leader_qP_attr.der")
78print attr.string() 
79print attr.typed_string()
80print "\n"
81
82#################################################
83# Credential 2
84# [keyid:geni].role:leader <- [keyid:bob]
85head=ABAC.Role(geni,"leader")
86tail = ABAC.Role(bob)
87attr=ABAC.Attribute(head, 1800)
88attr.attribute_add_tail(tail)
89attr.attribute_bake()
90attr.attribute_write_cert("geni_leader__Bob_attr.der")
91ctxt.load_attribute_file("geni_leader__Bob_attr.der")
92print attr.string() 
93print attr.typed_string()
94print "\n"
95
96#################################################
97# Credential 3
98# [keyid:geni].role:equivalent([keyid:bob]) <- [keyid:Joe]
99param=ABAC.DataTerm(bobID)
100head = ABAC.Role(geni,"equivalent")
101head.role_add_data_term(param)
102tail = ABAC.Role(joe)
103attr=ABAC.Attribute(head, 1800)
104attr.attribute_add_tail(tail)
105attr.attribute_bake()
106attr.attribute_write_cert("geni_equivalent_Bob__Joe_attr.der")
107ctxt.load_attribute_file("geni_equivalent_Bob__Joe_attr.der")
108print attr.string() 
109print attr.typed_string()
110print "\n"
111
112#################################################
113# Credential 4
114# [keyid:geni].role:equivalent([keyid:Joe]) <- [keyid:Bob]
115param=ABAC.DataTerm(joeID)
116head = ABAC.Role(geni,"equivalent")
117head.role_add_data_term(param)
118tail = ABAC.Role(bob)
119attr=ABAC.Attribute(head, 1800)
120attr.attribute_add_tail(tail)
121attr.attribute_bake()
122attr.attribute_write_cert("geni_equivalent_Joe__Bob_attr.der")
123ctxt.load_attribute_file("geni_equivalent_Joe__Bob_attr.der")
124print attr.string() 
125print attr.typed_string()
126print "\n"
Note: See TracBrowser for help on using the repository browser.