#!/usr/bin/env python

"""
cmd1:env keystore=`pwd` ./query.py 
cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py

"""

import os
import ABAC

ctxt = ABAC.Context()

# Keystore is the directory containing the principal credentials.
# Load existing principals and/or policy credentials
if (os.environ.has_key("keystore")) :
    keystore=os.environ["keystore"]
    ctxt.load_directory(keystore)
else:
    print("keystore is not set...")
    exit(1)

def get_next(ctxt) :
    while( 1 ) :
        print ("\nnext proof:")
        (success, out) = ctxt.next_proof()
        if(success) :
            for c in out:
                print "%s <- %s" % (c.head_string(), c.tail_string())
        else:
            print("no more..\n")
            return

# retrieve principals' keyid value from local credential files
acmeID=ABAC.ID("Acme_ID.pem");
acme=acmeID.id_keyid()

oshID=ABAC.ID("Osh_ID.pem");
osh=oshID.id_keyid()

coyoteID=ABAC.ID("Coyote_ID.pem");
coyote=coyoteID.id_keyid()

ladybugID=ABAC.ID("Ladybug_ID.pem");
ladybug=ladybugID.id_keyid()

grannyID=ABAC.ID("Granny_ID.pem");
granny=grannyID.id_keyid()

poohID=ABAC.ID("Pooh_ID.pem");
pooh=poohID.id_keyid()

burpeeID=ABAC.ID("Burpee_ID.pem");
burpee=burpeeID.id_keyid()

##########################################################################
# dump the loaded principals/policies
#
out = ctxt.context_principals()
print "\n...final principal set..."
for x in out[1]:
    print "%s " % x.string()
out = ctxt.context_credentials()
print "\n...final policy attribute set..."
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

#ctxt.set_no_partial_proof()

##########################################################################
# can coyote buy rockets from Acme ?
# role=[keyid:Acme].role:buy_rockets
# p =[keyid:coyote]
role = ABAC.Role(acme,"buy_rockets")
p = ABAC.Role(coyote)
print "\n===good============ Acme.buy_rockets <- Coyote"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# can ladybug buy rockets from Acme ?
# role=[keyid:Acme].role:buy_rockets
# p =[keyid:ladybug]
role = ABAC.Role(acme,"buy_rockets")
p = ABAC.Role(ladybug)
print "\n===bad============ Acme.buy_rockets <- Ladybug"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
get_next(ctxt)

##########################################################################
# can ladybug buy rockets from Osh ?
# role=[keyid:Osh].role:buy_rockets
# p =[keyid:ladybug]
role = ABAC.Role(osh,"buy_rockets")
p = ABAC.Role(ladybug)
print "\n===good============ Osh.buy_rockets <- Ladybug"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# can ladybug buy lumbers from Acme ?
# role=[keyid:Acme].role:buy_lumbers
# p =[keyid:ladybug]
role = ABAC.Role(acme,"buy_lumbers")
p = ABAC.Role(ladybug)
print "\n===bad============ Acme.buy_lumbers <- Ladybug"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
get_next(ctxt)

##########################################################################
# can pooh buy rockets from Osh ?
# role=[keyid:Osh].role:buy_rockets
# p =[keyid:pooh]
role = ABAC.Role(osh,"buy_rockets")
p = ABAC.Role(pooh)
print "\n===bad============ Osh.buy_rockets <- Pooh"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# can pooh buy rockets from Osh ?
# role=[keyid:Osh].role:buy_rockets
# p =[keyid:pooh]
role = ABAC.Role(osh,"buy_rockets")
p = ABAC.Role(pooh)
print "\n===bad============ Osh.buy_rockets <- Pooh"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
get_next(ctxt)

##########################################################################
# can ladybug buy flowers from Acme ?
# role=[keyid:Acme].role:buy_flowers
# p =[keyid:ladybug]
role = ABAC.Role(acme,"buy_flowers")
param=ABAC.DataTerm(burpeeID)
role.role_add_data_term(param)
p = ABAC.Role(ladybug)
print "\n===good============ Acme.buy_flowers(Burpee) <- Ladybug"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# can pooh buy flowers from Acme ?
# role=[keyid:Acme].role:buy_flowers
# p =[keyid:pooh]
role = ABAC.Role(acme,"buy_flowers")
param=ABAC.DataTerm(burpeeID)
role.role_add_data_term(param)
p = ABAC.Role(pooh)
print "\n===bad============ Acme.buy_flowers(Burpee) <- Pooh"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
get_next(ctxt)