source: examples/python_tests/payraise_rt1/attr.py @ 20eaefe

#!/usr/bin/env python

"""
See README in this directory for the semantics of the example.  This file
constructs the credentials described and puts copies into this directory

cmd1:env keystore=`pwd` ./attr.py 
"""

import os
import ABAC

ctxt = ABAC.Context()
print "ABAC version %s" % ctxt.version()

# Keystore is the directory containing the principal credentials.
# Load existing principals and/or policy credentials
if (os.environ.has_key("keystore")) :
    keystore=os.environ["keystore"]
    ctxt.load_directory(keystore)
else:
    print("keystore is not set...")
    exit(1)

out = ctxt.context_principals()
print "...initial principal set..."
for x in out[1]:
    print "%s " % x.string()
print "\n" 

out = ctxt.context_credentials()
print "...initial policy attribute set..."
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
print "\n"

# retrieve principals' keyid value from local credential files
alphaID=ABAC.ID("Alpha_ID.pem");
alphaID.id_load_privkey_file("Alpha_private.pem");
alpha=alphaID.id_keyid()

bobID=ABAC.ID("Bob_ID.pem");
bobID.id_load_privkey_file("Bob_private.pem");
bob=bobID.id_keyid()

maryannID=ABAC.ID("Maryann_ID.pem");
maryannID.id_load_privkey_file("Maryann_private.pem");
maryann=maryannID.id_keyid()

joeID=ABAC.ID("Joe_ID.pem");
joeID.id_load_privkey_file("Joe_private.pem");
joe=joeID.id_keyid()

################################################
# Credential 1, intersecting linking roles with This principal param for the
#               linked role
# [keyid:alpha].role:payRaise <-
#      [keyid:alpha].role:evaluatorOf([principal:?this]).role:goodPerformance &
#      [keyid:alpha].role:managerOf([principal:?this]).role:niceCoworker
head=ABAC.Role(alpha,"payRaise")

# build a data term with ?This
param=ABAC.DataTerm("principal", "This")
tail1 = ABAC.Role(alpha,"evaluatorOf","goodPerformance")

# add the param to the linked role
tail1.role_add_linked_data_term(param)

# build another data term with ?This
param=ABAC.DataTerm("principal", "This")
tail2 = ABAC.Role(alpha,"managerOf","niceCoworker")

# add the param to the linked role
tail2.role_add_linked_data_term(param)

# compose the intersecting role attribute policy
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail1)
attr.attribute_add_tail(tail2)

# finalize the attribute policy
attr.attribute_bake()

# write out the attribute credential file
attr.attribute_write_cert("Alpha_payraise__Alpha_performance_qT_niceguy_qT_attr.der")
ctxt.load_attribute_file("Alpha_payraise__Alpha_performance_qT_niceguy_qT_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 2, 
# [keyid:alpha].role:managerOf([principal:?Z])<-
#           [keyid:alpha].role:evaluatorOf([principal:?Z])
param=ABAC.DataTerm("principal", "Z")
head=ABAC.Role(alpha,"managerOf")
head.role_add_data_term(param)
param=ABAC.DataTerm("principal", "Z")
tail = ABAC.Role(alpha,"evaluatorOf")
tail.role_add_data_term(param)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Alpha_manager_qZ__Alpha_evaluator_qZ_attr.der")
ctxt.load_attribute_file("Alpha_manager_qZ__Alpha_evaluator_qZ_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 3
# [keyid:alpha].role:evaluatorOf([keyid:Maryann]) <-[keyid:Bob]
param=ABAC.DataTerm(maryannID)
head = ABAC.Role(alpha,"evaluatorOf")
head.role_add_data_term(param)
tail = ABAC.Role(bob)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Alpha_evaluator_m__Bob_attr.der")
ctxt.load_attribute_file("Alpha_evaluator_m__Bob_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 4
# [keyid:Bob].role:goodPerformance <- [keyid:Maryann])
head = ABAC.Role(bob,"goodPerformance")
tail = ABAC.Role(maryann)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Bob_goodperformance__Maryann_attr.der")
ctxt.load_attribute_file("Bob_goodperformance__Maryann_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 5
# [keyid:Bob].role:niceCoworker <- [keyid:Maryann])
head = ABAC.Role(bob,"niceCoworker")
tail = ABAC.Role(maryann)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Bob_nicecoworker__Maryann_attr.der")
ctxt.load_attribute_file("Bob_nicecoworker__Maryann_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 6
# [keyid:alpha].role:evaluatorOf([keyid:Joe]) <-[keyid:Bob]
param=ABAC.DataTerm(joeID)
head = ABAC.Role(alpha,"evaluatorOf")
head.role_add_data_term(param)
tail = ABAC.Role(bob)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Alpha_evaluator_j__Bob_attr.der")
ctxt.load_attribute_file("Alpha_evaluator_j__Bob_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 7
# [keyid:Bob].role:goodPerformance <- [keyid:Joe])
head = ABAC.Role(bob,"goodPerformance")
tail = ABAC.Role(joe)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Bob_goodperformance__Joe_attr.der")
ctxt.load_attribute_file("Bob_goodperformance__Joe_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"