[4f79997] | 1 | #!/usr/bin/env sh |
---|
[461541a] | 2 | |
---|
[3c30b59] | 3 | . ${TESTDIR}/test_util.sh |
---|
[4f79997] | 4 | if [ -z "${TESTDIR}" ] ; then |
---|
| 5 | TESTDIR=../.. |
---|
| 6 | fi |
---|
| 7 | |
---|
[3c30b59] | 8 | keyloc=`pwd` |
---|
[461541a] | 9 | |
---|
[3c30b59] | 10 | acme=`$eloc/creddy --keyid --cert $keyloc/Acme_ID.pem` |
---|
| 11 | coyote=`$eloc/creddy --keyid --cert $keyloc/Coyote_ID.pem` |
---|
[461541a] | 12 | |
---|
| 13 | preferred_customer="$acme.preferred_customer" |
---|
| 14 | buy_rockets="$acme.buy_rockets" |
---|
| 15 | coyote_prin="$coyote" |
---|
| 16 | friend="$acme.friend" |
---|
| 17 | acme_prin="$acme" |
---|
| 18 | |
---|
| 19 | #[keyid:Acme].role:preferred_customer <-?- [keyid:Coyote] |
---|
| 20 | #isMember(pCoyote, role(pAcme,preferred_customer), C). |
---|
| 21 | echo "===good============ Acme.preferred_customer <- Coyote" |
---|
[3c30b59] | 22 | runTest creddy_prover_test/acme_rockets_rt0 test1 \ |
---|
| 23 | "$ploc/abac_prover --keystore $keyloc --role $preferred_customer --principal $coyote_prin" \ |
---|
| 24 | 0 \ |
---|
| 25 | "simple rt0 query with 1 matched rule" |
---|
[461541a] | 26 | |
---|
| 27 | #[keyid:Acme].role:buy_rockets <-?- [keyid:Coyote] |
---|
| 28 | #isMember(pCoyote, role(pAcme,buy_rockets), C). |
---|
| 29 | echo "===good=============== Acme.buy_rockets <- Coyote" |
---|
[3c30b59] | 30 | runTest creddy_prover_test/acme_rockets_rt0 test2 \ |
---|
| 31 | "$ploc/abac_prover --keystore $keyloc --role $buy_rockets --principal $coyote_prin" \ |
---|
| 32 | 0 \ |
---|
| 33 | "rt0 query that returns 2 rules" |
---|
[461541a] | 34 | |
---|
| 35 | ## this is not suppose to work |
---|
| 36 | #[keyid:Acme].role:buy_rockets <-?- [keyid:Acme].role:preferred_customer |
---|
| 37 | echo "===bad=============== Acme.buy_rockets <- Acme.preferred_customer" |
---|
[3c30b59] | 38 | runTest creddy_prover_test/acme_rockets_rt0 test3 \ |
---|
| 39 | "$ploc/abac_prover --keystore $keyloc --role $buy_rockets --principal $preferred_customer" \ |
---|
| 40 | 0 \ |
---|
| 41 | "this query is not suppose to work but alas did not block it, a.r1 <- b.r2" |
---|
[461541a] | 42 | |
---|
| 43 | #[keyid:Coyote].role:friend <-?- [keyid:Acme] |
---|
| 44 | #isMember(pAcme, role(pCoyote,friend), C). |
---|
| 45 | echo "===bad=============== Coyote.friend <- Acme" |
---|
[3c30b59] | 46 | runTest creddy_prover_test/acme_rockets_rt0 test4 \ |
---|
| 47 | "$ploc/abac_prover --keystore $keyloc --role $friend --principal $acme_prin" \ |
---|
| 48 | 1 \ |
---|
| 49 | "the assumption is not supported by rules " |
---|