[461541a] | 1 | #!/bin/sh |
---|
| 2 | |
---|
[3c30b59] | 3 | . ${TESTDIR}/test_util.sh |
---|
| 4 | keyloc=`pwd` |
---|
[461541a] | 5 | |
---|
[3c30b59] | 6 | acme=`$eloc/creddy --keyid --cert $keyloc/Acme_ID.pem` |
---|
| 7 | coyote=`$eloc/creddy --keyid --cert $keyloc/Coyote_ID.pem` |
---|
[461541a] | 8 | |
---|
| 9 | preferred_customer="$acme.preferred_customer" |
---|
| 10 | buy_rockets="$acme.buy_rockets" |
---|
| 11 | coyote_prin="$coyote" |
---|
| 12 | friend="$acme.friend" |
---|
| 13 | acme_prin="$acme" |
---|
| 14 | |
---|
| 15 | #[keyid:Acme].role:preferred_customer <-?- [keyid:Coyote] |
---|
| 16 | #isMember(pCoyote, role(pAcme,preferred_customer), C). |
---|
| 17 | echo "===good============ Acme.preferred_customer <- Coyote" |
---|
[3c30b59] | 18 | runTest creddy_prover_test/acme_rockets_rt0 test1 \ |
---|
| 19 | "$ploc/abac_prover --keystore $keyloc --role $preferred_customer --principal $coyote_prin" \ |
---|
| 20 | 0 \ |
---|
| 21 | "simple rt0 query with 1 matched rule" |
---|
[461541a] | 22 | |
---|
| 23 | #[keyid:Acme].role:buy_rockets <-?- [keyid:Coyote] |
---|
| 24 | #isMember(pCoyote, role(pAcme,buy_rockets), C). |
---|
| 25 | echo "===good=============== Acme.buy_rockets <- Coyote" |
---|
[3c30b59] | 26 | runTest creddy_prover_test/acme_rockets_rt0 test2 \ |
---|
| 27 | "$ploc/abac_prover --keystore $keyloc --role $buy_rockets --principal $coyote_prin" \ |
---|
| 28 | 0 \ |
---|
| 29 | "rt0 query that returns 2 rules" |
---|
[461541a] | 30 | |
---|
| 31 | ## this is not suppose to work |
---|
| 32 | #[keyid:Acme].role:buy_rockets <-?- [keyid:Acme].role:preferred_customer |
---|
| 33 | echo "===bad=============== Acme.buy_rockets <- Acme.preferred_customer" |
---|
[3c30b59] | 34 | runTest creddy_prover_test/acme_rockets_rt0 test3 \ |
---|
| 35 | "$ploc/abac_prover --keystore $keyloc --role $buy_rockets --principal $preferred_customer" \ |
---|
| 36 | 0 \ |
---|
| 37 | "this query is not suppose to work but alas did not block it, a.r1 <- b.r2" |
---|
[461541a] | 38 | |
---|
| 39 | #[keyid:Coyote].role:friend <-?- [keyid:Acme] |
---|
| 40 | #isMember(pAcme, role(pCoyote,friend), C). |
---|
| 41 | echo "===bad=============== Coyote.friend <- Acme" |
---|
[3c30b59] | 42 | runTest creddy_prover_test/acme_rockets_rt0 test4 \ |
---|
| 43 | "$ploc/abac_prover --keystore $keyloc --role $friend --principal $acme_prin" \ |
---|
| 44 | 1 \ |
---|
| 45 | "the assumption is not supported by rules " |
---|