1 | #!/bin/sh |
---|
2 | |
---|
3 | . ${TESTDIR}/test_util.sh |
---|
4 | keyloc=`pwd` |
---|
5 | |
---|
6 | acme=`$eloc/creddy --keyid --cert $keyloc/Acme_ID.pem` |
---|
7 | coyote=`$eloc/creddy --keyid --cert $keyloc/Coyote_ID.pem` |
---|
8 | |
---|
9 | preferred_customer="$acme.preferred_customer" |
---|
10 | buy_rockets="$acme.buy_rockets" |
---|
11 | coyote_prin="$coyote" |
---|
12 | friend="$acme.friend" |
---|
13 | acme_prin="$acme" |
---|
14 | |
---|
15 | #[keyid:Acme].role:preferred_customer <-?- [keyid:Coyote] |
---|
16 | #isMember(pCoyote, role(pAcme,preferred_customer), C). |
---|
17 | echo "===good============ Acme.preferred_customer <- Coyote" |
---|
18 | runTest creddy_prover_test/acme_rockets_rt0 test1 \ |
---|
19 | "$ploc/abac_prover --keystore $keyloc --role $preferred_customer --principal $coyote_prin" \ |
---|
20 | 0 \ |
---|
21 | "simple rt0 query with 1 matched rule" |
---|
22 | |
---|
23 | #[keyid:Acme].role:buy_rockets <-?- [keyid:Coyote] |
---|
24 | #isMember(pCoyote, role(pAcme,buy_rockets), C). |
---|
25 | echo "===good=============== Acme.buy_rockets <- Coyote" |
---|
26 | runTest creddy_prover_test/acme_rockets_rt0 test2 \ |
---|
27 | "$ploc/abac_prover --keystore $keyloc --role $buy_rockets --principal $coyote_prin" \ |
---|
28 | 0 \ |
---|
29 | "rt0 query that returns 2 rules" |
---|
30 | |
---|
31 | ## this is not suppose to work |
---|
32 | #[keyid:Acme].role:buy_rockets <-?- [keyid:Acme].role:preferred_customer |
---|
33 | echo "===bad=============== Acme.buy_rockets <- Acme.preferred_customer" |
---|
34 | runTest creddy_prover_test/acme_rockets_rt0 test3 \ |
---|
35 | "$ploc/abac_prover --keystore $keyloc --role $buy_rockets --principal $preferred_customer" \ |
---|
36 | 0 \ |
---|
37 | "this query is not suppose to work but alas did not block it, a.r1 <- b.r2" |
---|
38 | |
---|
39 | #[keyid:Coyote].role:friend <-?- [keyid:Acme] |
---|
40 | #isMember(pAcme, role(pCoyote,friend), C). |
---|
41 | echo "===bad=============== Coyote.friend <- Acme" |
---|
42 | runTest creddy_prover_test/acme_rockets_rt0 test4 \ |
---|
43 | "$ploc/abac_prover --keystore $keyloc --role $friend --principal $acme_prin" \ |
---|
44 | 1 \ |
---|
45 | "the assumption is not supported by rules " |
---|