1 | #!/usr/bin/env sh |
---|
2 | |
---|
3 | . ${TESTDIR}/test_util.sh |
---|
4 | if [ -z "${TESTDIR}" ] ; then |
---|
5 | TESTDIR=../.. |
---|
6 | fi |
---|
7 | |
---|
8 | keyloc=`pwd` |
---|
9 | |
---|
10 | acme=`$eloc/creddy --keyid --cert $keyloc/Acme_ID.pem` |
---|
11 | coyote=`$eloc/creddy --keyid --cert $keyloc/Coyote_ID.pem` |
---|
12 | |
---|
13 | preferred_customer="$acme.preferred_customer" |
---|
14 | buy_rockets="$acme.buy_rockets" |
---|
15 | coyote_prin="$coyote" |
---|
16 | friend="$acme.friend" |
---|
17 | acme_prin="$acme" |
---|
18 | |
---|
19 | #[keyid:Acme].role:preferred_customer <-?- [keyid:Coyote] |
---|
20 | #isMember(pCoyote, role(pAcme,preferred_customer), C). |
---|
21 | echo "===good============ Acme.preferred_customer <- Coyote" |
---|
22 | runTest creddy_prover_test/acme_rockets_rt0 test1 \ |
---|
23 | "$ploc/abac_prover --keystore $keyloc --role $preferred_customer --principal $coyote_prin" \ |
---|
24 | 0 \ |
---|
25 | "simple rt0 query with 1 matched rule" |
---|
26 | |
---|
27 | #[keyid:Acme].role:buy_rockets <-?- [keyid:Coyote] |
---|
28 | #isMember(pCoyote, role(pAcme,buy_rockets), C). |
---|
29 | echo "===good=============== Acme.buy_rockets <- Coyote" |
---|
30 | runTest creddy_prover_test/acme_rockets_rt0 test2 \ |
---|
31 | "$ploc/abac_prover --keystore $keyloc --role $buy_rockets --principal $coyote_prin" \ |
---|
32 | 0 \ |
---|
33 | "rt0 query that returns 2 rules" |
---|
34 | |
---|
35 | ## this is not suppose to work |
---|
36 | #[keyid:Acme].role:buy_rockets <-?- [keyid:Acme].role:preferred_customer |
---|
37 | echo "===bad=============== Acme.buy_rockets <- Acme.preferred_customer" |
---|
38 | runTest creddy_prover_test/acme_rockets_rt0 test3 \ |
---|
39 | "$ploc/abac_prover --keystore $keyloc --role $buy_rockets --principal $preferred_customer" \ |
---|
40 | 0 \ |
---|
41 | "this query is not suppose to work but alas did not block it, a.r1 <- b.r2" |
---|
42 | |
---|
43 | #[keyid:Coyote].role:friend <-?- [keyid:Acme] |
---|
44 | #isMember(pAcme, role(pCoyote,friend), C). |
---|
45 | echo "===bad=============== Coyote.friend <- Acme" |
---|
46 | runTest creddy_prover_test/acme_rockets_rt0 test4 \ |
---|
47 | "$ploc/abac_prover --keystore $keyloc --role $friend --principal $acme_prin" \ |
---|
48 | 1 \ |
---|
49 | "the assumption is not supported by rules " |
---|