1 | #!/usr/bin/env python |
---|
2 | """ |
---|
3 | ctxtQuery2.py |
---|
4 | """ |
---|
5 | import os |
---|
6 | import sys |
---|
7 | import ABAC |
---|
8 | |
---|
9 | ctxt = ABAC.Context() |
---|
10 | |
---|
11 | a = ABAC.ID("A", 24 * 3600 * 365 * 20) |
---|
12 | b = ABAC.ID("B", 24 * 3600 * 365 * 20) |
---|
13 | c = ABAC.ID("C", 24 * 3600 * 365 * 20) |
---|
14 | |
---|
15 | attr = ABAC.Attribute(a, "friendly_admin", 24 * 3600 * 365 * 20) |
---|
16 | attr.role(a.keyid(), "friendly") |
---|
17 | attr.role(a.keyid(), "admin") |
---|
18 | attr.bake() |
---|
19 | |
---|
20 | ctxt.load_id_chunk(a.cert_chunk()) |
---|
21 | ctxt.load_attribute_chunk(attr.cert_chunk()) |
---|
22 | |
---|
23 | attr = ABAC.Attribute(a, "friendly", 24 * 3600 * 365 * 20) |
---|
24 | attr.principal(b.keyid()) |
---|
25 | attr.bake() |
---|
26 | ctxt.load_attribute_chunk(attr.cert_chunk()) |
---|
27 | |
---|
28 | |
---|
29 | attr = ABAC.Attribute(a, "admin", 24 * 3600 * 365 * 20) |
---|
30 | attr.principal(b.keyid()) |
---|
31 | attr.bake() |
---|
32 | ctxt.load_attribute_chunk(attr.cert_chunk()) |
---|
33 | |
---|
34 | attr = ABAC.Attribute(a, "admin", 24 * 3600 * 365 * 20) |
---|
35 | attr.principal(c.keyid()) |
---|
36 | attr.bake() |
---|
37 | ctxt.load_attribute_chunk(attr.cert_chunk()) |
---|
38 | |
---|
39 | ok, proof = ctxt.query(a.keyid() + ".friendly_admin", b.keyid()) |
---|
40 | |
---|
41 | if not ok: |
---|
42 | sys.exit(1) |
---|
43 | |
---|
44 | for i, c in enumerate(proof): |
---|
45 | print "%s <- %s" % (c.head().string(), c.tail().string()) |
---|
46 | open("./id%d.pem" % i, "w").write(c.issuer_cert()) |
---|
47 | open("./attr%d.xml" % i, "w").write(c.attribute_cert()) |
---|
48 | |
---|
49 | print "ok? %d" %ok |
---|
50 | |
---|
51 | |
---|