Context Navigation

attr.py @ 6cd69a0

abac0-leakabac0-mei

Last change on this file since 6cd69a0 was ec550f7, checked in by Mei <mei@…>, 11 years ago

1) reworked how API doc is generated
2) tweak top level Makefile.am
3) loading issuer principal as side-effect of loading

an attribute credentials

4) add examples of GENI specific attribute credentials

and principal certificates into the regression testing

5) rename examples to tests

Property mode set to 100755

File size: 2.8 KB

Rev	Line
[be6cb41]	1	#!/usr/bin/env python
	2
	3	"""
	4	See README in this directory for the semantics of the example. This file
	5	constructs the credentials described and puts copies into this directory
	6
	7	cmd1: ./attr.py
	8	"""
	9	import os
	10	import ABAC
	11
	12	ctxt = ABAC.Context()
	13
	14	# retrieve principals' keyid value from local credential files
	15	acmeID=ABAC.ID("Acme_ID.pem");
	16	acmeID.load_privkey("Acme_private.pem");
	17	ctxt.load_id_chunk(acmeID.cert_chunk())
	18	acme=acmeID.keyid()
	19
	20	coyoteID=ABAC.ID("Coyote_ID.pem");
	21	coyoteID.load_privkey("Coyote_private.pem");
	22	ctxt.load_id_chunk(coyoteID.cert_chunk())
	23	coyote=coyoteID.keyid()
	24
	25	warnerbrosID=ABAC.ID("WarnerBros_ID.pem");
	26	warnerbrosID.load_privkey("WarnerBros_private.pem");
	27	ctxt.load_id_chunk(warnerbrosID.cert_chunk())
	28	warnerbros=warnerbrosID.keyid()
	29
	30	batmanID=ABAC.ID("Batman_ID.pem");
	31	batmanID.load_privkey("Batman_private.pem");
	32	ctxt.load_id_chunk(batmanID.cert_chunk())
	33	batman=batmanID.keyid()
	34
	35
	36	################################################
	37	# Credential 1, establish the intersection rule on who can buy
	38	# rockets from Acme
	39	#[keyid:Acme].role:buy_rockets <- [keyid:Acme].role:preferred_customer
	40	# & [keyid:WarnerBros].role:charater
	41	attr = ABAC.Attribute(acmeID, "buy_rockets", 0)
	42
	43	# to add intersection, just add multiple roles
	44	attr.role(acme,"preferred_customer")
	45	attr.role(warnerbros,"character")
	46
	47	# finalize the rule
	48	attr.bake()
	49
	50	# create a policy file at the file system
	51	attr.write_file("Acme_buy_rockets__Acme_preferred_customer_and_WarnerBros_character_attr.xml")
	52
	53	# load the policy into current context by with the newly created policy file
	54	ctxt.load_attribute_file("Acme_buy_rockets__Acme_preferred_customer_and_WarnerBros_character_attr.xml")
	55
	56	#################################################
	57	# Credential 2
	58	#[keyid:Acme].role:preferred_customer <- [keyid:Coyote]
	59	attr = ABAC.Attribute(acmeID, "preferred_customer", 0)
	60	attr.principal(coyote)
	61	attr.bake()
	62
	63	attr.write_file("Acme_preferred_customer__Coyote_attr.xml")
	64	ctxt.load_attribute_file("Acme_preferred_customer__Coyote_attr.xml")
	65
	66	#################################################
	67	# Credential 3
	68	#[keyid:Acme].role:preferred_customer <- [keyid:Batman]
	69	attr = ABAC.Attribute(acmeID, "preferred_customer", 0)
	70	attr.principal(batman)
	71	attr.bake()
	72
	73	attr.write_file("Acme_preferred_customer__Batman_attr.xml")
	74	ctxt.load_attribute_file("Acme_preferred_customer__Batman_attr.xml")
	75
	76	################################################
	77	# Credential 4
	78	#[keyid:WarnerBros].role:character <- [keyid:Coyote]
	79	attr = ABAC.Attribute(warnerbrosID, "character", 0)
	80	attr.principal(coyote)
	81	attr.bake()
	82
	83	attr.write_file("WarnerBros_character__Coyote_attr.xml")
	84	ctxt.load_attribute_file("WarnerBros_character__Coyote_attr.xml")
	85
	86	# demonstrate how attribute can be load from structure insted of a file
	87	ctxt.load_attribute_chunk(attr.cert_chunk())
	88

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: tests/python_tests/acme_rockets_intersection_rt0/attr.py @ 6cd69a0

Download in other formats: