source: tests/python_tests/acme_rockets_rt0/attr.py @ 3f21704

abac0-leak
Last change on this file since 3f21704 was ec550f7, checked in by Mei <mei@…>, 11 years ago

1) reworked how API doc is generated
2) tweak top level Makefile.am
3) loading issuer principal as side-effect of loading

an attribute credentials

4) add examples of GENI specific attribute credentials

and principal certificates into the regression testing

5) rename examples to tests

  • Property mode set to 100755
File size: 2.1 KB
Line 
1#!/usr/bin/env python
2
3"""
4See README in this directory for the semantics of the example.  This file
5constructs the credentials described and puts copies into this directory
6
7cmd: ./attr.py
8"""
9import os
10import ABAC
11
12ctxt = ABAC.Context()
13
14# retrieve principals' keyid value from local credential files
15acmeID=ABAC.ID("Acme_ID.pem");
16acmeID.load_privkey("Acme_private.pem");
17ctxt.load_id_chunk(acmeID.cert_chunk())
18acme=acmeID.keyid()
19
20coyoteID=ABAC.ID("Coyote_ID.pem");
21coyoteID.load_privkey("Coyote_private.pem");
22ctxt.load_id_chunk(coyoteID.cert_chunk())
23coyote=coyoteID.keyid()
24
25bigbirdID=ABAC.ID("Bigbird_ID.pem");
26bigbirdID.load_privkey("Bigbird_private.pem");
27ctxt.load_id_chunk(bigbirdID.cert_chunk())
28bigbird=bigbirdID.keyid()
29
30################################################
31# Credential 1, only preferred_customer of Acme can buy_rockets
32#[keyid:Acme].role:buy_rockets <- [keyid:Acme].role:preferred_customer
33
34# compose the attribute of a basic rt0 role rule
35attr = ABAC.Attribute(acmeID, "buy_rockets", 0)
36attr.role(acme,"preferred_customer")
37
38# finalize the policy
39attr.bake()
40
41# create a policy file at the file system
42attr.write_file("Acme_buy_rockets__Acme_preferred_customer_attr.xml")
43
44# load the policy into current context by with the newly created policy file
45ctxt.load_attribute_file("Acme_buy_rockets__Acme_preferred_customer_attr.xml")
46
47#################################################
48# Credential 2
49#[keyid:Acme].role:preferred_customer <- [keyid:Coyote]
50attr = ABAC.Attribute(acmeID, "preferred_customer", 0)
51attr.principal(coyote)
52attr.bake()
53
54attr.write_file("Acme_preferred_customer__Coyote_attr.xml")
55ctxt.load_attribute_file("Acme_preferred_customer__Coyote_attr.xml")
56
57#################################################
58# Credential 3
59#[keyid:Coyote].role:friend <- [keyid:Bigbird]
60attr = ABAC.Attribute(coyoteID, "friend", 0)
61attr.principal(bigbird)
62attr.bake()
63
64attr.write_file("Coyote_friend__Bigbird_attr.xml")
65ctxt.load_attribute_chunk(attr.cert_chunk())
66
67#################################################
68credentials = ctxt.credentials()
69for credential in credentials:
70    print "context: %s <- %s" % (credential.head().string(), credential.tail().string())
Note: See TracBrowser for help on using the repository browser.