#!/usr/bin/env python

"""
Run the queries described in README

cmd: env keystore=`pwd` ./query.py 
"""

import os
import ABAC

ctxt = ABAC.Context()

# Keystore is the directory containing the principal credentials.
# Load existing principals and/or policy credentials
if (os.environ.has_key("keystore")) :
    keystore=os.environ["keystore"]
    ctxt.load_directory(keystore)
else:
    print("keystore is not set...")
    exit(1)

# retrieve principals' keyid value from local credential files
acmeID=ABAC.ID("Acme_ID.pem");
acmeID.load_privkey("Acme_private.pem");
ctxt.load_id_chunk(acmeID.cert_chunk())
acme=acmeID.keyid()

bobID=ABAC.ID("Bob_ID.pem");
bobID.load_privkey("Bob_private.pem");
ctxt.load_id_chunk(bobID.cert_chunk())
bob=bobID.keyid()

aliceID=ABAC.ID("Alice_ID.pem");
aliceID.load_privkey("Alice_private.pem");
ctxt.load_id_chunk(aliceID.cert_chunk())
alice=aliceID.keyid()

globotronID=ABAC.ID("Globotron_ID.pem");
globotronID.load_privkey("Globotron_private.pem");
ctxt.load_id_chunk(globotronID.cert_chunk())
globotron=globotronID.keyid()

##########################################################################
# dump the loaded attribute policies
#
print "\n...policy attribute set..."
credentials = ctxt.credentials()
for credential in credentials:
    print "context: %s <- %s" % (credential.head().string(), credential.tail().string())

##########################################################################
# is alice a admin at Globotron ?
# role=[keyid:Globotron].role:admin 
# p=[keyid:Alice]

print "\n===good=============== Globotron.admin <- Alice"
(success, credentials) = ctxt.query("%s.admin" % globotron, alice)

if success:
    print "success!"
else:
    print "failure!"
for credential in credentials:
    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())

##########################################################################
# is bob a admin at Globotron ?
# role=[keyid:Globotron].role:admin 
# p=[keyid:Bob]

print "\n===bad=============== Globotron.admin <- Bob"
(success, credentials) = ctxt.query("%s.admin" % globotron, bob)
if success:
    print "success!"
else:
    print "failure!"
for credential in credentials:
    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())

##########################################################################
# can bob create experiment at Acme ?
# role=[keyid:Acme].role:experiment_create 
# p=[keyid:Bob]

print "\n===good=============== Acme.experiment_create <- Bob"
(success, credentials) = ctxt.query("%s.experiment_create" % acme, bob)
if success:
    print "success!"
else:
    print "failure!"
for credential in credentials:
    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())