#!/bin/sh

rm -rf *.der *.pem

# alpha.access(read,fileA)<-?-bob  good
# [keyid:Alpha].role:access([string:'read'],[urn:'file//fileA']) <-?- [keyid:Bob] (yes)

creddy --generate --cn Alpha
creddy --generate --cn Bob
creddy --generate --cn Joe

alpha_keyid=`creddy --keyid --cert Alpha_ID.pem`
bob_keyid=`creddy --keyid --cert Bob_ID.pem`
joe_keyid=`creddy --keyid --cert Joe_ID.pem`


access_qFqP="access([string:'read'],[urn:?F[keyid:$alpha_keyid].oset:documents([string:?P])])"
team_qP="team([string:?P])" 

#[keyid:alpha].role:access([string:'read'],
#                    [urn:?F[keyid:alpha].oset:documents([string:?P])])
#                                     <- [keyid:alpha].role:team([string:?P]) 
creddy --attribute \
       --issuer Alpha_ID.pem --key Alpha_private.pem --role "$access_qFqP" \
       --subject-cert Alpha_ID.pem --subject-role "$team_qP" \
       --out Alpha_access_qFqP__alpha_team_qP_attr.der


#[keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] 
creddy --attribute \
        --issuer Alpha_ID.pem --key Alpha_private.pem \
        --oset "documents([string:'proj1'])" \
        --subject-obj "[urn:'file//fileA']" \
        --out Alpha_documents_proj1__fileA_attr.der

# [keyid:alpha].role:team([string:'proj1'])<-[keyid:Bob]
creddy --attribute \
        --issuer Alpha_ID.pem --key Alpha_private.pem \
        --role "team([string:'proj1'])" \
        --subject-cert Bob_ID.pem \
        --out Alpha_team_proj1__Bob_attr.der

# [keyid:alpha].role:team([string:'proj2'])<-[keyid:Joe]
creddy --attribute \
        --issuer Alpha_ID.pem --key Alpha_private.pem \
        --role "team([string:'proj2'])" \
        --subject-cert Joe_ID.pem \
        --out Alpha_team_proj2__Joe_attr.der


#####################################################################
# alpha.access(read,?F:alpha.documents(?proj)) <- alpha.team(?proj)
# [keyid:alpha].role:access([string:'read'],
#                    [urn:?F[keyid:alpha].oset:documents([string:?P])])
#                                     <- [keyid:alpha].role:team([string:?P]) 
# 
# [keyid:alpha].role:access([string:'read'], [urn:?F])<- [principal:?B] 
#                [keyid:alpha].oset:documents([keyid:?P) <- [urn:?F]
#                [keyid:alpha].role:team([string:?P]) <- [principal:?B]
# 
# 
# alpha.documents(proj1)<-fileA
# [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] 
# isMember('file//fileA', oset(alpha,documents,'proj1'))
# 
# alpha.team(proj1)<-bob
# [keyid:alpha].role:team([string:'proj1'])<-[keyid:bob]
# isMember(bob,role(alpha,team,'proj1'))
# 
# query,
# alpha.access(read,fileA)<-?-bob  good
# [keyid:alpha].role:access([string:'read'],[urn:'file//fileA']) <- [keyid:bob]
# isMember(bob, role(alpha, access, 'read', 'file//fileA')).
#