# access_rt2_typed

pwd=`pwd`

eloc=`which abac_prover_yap | sed 's/\/abac_prover_yap//'`
if [ "$eloc" = "" ]; then
  echo "ERROR: abac_prover_yap is not in the search path!!!"
  exit 1
fi

keyloc=$pwd

alpha=`creddy --keyid --cert $keyloc/Alpha_ID.pem`
bob=`creddy --keyid --cert $keyloc/Bob_ID.pem`
joe=`creddy --keyid --cert $keyloc/Joe_ID.pem`

bob_prin="[keyid:$bob]"

access_fileA="[keyid:$alpha].role:access([string:'Read'],[urn:'file//fileA'])"
team_proj2="[keyid:$alpha].role:team([string:'proj2'])"
bob_prin="[keyid:$bob]"
joe_prin="[keyid:$joe]"

## dump all credentials 
$eloc/abac_prover_yap  --keystore $keyloc --dump creds_dump

# double check
#creddy  --roles --cert Alpha_access_qFqP__alpha_team_qP_attr.der

#[keyid:Alpha].role:access([string:'Read'],[urn:'file//fileA']) <-?- [keyid:bob] (yes)
echo " "
echo "===good============ Alpha.access(Read,fileA)<-?-Bob"
$eloc/abac_prover_yap  --keystore $keyloc --role "$access_fileA" --principal "$bob_prin"

echo " "
echo "===bad============ Alpha.access(Read,fileA)<-?-Joe"
$eloc/abac_prover_yap  --keystore $keyloc --role "$access_fileA" --principal "$joe_prin"

echo " "
echo "===good============ Alpha.team(proj2)<-?-Joe"
#[keyid:alpha].role:team([string:'proj2'])<-[keyid:Joe]
$eloc/abac_prover_yap  --keystore $keyloc --role "$team_proj2" --principal "$joe_prin"