# acme_friend_rt1_typed

pwd=`pwd`

eloc=`which abac_prover_yap | sed 's/\/abac_prover_yap//'`
if [ "$eloc" = "" ]; then
  echo "ERROR: abac_prover_yap is not in the search path!!!"
  exit 1
fi
keyloc=$pwd

roadrunner=`creddy --keyid --cert $keyloc/Roadrunner_ID.pem`
acme=`creddy --keyid --cert $keyloc/Acme_ID.pem`
coyote=`creddy --keyid --cert $keyloc/Coyote_ID.pem`
jackrabbit=`creddy --keyid --cert $keyloc/Jackrabbit_ID.pem`

friendof_roadrunner="[keyid:$acme].role:friendOf([keyid:$roadrunner])"
coyote_prin="[keyid:$coyote]"
badcoyote_prin="[keyid:bad]"
preferred_customer="[keyid:$acme].role:preferred_customer"
jackrabbit_prin="[keyid:$jackrabbit]"

## dump all credentials
$eloc/abac_prover_yap  --keystore $keyloc --dump creds_dump

#[keyid:Acme].role:friendof([keyid:Roadrunner]) <-?- [keyid:Coyote]
echo "  "
echo "===bad============ Acme.friendOf(Roadrunner) <- Coyote"
$eloc/abac_prover_yap  --keystore $keyloc --role "$friendof_roadrunner" --principal "$coyote_prin"

#[keyid:Acme].role:friendof([keyid:Roadrunner]) <-?- [keyid:Jackrabbit]
echo "  "
echo "===good============ Acme.friendOf(Roadrunner) <- Jackrabbit"
$eloc/abac_prover_yap  --keystore $keyloc --role "$friendof_roadrunner" --principal "$jackrabbit_prin"

#[keyid:Acme].role:preferred_customer <-?- [keyid:Jackrabbit]
echo "  "
echo "===good============ Acme.preferred_customer <- Jackrabbit"
$eloc/abac_prover_yap  --keystore $keyloc --role "$preferred_customer" --principal "$jackrabbit_prin"

#[keyid:Acme].role:preferred_customer <-?- [keyid:Coyote]
echo "  "
echo "===good============ Acme.preferred_customer <- Coyote"
$eloc/abac_prover_yap  --keystore $keyloc --role "$preferred_customer" --principal "$coyote_prin"

#[keyid:Acme].role:preferred_customer <-?- [keyid:badCoyote]
echo "  "
echo "===bad============ Acme.preferred_customer <- badCoyote"
$eloc/abac_prover_yap  --keystore $keyloc --role "$preferred_customer" --principal "$badcoyote_prin"