#!/bin/sh
#
# This example shows an example of reasoning about a role's parameters.  There
# are 4 principals StateU, Bob, Maryann, and Joe.  StateU wants to establish a
# set of founding alumni based on the year of graduation.  On graduation each
# alum has previously been issued a credential parameterized with their major
# and graduation year.  StateU sets up a policy that says that a principal is a
# founding alum if they graduated in 1960, 1961, or 1963 no matter what major
# the principal had.  One assumes there was some kind of NCAA suspension in
# 1962.  This policy is expressed in Credential 1.
#
# Credentials 2, 3, and 4 each assign a diploma credential to Bob (a 1961
# mathematics degree), Joe (a 1955 zoology degree) and Maryann (a 1962
# psychology degree).
#
# The attached ./run_query file asks if each of these principals are favored
# alums, and only Bob is.

# alumni2_rt1

# [keyid:stateU].role:foundingAlumni <-?- [keyid:Bob] (yes)
# [keyid:stateU].role:foundingAlumni <-?- [keyid:Maryann] (no)
# [keyid:stateU].role:foundingAlumni <-?- [keyid:Joe] (no)

creddy --generate --cn StateU
creddy --generate --cn Bob
creddy --generate --cn Maryann
creddy --generate --cn Joe

stateU_keyid=`creddy --keyid --cert StateU_ID.pem`
bob_keyid=`creddy --keyid --cert Bob_ID.pem`
maryann_keyid=`creddy --keyid --cert Maryann_ID.pem`
joe_keyid=`creddy --keyid --cert Joe_ID.pem`

diploma_q_qY="diploma([?], [integer:?Year:[1960,1961,1963]])"

diploma_m="diploma([string:'mathmatics'],[integer:1961])"
diploma_z="diploma([string:'zoology'],[integer:1955])"
diploma_p="diploma([string:'psychology'],[integer:1962])"

# [keyid:stateU].role:foundingAlumni 
#                   <- [keyid:stateU].role:diploma([?], [integer:?Year:[1960,1961,1963]])
# Credential 1
creddy --attribute \
       --issuer StateU_ID.pem --key StateU_private.pem --role "foundingAlumni" \
       --subject-cert StateU_ID.pem --subject-role "$diploma_q_qY" \
       --out StateU_foundingAlumni__stateU_diploma_q_qY_attr.der

# [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1961]) <- [keyid:bob]
# Credential 2
creddy --attribute \
        --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_m" \
        --subject-cert Bob_ID.pem \
        --out StateU_diploma_m__Bob_attr.der

# [keyid:stateU].role:diploma([string:'zoology'],[integer:1955]) <- [keyid:joe]
# Credential 3
creddy --attribute \
        --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_z" \
        --subject-cert Joe_ID.pem \
        --out StateU_diploma_m__Joe_attr.der

# [keyid:stateU].role:diploma([string:'psychology'],[integer:1962]) <- [keyid:maryann]
# Credential 4
creddy --attribute \
        --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_p" \
        --subject-cert Maryann_ID.pem \
        --out StateU_diploma_m__Maryann_attr.der