# leader_rt1_typed

pwd=`pwd`
eloc=`which abac_prover_yap | sed 's/\/abac_prover_yap//'`
if [ "$eloc" = "" ]; then
  echo "ERROR: abac_prover_yap is not in the search path!!!"
  exit 1
fi
keyloc=$pwd

geni=`creddy --keyid --cert $keyloc/Geni_ID.pem`
bob=`creddy --keyid --cert $keyloc/Bob_ID.pem`
jack=`creddy --keyid --cert $keyloc/Jack_ID.pem`
joe=`creddy --keyid --cert $keyloc/Joe_ID.pem`

geni_leader="[keyid:$geni].role:leader"
bob_prin="[keyid:$bob]"
jack_prin="[keyid:$jack]"
joe_prin="[keyid:$joe]"

# [keyid:geni].role:leader <-?- [keyid:Bob] (yes)
# [keyid:geni].role:leader <-?- [keyid:Jack] (no)
# [keyid:geni].role:leader <-?- [keyid:Joe] (yes)

## dump all credentials
$eloc/abac_prover_yap  --keystore $keyloc --dump creds_dump

#double checking 
#creddy --roles --cert geni_leader__geni_leader_qP_attr.der

# [keyid:geni].role:leader <-?- [keyid:Bob] (yes)
echo " "
echo "===yes============ geni.leader <- Bob"
$eloc/abac_prover_yap  --keystore $keyloc --role "$geni_leader" --principal "$bob_prin"

# [keyid:geni].role:leader <-?- [keyid:Jack] (no)
echo " "
echo "===no============ geni.leader <- Jack"
$eloc/abac_prover_yap  --keystore $keyloc --role "$geni_leader" --principal "$jack_prin"

# [keyid:geni].role:leader <-?- [keyid:Joe] (yes)
echo " "
echo "===yes============ geni.leader <- Joe"
$eloc/abac_prover_yap  --keystore $keyloc --role "$geni_leader" --principal "$joe_prin"