Note: Cream's principal is loaded without it private key. It does not
need to because it is not being used to generate attribute credential
"""
from sys import argv, exit
from ABAC import Context
from ABAC import ID, Attribute, Role
debug=0
## initial context
ctxt = Context()
if len(argv) != 6:
print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.xml> <pfile> <c_cert.pem>"
exit(1)
# load the ID and its key
id = None
try:
id = ID(argv[1])
id.load_privkey(argv[2])
cream_id = ID(argv[5])
except Exception, e:
print "Problem loading ID cert: %s" % e
exit(1)
for o, a in opts:
if o == '--keystore':
keystore = a
elif o == '--role':
role = a
elif o == '--principal':
principal = a
else:
assert False, "WAT"
if keystore == '' or role == '' or principal == '':
usage()
# code begins here! sorry about that
print keystore
print role
print principal
ctx = Context()
ctx.load_directory(keystore)
(success, credentials) = ctx.query(role, principal)
if success:
print "success"
for credential in credentials:
print "credential %s <- %s" % (credential.head().string(), credential.tail().string())