📄 out_original.txt
字号:
Testing policy
<?xml version="1.0" encoding="UTF-8"?>
<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by o (u) -->
<!--Sample XML file generated by XMLSPY v5 rel. 4 U (http://www.xmlspy.com)-->
<!DOCTYPE X.509_PMI_RBAC_Policy><!-- SYSTEM "C:\Documents and Settings\Administrador\Mis documentos\Research\Salford\PERMIS\policy9.dtd" -->
<X.509_PMI_RBAC_Policy OID="19.04.2005">
<SubjectPolicy>
<SubjectDomainSpec ID="student">
<Include LDAPDN="ou=student,o=permis,c=GB"/>
<Exclude LDAPDN="cn=student5,ou=student,o=permis,c=GB"/>
<Include LDAPDN="cn=dis,ou=admin,o=permis,c=gb"/>
</SubjectDomainSpec>
<SubjectDomainSpec ID="staff">
<Include LDAPDN="ou=staff,o=permis,c=GB"/>
<Include LDAPDN="cn=dis,ou=admin,o=permis,c=gb"/>
</SubjectDomainSpec>
<SubjectDomainSpec ID="admin">
<Include LDAPDN="ou=admin,o=permis,c=GB"/>
</SubjectDomainSpec>
</SubjectPolicy>
<RoleHierarchyPolicy>
<RoleSpec Type="permisRole" OID="1.2.826.0.1.3344810.1.1.14">
<SupRole Value="Student">
</SupRole>
<SupRole Value="Staff">
<SubRole Value="Student"/>
</SupRole>
<SupRole Value="Professor">
<SubRole Value="Staff"/>
</SupRole>
<SupRole Value="Researcher">
<SubRole Value="Staff"/>
</SupRole>
<SupRole Value="Admin">
<SubRole Value="Professor"/>
<SubRole Value="Researcher"/>
</SupRole>
</RoleSpec>
</RoleHierarchyPolicy>
<SOAPolicy>
<SOASpec ID="SOA" LDAPDN="cn=SOA, ou=admin, o=permis,c=GB"/>
</SOAPolicy>
<RoleAssignmentPolicy>
<RoleAssignment>
<SubjectDomain ID="student"/>
<RoleList>
<Role Type="permisRole" Value="Student"/>
</RoleList>
<Delegate />
<SOA ID="SOA"/>
<Validity>
<Absolute Start="2004-06-10" End="2007-08-27"/>
</Validity>
</RoleAssignment>
<RoleAssignment>
<SubjectDomain ID="staff"/>
<RoleList>
<Role Type="permisRole" Value="Professor"/>
<Role Type="permisRole" Value="Staff"/>
<Role Type="permisRole" Value="Researcher"/>
</RoleList>
<Delegate />
<SOA ID="SOA"/>
<Validity>
<Absolute Start="2004-06-01" End="2007-08-27"/>
</Validity>
</RoleAssignment>
<RoleAssignment>
<SubjectDomain ID="admin"/>
<RoleList>
<Role Type="permisRole" Value="Admin"/>
</RoleList>
<Delegate />
<SOA ID="SOA"/>
<Validity>
<Absolute Start="2004-01-01" End="2010-01-1"/>
</Validity>
</RoleAssignment>
</RoleAssignmentPolicy>
<TargetPolicy>
<TargetDomainSpec ID="doors">
<Include LDAPDN="ou=lab-doors, o=permis, c=GB"/>
<Include LDAPDN="ou=study-doors, o=permis, c=GB"/>
<Include LDAPDN="ou=lib-doors, o=permis, c=GB"/>
</TargetDomainSpec>
<TargetDomainSpec ID="main-doors">
<Include LDAPDN="cn=main-doors, ou=lab-doors, o=permis ,c=GB"/>
<Include LDAPDN="cn=main-doors, ou=study-doors, o=permis ,c=GB"/>
<Include LDAPDN="cn=main-doors, ou=lib-doors, o=permis ,c=GB"/>
</TargetDomainSpec>
<TargetDomainSpec ID="back-doors">
<Include LDAPDN="cn=back-doors, ou=lab-doors, o=permis ,c=GB"/>
<Include LDAPDN="cn=back-doors, ou=study-doors, o=permis ,c=GB"/>
</TargetDomainSpec>
<TargetDomainSpec ID="sec-doors">
<Include LDAPDN="cn=sec-doors, ou=lab-doors, o=permis ,c=GB"/>
<Include LDAPDN="cn=sec-doors, ou=study-doors, o=permis ,c=GB"/>
<Include LDAPDN="cn=sec-doors, ou=lib-doors, o=permis ,c=GB"/>
</TargetDomainSpec>
</TargetPolicy>
<ActionPolicy>
<Action Name="open-door"/>
<Action Name="lock-door"/>
<Action Name="unlock-door"/>
<Action Name="break"/>
</ActionPolicy>
<TargetAccessPolicy>
<!-- RULES RELATED TO OPEN-DOOR, LOCK-DOOR, UNLOCK-DOOR AND BREAK-->
<!-- Students can open the main door from 8:00 to 21:00-->
<TargetAccess>
<RoleList>
<Role Type="permisRole" Value="Student"/>
</RoleList>
<TargetList>
<Target Actions="open-door">
<TargetDomain ID="main-doors"/>
</Target>
</TargetList>
<IF>
<AND>
<GE>
<Environment Parameter="time" Type="Time"/>
<Constant Type="Time" Value="*-*-*T08:00"/>
</GE>
<LE>
<Environment Parameter="time" Type="Time"/>
<Constant Type="Time" Value="*-*-*T21:00"/>
</LE>
</AND>
</IF>
</TargetAccess>
<!-- Staff can open and lock the main and back doors from 7:00 to 23:00 -->
<TargetAccess>
<RoleList>
<Role Type="permisRole" Value="Staff"/>
</RoleList>
<TargetList>
<Target Actions="open-door">
<TargetDomain ID="main-doors"/>
</Target>
<Target Actions="open-door">
<TargetDomain ID="back-doors"/>
</Target>
<Target Actions="lock-door">
<TargetDomain ID="main-doors"/>
</Target>
<Target Actions="lock-door">
<TargetDomain ID="back-doors"/>
</Target>
</TargetList>
<IF>
<AND>
<GE>
<Environment Parameter="time" Type="Time"/>
<Constant Type="Time" Value="*-*-*T07:00"/>
</GE>
<LE>
<Environment Parameter="time" Type="Time"/>
<Constant Type="Time" Value="*-*-*T23:00"/>
</LE>
</AND>
</IF>
</TargetAccess>
<!-- Professors can open and unlock all doors from 7:00 to 23:00 -->
<TargetAccess>
<RoleList>
<Role Type="permisRole" Value="Professor"/>
</RoleList>
<TargetList>
<Target Actions="open-door">
<TargetDomain ID="doors"/>
</Target>
<Target Actions="lock-door">
<TargetDomain ID="doors"/>
</Target>
<Target Actions="unlock-door">
<TargetDomain ID="doors"/>
</Target>
</TargetList>
<IF>
<NOT>
<OR>
<GT>
<Environment Parameter="time" Type="Time"/>
<Constant Type="Time" Value="*-*-*T23:00"/>
</GT>
<LT>
<Environment Parameter="time" Type="Time"/>
<Constant Type="Time" Value="*-*-*T07:00"/>
</LT>
</OR>
</NOT>
</IF>
</TargetAccess>
<!-- Researchers can open all doors from 7:00 to 23:00-->
<TargetAccess>
<RoleList>
<Role Type="permisRole" Value="Researcher"/>
</RoleList>
<TargetList>
<Target Actions="open-door">
<TargetDomain ID="doors"/>
</Target>
</TargetList>
<IF>
<NOT>
<OR>
<GT>
<Environment Parameter="time" Type="Time"/>
<Constant Type="Time" Value="*-*-*T23:00"/>
</GT>
<LT>
<Environment Parameter="time" Type="Time"/>
<Constant Type="Time" Value="*-*-*T07:00"/>
</LT>
</OR>
</NOT>
</IF>
</TargetAccess>
<!-- Admin can do all actions for all doors from 8:00 to 21:00-->
<TargetAccess>
<RoleList>
<Role Type="permisRole" Value="Admin"/>
</RoleList>
<TargetList>
<Target Actions="open-door">
<TargetDomain ID="doors"/>
</Target>
<Target Actions="lock-door">
<TargetDomain ID="doors"/>
</Target>
<Target Actions="unlock-door">
<TargetDomain ID="doors"/>
</Target>
<Target Actions="break">
<TargetDomain ID="doors"/>
</Target>
</TargetList>
<IF>
<AND>
<GE>
<Environment Parameter="time" Type="Time"/>
<Constant Type="Time" Value="*-*-*T08:00"/>
</GE>
<LE>
<Environment Parameter="time" Type="Time"/>
<Constant Type="Time" Value="*-*-*T21:00"/>
</LE>
</AND>
</IF>
</TargetAccess>
</TargetAccessPolicy>
</X.509_PMI_RBAC_Policy>
DIS's AC
Issuer: CN=soa,OU=admin,O=permis,C=GB Holder: CN=dis,OU=admin,O=PERMIS,C=GB
From: Sat Jan 01 00:00:00 GMT 2000 -- GeneralizedTime -- To: Wed Jan 01 00:00:00 GMT 2020 -- GeneralizedTime --
Serial number: 315368969030004744509371911608026312075058216656
RoleType: 1.2.826.0.1.3344810.1.1.14 RoleValues: Admin,
NoAssertion: SEQUENCE { -- Extension --
extnID = 2.5.29.62,
critical = True,
extn Value = NULL = null
}
BAC: SEQUENCE { -- Extension --
extnID = 2.5.29.41,
critical = False -- DEFAULT --,
extn Value = TRUE, (unlimited)
}
=======================================================================
Test number: 1
Requester: cn=soa,ou=admin,o=permis,c=gb Holder: cn=dis,ou=admin,o=permis,c=gb
RoleType: permisRole RoleValues: Admin,
From: 2004.01.01 00:00:00 To: 2010.01.01 00:00:00
Assertion: cannot Depth: 0
Result:
Delegation Issuing Service do not have enough privilege to issue this certificate
Exptected result:
Error: Delegation Issuing Service do not have enough privilege to issue this certificate
=======================================================================
Test number: 2
Requester: cn=soa,ou=admin,o=permis,c=gb Holder: cn=admin1,ou=admin,o=permis,c=gb
RoleType: permisRole RoleValues: Admin, Professor,
From: 2003.01.01 00:00:00 To: 2011.01.01 00:00:00
Assertion: cannot Depth: 0
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -