def handle_sf_cred(self, user, xml_cred):
try:
# XX: libabac segfaults on the GENI abac creds for some reason
# XX: will use ABACCredential instead
#tmpctx = ABAC.Context()
#tmpctx.load_id_chunk(user.cert_chunk())
#ret = tmpctx.load_attribute_chunk(xml_cred)
#if ret < 0:
# raise AbacError("Could not read the speaks-for cert given client cert")
sf_cred = ABACCredential(string=xml_cred)
# also can't verify abac creds...sigh
#sf_cred.verify(trusted_certs=[settings.SSL_OPTIONS['ca_certs']])
#print sf_cred.dump_string()
sf_cert = sf_cred.get_signature().get_issuer_gid().save_to_string()
sf_user = ABAC.ID_chunk(sf_cert)
sf_req = sf_cred.get_tails()[0]
except Exception, e:
raise AbacError("Could not read the speaks-for cert: %s" % e)
