def create_sign_abaccred(tool_gid, user_gid, ma_gid, user_key_file, cred_filename, dur_days=365):
print "Creating ABAC SpeaksFor using ABACCredential...\n"
# Write out the user cert
from tempfile import mkstemp
ma_str = ma_gid.save_to_string()
user_cert_str = user_gid.save_to_string()
if not user_cert_str.endswith(ma_str):
user_cert_str += ma_str
fp, user_cert_filename = mkstemp(suffix='cred', text=True)
fp = os.fdopen(fp, "w")
fp.write(user_cert_str)
fp.close()
# Create the cred
cred = ABACCredential()
cred.set_issuer_keys(user_key_file, user_cert_filename)
tool_urn = tool_gid.get_urn()
user_urn = user_gid.get_urn()
user_keyid = get_cert_keyid(user_gid)
tool_keyid = get_cert_keyid(tool_gid)
cred.head = ABACElement(user_keyid, user_urn, "speaks_for_%s" % user_keyid)
cred.tails.append(ABACElement(tool_keyid, tool_urn))
cred.set_expiration(datetime.datetime.utcnow() + datetime.timedelta(days=dur_days))
cred.expiration = cred.expiration.replace(microsecond=0)
# Produce the cred XML
cred.encode()
# Sign it
cred.sign()
# Save it
cred.save_to_file(cred_filename)
print "Created ABAC credential: '%s' in file %s" % \
(cred.get_summary_tostring(), cred_filename)
