def create_sign_abaccred(tool_gid, user_gid, ma_gid, user_key_file, cred_filename, dur_days=365): print "Creating ABAC SpeaksFor using ABACCredential...\n" # Write out the user cert from tempfile import mkstemp ma_str = ma_gid.save_to_string() user_cert_str = user_gid.save_to_string() if not user_cert_str.endswith(ma_str): user_cert_str += ma_str fp, user_cert_filename = mkstemp(suffix='cred', text=True) fp = os.fdopen(fp, "w") fp.write(user_cert_str) fp.close() # Create the cred cred = ABACCredential() cred.set_issuer_keys(user_key_file, user_cert_filename) tool_urn = tool_gid.get_urn() user_urn = user_gid.get_urn() user_keyid = get_cert_keyid(user_gid) tool_keyid = get_cert_keyid(tool_gid) cred.head = ABACElement(user_keyid, user_urn, "speaks_for_%s" % user_keyid) cred.tails.append(ABACElement(tool_keyid, tool_urn)) cred.set_expiration(datetime.datetime.utcnow() + datetime.timedelta(days=dur_days)) cred.expiration = cred.expiration.replace(microsecond=0) # Produce the cred XML cred.encode() # Sign it cred.sign() # Save it cred.save_to_file(cred_filename) print "Created ABAC credential: '%s' in file %s" % \ (cred.get_summary_tostring(), cred_filename)