Mock Version: 5.6 Mock Version: 5.6 Mock Version: 5.6 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f42-build-54985672-6531591/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'nspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']unshare_net=TrueprintOutput=False) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', 'f4a907853010482fbcc1cbe207618aa2', '-D', '/var/lib/mock/f42-build-54985672-6531591/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-5.fc42.src.rpm Child return code was: 0 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -br --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f42-build-54985672-6531591/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'nspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']unshare_net=TrueraiseExc=FalseprintOutput=False) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', '8c783a1a19b84b6294b992f1a6c08ecd', '-D', '/var/lib/mock/f42-build-54985672-6531591/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -br --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Executing(%mkbuilddir): /bin/sh -e /var/tmp/rpm-tmp.1iAmYj + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + test -d /builddir/build/BUILD/python-pysaml2-7.4.2-build + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w /builddir/build/BUILD/python-pysaml2-7.4.2-build + /usr/bin/rm -rf /builddir/build/BUILD/python-pysaml2-7.4.2-build + /usr/bin/mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build + /usr/bin/mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/SPECPARTS + RPM_EC=0 ++ jobs -p + exit 0 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.zjkLXM + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + rm -rf pysaml2-7.4.2 + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/pysaml2-7.4.2.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd pysaml2-7.4.2 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + /usr/bin/git init -q + /usr/bin/git config user.name rpm-build + /usr/bin/git config user.email '' + /usr/bin/git config gc.auto 0 + /usr/bin/git add --force . + GIT_COMMITTER_DATE=@1717804800 + GIT_AUTHOR_DATE=@1717804800 + /usr/bin/git commit -q --allow-empty -a --author 'rpm-build ' -m 'python-pysaml2-7.4.2 base' + /usr/bin/git checkout --track -b rpm-build Switched to a new branch 'rpm-build' branch 'rpm-build' set up to track 'master'. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/0001-Remove-utility-from-packaging.patch + /usr/bin/git apply --index --reject - Checking patch pyproject.toml... Applied patch pyproject.toml cleanly. + GIT_COMMITTER_DATE=@1717804800 + GIT_AUTHOR_DATE=@1717804800 + /usr/bin/git commit -q -m 0001-Remove-utility-from-packaging.patch --author 'rpm-build ' + sed -i 's|f"""#!/usr/bin/env python|f"""|' src/saml2/tools/parse_xsd2.py + find src -name '*.py' + read source + head -n1 src/saml2/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/__init__.py src/saml2/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/__init__.py + touch --ref=src/saml2/__init__.py.ts src/saml2/__init__.py + rm src/saml2/__init__.py.ts + read source + head -n1 src/saml2/algsupport.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/argtree.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/assertion.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/assertion.py src/saml2/assertion.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/assertion.py + touch --ref=src/saml2/assertion.py.ts src/saml2/assertion.py + rm src/saml2/assertion.py.ts + read source + head -n1 src/saml2/attribute_converter.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/attribute_converter.py src/saml2/attribute_converter.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/attribute_converter.py + touch --ref=src/saml2/attribute_converter.py.ts src/saml2/attribute_converter.py + rm src/saml2/attribute_converter.py.ts + read source + head -n1 src/saml2/attribute_resolver.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/attribute_resolver.py src/saml2/attribute_resolver.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/attribute_resolver.py + touch --ref=src/saml2/attribute_resolver.py.ts src/saml2/attribute_resolver.py + rm src/saml2/attribute_resolver.py.ts + read source + head -n1 src/saml2/attributemaps/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/adfs_v1x.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/adfs_v20.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/basic.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/saml_uri.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/shibboleth_uri.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/authn.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/authn_context/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/authn_context/ippword.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/ippword.py src/saml2/authn_context/ippword.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/ippword.py + touch --ref=src/saml2/authn_context/ippword.py.ts src/saml2/authn_context/ippword.py + rm src/saml2/authn_context/ippword.py.ts + read source + head -n1 src/saml2/authn_context/mobiletwofactor.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/mobiletwofactor.py src/saml2/authn_context/mobiletwofactor.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/mobiletwofactor.py + touch --ref=src/saml2/authn_context/mobiletwofactor.py.ts src/saml2/authn_context/mobiletwofactor.py + rm src/saml2/authn_context/mobiletwofactor.py.ts + read source + head -n1 src/saml2/authn_context/ppt.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/ppt.py src/saml2/authn_context/ppt.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/ppt.py + touch --ref=src/saml2/authn_context/ppt.py.ts src/saml2/authn_context/ppt.py + rm src/saml2/authn_context/ppt.py.ts + read source + head -n1 src/saml2/authn_context/pword.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/pword.py src/saml2/authn_context/pword.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/pword.py + touch --ref=src/saml2/authn_context/pword.py.ts src/saml2/authn_context/pword.py + rm src/saml2/authn_context/pword.py.ts + read source + head -n1 src/saml2/authn_context/sslcert.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/sslcert.py src/saml2/authn_context/sslcert.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/sslcert.py + touch --ref=src/saml2/authn_context/sslcert.py.ts src/saml2/authn_context/sslcert.py + rm src/saml2/authn_context/sslcert.py.ts + read source + head -n1 src/saml2/authn_context/timesync.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/timesync.py src/saml2/authn_context/timesync.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/timesync.py + touch --ref=src/saml2/authn_context/timesync.py.ts src/saml2/authn_context/timesync.py + rm src/saml2/authn_context/timesync.py.ts + read source + head -n1 src/saml2/cache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/cache.py src/saml2/cache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/cache.py + touch --ref=src/saml2/cache.py.ts src/saml2/cache.py + rm src/saml2/cache.py.ts + read source + head -n1 src/saml2/cert.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/client.py + grep -F /usr/bin/env # !/usr/bin/env python + touch --ref=src/saml2/client.py src/saml2/client.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/client.py + touch --ref=src/saml2/client.py.ts src/saml2/client.py + rm src/saml2/client.py.ts + read source + head -n1 src/saml2/client_base.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/client_base.py src/saml2/client_base.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/client_base.py + touch --ref=src/saml2/client_base.py.ts src/saml2/client_base.py + rm src/saml2/client_base.py.ts + read source + head -n1 src/saml2/config.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/country_codes.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/country_codes.py src/saml2/country_codes.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/country_codes.py + touch --ref=src/saml2/country_codes.py.ts src/saml2/country_codes.py + rm src/saml2/country_codes.py.ts + read source + head -n1 src/saml2/cryptography/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/asymmetric.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/errors.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/pki.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/symmetric.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/schemas/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/templates/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/discovery.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ecp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ecp.py src/saml2/ecp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ecp.py + touch --ref=src/saml2/ecp.py.ts src/saml2/ecp.py + rm src/saml2/ecp.py.ts + read source + head -n1 src/saml2/ecp_client.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ecp_client.py src/saml2/ecp_client.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ecp_client.py + touch --ref=src/saml2/ecp_client.py.ts src/saml2/ecp_client.py + rm src/saml2/ecp_client.py.ts + read source + head -n1 src/saml2/entity.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/at_egov_pvp2.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/edugain.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/incommon.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/refeds.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/swamid.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/eptid.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/extension/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/extension/algsupport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/algsupport.py src/saml2/extension/algsupport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/algsupport.py + touch --ref=src/saml2/extension/algsupport.py.ts src/saml2/extension/algsupport.py + rm src/saml2/extension/algsupport.py.ts + read source + head -n1 src/saml2/extension/dri.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/dri.py src/saml2/extension/dri.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/dri.py + touch --ref=src/saml2/extension/dri.py.ts src/saml2/extension/dri.py + rm src/saml2/extension/dri.py.ts + read source + head -n1 src/saml2/extension/idpdisc.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/idpdisc.py src/saml2/extension/idpdisc.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/idpdisc.py + touch --ref=src/saml2/extension/idpdisc.py.ts src/saml2/extension/idpdisc.py + rm src/saml2/extension/idpdisc.py.ts + read source + head -n1 src/saml2/extension/mdattr.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdattr.py src/saml2/extension/mdattr.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdattr.py + touch --ref=src/saml2/extension/mdattr.py.ts src/saml2/extension/mdattr.py + rm src/saml2/extension/mdattr.py.ts + read source + head -n1 src/saml2/extension/mdrpi.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdrpi.py src/saml2/extension/mdrpi.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdrpi.py + touch --ref=src/saml2/extension/mdrpi.py.ts src/saml2/extension/mdrpi.py + rm src/saml2/extension/mdrpi.py.ts + read source + head -n1 src/saml2/extension/mdui.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdui.py src/saml2/extension/mdui.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdui.py + touch --ref=src/saml2/extension/mdui.py.ts src/saml2/extension/mdui.py + rm src/saml2/extension/mdui.py.ts + read source + grep -F /usr/bin/env + head -n1 src/saml2/extension/pefim.py #!/usr/bin/env python + touch --ref=src/saml2/extension/pefim.py src/saml2/extension/pefim.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/pefim.py + touch --ref=src/saml2/extension/pefim.py.ts src/saml2/extension/pefim.py + rm src/saml2/extension/pefim.py.ts + read source + head -n1 src/saml2/extension/reqinit.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/reqinit.py src/saml2/extension/reqinit.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/reqinit.py + touch --ref=src/saml2/extension/reqinit.py.ts src/saml2/extension/reqinit.py + rm src/saml2/extension/reqinit.py.ts + read source + head -n1 src/saml2/extension/requested_attributes.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/requested_attributes.py src/saml2/extension/requested_attributes.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/requested_attributes.py + touch --ref=src/saml2/extension/requested_attributes.py.ts src/saml2/extension/requested_attributes.py + rm src/saml2/extension/requested_attributes.py.ts + read source + head -n1 src/saml2/extension/shibmd.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/shibmd.py src/saml2/extension/shibmd.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/shibmd.py + touch --ref=src/saml2/extension/shibmd.py.ts src/saml2/extension/shibmd.py + rm src/saml2/extension/shibmd.py.ts + read source + head -n1 src/saml2/extension/sp_type.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/sp_type.py src/saml2/extension/sp_type.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/sp_type.py + touch --ref=src/saml2/extension/sp_type.py.ts src/saml2/extension/sp_type.py + rm src/saml2/extension/sp_type.py.ts + read source + head -n1 src/saml2/filter.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/httpbase.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/httputil.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ident.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/mcache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mcache.py src/saml2/mcache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mcache.py + touch --ref=src/saml2/mcache.py.ts src/saml2/mcache.py + rm src/saml2/mcache.py.ts + read source + head -n1 src/saml2/md.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/md.py src/saml2/md.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/md.py + touch --ref=src/saml2/md.py.ts src/saml2/md.py + rm src/saml2/md.py.ts + read source + head -n1 src/saml2/mdbcache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mdbcache.py src/saml2/mdbcache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mdbcache.py + touch --ref=src/saml2/mdbcache.py.ts src/saml2/mdbcache.py + rm src/saml2/mdbcache.py.ts + read source + head -n1 src/saml2/mdie.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mdie.py src/saml2/mdie.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mdie.py + touch --ref=src/saml2/mdie.py.ts src/saml2/mdie.py + rm src/saml2/mdie.py.ts + read source + head -n1 src/saml2/mdstore.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/metadata.py src/saml2/metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/metadata.py + touch --ref=src/saml2/metadata.py.ts src/saml2/metadata.py + rm src/saml2/metadata.py.ts + read source + head -n1 src/saml2/mongo_store.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/pack.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/population.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/profile/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/profile/ecp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/profile/ecp.py src/saml2/profile/ecp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/profile/ecp.py + touch --ref=src/saml2/profile/ecp.py.ts src/saml2/profile/ecp.py + rm src/saml2/profile/ecp.py.ts + read source + head -n1 src/saml2/profile/paos.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/profile/paos.py src/saml2/profile/paos.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/profile/paos.py + touch --ref=src/saml2/profile/paos.py.ts src/saml2/profile/paos.py + rm src/saml2/profile/paos.py.ts + read source + head -n1 src/saml2/profile/samlec.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/request.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/response.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/response.py src/saml2/response.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/response.py + touch --ref=src/saml2/response.py.ts src/saml2/response.py + rm src/saml2/response.py.ts + read source + head -n1 src/saml2/s2repoze/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/challenge_decider.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/entitlement.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/s2repoze/plugins/entitlement.py src/saml2/s2repoze/plugins/entitlement.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/s2repoze/plugins/entitlement.py + touch --ref=src/saml2/s2repoze/plugins/entitlement.py.ts src/saml2/s2repoze/plugins/entitlement.py + rm src/saml2/s2repoze/plugins/entitlement.py.ts + read source + head -n1 src/saml2/s2repoze/plugins/formswithhidden.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/ini.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/sp.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s_utils.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/s_utils.py src/saml2/s_utils.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/s_utils.py + touch --ref=src/saml2/s_utils.py.ts src/saml2/s_utils.py + rm src/saml2/s_utils.py.ts + read source + head -n1 src/saml2/saml.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/saml.py src/saml2/saml.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/saml.py + touch --ref=src/saml2/saml.py.ts src/saml2/saml.py + rm src/saml2/saml.py.ts + read source + head -n1 src/saml2/samlp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/samlp.py src/saml2/samlp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/samlp.py + touch --ref=src/saml2/samlp.py.ts src/saml2/samlp.py + rm src/saml2/samlp.py.ts + read source + head -n1 src/saml2/schema/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/schema/soap.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/soap.py src/saml2/schema/soap.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/soap.py + touch --ref=src/saml2/schema/soap.py.ts src/saml2/schema/soap.py + rm src/saml2/schema/soap.py.ts + read source + head -n1 src/saml2/schema/soapenv.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/soapenv.py src/saml2/schema/soapenv.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/soapenv.py + touch --ref=src/saml2/schema/soapenv.py.ts src/saml2/schema/soapenv.py + rm src/saml2/schema/soapenv.py.ts + read source + head -n1 src/saml2/schema/wsdl.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/wsdl.py src/saml2/schema/wsdl.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py.ts src/saml2/schema/wsdl.py + rm src/saml2/schema/wsdl.py.ts + read source + head -n1 src/saml2/sdb.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/server.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/server.py src/saml2/server.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/server.py + touch --ref=src/saml2/server.py.ts src/saml2/server.py + rm src/saml2/server.py.ts + read source + head -n1 src/saml2/sigver.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/soap.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/soap.py src/saml2/soap.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/soap.py + touch --ref=src/saml2/soap.py.ts src/saml2/soap.py + rm src/saml2/soap.py.ts + read source + head -n1 src/saml2/time_util.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/time_util.py src/saml2/time_util.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/time_util.py + touch --ref=src/saml2/time_util.py.ts src/saml2/time_util.py + rm src/saml2/time_util.py.ts + read source + head -n1 src/saml2/tools/make_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/make_metadata.py src/saml2/tools/make_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/make_metadata.py + touch --ref=src/saml2/tools/make_metadata.py.ts src/saml2/tools/make_metadata.py + rm src/saml2/tools/make_metadata.py.ts + read source + head -n1 src/saml2/tools/mdexport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdexport.py src/saml2/tools/mdexport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdexport.py + touch --ref=src/saml2/tools/mdexport.py.ts src/saml2/tools/mdexport.py + rm src/saml2/tools/mdexport.py.ts + read source + head -n1 src/saml2/tools/mdexport_test.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdexport_test.py src/saml2/tools/mdexport_test.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdexport_test.py + touch --ref=src/saml2/tools/mdexport_test.py.ts src/saml2/tools/mdexport_test.py + rm src/saml2/tools/mdexport_test.py.ts + read source + head -n1 src/saml2/tools/mdimport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdimport.py src/saml2/tools/mdimport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdimport.py + touch --ref=src/saml2/tools/mdimport.py.ts src/saml2/tools/mdimport.py + rm src/saml2/tools/mdimport.py.ts + read source + head -n1 src/saml2/tools/merge_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/merge_metadata.py src/saml2/tools/merge_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/merge_metadata.py + touch --ref=src/saml2/tools/merge_metadata.py.ts src/saml2/tools/merge_metadata.py + rm src/saml2/tools/merge_metadata.py.ts + read source + head -n1 src/saml2/tools/sync_attrmaps.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/sync_attrmaps.py src/saml2/tools/sync_attrmaps.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/sync_attrmaps.py + touch --ref=src/saml2/tools/sync_attrmaps.py.ts src/saml2/tools/sync_attrmaps.py + rm src/saml2/tools/sync_attrmaps.py.ts + read source + head -n1 src/saml2/tools/verify_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/verify_metadata.py src/saml2/tools/verify_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/verify_metadata.py + touch --ref=src/saml2/tools/verify_metadata.py.ts src/saml2/tools/verify_metadata.py + rm src/saml2/tools/verify_metadata.py.ts + read source + head -n1 src/saml2/tools/parse_xsd2.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/parse_xsd2.py src/saml2/tools/parse_xsd2.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/parse_xsd2.py + touch --ref=src/saml2/tools/parse_xsd2.py.ts src/saml2/tools/parse_xsd2.py + rm src/saml2/tools/parse_xsd2.py.ts + read source + head -n1 src/saml2/userinfo/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/userinfo/ldapinfo.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/validate.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/version.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/virtual_org.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ws/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ws/wsaddr.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wsaddr.py src/saml2/ws/wsaddr.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wsaddr.py + touch --ref=src/saml2/ws/wsaddr.py.ts src/saml2/ws/wsaddr.py + rm src/saml2/ws/wsaddr.py.ts + read source + head -n1 src/saml2/ws/wspol.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wspol.py src/saml2/ws/wspol.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wspol.py + touch --ref=src/saml2/ws/wspol.py.ts src/saml2/ws/wspol.py + rm src/saml2/ws/wspol.py.ts + read source + head -n1 src/saml2/ws/wssec.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wssec.py src/saml2/ws/wssec.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wssec.py + touch --ref=src/saml2/ws/wssec.py.ts src/saml2/ws/wssec.py + rm src/saml2/ws/wssec.py.ts + read source + head -n1 src/saml2/ws/wstrust.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wstrust.py src/saml2/ws/wstrust.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wstrust.py + touch --ref=src/saml2/ws/wstrust.py.ts src/saml2/ws/wstrust.py + rm src/saml2/ws/wstrust.py.ts + read source + head -n1 src/saml2/ws/wsutil.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wsutil.py src/saml2/ws/wsutil.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wsutil.py + touch --ref=src/saml2/ws/wsutil.py.ts src/saml2/ws/wsutil.py + rm src/saml2/ws/wsutil.py.ts + read source + head -n1 src/saml2/xml/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/xml/schema/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/xmldsig/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/xmldsig/__init__.py src/saml2/xmldsig/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/xmldsig/__init__.py + touch --ref=src/saml2/xmldsig/__init__.py.ts src/saml2/xmldsig/__init__.py + rm src/saml2/xmldsig/__init__.py.ts + read source + head -n1 src/saml2/xmlenc/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/xmlenc/__init__.py src/saml2/xmlenc/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/xmlenc/__init__.py + touch --ref=src/saml2/xmlenc/__init__.py.ts src/saml2/xmlenc/__init__.py + rm src/saml2/xmlenc/__init__.py.ts + read source + head -n1 src/saml2test/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/check.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/interaction.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/opfunc.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/status.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/tool.py + grep -F /usr/bin/env + read source + grep -F /usr/bin/env + head -n1 src/utility/__init__.py + read source + head -n1 src/utility/metadata.py + grep -F /usr/bin/env + read source + source=src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py src/saml2/schema/wsdl.py.ts + sed -i '1,3{d;q}' src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py.ts src/saml2/schema/wsdl.py + rm src/saml2/schema/wsdl.py.ts + RPM_EC=0 ++ jobs -p + exit 0 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.tp0ULv + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement not satisfied: poetry_core>=1.0.0 Exiting dependency generation pass: build backend + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-buildrequires + rm -rfv '*.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-5.fc42.buildreqs.nosrc.rpm Child return code was: 11 Dynamic buildrequires detected Going to install missing buildrequires. See root.log for details. ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f42-build-54985672-6531591/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'nspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']unshare_net=TrueraiseExc=FalseprintOutput=False) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', 'bc8c48fc234d43fbbcce445cc6bfe8aa', '-D', '/var/lib/mock/f42-build-54985672-6531591/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.qyTmHq + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 1.9.1) Handling tox-current-env >= 0.0.6 from tox itself Requirement not satisfied: tox-current-env >= 0.0.6 Exiting dependency generation pass: tox itself + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-buildrequires + rm -rfv '*.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-5.fc42.buildreqs.nosrc.rpm Child return code was: 11 Dynamic buildrequires detected Going to install missing buildrequires. See root.log for details. ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f42-build-54985672-6531591/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'nspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']unshare_net=TrueraiseExc=FalseprintOutput=False) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', '246b6243cf0f4d02b8e7b4120dff7a6a', '-D', '/var/lib/mock/f42-build-54985672-6531591/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.MWkQSk + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 1.9.1) Handling tox-current-env >= 0.0.6 from tox itself Requirement satisfied: tox-current-env >= 0.0.6 (installed: tox-current-env 0.0.14) py313: OK (0.01 seconds) congratulations :) (0.09 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.23.2) py313: OK (0.01 seconds) congratulations :) (0.08 seconds) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: cryptography (>=3.1) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: defusedxml Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: pyopenssl Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: python-dateutil Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: pytz Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.3) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: xmlschema (>=1.2.1) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/LICENSE' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-5.fc42.buildreqs.nosrc.rpm Child return code was: 11 Dynamic buildrequires detected Going to install missing buildrequires. See root.log for details. ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f42-build-54985672-6531591/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'nspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']unshare_net=TrueraiseExc=FalseprintOutput=False) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', 'd312a3ce9ddc4028a5fbf5e0e8f0bfb0', '-D', '/var/lib/mock/f42-build-54985672-6531591/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.zKQbcg + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 1.9.1) Handling tox-current-env >= 0.0.6 from tox itself Requirement satisfied: tox-current-env >= 0.0.6 (installed: tox-current-env 0.0.14) py313: OK (0.01 seconds) congratulations :) (0.09 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.23.2) py313: OK (0.01 seconds) congratulations :) (0.08 seconds) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: cryptography (>=3.1) (installed: cryptography 43.0.0) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: defusedxml (installed: defusedxml 0.7.1) Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pyopenssl (installed: pyopenssl 24.2.1) Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: python-dateutil (installed: python-dateutil 2.8.2) Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pytz (installed: pytz 2024.2) Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.3) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: xmlschema (>=1.2.1) (installed: xmlschema 3.4.2) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/LICENSE' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-5.fc42.buildreqs.nosrc.rpm Child return code was: 11 Dynamic buildrequires detected Going to install missing buildrequires. See root.log for details. ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -ba --noprep --noclean --target noarch /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f42-build-54985672-6531591/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'nspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']unshare_net=TrueprintOutput=False) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', '1f5c1ef7910a44899dd69fb53fb1118b', '-D', '/var/lib/mock/f42-build-54985672-6531591/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -ba --noprep --noclean --target noarch /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.4FUbbk + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 1.9.1) Handling tox-current-env >= 0.0.6 from tox itself Requirement satisfied: tox-current-env >= 0.0.6 (installed: tox-current-env 0.0.14) py313: OK (0.01 seconds) congratulations :) (0.09 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.23.2) py313: OK (0.01 seconds) congratulations :) (0.09 seconds) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: cryptography (>=3.1) (installed: cryptography 43.0.0) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: defusedxml (installed: defusedxml 0.7.1) Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pyopenssl (installed: pyopenssl 24.2.1) Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: python-dateutil (installed: python-dateutil 2.8.2) Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pytz (installed: pytz 2024.2) Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.3) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: xmlschema (>=1.2.1) (installed: xmlschema 3.4.2) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/LICENSE' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.bWbi2Q + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_wheel.py /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir Processing /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2 Preparing metadata (pyproject.toml): started Running command Preparing metadata (pyproject.toml) Preparing metadata (pyproject.toml): finished with status 'done' Building wheels for collected packages: pysaml2 Building wheel for pysaml2 (pyproject.toml): started Running command Building wheel for pysaml2 (pyproject.toml) Building wheel for pysaml2 (pyproject.toml): finished with status 'done' Created wheel for pysaml2: filename=pysaml2-7.4.2-py3-none-any.whl size=417769 sha256=26f0581a6616b6456df7be189b726e77db878073943cd5d0447219e295a6ea62 Stored in directory: /builddir/.cache/pip/wheels/01/b9/eb/75f72f6a4448fdc07c5ffc8f00ad2896051c69eedccbfbb041 Successfully built pysaml2 + RPM_EC=0 ++ jobs -p + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.3VxaRY + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + '[' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT '!=' / ']' + rm -rf /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT ++ dirname /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build + mkdir /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 ++ ls /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir/pysaml2-7.4.2-py3-none-any.whl ++ xargs basename --multiple ++ sed -E 's/([^-]+)-([^-]+)-.+\.whl/\1==\2/' + specifier=pysaml2==7.4.2 + '[' -z pysaml2==7.4.2 ']' + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + /usr/bin/python3 -m pip install --root /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --prefix /usr --no-deps --disable-pip-version-check --progress-bar off --verbose --ignore-installed --no-warn-script-location --no-index --no-cache-dir --find-links /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir pysaml2==7.4.2 Using pip 24.3.1 from /usr/lib/python3.13/site-packages/pip (python 3.13) Looking in links: /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir Processing ./pyproject-wheeldir/pysaml2-7.4.2-py3-none-any.whl Installing collected packages: pysaml2 Creating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2 to 755 Successfully installed pysaml2-7.4.2 + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin ']' + '[' -z sP ']' + shebang_flags=-kasP + /usr/bin/python3 -B /usr/lib/rpm/redhat/pathfix.py -pni /usr/bin/python3 -kasP /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2: updating + rm -rfv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/__pycache__ + rm -f /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-ghost-distinfo + site_dirs=() + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages ']' + site_dirs+=("/usr/lib/python3.13/site-packages") + '[' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages '!=' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages ']' + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages ']' + for site_dir in ${site_dirs[@]} + for distinfo in /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT$site_dir/*.dist-info + echo '%ghost /usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info' + sed -i s/pip/rpm/ /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/INSTALLER + PYTHONPATH=/usr/lib/rpm/redhat + /usr/bin/python3 -B /usr/lib/rpm/redhat/pyproject_preprocess_record.py --buildroot /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --record /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-record + rm -fv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD removed '/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD' + rm -fv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/REQUESTED removed '/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/REQUESTED' ++ wc -l /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-ghost-distinfo ++ cut -f1 '-d ' + lines=1 + '[' 1 -ne 1 ']' + RPM_FILES_ESCAPE=4.19 + /usr/bin/python3 /usr/lib/rpm/redhat/pyproject_save_files.py --output-files /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-files --output-modules /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-modules --buildroot /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --sitelib /usr/lib/python3.13/site-packages --sitearch /usr/lib64/python3.13/site-packages --python-version 3.13 --pyproject-record /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc42.noarch-pyproject-record --prefix /usr saml2 saml2test + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s parse_xsd2 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/parse_xsd2.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s make_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/make_metadata.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s mdexport /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/mdexport.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s merge_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/merge_metadata.py + sed -i /alabaster/d docs/conf.py + export PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/lib/python3.13/site-packages + PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/lib/python3.13/site-packages + sphinx-build-3 docs html Running Sphinx v7.3.7 making output directory... done building [mo]: targets for 0 po files that are out of date writing output... building [html]: targets for 8 source files that are out of date updating environment: [new config] 8 added, 0 changed, 0 removed reading sources... [ 12%] examples/idp reading sources... [ 25%] examples/index reading sources... [ 38%] examples/sp reading sources... [ 50%] howto/config reading sources... [ 62%] howto/index reading sources... [ 75%] index reading sources... [ 88%] install reading sources... [100%] sp_test/internal looking for now-outdated files... none found pickling environment... done checking consistency... done preparing documents... done copying assets... copying static files... done copying extra files... done done writing output... [ 12%] examples/idp writing output... [ 25%] examples/index writing output... [ 38%] examples/sp writing output... [ 50%] howto/config writing output... [ 62%] howto/index writing output... [ 75%] index writing output... [ 88%] install writing output... [100%] sp_test/internal generating indices... genindex done writing additional pages... search done dumping search index in English (code: en)... done dumping object inventory... done build succeeded. The HTML pages are in html. + rm -rf html/.doctrees html/.buildinfo + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-ldconfig + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump + /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/check-rpaths + /usr/lib/rpm/redhat/brp-mangle-shebangs *** WARNING: ./usr/lib/python3.13/site-packages/saml2/authn_context/timesync.py is executable but has no shebang, removing executable bit mangling shebang in /usr/lib/python3.13/site-packages/saml2/tools/update_metadata.sh from /bin/sh to #!/usr/bin/sh + /usr/lib/rpm/brp-remove-la-files + env /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0 -j48 Bytecompiling .py files below /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13 using python3.13 + /usr/lib/rpm/redhat/brp-python-hardlink + /usr/bin/add-determinism --brp -j48 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/adfs_v1x.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/adfs_v20.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/shibboleth_uri.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/asymmetric.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/errors.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/pki.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/schemas/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/basic.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/templates/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/incommon.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/refeds.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/at_egov_pvp2.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/swamid.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/saml_uri.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/edugain.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/idpdisc.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/reqinit.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/sp_type.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdattr.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/samlec.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/pefim.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/ini.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/entitlement.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/shibmd.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/formswithhidden.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/challenge_decider.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/algsupport.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdimport.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdexport.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/requested_attributes.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/symmetric.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/paos.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdexport_test.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/verify_metadata.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/make_metadata.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/ecp.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdrpi.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/userinfo/__pycache__/ldapinfo.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/make_metadata.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/merge_metadata.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/userinfo/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xml/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/dri.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xml/schema/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/soapenv.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/algsupport.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/eptid.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wsutil.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdui.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/sync_attrmaps.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/attribute_resolver.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/argtree.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/sync_attrmaps.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/filter.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wspol.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/discovery.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ecp.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdie.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/version.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdbcache.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/population.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/virtual_org.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/sdb.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mcache.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/pack.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/sp.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/authn.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ecp_client.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/status.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/cache.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/httpbase.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/s_utils.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/soap.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/country_codes.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ident.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/time_util.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/soap.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/httputil.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wssec.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/request.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/validate.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/cert.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/attribute_converter.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mongo_store.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/assertion.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/check.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wsaddr.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/wsdl.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/interaction.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/check.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/tool.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/metadata.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/opfunc.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/client.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/client_base.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xmlenc/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/config.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/entity.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/server.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/md.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/ippword.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/timesync.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/mobiletwofactor.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/samlp.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/ppt.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/parse_xsd2.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/saml.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xmldsig/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/sigver.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/pword.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/response.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wstrust.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/sslcert.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdstore.cpython-313.pyc: rewriting with normalized contents Scanned 49 directories and 434 files, processed 127 inodes, 127 modified (6 replaced + 121 rewritten), 0 unsupported format, 0 errors Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.A4ms6Q + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + PATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin + PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages:/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages + PYTHONDONTWRITEBYTECODE=1 + PYTEST_ADDOPTS=' --ignore=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir' + PYTEST_XDIST_AUTO_NUM_WORKERS=48 + /usr/bin/pytest ============================= test session starts ============================== platform linux -- Python 3.13.0, pytest-8.3.3, pluggy-1.5.0 -- /usr/bin/python3 cachedir: .pytest_cache rootdir: /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2 configfile: pyproject.toml testpaths: tests collecting ... collected 785 items tests/test_00_xmldsig.py::TestObject::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestObject::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestMgmtData::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestMgmtData::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKISexp::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKISexp::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKIData::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKIData::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestPGPData::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestPGPData::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestX509IssuerSerial::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestX509IssuerSerial::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestX509Data::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestX509Data::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestTransform::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestTransform::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestTransforms::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestTransforms::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestRetrievalMethod::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestRetrievalMethod::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestRSAKeyValue::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestRSAKeyValue::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestDSAKeyValue::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestDSAKeyValue::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyValue::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyValue::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyName::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyName::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyInfo::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyInfo::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestDigestValue::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestDigestValue::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestDigestMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestDigestMethod::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestReference::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestReference::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestSignatureMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestSignatureMethod::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestCanonicalizationMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestCanonicalizationMethod::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignedInfo::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignedInfo::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignatureValue::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignatureValue::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignature::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignature::testUsingTestData PASSED [ 5%] tests/test_01_xmlenc.py::test_1 PASSED [ 5%] tests/test_01_xmlenc.py::test_2 PASSED [ 6%] tests/test_01_xmlenc.py::test_3 PASSED [ 6%] tests/test_01_xmlenc.py::test_4 PASSED [ 6%] tests/test_01_xmlenc.py::test_5 PASSED [ 6%] tests/test_01_xmlenc.py::test_6 PASSED [ 6%] tests/test_02_saml.py::TestExtensionElement::test_loadd PASSED [ 6%] tests/test_02_saml.py::TestExtensionElement::test_find_children PASSED [ 6%] tests/test_02_saml.py::TestExtensionContainer::test_find_extensions PASSED [ 7%] tests/test_02_saml.py::TestExtensionContainer::test_add_extension_elements PASSED [ 7%] tests/test_02_saml.py::TestExtensionContainer::test_add_extension_attribute PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_dict PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_str PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_multi_dict PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_to_string_nspair PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_set_text_empty PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_set_text_value PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_text_update_same_type PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_text_cannot_change_value_type PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_xs_type_anytype_unchanged_value PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_xs_type_date PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_treat_invalid_types_as_string PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_div PASSED [ 8%] tests/test_02_saml.py::TestNameID::testEmptyExtensionsList PASSED [ 8%] tests/test_02_saml.py::TestNameID::testFormatAttribute PASSED [ 9%] tests/test_02_saml.py::TestNameID::testNameIDText PASSED [ 9%] tests/test_02_saml.py::TestNameID::testSPProvidedID PASSED [ 9%] tests/test_02_saml.py::TestNameID::testEmptyNameIDToAndFromStringMatch PASSED [ 9%] tests/test_02_saml.py::TestNameID::testNameIDToAndFromStringMatch PASSED [ 9%] tests/test_02_saml.py::TestNameID::testExtensionAttributes PASSED [ 9%] tests/test_02_saml.py::TestNameID::testname_id_from_string PASSED [ 9%] tests/test_02_saml.py::TestIssuer::testIssuerToAndFromString PASSED [ 9%] tests/test_02_saml.py::TestIssuer::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestSubjectLocality::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestSubjectLocality::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextClassRef::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextClassRef::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDeclRef::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDeclRef::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDecl::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDecl::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthenticatingAuthority::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthenticatingAuthority::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthnContext::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthnContext::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthnStatement::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthnStatement::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAttributeValue::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAttributeValue::testUsingTestData PASSED [ 12%] tests/test_02_saml.py::TestAttribute::testAccessors PASSED [ 12%] tests/test_02_saml.py::TestAttribute::testUsingTestData PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_str PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_int PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_base64 PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_boolean_true PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_boolean_false PASSED [ 12%] tests/test_02_saml.py::TestAttributeStatement::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestAttributeStatement::testUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmationData::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmationData::testUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testBearerUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testHolderOfKeyUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubject::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestSubject::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestCondition::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestCondition::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestAudience::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestAudience::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestAudienceRestriction::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestAudienceRestriction::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestOneTimeUse::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestOneTimeUse::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestProxyRestriction::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestProxyRestriction::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestConditions::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestConditions::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestAssertionIDRef::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestAssertionIDRef::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestAssertionURIRef::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAssertionURIRef::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAction::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAction::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestEvidence::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestEvidence::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAuthzDecisionStatement::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAuthzDecisionStatement::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAdvice::testAccessors PASSED [ 17%] tests/test_02_saml.py::TestAdvice::testUsingTestData PASSED [ 17%] tests/test_02_saml.py::TestAssertion::testAccessors PASSED [ 17%] tests/test_02_saml.py::TestAssertion::testUsingTestData PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_nameid PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_issuer PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_locality PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_confirmation_data PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_confirmation PASSED [ 18%] tests/test_03_saml2.py::test_create_class_from_xml_string_wrong_class_spec PASSED [ 18%] tests/test_03_saml2.py::test_create_class_from_xml_string_xxe PASSED [ 18%] tests/test_03_saml2.py::test_ee_1 PASSED [ 18%] tests/test_03_saml2.py::test_ee_2 PASSED [ 18%] tests/test_03_saml2.py::test_ee_3 PASSED [ 18%] tests/test_03_saml2.py::test_ee_4 PASSED [ 18%] tests/test_03_saml2.py::test_ee_5 PASSED [ 18%] tests/test_03_saml2.py::test_ee_6 PASSED [ 19%] tests/test_03_saml2.py::test_nameid_with_extension PASSED [ 19%] tests/test_03_saml2.py::test_subject_confirmation_with_extension PASSED [ 19%] tests/test_03_saml2.py::test_to_fro_string_1 PASSED [ 19%] tests/test_03_saml2.py::test_make_vals_str PASSED [ 19%] tests/test_03_saml2.py::test_make_vals_list_of_strs PASSED [ 19%] tests/test_03_saml2.py::test_attribute_element_to_extension_element PASSED [ 19%] tests/test_03_saml2.py::test_ee_7 PASSED [ 20%] tests/test_03_saml2.py::test_ee_xxe PASSED [ 20%] tests/test_03_saml2.py::test_extension_element_loadd PASSED [ 20%] tests/test_03_saml2.py::test_extensions_loadd PASSED [ 20%] tests/test_04_samlp.py::TestStatusDetail::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusMessage::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusCode::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusCode::testUsingTestData PASSED [ 20%] tests/test_04_samlp.py::TestStatus::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestStatus::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestResponse::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestResponse::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestNameIDPolicy::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestNameIDPolicy::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestIDPEntry::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestIDPEntry::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestIDPList::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestIDPList::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestScoping::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestScoping::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestRequestedAuthnContext::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestRequestedAuthnContext::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestAuthnRequest::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestAuthnRequest::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestLogoutRequest::testAccessors PASSED [ 23%] tests/test_04_samlp.py::TestLogoutRequest::testUsingTestData PASSED [ 23%] tests/test_04_samlp.py::TestLogoutResponse::testAccessors PASSED [ 23%] tests/test_04_samlp.py::TestLogoutResponse::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestEndpointType::testAccessors PASSED [ 23%] tests/test_05_md.py::TestEndpointType::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestIndexedEndpointType::testAccessors PASSED [ 23%] tests/test_05_md.py::TestIndexedEndpointType::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestExtensions::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationName::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationName::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganizationDisplayName::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationDisplayName::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganizationURL::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationURL::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganization::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganization::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestContactPerson::testAccessors PASSED [ 25%] tests/test_05_md.py::TestContactPerson::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestAdditionalMetadataLocation::testAccessors PASSED [ 25%] tests/test_05_md.py::TestAdditionalMetadataLocation::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestEncryptionMethod::testAccessors PASSED [ 25%] tests/test_05_md.py::TestEncryptionMethod::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestKeyDescriptor::testAccessors PASSED [ 25%] tests/test_05_md.py::TestKeyDescriptor::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestRoleDescriptor::testAccessors PASSED [ 26%] tests/test_05_md.py::TestRoleDescriptor::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestArtifactResolutionService::testAccessors PASSED [ 26%] tests/test_05_md.py::TestArtifactResolutionService::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestSingleLogout::testAccessors PASSED [ 26%] tests/test_05_md.py::TestSingleLogout::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestManageNameIDService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestManageNameIDService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestNameIDFormat::testAccessors PASSED [ 27%] tests/test_05_md.py::TestNameIDFormat::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestSingleSignOnService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestSingleSignOnService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestNameIDMappingService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestNameIDMappingService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestAssertionIDRequestService::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAssertionIDRequestService::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestAttributeProfile::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAttributeProfile::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testAccessors PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testUsingScope PASSED [ 28%] tests/test_05_md.py::TestAssertionConsumerService::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAssertionConsumerService::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestRequestedAttribute::testAccessors PASSED [ 29%] tests/test_05_md.py::TestRequestedAttribute::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestServiceName::testAccessors PASSED [ 29%] tests/test_05_md.py::TestServiceName::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestServiceDescription::testAccessors PASSED [ 29%] tests/test_05_md.py::TestServiceDescription::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestAttributeConsumingService::testAccessors PASSED [ 29%] tests/test_05_md.py::TestAttributeConsumingService::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestSPSSODescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestSPSSODescriptor::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestEntityDescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestEntityDescriptor::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestEntitiesDescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestEntitiesDescriptor::testUsingTestData PASSED [ 30%] tests/test_06_setarg.py::test_path PASSED [ 30%] tests/test_06_setarg.py::test_set_arg PASSED [ 31%] tests/test_06_setarg.py::test_multi PASSED [ 31%] tests/test_06_setarg.py::test_is_set PASSED [ 31%] tests/test_10_time_util.py::test_f_quotient PASSED [ 31%] tests/test_10_time_util.py::test_modulo PASSED [ 31%] tests/test_10_time_util.py::test_f_quotient_2 PASSED [ 31%] tests/test_10_time_util.py::test_modulo_2 PASSED [ 31%] tests/test_10_time_util.py::test_parse_duration PASSED [ 31%] tests/test_10_time_util.py::test_parse_duration2 PASSED [ 32%] tests/test_10_time_util.py::test_parse_duration_n PASSED [ 32%] tests/test_10_time_util.py::test_add_duration_1 PASSED [ 32%] tests/test_10_time_util.py::test_add_duration_2 PASSED [ 32%] tests/test_10_time_util.py::test_str_to_time PASSED [ 32%] tests/test_10_time_util.py::test_instant PASSED [ 32%] tests/test_10_time_util.py::test_valid PASSED [ 32%] tests/test_10_time_util.py::test_timeout PASSED [ 32%] tests/test_10_time_util.py::test_before PASSED [ 33%] tests/test_10_time_util.py::test_after PASSED [ 33%] tests/test_10_time_util.py::test_not_before PASSED [ 33%] tests/test_10_time_util.py::test_not_on_or_after PASSED [ 33%] tests/test_12_s_utils.py::test_inflate_then_deflate PASSED [ 33%] tests/test_12_s_utils.py::test_status_success PASSED [ 33%] tests/test_12_s_utils.py::test_error_status PASSED [ 33%] tests/test_12_s_utils.py::test_status_from_exception PASSED [ 34%] tests/test_12_s_utils.py::test_status_from_tuple PASSED [ 34%] tests/test_12_s_utils.py::test_status_from_tuple_empty_message PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_sn PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_age PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_onoff PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_base64 PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_statement PASSED [ 34%] tests/test_12_s_utils.py::test_audience PASSED [ 35%] tests/test_12_s_utils.py::test_conditions PASSED [ 35%] tests/test_12_s_utils.py::test_value_1 PASSED [ 35%] tests/test_12_s_utils.py::test_value_2 PASSED [ 35%] tests/test_12_s_utils.py::test_value_3 PASSED [ 35%] tests/test_12_s_utils.py::test_value_4 PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement_0 PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement_multi PASSED [ 36%] tests/test_12_s_utils.py::test_subject PASSED [ 36%] tests/test_12_s_utils.py::test_parse_attribute_map PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_0 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_1 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_2 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_3 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_4 PASSED [ 36%] tests/test_12_s_utils.py::test_nameformat_email PASSED [ 37%] tests/test_12_s_utils.py::test_attribute PASSED [ 37%] tests/test_12_s_utils.py::test_attribute_statement_2 PASSED [ 37%] tests/test_12_s_utils.py::test_subject_confirmation_data PASSED [ 37%] tests/test_12_s_utils.py::test_subject_confirmation PASSED [ 37%] tests/test_12_s_utils.py::test_authn_context_class_ref PASSED [ 37%] tests/test_12_s_utils.py::test_authn_context PASSED [ 37%] tests/test_12_s_utils.py::test_authn_statement PASSED [ 37%] tests/test_12_s_utils.py::test_signature PASSED [ 38%] tests/test_12_s_utils.py::test_complex_factory PASSED [ 38%] tests/test_13_validate.py::test_duration PASSED [ 38%] tests/test_13_validate.py::test_unsigned_short PASSED [ 38%] tests/test_13_validate.py::test_valid_non_negative_integer PASSED [ 38%] tests/test_13_validate.py::test_valid_string PASSED [ 38%] tests/test_13_validate.py::test_valid_anyuri PASSED [ 38%] tests/test_13_validate.py::test_valid_instance PASSED [ 38%] tests/test_13_validate.py::test_valid_anytype PASSED [ 39%] tests/test_13_validate.py::test_valid_address PASSED [ 39%] tests/test_19_attribute_converter.py::test_default PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_setup PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_ava_fro_1 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_ava_fro_2 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_to_attrstat_1 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_to_attrstat_2 PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name_from_unspecified PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name_from_basic PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_and_for PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_unspecified_name_format PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_mixed_attributes_1 PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_only_from_defined PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_only_to_defined PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_no_mapping_defined PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_from_local_nest_eduPersonTargetedID_in_NameID PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_from_local_eduPersonTargetedID_with_qualifiers PASSED [ 41%] tests/test_19_attribute_converter.py::test_noop_attribute_conversion PASSED [ 41%] tests/test_19_attribute_converter.py::TestSchac::test PASSED [ 41%] tests/test_19_attribute_converter.py::TestEIDAS::test PASSED [ 41%] tests/test_20_assertion.py::test_filter_on_attributes_0 PASSED [ 41%] tests/test_20_assertion.py::test_filter_on_attributes_1 PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_2 PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_without_friendly_name PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_required_attribute PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_optional_attribute PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_name_format PASSED [ 42%] tests/test_20_assertion.py::test_lifetime_1 PASSED [ 42%] tests/test_20_assertion.py::test_lifetime_2 PASSED [ 42%] tests/test_20_assertion.py::test_ava_filter_1 PASSED [ 43%] tests/test_20_assertion.py::test_ava_filter_2 PASSED [ 43%] tests/test_20_assertion.py::test_ava_filter_dont_fail PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_0 PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_1 PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_2 PASSED [ 43%] tests/test_20_assertion.py::test_assertion_1 PASSED [ 43%] tests/test_20_assertion.py::test_assertion_2 PASSED [ 43%] tests/test_20_assertion.py::test_filter_values_req_2 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_3 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_4 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_5 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_6 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_0 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_1 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_2 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_4 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_0 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_1 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_2 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_3 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_4 PASSED [ 45%] tests/test_20_assertion.py::test_req_opt PASSED [ 45%] tests/test_20_assertion.py::test_filter_on_wire_representation_1 PASSED [ 45%] tests/test_20_assertion.py::test_filter_on_wire_representation_2 PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_noop_attribute_conv PASSED [ 46%] tests/test_20_assertion.py::test_filter_ava_5 PASSED [ 46%] tests/test_20_assertion.py::test_filter_ava_registration_authority_1 PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_zero_attributes PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_authn_instant PASSED [ 46%] tests/test_20_assertion.py::test_attribute_producer_should_default_to_uri PASSED [ 46%] tests/test_20_assertion.py::test_attribute_consumer_should_default_to_unspecified PASSED [ 47%] tests/test_22_mdie.py::test_construct_contact PASSED [ 47%] tests/test_30_mdstore.py::test_invalid_metadata PASSED [ 47%] tests/test_30_mdstore.py::test_empty_metadata PASSED [ 47%] tests/test_30_mdstore.py::test_swami_1 PASSED [ 47%] tests/test_30_mdstore.py::test_incommon_1 PASSED [ 47%] tests/test_30_mdstore.py::test_ext_2 PASSED [ 47%] tests/test_30_mdstore.py::test_example PASSED [ 47%] tests/test_30_mdstore.py::test_switch_1 PASSED [ 48%] tests/test_30_mdstore.py::test_metadata_file PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_service PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_service_request_timeout PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_single_sign_on_service PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_metadata_freshness_period_not_expired PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_metadata_freshness_period_expired PASSED [ 48%] tests/test_30_mdstore.py::test_load_local_dir PASSED [ 48%] tests/test_30_mdstore.py::test_load_extern_incommon PASSED [ 49%] tests/test_30_mdstore.py::test_load_local PASSED [ 49%] tests/test_30_mdstore.py::test_load_remote_encoding PASSED [ 49%] tests/test_30_mdstore.py::test_load_string PASSED [ 49%] tests/test_30_mdstore.py::test_get_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_unnamed_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_named_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_certs_from_metadata_without_keydescriptor PASSED [ 49%] tests/test_30_mdstore.py::test_metadata_extension_algsupport PASSED [ 50%] tests/test_30_mdstore.py::test_supported_algorithms PASSED [ 50%] tests/test_30_mdstore.py::test_registration_info PASSED [ 50%] tests/test_30_mdstore.py::test_registration_info_no_policy PASSED [ 50%] tests/test_30_mdstore.py::test_subject_id_requirement PASSED [ 50%] tests/test_30_mdstore.py::test_extension PASSED [ 50%] tests/test_30_mdstore.py::test_shibmd_scope_no_regex_no_descriptor_type PASSED [ 50%] tests/test_30_mdstore.py::test_shibmd_scope_no_regex_all_descriptors PASSED [ 50%] tests/test_30_mdstore_old.py::test_swami_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_incommon_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_ext_2 PASSED [ 51%] tests/test_30_mdstore_old.py::test_example PASSED [ 51%] tests/test_30_mdstore_old.py::test_switch_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_metadata_file PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_local_dir PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_external PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_string PASSED [ 52%] tests/test_31_config.py::test_1 PASSED [ 52%] tests/test_31_config.py::test_2 PASSED [ 52%] tests/test_31_config.py::test_minimum PASSED [ 52%] tests/test_31_config.py::test_idp_1 PASSED [ 52%] tests/test_31_config.py::test_idp_2 PASSED [ 52%] tests/test_31_config.py::test_wayf PASSED [ 52%] tests/test_31_config.py::test_conf_syslog PASSED [ 52%] tests/test_31_config.py::test_3 PASSED [ 53%] tests/test_31_config.py::test_sp PASSED [ 53%] tests/test_31_config.py::test_dual PASSED [ 53%] tests/test_31_config.py::test_ecp PASSED [ 53%] tests/test_31_config.py::test_assertion_consumer_service PASSED [ 53%] tests/test_31_config.py::test_crypto_backend PASSED [ 53%] tests/test_31_config.py::test_unset_force_authn PASSED [ 53%] tests/test_31_config.py::test_set_force_authn PASSED [ 54%] tests/test_32_cache.py::TestClass::test_set PASSED [ 54%] tests/test_32_cache.py::TestClass::test_add_ava_info PASSED [ 54%] tests/test_32_cache.py::TestClass::test_from_one_target_source PASSED [ 54%] tests/test_32_cache.py::TestClass::test_entities PASSED [ 54%] tests/test_32_cache.py::TestClass::test_remove_info PASSED [ 54%] tests/test_32_cache.py::TestClass::test_active PASSED [ 54%] tests/test_32_cache.py::TestClass::test_subjects PASSED [ 54%] tests/test_32_cache.py::TestClass::test_second_subject PASSED [ 55%] tests/test_32_cache.py::TestClass::test_receivers PASSED [ 55%] tests/test_32_cache.py::TestClass::test_timeout PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_2 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_transient_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_vo_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_vo_2 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_nameid PASSED [ 56%] tests/test_33_identifier.py::TestIdentifier::test_transient_nameid PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_add_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_extend_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_add_another_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_modify_person PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_set_get_1 PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_set_get_2 PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_remove PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_subjects PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_identity PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_remove_2 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava2 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava3 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava4 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava5 PASSED [ 58%] tests/test_37_entity_categories.py::test_idp_policy_filter PASSED [ 58%] tests/test_37_entity_categories.py::test_entity_category_import_from_path PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_required_attributes_with_no_friendly_name PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_esi_coco PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_anonymous_access SKIPPED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_pseudonymous_access SKIPPED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_personalized_access SKIPPED [ 58%] tests/test_38_metadata_filter.py::test_swamid_sp PASSED [ 59%] tests/test_38_metadata_filter.py::test_swamid_idp PASSED [ 59%] tests/test_39_metadata.py::test_requested_attribute_name_format PASSED [ 59%] tests/test_39_metadata.py::test_signed_metadata_proper_str_bytes_handling FAILED [ 59%] tests/test_39_metadata.py::test_cert_trailing_newlines_ignored PASSED [ 59%] tests/test_39_metadata.py::test_invalid_cert_raises_error PASSED [ 59%] tests/test_40_sigver.py::test_cert_from_instance_1 PASSED [ 59%] tests/test_40_sigver.py::test_cert_from_instance_ssp SKIPPED (pyasn1 is not installed) [ 60%] tests/test_40_sigver.py::TestSecurity::test_verify_1 PASSED [ 60%] tests/test_40_sigver.py::TestSecurity::test_non_verify_1 PASSED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_assertion FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_assertion FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_response FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_response FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_response_2 FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_verify FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_sign_verify_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_sign_verify_assertion_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_exception_sign_verify_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_verify_1 PASSED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_non_verify_1 PASSED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_assertion FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_assertion FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_response FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response_2 FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_assertion_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_exception_sign_verify_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::test_xbox FAILED [ 62%] tests/test_40_sigver.py::test_xbox_non_ascii_ava FAILED [ 63%] tests/test_40_sigver.py::test_okta PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_err PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_err_non_ascii_ava PASSED [ 63%] tests/test_40_sigver.py::test_sha256_signing PASSED [ 63%] tests/test_40_sigver.py::test_sha256_signing_non_ascii_ava PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_output_line_parsing PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_v1_3_x_output_line_parsing PASSED [ 63%] tests/test_40_sigver.py::test_cert_trailing_newlines_ignored PASSED [ 64%] tests/test_40_sigver.py::test_invalid_cert_raises_error PASSED [ 64%] tests/test_40_sigver.py::test_der_certificate_loading PASSED [ 64%] tests/test_41_response.py::TestResponse::test_1 ERROR [ 64%] tests/test_41_response.py::TestResponse::test_2 ERROR [ 64%] tests/test_41_response.py::TestResponse::test_issuer_none ERROR [ 64%] tests/test_41_response.py::TestResponse::test_false_sign ERROR [ 64%] tests/test_41_response.py::TestResponse::test_other_response ERROR [ 64%] tests/test_42_enc.py::test_pre_enc_key_format PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_pregenerated_key PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_generated_key PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_named_key PASSED [ 65%] tests/test_42_enc.py::test_reshuffle_response PASSED [ 65%] tests/test_42_enc.py::test_enc1 PASSED [ 65%] tests/test_42_enc.py::test_enc2 PASSED [ 65%] tests/test_43_soap.py::test_parse_soap_envelope PASSED [ 65%] tests/test_43_soap.py::test_make_soap_envelope PASSED [ 66%] tests/test_43_soap.py::test_parse_soap_enveloped_saml_thingy_xxe PASSED [ 66%] tests/test_43_soap.py::test_class_instances_from_soap_enveloped_saml_thingies_xxe PASSED [ 66%] tests/test_43_soap.py::test_open_soap_envelope_xxe PASSED [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_1 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_signed_1 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_parse_2 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_w_authn ERROR [ 67%] tests/test_44_authnresp.py::TestAuthnResponse::test_unpack_nested_eptid ERROR [ 67%] tests/test_44_authnresp.py::TestAuthnResponse::test_multiple_attribute_statement ERROR [ 67%] tests/test_50_server.py::TestServer1::test_issuer PASSED [ 67%] tests/test_50_server.py::TestServer1::test_assertion PASSED [ 67%] tests/test_50_server.py::TestServer1::test_response PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_faulty_request PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_faulty_request_to_err_status PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_ok_request PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_with_identity PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_without_identity PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_specific_instant PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_failure_response PASSED [ 68%] tests/test_50_server.py::TestServer1::test_authn_response_0 PASSED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response FAILED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response_1 FAILED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response_2 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_signed_response_3 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_1 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_2 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_3 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_4 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_1 PASSED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_2 PASSED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_3 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_4 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_5 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_6 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_7 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_8 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_9 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_slo_http_post PASSED [ 70%] tests/test_50_server.py::TestServer1::test_slo_soap PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_issuer PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_assertion PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_response PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_faulty_request PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_faulty_request_to_err_status PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_ok_request PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_with_identity PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_without_identity PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_specific_instant PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_failure_response PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_authn_response_0 PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_1 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_2 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_3 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_1 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_2 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_3 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_4 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_1 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_2 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_3 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_4 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_5 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_7 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_8 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_9 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_http_post PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_soap PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_soap_signed PASSED [ 75%] tests/test_50_server.py::TestServer2::test_do_attribute_reponse PASSED [ 75%] tests/test_50_server.py::TestServerLogout::test_1 PASSED [ 75%] tests/test_50_server.py::TestServerLogout::test_2 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query1 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query2 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query_3 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_auth_request_0 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_auth_request_requested_attributes PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_unset_force_authn_by_default PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_not_true_or_1 PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_true PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_1 PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_nameid_policy_allow_create PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_vo PASSED [ 76%] tests/test_51_client.py::TestClient::test_sign_auth_request_0 FAILED [ 76%] tests/test_51_client.py::TestClient::test_logout_response FAILED [ 77%] tests/test_51_client.py::TestClient::test_create_logout_request PASSED [ 77%] tests/test_51_client.py::TestClient::test_response_1 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_2 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_3 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_4 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_5 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_6 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_7 FAILED [ 78%] tests/test_51_client.py::TestClient::test_response_8 FAILED [ 78%] tests/test_51_client.py::TestClient::test_response_no_name_id PASSED [ 78%] tests/test_51_client.py::TestClient::test_init_values PASSED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 FAILED [ 78%] tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect FAILED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_passes_if_needs_signed_requests PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_received_unsigned PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_sigalg_not_matches PASSED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_signed_redirect FAILED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid FAILED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_post FAILED [ 80%] tests/test_51_client.py::TestClient::test_do_logout_redirect_no_cache PASSED [ 80%] tests/test_51_client.py::TestClient::test_do_logout_session_expired FAILED [ 80%] tests/test_51_client.py::TestClient::test_signature_wants FAILED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query1 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query2 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query_3 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_0 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_unset_force_authn PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_set_force_authn PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_nameid_policy_allow_create PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_vo PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_logout_request PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_no_name_id PASSED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status PASSED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status_non_standard_status_code PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_init_values PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_signed_redirect PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post FAILED [ 84%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired FAILED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_authn PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_negotiated_authn PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_attribute_query PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_logout_1 PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_post_sso PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_negotiated_post_sso PASSED [ 84%] tests/test_51_client.py::TestClientNoConfigContext::test_logout_1 PASSED [ 85%] tests/test_51_client.py::test_parse_soap_enveloped_saml_xxe PASSED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response FAILED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 FAILED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_2 PASSED [ 85%] tests/test_60_sp.py::TestSP::test_setup SKIPPED (s2repoze dependencies not installed) [ 85%] tests/test_60_sp.py::TestSP::test_identify SKIPPED (s2repoze dependencies not installed) [ 85%] tests/test_62_vo.py::TestVirtualOrg::test_mta PASSED [ 85%] tests/test_62_vo.py::TestVirtualOrg::test_unknown_subject PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg::test_id PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg::test_id_unknown PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_mta PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_unknown_subject PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_id PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_id_unknown PASSED [ 86%] tests/test_63_ecp.py::test_complete_flow PASSED [ 87%] tests/test_64_artifact.py::test_create_artifact PASSED [ 87%] tests/test_64_artifact.py::test_create_artifact_resolve PASSED [ 87%] tests/test_64_artifact.py::test_artifact_flow PASSED [ 87%] tests/test_65_authn_query.py::test_basic PASSED [ 87%] tests/test_65_authn_query.py::test_flow PASSED [ 87%] tests/test_66_name_id_mapping.py::test_base_request PASSED [ 87%] tests/test_66_name_id_mapping.py::test_request_response PASSED [ 87%] tests/test_67_manage_name_id.py::test_basic PASSED [ 88%] tests/test_67_manage_name_id.py::test_flow PASSED [ 88%] tests/test_68_assertion_id.py::test_basic_flow PASSED [ 88%] tests/test_69_discovery.py::test_verify PASSED [ 88%] tests/test_69_discovery.py::test_construct_0 PASSED [ 88%] tests/test_69_discovery.py::test_construct_1 PASSED [ 88%] tests/test_69_discovery.py::test_construct_deconstruct_request PASSED [ 88%] tests/test_69_discovery.py::test_construct_deconstruct_response PASSED [ 88%] tests/test_70_redirect_signing.py::test FAILED [ 89%] tests/test_71_authn_request.py::test_authn_request_with_acs_by_index PASSED [ 89%] tests/test_72_eptid.py::test_eptid PASSED [ 89%] tests/test_72_eptid.py::test_eptid_shelve PASSED [ 89%] tests/test_75_mongodb.py::test_flow PASSED [ 89%] tests/test_75_mongodb.py::test_eptid_mongo_db PASSED [ 89%] tests/test_76_metadata_in_mdb.py::test_metadata PASSED [ 89%] tests/test_77_authn_context.py::test_passwd PASSED [ 89%] tests/test_77_authn_context.py::test_factory PASSED [ 90%] tests/test_77_authn_context.py::test_authn_decl_in_authn_context PASSED [ 90%] tests/test_77_authn_context.py::test_authn_1 PASSED [ 90%] tests/test_77_authn_context.py::test_authn_2 PASSED [ 90%] tests/test_77_authn_context.py::test_authn_3 PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_expire PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_passphrase PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert PASSED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_sp_type_true PASSED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_sp_type_false PASSED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_entity_attributes PASSED [ 91%] tests/test_88_nsprefix.py::test_nsprefix PASSED [ 91%] tests/test_88_nsprefix.py::test_nsprefix2 PASSED [ 91%] tests/test_89_http_post_relay_state.py::test_relay_state PASSED [ 91%] tests/test_92_aes.py::TestAES::test_aes_defaults PASSED [ 91%] tests/test_92_aes.py::TestAES::test_aes_128_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_128_cfb PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_192_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_192_cfb PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_256_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_256_cfb PASSED [ 92%] tests/test_93_hok.py::TestHolderOfKeyResponse::test_valid_hok_response_is_parsed PASSED [ 92%] tests/test_93_hok.py::TestHolderOfKeyResponse::test_invalid_hok_response_fails_verification PASSED [ 92%] tests/test_94_read_cert.py::test_read_single_cert PASSED [ 93%] tests/test_94_read_cert.py::test_read_cert_chain PASSED [ 93%] tests/test_94_read_cert.py::test_read_cert_chain_with_linebreaks PASSED [ 93%] tests/test_schema_validator.py::test_invalid_saml_metadata_doc[invalid_metadata_file.xml] PASSED [ 93%] tests/test_schema_validator.py::test_invalid_saml_metadata_doc[empty_metadata_file.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[InCommon-metadata.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_2.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_aa.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_all.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_example.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_soap.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re_nren.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_rs.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_sfs_hei.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_esi_and_coco_sp.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_no_friendly_name_sp.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[extended.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_slo_redirect.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_uiinfo.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.aaitest.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_cert.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_example.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1_no_encryption.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_2.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metasp.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[pdp_meta.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[servera.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp_slo_redirect.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[urn-mace-swami.se-swamid-test-1.0-metadata.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[uu.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[vo_metadata.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[attribute_response.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[okta_response.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[simplesamlphp_authnresponse.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml2_response.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_false_signed.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok_invalid.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_signed.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_unsigned.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_partial_doc[encrypted_attribute_statement.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_eidas_saml_response_doc[eidas_response.xml] PASSED [ 98%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_response_with_hmac_should_fail PASSED [ 99%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_hmac_should_fail PASSED [ 99%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored FAILED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_wrapper_should_fail PASSED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_extensions_should_fail PASSED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_assertion_should_fail PASSED [ 99%] tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_assertion_first_sig_should_fail PASSED [ 99%] tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_response_first_sig_should_fail PASSED [100%] ==================================== ERRORS ==================================== ____________________ ERROR at setup of TestResponse.test_1 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6972faa08040c73df85619615068a1bd6dce47f18ce1989769d49bb49b1f8b4aurn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sHXDsiBrd2uD1mNvT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpxpptibns.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpxpptibns.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6972faa08040c73df85619615068a1bd6dce47f18ce1989769d49bb49b1f8b4aurn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sHXDsiBrd2uD1mNvT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sHXDsiBrd2uD1mNvT', '--output', '/tmp/tmp58yqbavg.xml', '/tmp/tmpxpptibns.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log setup ------------------------------ ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpxpptibns.xml" output= ____________________ ERROR at setup of TestResponse.test_2 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6972faa08040c73df85619615068a1bd6dce47f18ce1989769d49bb49b1f8b4aurn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sHXDsiBrd2uD1mNvT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpxpptibns.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpxpptibns.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6972faa08040c73df85619615068a1bd6dce47f18ce1989769d49bb49b1f8b4aurn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sHXDsiBrd2uD1mNvT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sHXDsiBrd2uD1mNvT', '--output', '/tmp/tmp58yqbavg.xml', '/tmp/tmpxpptibns.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _______________ ERROR at setup of TestResponse.test_issuer_none ________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6972faa08040c73df85619615068a1bd6dce47f18ce1989769d49bb49b1f8b4aurn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sHXDsiBrd2uD1mNvT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpxpptibns.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpxpptibns.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6972faa08040c73df85619615068a1bd6dce47f18ce1989769d49bb49b1f8b4aurn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sHXDsiBrd2uD1mNvT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sHXDsiBrd2uD1mNvT', '--output', '/tmp/tmp58yqbavg.xml', '/tmp/tmpxpptibns.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ________________ ERROR at setup of TestResponse.test_false_sign ________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6972faa08040c73df85619615068a1bd6dce47f18ce1989769d49bb49b1f8b4aurn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sHXDsiBrd2uD1mNvT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpxpptibns.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpxpptibns.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6972faa08040c73df85619615068a1bd6dce47f18ce1989769d49bb49b1f8b4aurn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sHXDsiBrd2uD1mNvT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sHXDsiBrd2uD1mNvT', '--output', '/tmp/tmp58yqbavg.xml', '/tmp/tmpxpptibns.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ______________ ERROR at setup of TestResponse.test_other_response ______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6972faa08040c73df85619615068a1bd6dce47f18ce1989769d49bb49b1f8b4aurn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sHXDsiBrd2uD1mNvT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpxpptibns.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpxpptibns.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6972faa08040c73df85619615068a1bd6dce47f18ce1989769d49bb49b1f8b4aurn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sHXDsiBrd2uD1mNvT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sHXDsiBrd2uD1mNvT', '--output', '/tmp/tmp58yqbavg.xml', '/tmp/tmpxpptibns.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ______________ ERROR at setup of TestAuthnResponse.test_verify_1 _______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6nupnkvo.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6nupnkvo.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log setup ------------------------------ ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp6nupnkvo.xml" output= ___________ ERROR at setup of TestAuthnResponse.test_verify_signed_1 ___________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6nupnkvo.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6nupnkvo.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _______________ ERROR at setup of TestAuthnResponse.test_parse_2 _______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6nupnkvo.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6nupnkvo.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ___________ ERROR at setup of TestAuthnResponse.test_verify_w_authn ____________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6nupnkvo.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6nupnkvo.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _________ ERROR at setup of TestAuthnResponse.test_unpack_nested_eptid _________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6nupnkvo.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6nupnkvo.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ____ ERROR at setup of TestAuthnResponse.test_multiple_attribute_statement _____ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6nupnkvo.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6nupnkvo.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6fc71b6a5bca17069572cc3149823b05856e731c97f5ed7b2f2796f2477e5f9curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-aXi9ZnNs0SbFaYwtf' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError =================================== FAILURES =================================== ________________ test_signed_metadata_proper_str_bytes_handling ________________ self = statement = 'MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==Rolands SP' node_name = 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = None def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', ...] extra_args = ['/tmp/tmpc_u467i_.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpc_u467i_.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_signed_metadata_proper_str_bytes_handling(): sp_conf_2 = sp_conf.copy() sp_conf_2["key_file"] = full_path("test.key") sp_conf_2["cert_file"] = full_path("inc-md-cert.pem") # requires xmlsec binaries per https://pysaml2.readthedocs.io/en/latest/examples/sp.html sp_conf_2["xmlsec_binary"] = sigver.get_xmlsec_binary(["/opt/local/bin"]) cnf = SPConfig().load(sp_conf_2) # This will raise TypeError if string/bytes handling is not correct > sp_metadata = create_metadata_string("", config=cnf, sign=True) tests/test_39_metadata.py:66: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/metadata.py:118: in create_metadata_string eid, xmldoc = sign_entity_descriptor(eid, mid, secc, sign_alg, digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/metadata.py:851: in sign_entity_descriptor xmldoc = secc.sign_statement(f"{edesc}", class_name(edesc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==Rolands SP' node_name = 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = None def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', '--output', '/tmp/tmp_hor594y.xml', '/tmp/tmpc_u467i_.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpc_u467i_.xml" output= _______________________ TestSecurity.test_sign_assertion _______________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp1u4zy_48.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1u4zy_48.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_assertion(self): ass = self._assertion print(ass) > sign_ass = self.sec.sign_assertion(f"{ass}", node_id=ass.id) tests/test_40_sigver.py:186: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1710: in sign_assertion return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpo20zw5j1.xml', '/tmp/tmp1u4zy_48.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1u4zy_48.xml" output= _______________ TestSecurity.test_multiple_signatures_assertion ________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp2d3w7d_5.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp2d3w7d_5.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_assertion(self): ass = self._assertion # basic test with two of the same to_sign = [(ass, ass.id), (ass, ass.id)] > sign_ass = self.sec.multiple_signatures(str(ass), to_sign) tests/test_40_sigver.py:205: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpo3yufycn.xml', '/tmp/tmp2d3w7d_5.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp2d3w7d_5.xml" output= ________________ TestSecurity.test_multiple_signatures_response ________________ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp907e4up3.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp907e4up3.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) # order is important, we can't validate if the signatures are made # in the reverse order to_sign = [(self._assertion, self._assertion.id), (response, response.id)] > s_response = self.sec.multiple_signatures(str(response), to_sign) tests/test_40_sigver.py:233: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpfwnnaaqj.xml', '/tmp/tmp907e4up3.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp907e4up3.xml" output= _______________________ TestSecurity.test_sign_response ________________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp5pu1jwuw.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp5pu1jwuw.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:270: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp6bv2lmqk.xml', '/tmp/tmp5pu1jwuw.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp5pu1jwuw.xml" output= ______________________ TestSecurity.test_sign_response_2 _______________________ self = statement = b'the-isser-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpft6x91yt.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpft6x91yt.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response_2(self): assertion2 = factory( saml.Assertion, version="2.0", id="id-11122", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11122", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Fox", ""), ("name:givenName", "nameformat", "givenName"): ("Bear", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser-2"), status=success_status_factory(), assertion=assertion2, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(assertion2), assertion2.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:314: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isser-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmp4s5vtnch.xml', '/tmp/tmpft6x91yt.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpft6x91yt.xml" output= ________________________ TestSecurity.test_sign_verify _________________________ self = statement = b'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpusjbxb3t.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpusjbxb3t.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify(self): response = factory( samlp.Response, assertion=self._assertion, id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:341: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpx5loi3vo.xml', '/tmp/tmpusjbxb3t.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpusjbxb3t.xml" output= ____________ TestSecurity.test_sign_verify_with_cert_from_instance _____________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp67rr3mh2.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp67rr3mh2.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_with_cert_from_instance(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:363: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp9kfa9ala.xml', '/tmp/tmp67rr3mh2.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp67rr3mh2.xml" output= _______ TestSecurity.test_sign_verify_assertion_with_cert_from_instance ________ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp1939b68w.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1939b68w.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_assertion_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11100", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Fox", ""), ("name:givenName", "nameformat", "givenName"): ("Bear", ""), } ), ) to_sign = [(class_name(assertion), assertion.id)] > s_assertion = sigver.signed_instance_factory(assertion, self.sec, to_sign) tests/test_40_sigver.py:395: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmp5gq1liqk.xml', '/tmp/tmp1939b68w.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1939b68w.xml" output= _______ TestSecurity.test_exception_sign_verify_with_cert_from_instance ________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp4y3eqqik.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp4y3eqqik.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_exception_sign_verify_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Foo", ""), ("name:givenName", "nameformat", "givenName"): ("Bar", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:436: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmp9fmtcase.xml', '/tmp/tmp4y3eqqik.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp4y3eqqik.xml" output= _________________ TestSecurityNonAsciiAva.test_sign_assertion __________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpnbschs6w.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpnbschs6w.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_assertion(self): ass = self._assertion print(ass) > sign_ass = self.sec.sign_assertion(f"{ass}", node_id=ass.id) tests/test_40_sigver.py:491: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1710: in sign_assertion return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpgdaophhp.xml', '/tmp/tmpnbschs6w.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpnbschs6w.xml" output= __________ TestSecurityNonAsciiAva.test_multiple_signatures_assertion __________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmptvav1273.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmptvav1273.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_assertion(self): ass = self._assertion # basic test with two of the same to_sign = [(ass, ass.id), (ass, ass.id)] > sign_ass = self.sec.multiple_signatures(str(ass), to_sign) tests/test_40_sigver.py:511: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmparq5x88c.xml', '/tmp/tmptvav1273.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmptvav1273.xml" output= __________ TestSecurityNonAsciiAva.test_multiple_signatures_response ___________ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp06x96583.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp06x96583.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) # order is important, we can't validate if the signatures are made # in the reverse order to_sign = [(self._assertion, self._assertion.id), (response, response.id)] > s_response = self.sec.multiple_signatures(str(response), to_sign) tests/test_40_sigver.py:539: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpic0pcyzi.xml', '/tmp/tmp06x96583.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp06x96583.xml" output= __________________ TestSecurityNonAsciiAva.test_sign_response __________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp_mwj96gp.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp_mwj96gp.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:576: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp_j8rmjtn.xml', '/tmp/tmp_mwj96gp.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp_mwj96gp.xml" output= _________________ TestSecurityNonAsciiAva.test_sign_response_2 _________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpct1z78kw.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpct1z78kw.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response_2(self): assertion2 = factory( saml.Assertion, version="2.0", id="id-11122", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11122", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Räv", ""), ("name:givenName", "nameformat", "givenName"): ("Björn", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion2, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(assertion2), assertion2.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmph8dtcwgf.xml', '/tmp/tmpct1z78kw.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpct1z78kw.xml" output= ___________________ TestSecurityNonAsciiAva.test_sign_verify ___________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp70ej9tg6.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp70ej9tg6.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:648: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp08ernaoz.xml', '/tmp/tmp70ej9tg6.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp70ej9tg6.xml" output= _______ TestSecurityNonAsciiAva.test_sign_verify_with_cert_from_instance _______ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpx_po0jhw.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpx_po0jhw.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_with_cert_from_instance(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:670: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpa6r6eh8s.xml', '/tmp/tmpx_po0jhw.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpx_po0jhw.xml" output= __ TestSecurityNonAsciiAva.test_sign_verify_assertion_with_cert_from_instance __ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpnjuf29jd.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpnjuf29jd.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_assertion_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11100", self.sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Räv", ""), ("name:givenName", "nameformat", "givenName"): ("Björn", ""), } ), ) to_sign = [(class_name(assertion), assertion.id)] > s_assertion = sigver.signed_instance_factory(assertion, self.sec, to_sign) tests/test_40_sigver.py:702: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmpvas9lxc7.xml', '/tmp/tmpnjuf29jd.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpnjuf29jd.xml" output= __ TestSecurityNonAsciiAva.test_exception_sign_verify_with_cert_from_instance __ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerF\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpc9z8myqz.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpc9z8myqz.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_exception_sign_verify_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Föö", ""), ("name:givenName", "nameformat", "givenName"): ("Bär", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:743: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerF\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpg28ho1wr.xml', '/tmp/tmpc9z8myqz.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpc9z8myqz.xml" output= __________________________________ test_xbox ___________________________________ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpl3o1nblx.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpl3o1nblx.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_xbox(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="id-11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("", "", "surName"): ("Foo", ""), ("", "", "givenName"): ("Bar", ""), } ), ) > sigass = sec.sign_statement( assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id, ) tests/test_40_sigver.py:843: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp8wk8_1hg.xml', '/tmp/tmpl3o1nblx.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpl3o1nblx.xml" output= ___________________________ test_xbox_non_ascii_ava ____________________________ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmphi57e9ig.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmphi57e9ig.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_xbox_non_ascii_ava(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="id-11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("", "", "surName"): ("Föö", ""), ("", "", "givenName"): ("Bär", ""), } ), ) > sigass = sec.sign_statement( assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id, ) tests/test_40_sigver.py:901: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp1odjcjbn.xml', '/tmp/tmphi57e9ig.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmphi57e9ig.xml" output= _______________________ TestServer1.test_signed_response _______________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=795d3a77dc4cfc890fe4ae968a16859b89b7eea5bf0bc662294efb0ca00650eburn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-V0tffbka7b6G5lVmY' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6rp8r6oc.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6rp8r6oc.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_50_server.py:441: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=795d3a77dc4cfc890fe4ae968a16859b89b7eea5bf0bc662294efb0ca00650eburn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-V0tffbka7b6G5lVmY' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-V0tffbka7b6G5lVmY', '--output', '/tmp/tmpin3w7emk.xml', '/tmp/tmp6rp8r6oc.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp6rp8r6oc.xml" output= ______________________ TestServer1.test_signed_response_1 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-d1gT6WLWiKgCKG233' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmptkfzlyy_.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmptkfzlyy_.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_50_server.py:464: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-d1gT6WLWiKgCKG233' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-d1gT6WLWiKgCKG233', '--output', '/tmp/tmp1zhcm0ei.xml', '/tmp/tmptkfzlyy_.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmptkfzlyy_.xml" output= ______________________ TestServer1.test_signed_response_2 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-fMp36e04Rcz88JEvs' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpo_9xmcrb.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpo_9xmcrb.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_2(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, ) tests/test_50_server.py:495: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-fMp36e04Rcz88JEvs' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-fMp36e04Rcz88JEvs', '--output', '/tmp/tmpmpl4ho6v.xml', '/tmp/tmpo_9xmcrb.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpo_9xmcrb.xml" output= ______________________ TestServer1.test_signed_response_3 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-vTHRwJ7WzTs6GqLPR' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpwkyn4ug6.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpwkyn4ug6.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_3(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=True, ) tests/test_50_server.py:519: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-vTHRwJ7WzTs6GqLPR' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-vTHRwJ7WzTs6GqLPR', '--output', '/tmp/tmpfxoj5iws.xml', '/tmp/tmpwkyn4ug6.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpwkyn4ug6.xml" output= _________________ TestServer1.test_encrypted_signed_response_1 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODQ3WhcNMzQxMTEzMTYzODQ3WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA4mrzHYqhlHUh9iv3yqw4Qn9UKmMRyV1Ts7F9z4mTJzg7A7PINJL89P0e\n4r3l3RYLo2cRR+OAVZ6bXPiY+iqaKAXygEHe57Fu8gd/rFO7MGXnKfqQIIZts3Dr\n9fkYErjKJJyHv/+OcNaNdfECJNql0TPsfFqXIVDEP1x73OYhZZV3GM06uUrXh0qY\n63sN21AVlVh8RJKQvfuIoaa3FVPJLXMdRMqY5EORkKP/XXHan2TM2Jje+Ll85TYh\nP4a/uI9lLpCPP8+mEfU746MBiDO3kfigvhPg5vOgIn0t6SX2tsKIiKRI3eIYcPd6\nI+z17x6J0AKobOKWIOldOjkIFSvIwQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIZz\n/WhvnDW0gxjYgKyBQ9SmpthX703/su/5ugl5NYaCz+sooJyuwnvZrBAED266rojJ\npeH8xrMtvZkpa4rbp+iLwol7fFalXYeoYZ5gkbmYy+/dVOs5XQ7vMl2MGt6aAmIa\nlOITVxejnIIE6DCqEOTBWK7jHhVSoqPvRT0PLKenzgOLiquWASWgDfWpIWnOBYmEJdVihePRwGjyy2Hch2Eljbp3t3VFWdt4H6pKmVve\nj1tLP6se11a5QU3+fFgyfgnXY5zSfjIEZEIU0ljiA9H4DUo5mn0Srdhbf68js2Hi\nujdLBHKm7a2qoH6VzDUJoJ90wUY9+bGk3wnnqM4eaWaURxLStC6Wy+OLUNJiI6Ni\n4GJ4Oiop1dCJyVZR+989b9vsOI1zxRzHK2BrmIdbvFKwl8s2YsckmIoBw3a8aflw\n0dfuRaDm/5LcSQyaXXR3ZDp4XDS0PkuqigHBi8xSceQq+b7FMF5YZNv2Y98PmyaB\n0Wpmr8TbScOOEN18XQh+Fw==esdvKdQ8DCdXcFe5sGRJmT8rT5zrzIe1iFRpvfFomm5F1VpSClOGJoglctNdueuZ\njRate7rx1ZUAMZCuL/E5MHrbBneHysAVux68OaWNIJp+0Guf/C8IQqUu5ysblW8q\nob7cIFloVo2xve1ykgOReqMmWfWW3w+rBXFFdbkIb21brl6SxEzLWP9h/YAAisLA\ncLsCodn/b3XfVXPPPxoZycLiyunipCR32Z54JwYxZMFcbD6a7vhKgrIG3RT0BFFU\ngkWbMMkJ5TiIn2YimibVns2lfaAa9a8XTVXuPcpmpQFek01xf82Wb4rAz4lj3jFU\nCaHeXEX09X+ydzMw1B07whFnTl87XgDv1oNHrmy6G8eo2n/2C01FlM0SJ5LHINND\njnjtf2NHRGyV1e7+5YMSpiOpy1+zyZaaGLoQjtkBHsy9qNadYVdc0PPk4yLn4O3e\n4aqmVz71zT/VJ6Lg0ydR4VP3AYTGdYyEbjfCCSoWgkg6NIFBBO7K+5VjNKrG+IAe\n/VQmBvfmytf6EJA3wpjUWO2gwPuh4MNYUTkm07wvadtFMAcv1CHZY7dyUq7EJRTZ\noBzFsyqHPoowswtSaH/P4jFnuwkFbdpWlZoSCRc4btrzaXnnmdRrZQPVjt5Cu4JO\nzUkYVPCx7xagg9KSA4aBRogUo9vtVmyorDZ3OrhV3HevHZMgIuBsHe4f5wj27x7z\n7TY+nl8rOjKCGnMYocRK4tUrFESmgHZqcxIbnxjODzlOipS7nnGXYoU0tHkbB2q0\nnqHH5hw3xFUZK8LISC8JejyMy5QGWQe4emQlPRxMqMY2wXrH1K0Y891c/vS7dV/a\nxilCcQxp3BosNvskHdusWD0cN2TYrn+Q/H07YmrMNKSO6qyPHuGFC5DvAGNH9tJk\nquYaW7QZrr5PmOcAhZcamgQPZGn24NMwMxVRNhd9UR1ZAqCkb1Jvy64UCJz35dJR\nl63KVejkogMBopvx9q5LXcigtErI9Ktig9FVUOW0uGHwGD4wMD66eMnlUncMXmSF\nF9ty5G0cNeVPHxKCUkPs8CJrj/hSeso1E8JUuU7LBPEEB8503/HU7wB0CLwdZoeK\nPvnpO09lUDiX5+N9lktaVGlODhCSQpfdTvq01MoTzRCIpt8zHnmAINfhONQ3n0Zj\n7Kt2vtVVGzgH02xwJvCZKBN/03MdwodinXY+JfJPbAQ4S4jwdQcYGgcwy6hQRe+E\nlYCMy7st7cYLjkT5DMvJroQBL9ev8P4pfdt6EMBQ354q6t6MxPfjVInsqk7JbwvF\nIhy4oHUhvNed70hsD7c1n5mHF0189wZntE01lnCWHi423W8aHEuW6R1P3KQ1Lvcs\nn3Y14YabDqVWldgsk67VOfXaAkCuOqhgfnrVmlYAxkWG6fnm6uaLBTfJhfyRZcEz\nCB6DxSb8ZCPwiQOM7supoGeZL7SJALaroyrIOCPNgau4rxEMyQP828iaunm/GoAb\nHhkT+v8HbQIwnUjdK/ZhZHr5Np+aOhZsyXl1iwjcnDkjJNZUG+DsY+PCoIZ3krsP\ngdFoyUWqOY0++nORlgcHVW7FTW5XXuFY7op1wP7sicnjaKcUMofEtK+YxnxgVm1l\nXmkw8CCPbLZul5v+Cw6P7uCAYxHKy2oUzrSRr6r+91JrYbeJuMu9ywM2WIrCzfHG\n/6Gy0Mk2LmWCgTOdSdzDGDHFuxRF1LYOPy7jbZWS5QpZIzxnyNdommi62QqijYNK\nXttYZUvfCX4VAlE0ZykmIL4iPXugfmsIPXdQ555mEzj5Liv/9/QmT0eSjGQJyhG6\nlc5bip9707tNBrdX9qEjPfKiU0JmEVVYk8Mt4kVOXwwndPzYzqXKGa9dzDCp8OLR\nkRhPa4x/SirQ9cCYNthCmQ3sQ8r4XQgyAA/FBPAGsrZDvu2PdKEOeJshdRljHj4M\nztSsS+LIDRUBuA6SieKUUUqHjmRFkgIeabP5i1XYUOjh4YvT5Qi2sjNVi9fFcBWg\nJA/odSCr/EBhRll06cQtVkAsieJXKS+D0TkafhNG3jzVgq96FQI7odDCab3Nwj9R\nlqTng7rXMNGMwLlAG7I4O2ffIqtWT5jY7BEi8/mTOEYuOCSF/SlwJY6u8TgHGmS5\nNmaKqGf8w8U04Dfi7Hjn2EUtAGtQfXGwXS+PmamQulOOQMJJ81ZTG1csjGIWP7CP\n81+8QX8/xjVp9lWPYVu0eudNUobwheoCJOqhrToyM2GHKE2Z+tf9+B4iDfif4FNK\nXTKzMFEe99tBeMqWU1SWSYlA8ZgyKyjBuuJI92ghYqTmy9x01mB9/gMMObzqbI7c\nE9Xa8VVBiUqJpbIIBNqbls+/GHn0s6nKJwDutXgFGoG+bAafZcBTD/jlonxmpXip\ntEwMm5jHAawwHLacy7GDhho29uD/NSpN+Udy2PH/jI2GVmkZb+VMYw==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-hpWLlLpwvujUiS2ux' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpgy7dql9f.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpgy7dql9f.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_1(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:547: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODQ3WhcNMzQxMTEzMTYzODQ3WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA4mrzHYqhlHUh9iv3yqw4Qn9UKmMRyV1Ts7F9z4mTJzg7A7PINJL89P0e\n4r3l3RYLo2cRR+OAVZ6bXPiY+iqaKAXygEHe57Fu8gd/rFO7MGXnKfqQIIZts3Dr\n9fkYErjKJJyHv/+OcNaNdfECJNql0TPsfFqXIVDEP1x73OYhZZV3GM06uUrXh0qY\n63sN21AVlVh8RJKQvfuIoaa3FVPJLXMdRMqY5EORkKP/XXHan2TM2Jje+Ll85TYh\nP4a/uI9lLpCPP8+mEfU746MBiDO3kfigvhPg5vOgIn0t6SX2tsKIiKRI3eIYcPd6\nI+z17x6J0AKobOKWIOldOjkIFSvIwQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIZz\n/WhvnDW0gxjYgKyBQ9SmpthX703/su/5ugl5NYaCz+sooJyuwnvZrBAED266rojJ\npeH8xrMtvZkpa4rbp+iLwol7fFalXYeoYZ5gkbmYy+/dVOs5XQ7vMl2MGt6aAmIa\nlOITVxejnIIE6DCqEOTBWK7jHhVSoqPvRT0PLKenzgOLiquWASWgDfWpIWnOBYmEJdVihePRwGjyy2Hch2Eljbp3t3VFWdt4H6pKmVve\nj1tLP6se11a5QU3+fFgyfgnXY5zSfjIEZEIU0ljiA9H4DUo5mn0Srdhbf68js2Hi\nujdLBHKm7a2qoH6VzDUJoJ90wUY9+bGk3wnnqM4eaWaURxLStC6Wy+OLUNJiI6Ni\n4GJ4Oiop1dCJyVZR+989b9vsOI1zxRzHK2BrmIdbvFKwl8s2YsckmIoBw3a8aflw\n0dfuRaDm/5LcSQyaXXR3ZDp4XDS0PkuqigHBi8xSceQq+b7FMF5YZNv2Y98PmyaB\n0Wpmr8TbScOOEN18XQh+Fw==esdvKdQ8DCdXcFe5sGRJmT8rT5zrzIe1iFRpvfFomm5F1VpSClOGJoglctNdueuZ\njRate7rx1ZUAMZCuL/E5MHrbBneHysAVux68OaWNIJp+0Guf/C8IQqUu5ysblW8q\nob7cIFloVo2xve1ykgOReqMmWfWW3w+rBXFFdbkIb21brl6SxEzLWP9h/YAAisLA\ncLsCodn/b3XfVXPPPxoZycLiyunipCR32Z54JwYxZMFcbD6a7vhKgrIG3RT0BFFU\ngkWbMMkJ5TiIn2YimibVns2lfaAa9a8XTVXuPcpmpQFek01xf82Wb4rAz4lj3jFU\nCaHeXEX09X+ydzMw1B07whFnTl87XgDv1oNHrmy6G8eo2n/2C01FlM0SJ5LHINND\njnjtf2NHRGyV1e7+5YMSpiOpy1+zyZaaGLoQjtkBHsy9qNadYVdc0PPk4yLn4O3e\n4aqmVz71zT/VJ6Lg0ydR4VP3AYTGdYyEbjfCCSoWgkg6NIFBBO7K+5VjNKrG+IAe\n/VQmBvfmytf6EJA3wpjUWO2gwPuh4MNYUTkm07wvadtFMAcv1CHZY7dyUq7EJRTZ\noBzFsyqHPoowswtSaH/P4jFnuwkFbdpWlZoSCRc4btrzaXnnmdRrZQPVjt5Cu4JO\nzUkYVPCx7xagg9KSA4aBRogUo9vtVmyorDZ3OrhV3HevHZMgIuBsHe4f5wj27x7z\n7TY+nl8rOjKCGnMYocRK4tUrFESmgHZqcxIbnxjODzlOipS7nnGXYoU0tHkbB2q0\nnqHH5hw3xFUZK8LISC8JejyMy5QGWQe4emQlPRxMqMY2wXrH1K0Y891c/vS7dV/a\nxilCcQxp3BosNvskHdusWD0cN2TYrn+Q/H07YmrMNKSO6qyPHuGFC5DvAGNH9tJk\nquYaW7QZrr5PmOcAhZcamgQPZGn24NMwMxVRNhd9UR1ZAqCkb1Jvy64UCJz35dJR\nl63KVejkogMBopvx9q5LXcigtErI9Ktig9FVUOW0uGHwGD4wMD66eMnlUncMXmSF\nF9ty5G0cNeVPHxKCUkPs8CJrj/hSeso1E8JUuU7LBPEEB8503/HU7wB0CLwdZoeK\nPvnpO09lUDiX5+N9lktaVGlODhCSQpfdTvq01MoTzRCIpt8zHnmAINfhONQ3n0Zj\n7Kt2vtVVGzgH02xwJvCZKBN/03MdwodinXY+JfJPbAQ4S4jwdQcYGgcwy6hQRe+E\nlYCMy7st7cYLjkT5DMvJroQBL9ev8P4pfdt6EMBQ354q6t6MxPfjVInsqk7JbwvF\nIhy4oHUhvNed70hsD7c1n5mHF0189wZntE01lnCWHi423W8aHEuW6R1P3KQ1Lvcs\nn3Y14YabDqVWldgsk67VOfXaAkCuOqhgfnrVmlYAxkWG6fnm6uaLBTfJhfyRZcEz\nCB6DxSb8ZCPwiQOM7supoGeZL7SJALaroyrIOCPNgau4rxEMyQP828iaunm/GoAb\nHhkT+v8HbQIwnUjdK/ZhZHr5Np+aOhZsyXl1iwjcnDkjJNZUG+DsY+PCoIZ3krsP\ngdFoyUWqOY0++nORlgcHVW7FTW5XXuFY7op1wP7sicnjaKcUMofEtK+YxnxgVm1l\nXmkw8CCPbLZul5v+Cw6P7uCAYxHKy2oUzrSRr6r+91JrYbeJuMu9ywM2WIrCzfHG\n/6Gy0Mk2LmWCgTOdSdzDGDHFuxRF1LYOPy7jbZWS5QpZIzxnyNdommi62QqijYNK\nXttYZUvfCX4VAlE0ZykmIL4iPXugfmsIPXdQ555mEzj5Liv/9/QmT0eSjGQJyhG6\nlc5bip9707tNBrdX9qEjPfKiU0JmEVVYk8Mt4kVOXwwndPzYzqXKGa9dzDCp8OLR\nkRhPa4x/SirQ9cCYNthCmQ3sQ8r4XQgyAA/FBPAGsrZDvu2PdKEOeJshdRljHj4M\nztSsS+LIDRUBuA6SieKUUUqHjmRFkgIeabP5i1XYUOjh4YvT5Qi2sjNVi9fFcBWg\nJA/odSCr/EBhRll06cQtVkAsieJXKS+D0TkafhNG3jzVgq96FQI7odDCab3Nwj9R\nlqTng7rXMNGMwLlAG7I4O2ffIqtWT5jY7BEi8/mTOEYuOCSF/SlwJY6u8TgHGmS5\nNmaKqGf8w8U04Dfi7Hjn2EUtAGtQfXGwXS+PmamQulOOQMJJ81ZTG1csjGIWP7CP\n81+8QX8/xjVp9lWPYVu0eudNUobwheoCJOqhrToyM2GHKE2Z+tf9+B4iDfif4FNK\nXTKzMFEe99tBeMqWU1SWSYlA8ZgyKyjBuuJI92ghYqTmy9x01mB9/gMMObzqbI7c\nE9Xa8VVBiUqJpbIIBNqbls+/GHn0s6nKJwDutXgFGoG+bAafZcBTD/jlonxmpXip\ntEwMm5jHAawwHLacy7GDhho29uD/NSpN+Udy2PH/jI2GVmkZb+VMYw==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-hpWLlLpwvujUiS2ux' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-hpWLlLpwvujUiS2ux', '--output', '/tmp/tmp6q_qys07.xml', '/tmp/tmpgy7dql9f.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpgy7dql9f.xml" output= _________________ TestServer1.test_encrypted_signed_response_2 _________________ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==HWCrhqlWr1b6v17kwu/JO6pmtNDA0VJbAg+ITdWjW14EJo4airdwNwtBZUjweZSL\ngt72DtPlanGYMaZGgp2hh3QFHWKSZd1TB3ofzqnnEwE+/HJHQorBWanBN1cCPwLh\nDj2Ktm6aTrH4WRej1HK0G8TflH4ziD+6sRO7WzfUFtA=u6t/ifaboY72NwIim27+OXeM2/ZYXsgTYcoZxNZ3/dM50IttrZ3+1Z8KzIhH5+oj\n4gHUcfSaebKzuW9At8hjpGw+dwlSfD2+PMP5VaVIARfmt+F34PH8Zs50zIiRS7VE\nzVy0V3uJxC7mH8o5OPd3+WlmgrIImo7KIl3phWGBHDG01TrUPaxsxuiITI1A89SN\nBzssPM0vhFTtEHn+PJelzdSzvXnhbXQ3/OYnFe15YNqYxBFoB1qxCS8gK8BgYtU9\nPeYXpYqtp0rmwLU4y1xtXKnMQKi1gZbOf6y9ABtpe/p28r4QqJPAzMN0tgUWLMmR\nGXUu4lzQC4oNm7QRy05phk8Ry/bg5SbPhgoGE6Q56gEe5QusSxBBYQHSozm41v1l\nTds2+l919xHWsaNnbKdO76/YdFsVfe3UM1uH1LVLN3Q44fdD6YoNs7w1KbL8yyOp\nUT+7uVU/IB2u7cIx9pEugHc+pfVTTZB6eHX7omHURVNA8bs97VTHaPuFAH1LbE/n\nR5u6RgUZSnK4mc6a+uIcbFDcZUMwlkb8g4CtxJ4nIiP/FkMz0JwDxJtvoyX1w4sO\nY5iCQhQJv/p3ZJY/DQPUPmH2ujUXE7cDiTxcNrAFvCY9JkH/Td7G3TEczcDgEFX6\nJDF53qOOonPM+cn+MW6AgZTVAswyaolGAwPGW/8PZN3HUUGIC4yQUEmw8L5e5NkY\nDOOmaJ7VyUzuX6WO/whaaufkAbzepwdHXSyz8w6ggLxZOvn/UyykAv6mxuCJejBm\nfJQg9GJeK6dldqpEzllrTds49jX1r8Ow9IJEBpnuU1FPNaslZGcVdqukHYHYCmRq\nXd7ZBNeARNiuVTbOX8RQVOTVVh6Yr2X6IKalxxTRcxebEqt0nBxbIZuPdHs9qTXJ\nRYlXqkFCTzOFZU76UtIWty/OXek5nkxvzTwC0OjevHvd/UaT3hs43FXg0kDwkcTn\n5krnPBRFZ/lJCyepV3fRutw7fNlO4EKnboXWvuixDx1swZ36G587H2zEQ2ZNjFxj\nanigiuf4bqLLmfFTGeTX2VMMEvShS5kG0aGCMurS95q27QcMLHStnzUpxhNjZm3z\noMF0Q1XwZ1r9I3tiXCJPuvcpxkTCFpxKfMyvSCJlkPSBCZIIR4OdEw+TlT48kPKK\nvZ2T9f/Ls+P01q+1Cn1CCxmAHGitFwwugvV9ctZJTcuf2JP1RfI7xORV92qH54xq\nb5htM3Tq52ovXW1fhO3xHWzfe8jixuIPri+E32ylaOj68SLyH5q9PKdq/fv3TbSk\n4mKtlG9Ov8fhmI2KWsMW4f38lWQbweQn617nWqiuRW3ZUkB7bAMeZzXw0frsQFB8\nGzlEi/35dEtvZMOd7OcsnuhkJgN6AELiJUmaHH3oUz4SVzVRVJAjo9J8Bs5ZMJzM\n1XgTDt69mC0L5EB68WQKUxtK5L8e5sL1NK9YULafcdAUCv/lEvOzJ/SbQegt9OVr\nHtZPNSxji4rNrKbWHQy9V5/z73ewA3XW0T4TJAHdIY0cXbr50pnkbpznkvBhhEZr\nfq0M7bPtfkide5Q2rk0Cckqegl8jamUnBXCCn0vyeFxpAmXcGKv6/MKB4Fx2dw40\nNu4rcg+bZ1xlS1GZNaQ8mxNOZkj0nfU5cb4KLiIoN16UJq6krZmpCdf7BUYeda0p\nDVFulWX1GpMTumL1rCo1rDjHQdgHGhXGS2tPwFEZF9Eisc10lREQ16aOi0gowfPN\nn9/fB0nNtE21d9ImnmM/oBP171gUPqOxXy8a2IfahJKoK5A5ZPYzWRQKusWnnKmQ\nJ41ZuQP6UfVV5wR1ff4VpqAsOsB6rQ5p+wyPkplZFJoxiSP1uy+B7yNzHNtxFcz8\n6WDtDNlvFcCboKLnW3upPtB5EjFBOnEXpYj2FP7gkE3fAfqSM2KyVD7HujHHe1ny\nykvYNfqeGLKLVpfPXmVN1sOtozc4jnxf/zMVjXjUQSz4L4bNOGvefKY9FcGTJcXD\nm+koSgaybwbWHmymCiVynZBsjz6AdKUi7ziVkHHSZ95f/NKEF6O3bkkOqSRpRSqv\n8jIpbBnWuWyPiyWs2Nyo9ko3q69pd8PH6pqtSAgt4rqb9pdCEPHDWjaq+vFRoZiV\nvu/fRb99pWmmrkyOkTmN3ol+1KMdBar7ZWyLAaw3fuMMd7DoDamDoxmU7OK6ktq0\n4w8JBeKgKb54+xknrUoIfNpDJ55xIRtzOOQjFMBx9gz+QSnuTF+KxbBVI5BfsEsS\nsSARtvmL/B748b7lLQNfm2ONakQ1zBBJaWb8rhrXriqz3LUypCrrVvjt0a0vMHpC\n2FwraZ6YQ30pmWKy8Szn+nK0fUJPEMPT3y6cSjl4oVxcF3JX6KqLVDhzWjVVuc5+\nuyNO68I9L6n3J4arfjKY4V0/ieUJ3TCK/1tdKpUxFWrIk/tG6wWc+Ta4oRQmSNE7\n46+YF6nyVgR74D0NL1DUxDw3ejw6WZOML0MSJhQ8kMGePhEa2sttCk8U8ACnTR34\nAQSWy6vQNoZM51A6OJduYgtoqvvcwc3n21enHUK/MGVPURNXKOtClVauiUYYm9PD\n3XtBjI6jw7ZNzcCQErSgj6753hkFsagD2O8N8GX/zNkvVA3crhOv3GVcNSBtb/kz\nv2POMVchH/2crNyrkxUaFDde7PyUA82fc3zZnjEiU4HkSKCwJnba9nTEjy8SRbpI\nEhalF4o8/wDLaSH3AxhsFpCCo3/h4413og1NxSF3CUXhkdOtIgrjp4nUX0XIdteo\naIfmRAkK6smsAy0QmLTsDi28mWuBv1WYN4X/yHlTSlKZlGvr8el/iIXFcnqgmBaT\nPDCUNQzVTgR7x34+pPjTpAsEhjFTK6WrtCaUCFW3lyb97XUf39cVGjYnUkw9dmOP\nZfvBWd8IgvhUho2FNaize8ugHVNt9/gDj2uoKkHJv/qhxHFXOj1eYA==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-19wqWrw8Hm4HOyCHc' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpvkl3rvx3.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpvkl3rvx3.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_2(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, ) tests/test_50_server.py:605: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:912: in _response return signed_instance_factory(response, self.sec, sign_class) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==HWCrhqlWr1b6v17kwu/JO6pmtNDA0VJbAg+ITdWjW14EJo4airdwNwtBZUjweZSL\ngt72DtPlanGYMaZGgp2hh3QFHWKSZd1TB3ofzqnnEwE+/HJHQorBWanBN1cCPwLh\nDj2Ktm6aTrH4WRej1HK0G8TflH4ziD+6sRO7WzfUFtA=u6t/ifaboY72NwIim27+OXeM2/ZYXsgTYcoZxNZ3/dM50IttrZ3+1Z8KzIhH5+oj\n4gHUcfSaebKzuW9At8hjpGw+dwlSfD2+PMP5VaVIARfmt+F34PH8Zs50zIiRS7VE\nzVy0V3uJxC7mH8o5OPd3+WlmgrIImo7KIl3phWGBHDG01TrUPaxsxuiITI1A89SN\nBzssPM0vhFTtEHn+PJelzdSzvXnhbXQ3/OYnFe15YNqYxBFoB1qxCS8gK8BgYtU9\nPeYXpYqtp0rmwLU4y1xtXKnMQKi1gZbOf6y9ABtpe/p28r4QqJPAzMN0tgUWLMmR\nGXUu4lzQC4oNm7QRy05phk8Ry/bg5SbPhgoGE6Q56gEe5QusSxBBYQHSozm41v1l\nTds2+l919xHWsaNnbKdO76/YdFsVfe3UM1uH1LVLN3Q44fdD6YoNs7w1KbL8yyOp\nUT+7uVU/IB2u7cIx9pEugHc+pfVTTZB6eHX7omHURVNA8bs97VTHaPuFAH1LbE/n\nR5u6RgUZSnK4mc6a+uIcbFDcZUMwlkb8g4CtxJ4nIiP/FkMz0JwDxJtvoyX1w4sO\nY5iCQhQJv/p3ZJY/DQPUPmH2ujUXE7cDiTxcNrAFvCY9JkH/Td7G3TEczcDgEFX6\nJDF53qOOonPM+cn+MW6AgZTVAswyaolGAwPGW/8PZN3HUUGIC4yQUEmw8L5e5NkY\nDOOmaJ7VyUzuX6WO/whaaufkAbzepwdHXSyz8w6ggLxZOvn/UyykAv6mxuCJejBm\nfJQg9GJeK6dldqpEzllrTds49jX1r8Ow9IJEBpnuU1FPNaslZGcVdqukHYHYCmRq\nXd7ZBNeARNiuVTbOX8RQVOTVVh6Yr2X6IKalxxTRcxebEqt0nBxbIZuPdHs9qTXJ\nRYlXqkFCTzOFZU76UtIWty/OXek5nkxvzTwC0OjevHvd/UaT3hs43FXg0kDwkcTn\n5krnPBRFZ/lJCyepV3fRutw7fNlO4EKnboXWvuixDx1swZ36G587H2zEQ2ZNjFxj\nanigiuf4bqLLmfFTGeTX2VMMEvShS5kG0aGCMurS95q27QcMLHStnzUpxhNjZm3z\noMF0Q1XwZ1r9I3tiXCJPuvcpxkTCFpxKfMyvSCJlkPSBCZIIR4OdEw+TlT48kPKK\nvZ2T9f/Ls+P01q+1Cn1CCxmAHGitFwwugvV9ctZJTcuf2JP1RfI7xORV92qH54xq\nb5htM3Tq52ovXW1fhO3xHWzfe8jixuIPri+E32ylaOj68SLyH5q9PKdq/fv3TbSk\n4mKtlG9Ov8fhmI2KWsMW4f38lWQbweQn617nWqiuRW3ZUkB7bAMeZzXw0frsQFB8\nGzlEi/35dEtvZMOd7OcsnuhkJgN6AELiJUmaHH3oUz4SVzVRVJAjo9J8Bs5ZMJzM\n1XgTDt69mC0L5EB68WQKUxtK5L8e5sL1NK9YULafcdAUCv/lEvOzJ/SbQegt9OVr\nHtZPNSxji4rNrKbWHQy9V5/z73ewA3XW0T4TJAHdIY0cXbr50pnkbpznkvBhhEZr\nfq0M7bPtfkide5Q2rk0Cckqegl8jamUnBXCCn0vyeFxpAmXcGKv6/MKB4Fx2dw40\nNu4rcg+bZ1xlS1GZNaQ8mxNOZkj0nfU5cb4KLiIoN16UJq6krZmpCdf7BUYeda0p\nDVFulWX1GpMTumL1rCo1rDjHQdgHGhXGS2tPwFEZF9Eisc10lREQ16aOi0gowfPN\nn9/fB0nNtE21d9ImnmM/oBP171gUPqOxXy8a2IfahJKoK5A5ZPYzWRQKusWnnKmQ\nJ41ZuQP6UfVV5wR1ff4VpqAsOsB6rQ5p+wyPkplZFJoxiSP1uy+B7yNzHNtxFcz8\n6WDtDNlvFcCboKLnW3upPtB5EjFBOnEXpYj2FP7gkE3fAfqSM2KyVD7HujHHe1ny\nykvYNfqeGLKLVpfPXmVN1sOtozc4jnxf/zMVjXjUQSz4L4bNOGvefKY9FcGTJcXD\nm+koSgaybwbWHmymCiVynZBsjz6AdKUi7ziVkHHSZ95f/NKEF6O3bkkOqSRpRSqv\n8jIpbBnWuWyPiyWs2Nyo9ko3q69pd8PH6pqtSAgt4rqb9pdCEPHDWjaq+vFRoZiV\nvu/fRb99pWmmrkyOkTmN3ol+1KMdBar7ZWyLAaw3fuMMd7DoDamDoxmU7OK6ktq0\n4w8JBeKgKb54+xknrUoIfNpDJ55xIRtzOOQjFMBx9gz+QSnuTF+KxbBVI5BfsEsS\nsSARtvmL/B748b7lLQNfm2ONakQ1zBBJaWb8rhrXriqz3LUypCrrVvjt0a0vMHpC\n2FwraZ6YQ30pmWKy8Szn+nK0fUJPEMPT3y6cSjl4oVxcF3JX6KqLVDhzWjVVuc5+\nuyNO68I9L6n3J4arfjKY4V0/ieUJ3TCK/1tdKpUxFWrIk/tG6wWc+Ta4oRQmSNE7\n46+YF6nyVgR74D0NL1DUxDw3ejw6WZOML0MSJhQ8kMGePhEa2sttCk8U8ACnTR34\nAQSWy6vQNoZM51A6OJduYgtoqvvcwc3n21enHUK/MGVPURNXKOtClVauiUYYm9PD\n3XtBjI6jw7ZNzcCQErSgj6753hkFsagD2O8N8GX/zNkvVA3crhOv3GVcNSBtb/kz\nv2POMVchH/2crNyrkxUaFDde7PyUA82fc3zZnjEiU4HkSKCwJnba9nTEjy8SRbpI\nEhalF4o8/wDLaSH3AxhsFpCCo3/h4413og1NxSF3CUXhkdOtIgrjp4nUX0XIdteo\naIfmRAkK6smsAy0QmLTsDi28mWuBv1WYN4X/yHlTSlKZlGvr8el/iIXFcnqgmBaT\nPDCUNQzVTgR7x34+pPjTpAsEhjFTK6WrtCaUCFW3lyb97XUf39cVGjYnUkw9dmOP\nZfvBWd8IgvhUho2FNaize8ugHVNt9/gDj2uoKkHJv/qhxHFXOj1eYA==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-19wqWrw8Hm4HOyCHc' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-19wqWrw8Hm4HOyCHc', '--output', '/tmp/tmpf8i7kpoi.xml', '/tmp/tmpvkl3rvx3.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpvkl3rvx3.xml" output= _________________ TestServer1.test_encrypted_signed_response_3 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-x86fPbzbamU6SwQtV' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp9ng735nf.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp9ng735nf.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_3(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=False, encrypt_cert_assertion=cert_str, ) tests/test_50_server.py:650: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-x86fPbzbamU6SwQtV' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-x86fPbzbamU6SwQtV', '--output', '/tmp/tmpjq1ph3ho.xml', '/tmp/tmp9ng735nf.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp9ng735nf.xml" output= _________________ TestServer1.test_encrypted_signed_response_4 _________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODQ4WhcNMzQxMTEzMTYzODQ4WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAu6cVowpQ7etc8s3iXriF8B86aVDAxn8laFBM9EtC3KOEyzcvJ/ZnBpHV\nhIL03Fc1iPUJJsLjNj7S3cf03kdnU90G368j5g1P6gaRuLkhqoYpdjry8403EhKP\nKb5HB/1czYPRVC5ZIx8nhLdNIs2BQGpviq3RWXpuh5JJO1d7KKxdPFQxBRwdk6S5\nT9w8KRtKnNEyAJUkJKOshfa+rTdQH/cix2srxoTsGW3NAJbVrb4vO/ZiBfr13jsS\nmxSftyvM4DjHOVnRRbqHfJ1u53zVKCX/daOROFJQ4TEEQx3/BqAZdHrUVgaAhwuT\nQ4siN3X9eKcavE6Pxr91ULJnd+Qv2QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFEx\n9M5s1y05uYUYRVtViUOTe97J/wp0ng+RdXqT6fM/g68fpNsw0dqE4uhK3Y+G75Br\nlIp7asCvao+GlBMceYP3lnAlZxqhlE9GPzIYfyjgivKnviQpVXgxO+heCbV1Maga\n8jTDEZ4n43VibFC5Ehfm7o92I5h8hvowIRy+Pvi9hd8y8OQ95rrUyDgrqHudFr9gZFsBeaeYW8w/sF6M7JfvU93rwvnGZPFB+aqztcb2\nfEWxsL65DqucJmbckTvlL3HbyNaCwRE3sChYjW1jlospJe2KIKO8ktL8FDErBpHd\nqFH0dnD2Q82ApKaNHqPpiROR0hj0z5k5JXplWgl9/iG1fMFYw4+po2G+Eu8lZd4F\nawB+vziU/yXyHy59LpxtY4gFgUqnPTKX80IWhpjapKyjKZZfVDMHJaeOXqd7AeUa\nF2rcHd75h75fnDWh0YqLMMvj0lAI/s06KHVNZVih/jxzppLvPki2QdHPAdZeO/O0\nNpfsjJQaRX1QFE6tr7v9/Q==QHe6LOOjjCK0wBP8k8aO+j99XeRJ2pdfobojw56hwf9HquyVH4h/v/GrjIfGSlIC\nyjT8l19aLduNiRFBZAADFDyFhCMkWwRXOAldaRrO6eXGcpduvTu44qRFyDAPzTwa\n+bKyeK8/TkZZdca+M6E8vJ3IshExFeixioTWNdva4fdjXJ946leZLP225dKT8M+S\njaifFnbatbzzvGgIZrganwaTUBBVxP52NJ1rkvOysMJbw0SfE9irL6SY5ve5Sr+2\nNcO2l+3U+f4QMOHypAzKqoUHPXQ38q/v394la1lKUOSUAU1SPKVBIvvyNdRfp2Kf\nEiBNw71h6mGHleDShpFpCYUr8XW7euQtudDXIH1v09/YhS0bVLyOsh+hua23t+QR\ncRkqEvVg9HDQQRVA1hvHp1yBHsgDzZO/DObkgEPFlbmfLluUyM32cDvka+u9hoE6\np3JLTWOKiVYRmcwJbRXcWsc2x6UPsihA8jwC01AuDRcTH/J5pgMg+ee6oHxUZN/h\n4Yo5d3f94Bt/Sq+h2xrMdFac7o8gpGnnTtdWYuOiXGhJmvOhSgKpMkbYUB2lLlKa\n5cdLGOsiv75kB9lunfb/T/y2gOhSIpYNxuwNipgiDW7ksKCAJ73iZOB8D/kGbMkV\nGeYEKNGa3EYKSR51YkFGslQUCD9c7DoLSC2iIcqypzg31LuAyf0NPgsgC42LgU8a\nFC0dHLxx+EPDR0Hjtd9qq9fggQw3WgjaeKRn6tF8Iw54aN7gwKrO5EpN073PL0JV\nAkb+sROSXQ7I3nXFbvicCoAvDtdLMzj9EEL7TBY/E6fDvfn/xwTbxfLxsKORBPC8\n7y9prIDlAOCkBRFo3d+m945yJ+UK7XD3kMV8fF070kmBY7DrgZW4/5DIS1mh96Gx\nbBannDF88d1aND8BhnM3myFGYrKzWNDjVsv20fhvZngNBmqJo4t0QNBzR1/TRY12\nkBmVsC4Nz46VXaks8YKqAaBJ3TUl9S1YmnmD4XYB8z3nKjG3VOOYNt6qUOzVo2eD\nIp9zfK5bjnTl2IJg2gRref3PjRfnrC4qTwBlSu35jUaMk+Y5dFgCnGsBeiKYDg/k\nuWXlufnN26iEl8CsGE9JQtvFFEpDhb4+aQqRcMT7mAuTQ5fNeQeyOznrCg7KtpMZ\nMYsinyLA0pBRQM3B+onjiQD65b7Kca1+TSS2Tq2Ozz3O75uM3xCO7+c6jkiDDMHj\n3O/Asqi2wNJr5d5Ekh0wcQYW8O5wN2VMNGvvgsGMEluSCPQptSqrLgWq1iUn8zDm\nM3ukYoYe6ODT0WR4wF1gJ+Zvej/DmAFsL/viLD4QvVoaBErbEO3cTzWRm0asZP8a\niFJ4cr3TuTnU408Se0BrCFkxHzigPwDDWz6w/Fz/3QgFgcdFSxvJS72tJIiUP2Hc\nQDGbF18PgFuGyDUV3PSECrnVBF24W3SzIOCeJTZKtOwxEeB8fp7HOO7zjbjl97nu\nyl4f/ryMrCAX5ZAkwH0OyDYn2zIkCHHYnA68pfVSDlr6ulH+rRNBlyW1moPKs3P9\nGHZ6cVvKObCHkPNWv4n6qh6Qnbf3paDHD8kml8a1UW63OLVYbYCXZE84yLp2ALPG\nLbLgSNH/GaJKhopgvBRWsIh7KN3lrZ8dNBc+jKMg38nCYvirLc+YgOTFxHji1NCz\nL5BV7rdXeOrmSRxPBXLYIlI4JlGBzQDH5ZHSijHNQhBZt6inKSdCmwqJ8rzcS1a+\npN2FGdT9CrWn0oOa/yq88ojxiHqTeitf+pj98ZyBIlFPhnwxughJrv6ruvpsI1A9\n4lYOFR/6+PaUNLuY71neMUiZSu9Vr+hizFB2aRKzAuHmG4qIVf/1dBS5ZQygc9G6\ng2aI9lpTaNF4Cw5pRa2MRLWPnZqKVoTq4jJ7akMwFwRub7mSj5IC9HoeaVmMNIE2\n8BWEa8PqfWupDuYBQqVjv/cOp5OefNPpr7uCas57SFy/FPbHEjeK1Fe4DAwVKBz5\nO3d6oJLr9zwLVfB7Not66/eQ3EXWh6aUGtwW/dV+THqJ4/r9dosDBiYvBnnPXaZr\n05oyJz51b+V7c9BClw4Frjl/d3Atc1A9XrbdooYHDbSWwXh2pKUz3TlQkakUJ3lb\n6A3zKkJ6cyzCuAV8LfOiaMogyYWprthY8zJxr26l0Ijke/9L1F2DH8EBgBkV6aNF\ny2Ws3iB6aKKLjlOZspBW5bmSzvrmpIngWWoZHwFzawvmjAdk3xCICMJbm1OSNA4E\niuG76XyiHGDWBjtNQ9oOLILm+PgrLD9jPRqJ1kupEeUbYQg/5cfOEDj6vfT1GwxE\n7GmXDiuBkxAyg8FOftZc9rUMXMe/cSMpxiUTI+sAsYM7ElGGAIXR5mQiAeR4KDMD\nqCqV1RNE7yHBa/Wi1CznmdoyMKavs3VbZ8sz22Cu6tLAlydcD+1n6Q==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Kq3ELpp4X8sQncDhS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpp3oa_9zf.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpp3oa_9zf.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_4(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:697: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5385379cdd3d229bdea535dbcc1a76a3e09228f05ec0ffed6a7c7a8761929387urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODQ4WhcNMzQxMTEzMTYzODQ4WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAu6cVowpQ7etc8s3iXriF8B86aVDAxn8laFBM9EtC3KOEyzcvJ/ZnBpHV\nhIL03Fc1iPUJJsLjNj7S3cf03kdnU90G368j5g1P6gaRuLkhqoYpdjry8403EhKP\nKb5HB/1czYPRVC5ZIx8nhLdNIs2BQGpviq3RWXpuh5JJO1d7KKxdPFQxBRwdk6S5\nT9w8KRtKnNEyAJUkJKOshfa+rTdQH/cix2srxoTsGW3NAJbVrb4vO/ZiBfr13jsS\nmxSftyvM4DjHOVnRRbqHfJ1u53zVKCX/daOROFJQ4TEEQx3/BqAZdHrUVgaAhwuT\nQ4siN3X9eKcavE6Pxr91ULJnd+Qv2QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFEx\n9M5s1y05uYUYRVtViUOTe97J/wp0ng+RdXqT6fM/g68fpNsw0dqE4uhK3Y+G75Br\nlIp7asCvao+GlBMceYP3lnAlZxqhlE9GPzIYfyjgivKnviQpVXgxO+heCbV1Maga\n8jTDEZ4n43VibFC5Ehfm7o92I5h8hvowIRy+Pvi9hd8y8OQ95rrUyDgrqHudFr9gZFsBeaeYW8w/sF6M7JfvU93rwvnGZPFB+aqztcb2\nfEWxsL65DqucJmbckTvlL3HbyNaCwRE3sChYjW1jlospJe2KIKO8ktL8FDErBpHd\nqFH0dnD2Q82ApKaNHqPpiROR0hj0z5k5JXplWgl9/iG1fMFYw4+po2G+Eu8lZd4F\nawB+vziU/yXyHy59LpxtY4gFgUqnPTKX80IWhpjapKyjKZZfVDMHJaeOXqd7AeUa\nF2rcHd75h75fnDWh0YqLMMvj0lAI/s06KHVNZVih/jxzppLvPki2QdHPAdZeO/O0\nNpfsjJQaRX1QFE6tr7v9/Q==QHe6LOOjjCK0wBP8k8aO+j99XeRJ2pdfobojw56hwf9HquyVH4h/v/GrjIfGSlIC\nyjT8l19aLduNiRFBZAADFDyFhCMkWwRXOAldaRrO6eXGcpduvTu44qRFyDAPzTwa\n+bKyeK8/TkZZdca+M6E8vJ3IshExFeixioTWNdva4fdjXJ946leZLP225dKT8M+S\njaifFnbatbzzvGgIZrganwaTUBBVxP52NJ1rkvOysMJbw0SfE9irL6SY5ve5Sr+2\nNcO2l+3U+f4QMOHypAzKqoUHPXQ38q/v394la1lKUOSUAU1SPKVBIvvyNdRfp2Kf\nEiBNw71h6mGHleDShpFpCYUr8XW7euQtudDXIH1v09/YhS0bVLyOsh+hua23t+QR\ncRkqEvVg9HDQQRVA1hvHp1yBHsgDzZO/DObkgEPFlbmfLluUyM32cDvka+u9hoE6\np3JLTWOKiVYRmcwJbRXcWsc2x6UPsihA8jwC01AuDRcTH/J5pgMg+ee6oHxUZN/h\n4Yo5d3f94Bt/Sq+h2xrMdFac7o8gpGnnTtdWYuOiXGhJmvOhSgKpMkbYUB2lLlKa\n5cdLGOsiv75kB9lunfb/T/y2gOhSIpYNxuwNipgiDW7ksKCAJ73iZOB8D/kGbMkV\nGeYEKNGa3EYKSR51YkFGslQUCD9c7DoLSC2iIcqypzg31LuAyf0NPgsgC42LgU8a\nFC0dHLxx+EPDR0Hjtd9qq9fggQw3WgjaeKRn6tF8Iw54aN7gwKrO5EpN073PL0JV\nAkb+sROSXQ7I3nXFbvicCoAvDtdLMzj9EEL7TBY/E6fDvfn/xwTbxfLxsKORBPC8\n7y9prIDlAOCkBRFo3d+m945yJ+UK7XD3kMV8fF070kmBY7DrgZW4/5DIS1mh96Gx\nbBannDF88d1aND8BhnM3myFGYrKzWNDjVsv20fhvZngNBmqJo4t0QNBzR1/TRY12\nkBmVsC4Nz46VXaks8YKqAaBJ3TUl9S1YmnmD4XYB8z3nKjG3VOOYNt6qUOzVo2eD\nIp9zfK5bjnTl2IJg2gRref3PjRfnrC4qTwBlSu35jUaMk+Y5dFgCnGsBeiKYDg/k\nuWXlufnN26iEl8CsGE9JQtvFFEpDhb4+aQqRcMT7mAuTQ5fNeQeyOznrCg7KtpMZ\nMYsinyLA0pBRQM3B+onjiQD65b7Kca1+TSS2Tq2Ozz3O75uM3xCO7+c6jkiDDMHj\n3O/Asqi2wNJr5d5Ekh0wcQYW8O5wN2VMNGvvgsGMEluSCPQptSqrLgWq1iUn8zDm\nM3ukYoYe6ODT0WR4wF1gJ+Zvej/DmAFsL/viLD4QvVoaBErbEO3cTzWRm0asZP8a\niFJ4cr3TuTnU408Se0BrCFkxHzigPwDDWz6w/Fz/3QgFgcdFSxvJS72tJIiUP2Hc\nQDGbF18PgFuGyDUV3PSECrnVBF24W3SzIOCeJTZKtOwxEeB8fp7HOO7zjbjl97nu\nyl4f/ryMrCAX5ZAkwH0OyDYn2zIkCHHYnA68pfVSDlr6ulH+rRNBlyW1moPKs3P9\nGHZ6cVvKObCHkPNWv4n6qh6Qnbf3paDHD8kml8a1UW63OLVYbYCXZE84yLp2ALPG\nLbLgSNH/GaJKhopgvBRWsIh7KN3lrZ8dNBc+jKMg38nCYvirLc+YgOTFxHji1NCz\nL5BV7rdXeOrmSRxPBXLYIlI4JlGBzQDH5ZHSijHNQhBZt6inKSdCmwqJ8rzcS1a+\npN2FGdT9CrWn0oOa/yq88ojxiHqTeitf+pj98ZyBIlFPhnwxughJrv6ruvpsI1A9\n4lYOFR/6+PaUNLuY71neMUiZSu9Vr+hizFB2aRKzAuHmG4qIVf/1dBS5ZQygc9G6\ng2aI9lpTaNF4Cw5pRa2MRLWPnZqKVoTq4jJ7akMwFwRub7mSj5IC9HoeaVmMNIE2\n8BWEa8PqfWupDuYBQqVjv/cOp5OefNPpr7uCas57SFy/FPbHEjeK1Fe4DAwVKBz5\nO3d6oJLr9zwLVfB7Not66/eQ3EXWh6aUGtwW/dV+THqJ4/r9dosDBiYvBnnPXaZr\n05oyJz51b+V7c9BClw4Frjl/d3Atc1A9XrbdooYHDbSWwXh2pKUz3TlQkakUJ3lb\n6A3zKkJ6cyzCuAV8LfOiaMogyYWprthY8zJxr26l0Ijke/9L1F2DH8EBgBkV6aNF\ny2Ws3iB6aKKLjlOZspBW5bmSzvrmpIngWWoZHwFzawvmjAdk3xCICMJbm1OSNA4E\niuG76XyiHGDWBjtNQ9oOLILm+PgrLD9jPRqJ1kupEeUbYQg/5cfOEDj6vfT1GwxE\n7GmXDiuBkxAyg8FOftZc9rUMXMe/cSMpxiUTI+sAsYM7ElGGAIXR5mQiAeR4KDMD\nqCqV1RNE7yHBa/Wi1CznmdoyMKavs3VbZ8sz22Cu6tLAlydcD+1n6Q==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Kq3ELpp4X8sQncDhS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Kq3ELpp4X8sQncDhS', '--output', '/tmp/tmp9se_8zqe.xml', '/tmp/tmpp3oa_9zf.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpp3oa_9zf.xml" output= _________________ TestServer1NonAsciiAva.test_signed_response __________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=652df1c8f5b2e07747d812052572582aec3f9a8c7ba845da266375932fb4468curn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wt3WGSV2iCNbJlPfc' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpsk9_uoqq.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpsk9_uoqq.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_50_server.py:1517: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=652df1c8f5b2e07747d812052572582aec3f9a8c7ba845da266375932fb4468curn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wt3WGSV2iCNbJlPfc' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wt3WGSV2iCNbJlPfc', '--output', '/tmp/tmpm11tmse6.xml', '/tmp/tmpsk9_uoqq.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpsk9_uoqq.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_1 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=ca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-bk79g6srGGwPM0Nlb' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp3h0ajp_z.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp3h0ajp_z.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_50_server.py:1540: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=ca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-bk79g6srGGwPM0Nlb' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-bk79g6srGGwPM0Nlb', '--output', '/tmp/tmpqexvlxr5.xml', '/tmp/tmp3h0ajp_z.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp3h0ajp_z.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_2 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-klXrOOpjfV9AQkuPv' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpj_qq24tx.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpj_qq24tx.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_2(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, ) tests/test_50_server.py:1571: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-klXrOOpjfV9AQkuPv' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-klXrOOpjfV9AQkuPv', '--output', '/tmp/tmpwjxgp7b4.xml', '/tmp/tmpj_qq24tx.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpj_qq24tx.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_3 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=ca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-pGhVt3oZFwfR8gPj4' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpr7kxf0kn.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpr7kxf0kn.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_3(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=True, ) tests/test_50_server.py:1595: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=ca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-pGhVt3oZFwfR8gPj4' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-pGhVt3oZFwfR8gPj4', '--output', '/tmp/tmpf_jox0fz.xml', '/tmp/tmpr7kxf0kn.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpr7kxf0kn.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_1 ____________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=ca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODUwWhcNMzQxMTEzMTYzODUwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA0NWBWR4T4h8f6khJRTpUGa9kc6GCHCIqU+sgPFDi/l9S/UsMgmYbvc9b\nXHkdjL4X5Oqx/WlybaPr2vCUapfrRAFRqdFepwM5K0WbR3OXwDop79i7OYjDJGtm\nVDs+2jEXQG5bAprwc0rUXxBlid5OPtJvUbRAJMNEQH/CIAW84p1GjBQnuPOqGbkK\nyzEOXVyxG032NG1m8rwfiQ6BIaR4Vj7BF8M+9iVA58LL31uCtH2JAOKFHGyqZvO6\nINfmAHCp61cmiICt+9jXJK6KOWzDsSk9UTH1csjKDs6Ysguk8UClCculO7kwU9sR\ny/7/NtRGEKNnMtfltGv/+AW9gukCFwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJLx\nNbUmn9C8txwhIjsV1qcqATPjl8P0hn2aq8gQZZCZkJbm9cmAEo4ZfxMtaA6qeIz6\nWoMd8JIyMqeXI3KTWQkWZCdSKFjCH5YR5G+R2UMTv9BtKgDc5wy+AuT/MJGG5f9+\nxCstoEGKslEYCwMraxmZ+i+/Rp1nSWWCthqR6NEPl83e/ycSY0X6NBJv0NwoWELcMm3yrd8wfLbcYbQs0DliAFQZhi/4o/WjZRIO5ne4\nph3SXByjm65Hu9RofQ4Rj2+FBPQT/M5aT0TtOCzmyFzEKfKvib4d4vCZVtTeM2ar\nzsLRgCsA451UngqBvbvzbYaboZQDKDvYcLnyhSWzlqsi/bu+6ZeIVkJPu47NqCVG\nnTflShPxpS7vk/ay+0eHPwEBir2tmBXrbGMDiHKB7+w4QtZhHYSmz1C5TjJXjKYO\nABuutFbvsaowA8UJGqK1mEY8sYl80POPq7ZTCO1khOaz/W+YMw8sTdYOVhxiiTPq\nGpv2zdAPrR7OQnSM9LZYyw==ncgLiRjJ5hhak7I5cf/v6UrkxBogcCZRYPNmW9FDhhlbI9MQM7dS7/ewfX4ATYeS\n5e/zXTyi0gZtCYLyL0AdrpyIMnybuGoig/kuZV96+461ExwP8IjQj5OORlgAiWwU\nDupBUjlkghw9T8C4kh6nHyFrbACtehz4tWp1BvUeYGoNnAvwk4HpDszH9Yzo2GT6\ni6zM1+hiwp75akMH5bVb4vnG6aPdVgz0DdS22C3obI6nQqymOeIvC5yjHTNnJAqN\nySk5g6cdP6ul2Sl/1FIeVhE5YXsvBkZLTOp2Yblcj0bc91bPEIWZZyZKqpB2Q5lo\na2W3eTVjy5U/Y8PA9p9cPkKpgWRYpR4Fez9xxRRidB8cGBSCaYrQWWfEhw6agzRO\nTB4AWt9bvGhVyd18PBWMPUWqbSbZ5u//oLbXUTS6y9JTBme5M3AXZnIxjsmKqC67\n1L4XrT+Fq1M+0MLqmtwQONEHAR1S/IKKlZ7HwbzZ/D7D9noFVIYQUCmdIRacddGi\n5pYg1FYQkYO6JJsFjVUTmOfEi/owZAbEN/jt5uwPeaNWIkge+YljmD9vbw6cbup1\nuN3YfrfeUJi7x746ic+4yu6BTDKcJynbsjPmaHwghQ2rOJXpEj+cIEueamLdQ1wB\nAChHF/UAIDZ+OW5FN5LPsfuDWKX7VeG0JGRhm2S+feLPMoL5rQbXbkMmDdQN/Hqa\nISUhtJTiGPmkZcgIkgIRQLcjMUXAtjLWo15s0Yqm4s6h3fjxP4dfCqz5jYCuSuo1\nyC67lYFADCmglou70U550I/kuUCvV0Wp2kiQTIsB+0HReNo2U+n6/zSqacrnSNGi\nlJlBGrTm0J0vZfXvKMefWcC+kgR9Vfpl5XIwP48Agrwihl/MpnLnQtt9XqQKpUzB\nps+Q3rxPVsS/UlFBt45AiYK/ipE7VugCNBnGOtPilvW9QESllDWOXBVsafIgneo1\nNApCs007V0HZntJT8wH+2y3Bx8IQaCM2iBr+NLOOZ7ztUUk0Hlt8z0HCz7HRvE7Q\nxfYp45uOr4dYLL2LuMlGApMXmcVA5M/DGVBAXzSYdMRV6hY1bIwpQluBpE+NJ4AK\np0LXkC/ei0lWgq5cNCIZ1a74+Y/Ge9OAImntKsNeJh7f7YBb51bwEMBrcFsnewRX\nXH/hMdMI/gNCPmVwMCE/XuVYwbbXyDNpAvsAkMmyeJHfx3qIssdA5yuztbKieVkR\nxDxsYzdsJ9EjlMuv2JeuTn/Xie4wjqUG5y+XeyD30a6jaEckfnIiLmvCz1/uD+Ag\na2tpwATLOfLWqb23JHXF5f/RaZcKTwJuB4YYOrdmSyfRU3D1LlHbIRoj+tzzAk7c\naL0tQiWRlJBRQ5VmBQ5plAuSN4Ma2YE3XJ/rLk/5uqzQLaggh613xS82zVLqhRC0\nB9iGyEHOq4rL1tOktrPHgCkshMOHnBHcvytGk8JGuQRwjHSH51CLsG8H/rObt4NQ\nYIJhPLkAlVjSPynjAKbK5bQLQ8ZM74ZIVc5a+k1wfqjUlNvzu0i0YvOko5hJjQbn\nGcu/xvJJsMzqXD0ma5FioGUB94Cc8lhnDJFikTHrOg6LH2unYVqKrSccbmd8uIpw\n5vrCUNS9AaS3S54G3vDp5mmAh0ULqmx+ToFTjmmI+GjEYzLoQLLlXFS3JHCHjyJq\nY1c9VBJsoKwBrFerSujZ2ze1asffjTrtsTpdnma5ZDnDh0HJa/X3Wrf2C8EPQ4HV\nIgRZma1VbLmSp3y3mip5wVietfNecAwSTnI+8AR14MXUdNu5Z3sekM8cDw6dikUd\nIVYfF4uSkrmAfvY8iikNLTgX5p7cwX/ESoR7iKt5bbIjcW4kMgFGS9a5y2ss5tjX\nzG++0HHZm5sOX5+e2RRi9VDzcyOawtIlOb1DKryJ54LpxL3pdFjaNqYr/WtBn/qR\nbJWhon7cNSnWyDHqVe2X0Jmd63nMdMD6Ig/fCGuDOd2IcoG+6ztKkE4uVBI1+lbj\nfCNQtISIb7tMmGryVVmpRbvbBo4r1RPx19Sgd/HP5gHy7O7vrQDi6vi5umDZ0NHe\nVTIbfCN/MUW4jIg6E26OrX2DVvgHlaDnHbqkbnZbjeWoioMpnsvayRRCbJ1uIuqT\niOrI84ocPwrFLTBQJgthyeu9FGZfR1y9o3wEeOz2c94RFPZnzqp9K/zE68w2Phb6\nad34JPx8sA3p/e5tce/ohfHpeaQ+J5aA/E6v5mmE2ufUOnOFTJ0cBs8UbZ40I2QS\ncclM0/zBKF09Axr+dY2bFbehyyTrSQ99BgQYrsSED0yC6Z9e6Txjw+pLmWZzx9Qq\nLoKrNlWmz2y0CFnZMb4mWMtLxi2OiutVsVD2XGe6hVCuCp7/3mHrcXsnhiojNHKo\nq+GdYyskTYGXD7nm6RmudD4jdVluTDvxroySOifRaFZo0xbSR5mfCg==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Nol8Jgr9i2PUBNppW' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp74924_mg.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp74924_mg.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_1(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:1623: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=ca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODUwWhcNMzQxMTEzMTYzODUwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA0NWBWR4T4h8f6khJRTpUGa9kc6GCHCIqU+sgPFDi/l9S/UsMgmYbvc9b\nXHkdjL4X5Oqx/WlybaPr2vCUapfrRAFRqdFepwM5K0WbR3OXwDop79i7OYjDJGtm\nVDs+2jEXQG5bAprwc0rUXxBlid5OPtJvUbRAJMNEQH/CIAW84p1GjBQnuPOqGbkK\nyzEOXVyxG032NG1m8rwfiQ6BIaR4Vj7BF8M+9iVA58LL31uCtH2JAOKFHGyqZvO6\nINfmAHCp61cmiICt+9jXJK6KOWzDsSk9UTH1csjKDs6Ysguk8UClCculO7kwU9sR\ny/7/NtRGEKNnMtfltGv/+AW9gukCFwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJLx\nNbUmn9C8txwhIjsV1qcqATPjl8P0hn2aq8gQZZCZkJbm9cmAEo4ZfxMtaA6qeIz6\nWoMd8JIyMqeXI3KTWQkWZCdSKFjCH5YR5G+R2UMTv9BtKgDc5wy+AuT/MJGG5f9+\nxCstoEGKslEYCwMraxmZ+i+/Rp1nSWWCthqR6NEPl83e/ycSY0X6NBJv0NwoWELcMm3yrd8wfLbcYbQs0DliAFQZhi/4o/WjZRIO5ne4\nph3SXByjm65Hu9RofQ4Rj2+FBPQT/M5aT0TtOCzmyFzEKfKvib4d4vCZVtTeM2ar\nzsLRgCsA451UngqBvbvzbYaboZQDKDvYcLnyhSWzlqsi/bu+6ZeIVkJPu47NqCVG\nnTflShPxpS7vk/ay+0eHPwEBir2tmBXrbGMDiHKB7+w4QtZhHYSmz1C5TjJXjKYO\nABuutFbvsaowA8UJGqK1mEY8sYl80POPq7ZTCO1khOaz/W+YMw8sTdYOVhxiiTPq\nGpv2zdAPrR7OQnSM9LZYyw==ncgLiRjJ5hhak7I5cf/v6UrkxBogcCZRYPNmW9FDhhlbI9MQM7dS7/ewfX4ATYeS\n5e/zXTyi0gZtCYLyL0AdrpyIMnybuGoig/kuZV96+461ExwP8IjQj5OORlgAiWwU\nDupBUjlkghw9T8C4kh6nHyFrbACtehz4tWp1BvUeYGoNnAvwk4HpDszH9Yzo2GT6\ni6zM1+hiwp75akMH5bVb4vnG6aPdVgz0DdS22C3obI6nQqymOeIvC5yjHTNnJAqN\nySk5g6cdP6ul2Sl/1FIeVhE5YXsvBkZLTOp2Yblcj0bc91bPEIWZZyZKqpB2Q5lo\na2W3eTVjy5U/Y8PA9p9cPkKpgWRYpR4Fez9xxRRidB8cGBSCaYrQWWfEhw6agzRO\nTB4AWt9bvGhVyd18PBWMPUWqbSbZ5u//oLbXUTS6y9JTBme5M3AXZnIxjsmKqC67\n1L4XrT+Fq1M+0MLqmtwQONEHAR1S/IKKlZ7HwbzZ/D7D9noFVIYQUCmdIRacddGi\n5pYg1FYQkYO6JJsFjVUTmOfEi/owZAbEN/jt5uwPeaNWIkge+YljmD9vbw6cbup1\nuN3YfrfeUJi7x746ic+4yu6BTDKcJynbsjPmaHwghQ2rOJXpEj+cIEueamLdQ1wB\nAChHF/UAIDZ+OW5FN5LPsfuDWKX7VeG0JGRhm2S+feLPMoL5rQbXbkMmDdQN/Hqa\nISUhtJTiGPmkZcgIkgIRQLcjMUXAtjLWo15s0Yqm4s6h3fjxP4dfCqz5jYCuSuo1\nyC67lYFADCmglou70U550I/kuUCvV0Wp2kiQTIsB+0HReNo2U+n6/zSqacrnSNGi\nlJlBGrTm0J0vZfXvKMefWcC+kgR9Vfpl5XIwP48Agrwihl/MpnLnQtt9XqQKpUzB\nps+Q3rxPVsS/UlFBt45AiYK/ipE7VugCNBnGOtPilvW9QESllDWOXBVsafIgneo1\nNApCs007V0HZntJT8wH+2y3Bx8IQaCM2iBr+NLOOZ7ztUUk0Hlt8z0HCz7HRvE7Q\nxfYp45uOr4dYLL2LuMlGApMXmcVA5M/DGVBAXzSYdMRV6hY1bIwpQluBpE+NJ4AK\np0LXkC/ei0lWgq5cNCIZ1a74+Y/Ge9OAImntKsNeJh7f7YBb51bwEMBrcFsnewRX\nXH/hMdMI/gNCPmVwMCE/XuVYwbbXyDNpAvsAkMmyeJHfx3qIssdA5yuztbKieVkR\nxDxsYzdsJ9EjlMuv2JeuTn/Xie4wjqUG5y+XeyD30a6jaEckfnIiLmvCz1/uD+Ag\na2tpwATLOfLWqb23JHXF5f/RaZcKTwJuB4YYOrdmSyfRU3D1LlHbIRoj+tzzAk7c\naL0tQiWRlJBRQ5VmBQ5plAuSN4Ma2YE3XJ/rLk/5uqzQLaggh613xS82zVLqhRC0\nB9iGyEHOq4rL1tOktrPHgCkshMOHnBHcvytGk8JGuQRwjHSH51CLsG8H/rObt4NQ\nYIJhPLkAlVjSPynjAKbK5bQLQ8ZM74ZIVc5a+k1wfqjUlNvzu0i0YvOko5hJjQbn\nGcu/xvJJsMzqXD0ma5FioGUB94Cc8lhnDJFikTHrOg6LH2unYVqKrSccbmd8uIpw\n5vrCUNS9AaS3S54G3vDp5mmAh0ULqmx+ToFTjmmI+GjEYzLoQLLlXFS3JHCHjyJq\nY1c9VBJsoKwBrFerSujZ2ze1asffjTrtsTpdnma5ZDnDh0HJa/X3Wrf2C8EPQ4HV\nIgRZma1VbLmSp3y3mip5wVietfNecAwSTnI+8AR14MXUdNu5Z3sekM8cDw6dikUd\nIVYfF4uSkrmAfvY8iikNLTgX5p7cwX/ESoR7iKt5bbIjcW4kMgFGS9a5y2ss5tjX\nzG++0HHZm5sOX5+e2RRi9VDzcyOawtIlOb1DKryJ54LpxL3pdFjaNqYr/WtBn/qR\nbJWhon7cNSnWyDHqVe2X0Jmd63nMdMD6Ig/fCGuDOd2IcoG+6ztKkE4uVBI1+lbj\nfCNQtISIb7tMmGryVVmpRbvbBo4r1RPx19Sgd/HP5gHy7O7vrQDi6vi5umDZ0NHe\nVTIbfCN/MUW4jIg6E26OrX2DVvgHlaDnHbqkbnZbjeWoioMpnsvayRRCbJ1uIuqT\niOrI84ocPwrFLTBQJgthyeu9FGZfR1y9o3wEeOz2c94RFPZnzqp9K/zE68w2Phb6\nad34JPx8sA3p/e5tce/ohfHpeaQ+J5aA/E6v5mmE2ufUOnOFTJ0cBs8UbZ40I2QS\ncclM0/zBKF09Axr+dY2bFbehyyTrSQ99BgQYrsSED0yC6Z9e6Txjw+pLmWZzx9Qq\nLoKrNlWmz2y0CFnZMb4mWMtLxi2OiutVsVD2XGe6hVCuCp7/3mHrcXsnhiojNHKo\nq+GdYyskTYGXD7nm6RmudD4jdVluTDvxroySOifRaFZo0xbSR5mfCg==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Nol8Jgr9i2PUBNppW' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Nol8Jgr9i2PUBNppW', '--output', '/tmp/tmpkycjwy3u.xml', '/tmp/tmp74924_mg.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp74924_mg.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_2 ____________ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==px65uuCoW27qr09OoOOlQuJY/zmBrUrVq8HlNJ0EqHDIhXUPSDtGrK4/OtrEsM0I\nj3g4ndq4EFi+h21nsnCJwVpznwvBQvD3ovnauDbEr2d21gRmoUhE3bmyMcaFZuek\nmTOPzRyXPcs8WfG4KzV2l/51nY96pEe4EalVlXae7Y0=lkbGIHM+YPRiqYwqvBwk6jmN8bCsDLJPJhnI0Jk5RGhva7iJ33Otai67onWnyXGD\nbjmpkVGod/ICfyNPGYQh6FcC1fFoddBG7HvIfxrcasKmufJ67C15ZCOfo9JNJWs4\npksEeR2BRnCn7tKa1+P/7bom5vhMI8maMXT68k3bWujgn1Cw9Fc+P/OTN8G/fWP0\nLfjN/pmZ4kgF7qt6GFgD9LRY2j1tU9PFml8hi4OueGNE6ewvs/ue/DRF/T642GdF\nzjU7tvoyFD9bYDUpA5DysYYaorE5tGN6QvdzaHITAhf6T23FfUSnSIgbrc1ySpvI\n+L/W45GSQOUzuK0+oezL9FulS8RTFokvPZTCyZ/J1bxliwyPSsbcISw/xwMTiRCi\nBZiW8I23EA1SCiScryYHSjRkfRAT8a311iwD9VHNRl++kWMmebZ58mp0mGvtu25D\nByat7WVEzEFDkcyeQNlGp0Yj4qgkKRUnrk1bUs60oqSZMfeAe+NZN4f5xl7yzBK4\nj/qaujbei190aRPFB1LzonxJ1URNy/ln6b4iorrG1VggMr2u2iy7J2Ok7+OShihM\n5MspRD3krizkX4K6PxYir53ZK1gpjWw8kZ2DZL7gh6vgWHXC1hGY1u8ueZoYsyjV\nZUspdyhPRHVMEtlVtpyAEa3onoK2tOCj7xk+CO1K1wi4jngmt7cjVfzkuwZYeycQ\nmcwgIKpqepUOuBW8/c2848j1KEdyPSXrENuuU686P0Y5cwgiHe97MiJYFyW7B+LH\ndDuqfw15VAIP6xN8ci/bRvoxIChFM8RbQff/W1tqzzriZSJlS3ERuU3fof/OzXE1\nX3CfUvdvaRyv/jOjmLjBxfsgL/N9LWgPRRKSzap137YmkvO8Wx7Ts2iRIu1qrmyZ\nmbXFFhk9XF6J7Gg6/Tfc05L6N4420+G61/jooXeN6zTwsqFPX1e/O+xhUYaOJhR5\nCn3oQbM6VoUON5l50II51Y1sVkOM9P4OHZyaiLxKS3blKhpoUEezyRiCeQHtL6ns\nOY7LiB49nKRPuV275r7K2Mi9v92as44lQr1ZRaLYyj1dRwxtWdJGicM/o+VeSvi0\nhaNmP+npKZu3qKK9IvlWta9bSVjpax0fEa9ZlgDnbJxTd3yuPz9Yi98mBzh89ipB\n37UdiH5F2lhnBfi67eZ/SeCYuweHDr17P/waTuT9rgziEWzj7+X42iIwUHQtbbjh\nh1ZW2QrudR4e+XJn9GmUTcCHHb+d0DjjpsXt0C7NBSt0zwIbPu25YX2JY3N1pIt7\nwyQybJUMpWHhDAcr3H6MF3s9ktE8G8T/jwzLoawO3Bi83tQSKAOJeDW3rjksPOWd\n652UE54opMLJdfeBxhYwzvtjb6FaOdPK1vER8G9zPIPc17gPqZYDR3IMUSUnfK9o\nWb98BUJqNMdQXz4NWklFINYmiuAT93ciSpyx4iYCWEwBEP17L4ca4/IVR+8J65Lr\ncTGTIbRQWq8/DzPUZpcdxxlGgNhKxkRILZeEXzNtGqzOlWpcKjRz09U6gYm3R41D\nToUyZONXFMyIg4hppgmrqdKPxpg+2uV2g3MjqaF2lQM0J/yOzcyrQ+5UzKqh6f6y\nDd+uo++Ic65lcXPDJrCo/xl/3i2a0DuitieDEKNrIGH5NBZkXALOHa/oNzodxD/X\n2LwzFwzlqkIrvEMPvVQyDodRci+n2RxJxFau2LKT8mAgbdYuyeIdwDxsapSMfY8N\nHajO/4SQvEicSi57z1y3TX2x06MTmqTOBCCIBRMCsvaojL7zeEH/q5ooopbx5mMy\nf4zbz2jk1KS1+Zk9RrLNQaycNc+ms93VQxzOUvVHX02yX/b1/Isaks0Bl3jQ5tNL\nFcjHdLOnE2rU2wWtqcOaLciopVzIRoEIIm8jSpNTx30YyaZxhiBEr61wFOe6i8BN\nsh6MA5rQqnPKnwPdAQWHsJGL9JOG+pMedQ2vWCqabJBqntHy3C6QT0Ou8fqPIbW3\nb1ZRAmIdH1Oyj5r16G1nyy/FIl24J6KGybaUSjA/oQTT7pMmioIWVoiUTU0WxPlb\n0DiOGh51sUv6xLoQGnhjaeQE28PGvArWm8kOLqNr+LxRze60aty4RxwZHFIyFHAx\n3pY8R6Dp/bCZJfc+qHuAin5WP+WOwGQ3KnD6CXWWAaw654EiV0BcUdB1ICMW6Fsa\nGWXo6esYJGbWTdn1Tx6Y5Xr/2quAjCKtzQKy+HvmmDBiLa3mOZxLWS/TU6QdAAKA\n8mxtdWS3Nye0IfINMF/X8fkmLdKTtGKK9/TYMlafPAUwMp08cM5EbYjlhrn6E2Vh\n5if6ehxPPWSgTrbuKgfQTx8Ky1i6QgiD7pTkHXUrfQxM/Vd/S5zsr2C4lRf80Lrm\n74Q2xDIqdG9NHEWkzcb4b1rETXDQor8cfd2wFCLHl9z4oHeE1rWAog6Tbxbnvo4p\nTAuaERM6LzjtTgQtenRt3C41Ukg4N+S1Hmkts+IyKDsY36SjMGQmQZtBa+Bi5KCu\nr9s5Ll/ZblrIxZYPnCFhR1yRWvMBmMrQoaMyTrCW6tw7piyO/fP7HvVCiug/SCKZ\nHCl8xXF4FSjNonvgRQDTP7LIC9irjJ/FmwoaY8660hGIjkDu0koUNX+2zO40lg0A\n57Xaq53xLGWFmvacnEID9b541t491ZMkYkPi8KIAcv++BtqNQZHWUrhmyjk38QZm\nj6lFIHHxYOcsth9vsbBWbQrvslxQk6jNBey0YNic6yFL2I4STSNX5WBEL1a1Ff8/\nuNN7SSG9p7SBrbN/f8wXPkPPQ5qeu9qFooKK4aqk+VXgN0A3f8kyFhE1fxeYtJRP\nFBEu+w43dU48w9XVUzYr92wee0OnK/+8q1WyljPaYTkn5U3Hog5RsgIMTnRUgYRL\nlW11qgeRc0Y0gJPBeegLi2uLhFjo6MdVWqZJagmnKpZk4MEOSOCeRA==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-GCKkfT57fyjR7MuHn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp5m52zwln.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp5m52zwln.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_2(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, ) tests/test_50_server.py:1681: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:912: in _response return signed_instance_factory(response, self.sec, sign_class) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==px65uuCoW27qr09OoOOlQuJY/zmBrUrVq8HlNJ0EqHDIhXUPSDtGrK4/OtrEsM0I\nj3g4ndq4EFi+h21nsnCJwVpznwvBQvD3ovnauDbEr2d21gRmoUhE3bmyMcaFZuek\nmTOPzRyXPcs8WfG4KzV2l/51nY96pEe4EalVlXae7Y0=lkbGIHM+YPRiqYwqvBwk6jmN8bCsDLJPJhnI0Jk5RGhva7iJ33Otai67onWnyXGD\nbjmpkVGod/ICfyNPGYQh6FcC1fFoddBG7HvIfxrcasKmufJ67C15ZCOfo9JNJWs4\npksEeR2BRnCn7tKa1+P/7bom5vhMI8maMXT68k3bWujgn1Cw9Fc+P/OTN8G/fWP0\nLfjN/pmZ4kgF7qt6GFgD9LRY2j1tU9PFml8hi4OueGNE6ewvs/ue/DRF/T642GdF\nzjU7tvoyFD9bYDUpA5DysYYaorE5tGN6QvdzaHITAhf6T23FfUSnSIgbrc1ySpvI\n+L/W45GSQOUzuK0+oezL9FulS8RTFokvPZTCyZ/J1bxliwyPSsbcISw/xwMTiRCi\nBZiW8I23EA1SCiScryYHSjRkfRAT8a311iwD9VHNRl++kWMmebZ58mp0mGvtu25D\nByat7WVEzEFDkcyeQNlGp0Yj4qgkKRUnrk1bUs60oqSZMfeAe+NZN4f5xl7yzBK4\nj/qaujbei190aRPFB1LzonxJ1URNy/ln6b4iorrG1VggMr2u2iy7J2Ok7+OShihM\n5MspRD3krizkX4K6PxYir53ZK1gpjWw8kZ2DZL7gh6vgWHXC1hGY1u8ueZoYsyjV\nZUspdyhPRHVMEtlVtpyAEa3onoK2tOCj7xk+CO1K1wi4jngmt7cjVfzkuwZYeycQ\nmcwgIKpqepUOuBW8/c2848j1KEdyPSXrENuuU686P0Y5cwgiHe97MiJYFyW7B+LH\ndDuqfw15VAIP6xN8ci/bRvoxIChFM8RbQff/W1tqzzriZSJlS3ERuU3fof/OzXE1\nX3CfUvdvaRyv/jOjmLjBxfsgL/N9LWgPRRKSzap137YmkvO8Wx7Ts2iRIu1qrmyZ\nmbXFFhk9XF6J7Gg6/Tfc05L6N4420+G61/jooXeN6zTwsqFPX1e/O+xhUYaOJhR5\nCn3oQbM6VoUON5l50II51Y1sVkOM9P4OHZyaiLxKS3blKhpoUEezyRiCeQHtL6ns\nOY7LiB49nKRPuV275r7K2Mi9v92as44lQr1ZRaLYyj1dRwxtWdJGicM/o+VeSvi0\nhaNmP+npKZu3qKK9IvlWta9bSVjpax0fEa9ZlgDnbJxTd3yuPz9Yi98mBzh89ipB\n37UdiH5F2lhnBfi67eZ/SeCYuweHDr17P/waTuT9rgziEWzj7+X42iIwUHQtbbjh\nh1ZW2QrudR4e+XJn9GmUTcCHHb+d0DjjpsXt0C7NBSt0zwIbPu25YX2JY3N1pIt7\nwyQybJUMpWHhDAcr3H6MF3s9ktE8G8T/jwzLoawO3Bi83tQSKAOJeDW3rjksPOWd\n652UE54opMLJdfeBxhYwzvtjb6FaOdPK1vER8G9zPIPc17gPqZYDR3IMUSUnfK9o\nWb98BUJqNMdQXz4NWklFINYmiuAT93ciSpyx4iYCWEwBEP17L4ca4/IVR+8J65Lr\ncTGTIbRQWq8/DzPUZpcdxxlGgNhKxkRILZeEXzNtGqzOlWpcKjRz09U6gYm3R41D\nToUyZONXFMyIg4hppgmrqdKPxpg+2uV2g3MjqaF2lQM0J/yOzcyrQ+5UzKqh6f6y\nDd+uo++Ic65lcXPDJrCo/xl/3i2a0DuitieDEKNrIGH5NBZkXALOHa/oNzodxD/X\n2LwzFwzlqkIrvEMPvVQyDodRci+n2RxJxFau2LKT8mAgbdYuyeIdwDxsapSMfY8N\nHajO/4SQvEicSi57z1y3TX2x06MTmqTOBCCIBRMCsvaojL7zeEH/q5ooopbx5mMy\nf4zbz2jk1KS1+Zk9RrLNQaycNc+ms93VQxzOUvVHX02yX/b1/Isaks0Bl3jQ5tNL\nFcjHdLOnE2rU2wWtqcOaLciopVzIRoEIIm8jSpNTx30YyaZxhiBEr61wFOe6i8BN\nsh6MA5rQqnPKnwPdAQWHsJGL9JOG+pMedQ2vWCqabJBqntHy3C6QT0Ou8fqPIbW3\nb1ZRAmIdH1Oyj5r16G1nyy/FIl24J6KGybaUSjA/oQTT7pMmioIWVoiUTU0WxPlb\n0DiOGh51sUv6xLoQGnhjaeQE28PGvArWm8kOLqNr+LxRze60aty4RxwZHFIyFHAx\n3pY8R6Dp/bCZJfc+qHuAin5WP+WOwGQ3KnD6CXWWAaw654EiV0BcUdB1ICMW6Fsa\nGWXo6esYJGbWTdn1Tx6Y5Xr/2quAjCKtzQKy+HvmmDBiLa3mOZxLWS/TU6QdAAKA\n8mxtdWS3Nye0IfINMF/X8fkmLdKTtGKK9/TYMlafPAUwMp08cM5EbYjlhrn6E2Vh\n5if6ehxPPWSgTrbuKgfQTx8Ky1i6QgiD7pTkHXUrfQxM/Vd/S5zsr2C4lRf80Lrm\n74Q2xDIqdG9NHEWkzcb4b1rETXDQor8cfd2wFCLHl9z4oHeE1rWAog6Tbxbnvo4p\nTAuaERM6LzjtTgQtenRt3C41Ukg4N+S1Hmkts+IyKDsY36SjMGQmQZtBa+Bi5KCu\nr9s5Ll/ZblrIxZYPnCFhR1yRWvMBmMrQoaMyTrCW6tw7piyO/fP7HvVCiug/SCKZ\nHCl8xXF4FSjNonvgRQDTP7LIC9irjJ/FmwoaY8660hGIjkDu0koUNX+2zO40lg0A\n57Xaq53xLGWFmvacnEID9b541t491ZMkYkPi8KIAcv++BtqNQZHWUrhmyjk38QZm\nj6lFIHHxYOcsth9vsbBWbQrvslxQk6jNBey0YNic6yFL2I4STSNX5WBEL1a1Ff8/\nuNN7SSG9p7SBrbN/f8wXPkPPQ5qeu9qFooKK4aqk+VXgN0A3f8kyFhE1fxeYtJRP\nFBEu+w43dU48w9XVUzYr92wee0OnK/+8q1WyljPaYTkn5U3Hog5RsgIMTnRUgYRL\nlW11qgeRc0Y0gJPBeegLi2uLhFjo6MdVWqZJagmnKpZk4MEOSOCeRA==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-GCKkfT57fyjR7MuHn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-GCKkfT57fyjR7MuHn', '--output', '/tmp/tmphincwj5b.xml', '/tmp/tmp5m52zwln.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp5m52zwln.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_3 ____________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=ca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-JWk7z6KAEvDQHQsaj' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpry3wp358.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpry3wp358.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_3(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=False, encrypt_cert_assertion=cert_str, ) tests/test_50_server.py:1726: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=ca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-JWk7z6KAEvDQHQsaj' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-JWk7z6KAEvDQHQsaj', '--output', '/tmp/tmpk0r7jclf.xml', '/tmp/tmpry3wp358.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpry3wp358.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_4 ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=ca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODUwWhcNMzQxMTEzMTYzODUwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAuEN9liyT7u0Gd+U6XpzrWQwgPJ1lByqqVe3RZU2kPzBkm2xVehLoYij1\nrqWIZhVR1M8+2tNFIyqKoQk8HDIGgulGcFQKSentUXWnZdMfO3/hUbiVECcVYkFC\ncTSoXyJUWOqx2ZEGzaOvND0/If9yJ6MWR3bbjApDX9r+7y5h9x+vhPz7VxZKg6sh\nA/EY1JkLGciRwnmEnAZDByykAVSy1P/SDNIlCO3KZxEO2AGY2zbIXMN2sWYu1uhl\nQm/NCTHjCCflXjZrFx3qWyaNxS2LBeDnVk5ohxLfNYD4wyqw7gU6ito99XY4RwOx\n6DMQkUNF0Myymf5L4zS991lruFrgZQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFXD\nbpKuYaxxpyemav9EA+kKPtgFzqcCYuYYPDrWuHW5mb2+5bHBceWgw3pMeZXpvsUy\nUkXbq9ljnyXbtIfOzpmO6Zn4PaRwxuhb2FfY31++tHi/+XyZjwv+YxUmF506eowS\nRAI9qVbmy9zqRKRM3ittgYXz7PByLnvOL5u6tBb5ii2k/ztdQtXxiAn0DHVbvu63vBK90WTw6L2gnNiWkFUkx6PumMcEyIF8sKII2xpM\n4dyJQeSEnvYHt9ZCRjFeuaLpP4BKSjLXkwoRsy1aVaDEvJz4ms37KBLLfDNmi1GR\npx9lla8scxH3dfzlua+PUIDoDHcmUOa/570O1znNqDsD9qplGZT8e8PlF91Jy0e1\nBBIEuf24Y9sKy8nEgHZmwDiYpNcXVWWf/m0QazMX9T97lQQe9572cTAObBBtOpDi\nf4huZhTo34WDhJRfhSkMurXt+GRziPjMZS0JvI78LFme/lIAef9ohTosRbjReFuN\n7Enu8+EP2FRp+K7D5E1Ggw==B7cSMzpHF7PuXSWVJ7f3ji+4P24ooKDfAZghCPxmDifcpVAJ5PeIvVwjBdpOoUff\n646ABLwBZrsm+huid2ERHFPBwHeLX1UeZ/kErx7OIP4mdXdkq52CyWo5yyXAnAam\npjhQObWWc2rCeNL7/LFdomRh81ZLLV/3CpDlOJ/Ee6fSMFWO+CsQ9Ie2kWBmuXQe\n4ELG2nFdN4kglrzGmP/fyRhNHwJRTN0ne/htIm0ctKPwgRdQDT8bDeiDHz5pRq/L\n/b4SfxH85A+RXU5svm6p/VmaIhyvLMLmXdQj3PB2uPvXh32Rba6QksT3Yb+c/CUO\nOcSkfyM6aoAOcRA4fymg3/0Yy2c9ogAumvBxtjwuge1HC7S5eu5mNKqQaS6mF/qu\nPXQEqHDyKizdsa8lJtDWo2QbATC4Rf/PZZ4ZoGrmfY9BKeMyztbHSpY+/0KYq4ac\npbxCkiioGdG+UabjLecyBjQcAuuZtISqINLbU6WNhI0tbKCLZETa/Tb5boWcg4pm\nOS2Lg2txvmyYIfywb7jlowPztWOwfaDW9CNC9JE9qtGnDUXv7e06HrYm2GJKHZxG\njBR1iJ6xuu428ZnyViN85LE5ieQS9dV7aV2V46mFyVE6DfGIySlK9s8QrHB9YzxZ\nuV8PnbJPfFDphLehilfL7YOzXYuMwzT04JFK03kimULJ2YXqi6IQsSBPQkoxpwN3\nv2ZtI9y4lUoL1o6QrqI2ZVQ0qwStC48oJiEnUv1ZwVvt3O8Zva636Su8xsBPfLhQ\nncAAY8k68BhraI0YhbXEQvqpW8AHIvCXXVnVTOllwK7jADkMIhhQbHE/2hQ10u3D\nzPXk+VjrdvUrOSGt2khPzjHbmUAaz9amMjeO9gaHk4hy/etrPmGKpflrRcX4gA3g\nA8FjRq5CAu+lDgWiZiHFNPnRkE3MctA59lR1t8zjAtrxIVYEwSPvcnqq6u6pTsUx\n1mNsSzlAcsTd9mHUoG6H5txBkg/TPK88SpK71Dvj/GgCTltVIzjBvFkPdx34Yagf\nQAt4LKmjmf8ef2t9JG+Lvgioyhgq9GWDN80XOMa4e0nmkuWtxcLdi3hJrCKy7Hnh\neqOUjQiu8X2a21Lhed5lSczuCkU7tAgOxi0zaq0EK201tyxsAFeMw1H0SD6p5DXv\nI0KcuLb1KgK5KWBBkL9/+5b+aEfrXPluVWXRNVKcAEcStYSeg8h8UfgCpqCX71OD\nZeqt5CwAaXu41XQRHXYZoYHXw6kWq4IEKOOVTx8xfRQojzIHbSHpjSdi01CTWj+S\nojcVPOMjFMQLFlSBowVA43I+8TPb04VcYLQ0bKA2pJGHBF8379o19hAlQ2cC+NUl\nCFRq7wHlasa2rt+YYYuf5Por7vfZ8a8j9SIvwzkOuKjBmC75SfSSRlaEY5SEVP1p\nZI9g4P5WDC3MtvrwV+abUmNMPbV5IV/E2Bbx99doAW90BXFNhJY5M/csphygHQzT\ntO0YSsSkLwQ7Qg5G0jprdPTc/vyB4OQNvzFm9UsNFx9CZn9pC02jrw/mzNP5KQlC\nYQ1jyD14tk+RRKnHaGiYn/hngtLhtsw5Vy/gl8WLlrhTfJRR9DvEpmyzEqng857r\nm5hyLtqlZ+lZg7RXr9ksBPnIGaum6NBk1TMwRdzDO7cmVJVxSNe+kQeFm/26w1if\n5FzZE9/9tFD0yCXSuokJ3HrTruV8thFgDDMGad+UpP3dAyJ7YHBnT5Fk1lL4OZ+U\nXF7z1ORDzi/g+1oedi0aQJNjB9pplqGzjNnyo5YwQyvsPjV3dZZXgn5cyrsLWPG5\nGBQfCmU0XADuNE925LK/+U2oNaxX3MYssatTJdTmRMcB4H14dzCqdoaOBfpS5+cp\nFXKdOX1IPwk29+bHCLewY8nmHb4vF9V7BeaATJcuOFrc/oTU7wxNrLBQx8SzAtgg\n0IywsI28azq3Ee8LAh1jmyiHvlw11tKZBqbKqX941KJIgk4NVEZ9qMxUghNL6A3o\naS38JD5vIEu20jLI/C+qxm52m65FJV+drJk0IZNqOdqfsEzX5P2Ta1PIG2T3xlBD\n71PXnYrhxQD0tBGdnEanGh2xz1St5H9E5aVHAAXheQ4wlCE8NyHN/oLypwMgkUmP\nDI3SEDd/FAhSLdOgOFldSvFmZ2/Bj1U4E8XoYn8lVjrDamz5hGLw6mo6VXrFKsEp\nuKTdvj1chn2XTYQhQeC5JjmMTmUeWCEAn1zfvC7PDrF9Q0lyNNEq0266vYT225/u\nOhkb2W/K1epcI2h9vNldVz2fypVzY8D/aNEnx399riaqVPxcnFthaeZDVIbI9Jku\nNOPo+S37FWgqM5lh+BtMto9xT/KRzqaFm2/SkwWKkxiP9laQr3UzFAmek7CivxYa\nSAjoM7w+IlWO3t/GlHyTJ19Ix1nUTLJOm1lYYbIV0OnJ2GcbQnEZpg==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-LtSJm0iMfr9Z7BAkt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmphrzjg043.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmphrzjg043.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_4(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:1773: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=ca24a8b5eb60baead1ca644b5d4b3faca87d8f5e95353e22c9173c7a47b75e1aurn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODUwWhcNMzQxMTEzMTYzODUwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAuEN9liyT7u0Gd+U6XpzrWQwgPJ1lByqqVe3RZU2kPzBkm2xVehLoYij1\nrqWIZhVR1M8+2tNFIyqKoQk8HDIGgulGcFQKSentUXWnZdMfO3/hUbiVECcVYkFC\ncTSoXyJUWOqx2ZEGzaOvND0/If9yJ6MWR3bbjApDX9r+7y5h9x+vhPz7VxZKg6sh\nA/EY1JkLGciRwnmEnAZDByykAVSy1P/SDNIlCO3KZxEO2AGY2zbIXMN2sWYu1uhl\nQm/NCTHjCCflXjZrFx3qWyaNxS2LBeDnVk5ohxLfNYD4wyqw7gU6ito99XY4RwOx\n6DMQkUNF0Myymf5L4zS991lruFrgZQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFXD\nbpKuYaxxpyemav9EA+kKPtgFzqcCYuYYPDrWuHW5mb2+5bHBceWgw3pMeZXpvsUy\nUkXbq9ljnyXbtIfOzpmO6Zn4PaRwxuhb2FfY31++tHi/+XyZjwv+YxUmF506eowS\nRAI9qVbmy9zqRKRM3ittgYXz7PByLnvOL5u6tBb5ii2k/ztdQtXxiAn0DHVbvu63vBK90WTw6L2gnNiWkFUkx6PumMcEyIF8sKII2xpM\n4dyJQeSEnvYHt9ZCRjFeuaLpP4BKSjLXkwoRsy1aVaDEvJz4ms37KBLLfDNmi1GR\npx9lla8scxH3dfzlua+PUIDoDHcmUOa/570O1znNqDsD9qplGZT8e8PlF91Jy0e1\nBBIEuf24Y9sKy8nEgHZmwDiYpNcXVWWf/m0QazMX9T97lQQe9572cTAObBBtOpDi\nf4huZhTo34WDhJRfhSkMurXt+GRziPjMZS0JvI78LFme/lIAef9ohTosRbjReFuN\n7Enu8+EP2FRp+K7D5E1Ggw==B7cSMzpHF7PuXSWVJ7f3ji+4P24ooKDfAZghCPxmDifcpVAJ5PeIvVwjBdpOoUff\n646ABLwBZrsm+huid2ERHFPBwHeLX1UeZ/kErx7OIP4mdXdkq52CyWo5yyXAnAam\npjhQObWWc2rCeNL7/LFdomRh81ZLLV/3CpDlOJ/Ee6fSMFWO+CsQ9Ie2kWBmuXQe\n4ELG2nFdN4kglrzGmP/fyRhNHwJRTN0ne/htIm0ctKPwgRdQDT8bDeiDHz5pRq/L\n/b4SfxH85A+RXU5svm6p/VmaIhyvLMLmXdQj3PB2uPvXh32Rba6QksT3Yb+c/CUO\nOcSkfyM6aoAOcRA4fymg3/0Yy2c9ogAumvBxtjwuge1HC7S5eu5mNKqQaS6mF/qu\nPXQEqHDyKizdsa8lJtDWo2QbATC4Rf/PZZ4ZoGrmfY9BKeMyztbHSpY+/0KYq4ac\npbxCkiioGdG+UabjLecyBjQcAuuZtISqINLbU6WNhI0tbKCLZETa/Tb5boWcg4pm\nOS2Lg2txvmyYIfywb7jlowPztWOwfaDW9CNC9JE9qtGnDUXv7e06HrYm2GJKHZxG\njBR1iJ6xuu428ZnyViN85LE5ieQS9dV7aV2V46mFyVE6DfGIySlK9s8QrHB9YzxZ\nuV8PnbJPfFDphLehilfL7YOzXYuMwzT04JFK03kimULJ2YXqi6IQsSBPQkoxpwN3\nv2ZtI9y4lUoL1o6QrqI2ZVQ0qwStC48oJiEnUv1ZwVvt3O8Zva636Su8xsBPfLhQ\nncAAY8k68BhraI0YhbXEQvqpW8AHIvCXXVnVTOllwK7jADkMIhhQbHE/2hQ10u3D\nzPXk+VjrdvUrOSGt2khPzjHbmUAaz9amMjeO9gaHk4hy/etrPmGKpflrRcX4gA3g\nA8FjRq5CAu+lDgWiZiHFNPnRkE3MctA59lR1t8zjAtrxIVYEwSPvcnqq6u6pTsUx\n1mNsSzlAcsTd9mHUoG6H5txBkg/TPK88SpK71Dvj/GgCTltVIzjBvFkPdx34Yagf\nQAt4LKmjmf8ef2t9JG+Lvgioyhgq9GWDN80XOMa4e0nmkuWtxcLdi3hJrCKy7Hnh\neqOUjQiu8X2a21Lhed5lSczuCkU7tAgOxi0zaq0EK201tyxsAFeMw1H0SD6p5DXv\nI0KcuLb1KgK5KWBBkL9/+5b+aEfrXPluVWXRNVKcAEcStYSeg8h8UfgCpqCX71OD\nZeqt5CwAaXu41XQRHXYZoYHXw6kWq4IEKOOVTx8xfRQojzIHbSHpjSdi01CTWj+S\nojcVPOMjFMQLFlSBowVA43I+8TPb04VcYLQ0bKA2pJGHBF8379o19hAlQ2cC+NUl\nCFRq7wHlasa2rt+YYYuf5Por7vfZ8a8j9SIvwzkOuKjBmC75SfSSRlaEY5SEVP1p\nZI9g4P5WDC3MtvrwV+abUmNMPbV5IV/E2Bbx99doAW90BXFNhJY5M/csphygHQzT\ntO0YSsSkLwQ7Qg5G0jprdPTc/vyB4OQNvzFm9UsNFx9CZn9pC02jrw/mzNP5KQlC\nYQ1jyD14tk+RRKnHaGiYn/hngtLhtsw5Vy/gl8WLlrhTfJRR9DvEpmyzEqng857r\nm5hyLtqlZ+lZg7RXr9ksBPnIGaum6NBk1TMwRdzDO7cmVJVxSNe+kQeFm/26w1if\n5FzZE9/9tFD0yCXSuokJ3HrTruV8thFgDDMGad+UpP3dAyJ7YHBnT5Fk1lL4OZ+U\nXF7z1ORDzi/g+1oedi0aQJNjB9pplqGzjNnyo5YwQyvsPjV3dZZXgn5cyrsLWPG5\nGBQfCmU0XADuNE925LK/+U2oNaxX3MYssatTJdTmRMcB4H14dzCqdoaOBfpS5+cp\nFXKdOX1IPwk29+bHCLewY8nmHb4vF9V7BeaATJcuOFrc/oTU7wxNrLBQx8SzAtgg\n0IywsI28azq3Ee8LAh1jmyiHvlw11tKZBqbKqX941KJIgk4NVEZ9qMxUghNL6A3o\naS38JD5vIEu20jLI/C+qxm52m65FJV+drJk0IZNqOdqfsEzX5P2Ta1PIG2T3xlBD\n71PXnYrhxQD0tBGdnEanGh2xz1St5H9E5aVHAAXheQ4wlCE8NyHN/oLypwMgkUmP\nDI3SEDd/FAhSLdOgOFldSvFmZ2/Bj1U4E8XoYn8lVjrDamz5hGLw6mo6VXrFKsEp\nuKTdvj1chn2XTYQhQeC5JjmMTmUeWCEAn1zfvC7PDrF9Q0lyNNEq0266vYT225/u\nOhkb2W/K1epcI2h9vNldVz2fypVzY8D/aNEnx399riaqVPxcnFthaeZDVIbI9Jku\nNOPo+S37FWgqM5lh+BtMto9xT/KRzqaFm2/SkwWKkxiP9laQr3UzFAmek7CivxYa\nSAjoM7w+IlWO3t/GlHyTJ19Ix1nUTLJOm1lYYbIV0OnJ2GcbQnEZpg==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-LtSJm0iMfr9Z7BAkt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-LtSJm0iMfr9Z7BAkt', '--output', '/tmp/tmp_gq2ucjs.xml', '/tmp/tmphrzjg043.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmphrzjg043.xml" output= _____________________ TestClient.test_sign_auth_request_0 ______________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', ...] extra_args = ['/tmp/tmprnt7938d.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmprnt7938d.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_auth_request_0(self): > req_id, areq = self.client.create_authn_request("http://www.example.com/sso", sign=True, message_id="id1") tests/test_51_client.py:396: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client_base.py:445: in create_authn_request msg = self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpd3tupc82.xml', '/tmp/tmprnt7938d.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmprnt7938d.xml" output= _______________________ TestClient.test_logout_response ________________________ self = def test_logout_response(self): req_id, req = self.server.create_logout_request( "http://localhost:8088/slo", "urn:mace:example.com:saml:roland:sp", name_id=nid, reason="Tired", expire=in_a_while(minutes=15), session_indexes=["_foo"], ) info = self.client.apply_binding(BINDING_HTTP_POST, req, destination="", relay_state="relay2") _dic_info = unpack_form(info["data"], "SAMLRequest") samlreq = _dic_info["SAMLRequest"] > resphttp = self.client.handle_logout_request(samlreq, nid, BINDING_HTTP_POST) tests/test_51_client.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = request = 'PG5zMDpMb2dvdXRSZXF1ZXN0IHhtbG5zOm5zMD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQtRExING1rUFlOeGxacjJjYUUiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDI0LTExLTE1VDE2OjM4OjUyWiIgRGVzdGluYXRpb249Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9zbG8iIFJlYXNvbj0iVGlyZWQiIE5vdE9uT3JBZnRlcj0iMjAyNC0xMS0xNVQxNjo1Mzo1MloiPjxzYW1sOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+dXJuOm1hY2U6ZXhhbXBsZS5jb206c2FtbDpyb2xhbmQ6aWRwPC9zYW1sOklzc3Vlcj48c2FtbDpOYW1lSUQgTmFtZVF1YWxpZmllcj0iZm9vIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+MTIzNDU2PC9zYW1sOk5hbWVJRD48bnMwOlNlc3Npb25JbmRleD5fZm9vPC9uczA6U2Vzc2lvbkluZGV4PjwvbnMwOkxvZ291dFJlcXVlc3Q+' name_id = binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', sign = True sign_alg = None, digest_alg = None, relay_state = None, sigalg = None signature = None def handle_logout_request( self, request, name_id, binding, sign=None, sign_alg=None, digest_alg=None, relay_state=None, sigalg=None, signature=None, ): """ Deal with a LogoutRequest :param request: The request as text string :param name_id: The id of the current user :param binding: Which binding the message came in over :param sign: Whether the response will be signed or not :param sign_alg: The signing algorithm for the response :param digest_alg: The digest algorithm for the the response :param relay_state: The relay state of the request :param sigalg: The SigAlg query param of the request :param signature: The Signature query param of the request :return: Keyword arguments which can be used to send the response what's returned follow different patterns for different bindings. If the binding is BINDIND_SOAP, what is returned looks like this:: { "data": "url": "", 'headers': [('content-type', 'application/soap+xml')] 'method': "POST } """ logger.debug("logout request: %s", request) _req = self.parse_logout_request( xmlstr=request, binding=binding, relay_state=relay_state, sigalg=sigalg, signature=signature, ) if _req.message.name_id == name_id: try: if self.local_logout(name_id): status = success_status_factory() else: status = status_message_factory("Server error", STATUS_REQUEST_DENIED) except KeyError: status = status_message_factory("Server error", STATUS_REQUEST_DENIED) else: status = status_message_factory("Wrong user", STATUS_UNKNOWN_PRINCIPAL) response_bindings = { BINDING_SOAP: [BINDING_SOAP], BINDING_HTTP_POST: [BINDING_HTTP_POST, BINDING_HTTP_REDIRECT], BINDING_HTTP_REDIRECT: [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST], }.get(binding, []) for response_binding in response_bindings: sign = sign if sign is not None else self.logout_responses_signed sign_redirect = sign and response_binding == BINDING_HTTP_REDIRECT sign_post = sign and not sign_redirect try: response = self.create_logout_response( _req.message, bindings=[response_binding], status=status, sign=sign_post, sign_alg=sign_alg, digest_alg=digest_alg, ) rinfo = self.response_args(_req.message, [response_binding]) return self.apply_binding( rinfo["binding"], response, rinfo["destination"], relay_state, response=True, sign=sign_redirect, sigalg=sign_alg, ) except Exception: continue log_ctx = { "message": "No supported bindings found to create LogoutResponse", "issuer": _req.issuer.text, "response_bindings": response_bindings, } > raise SAMLError(log_ctx) E saml2.SAMLError: {'message': 'No supported bindings found to create LogoutResponse', 'issuer': 'urn:mace:example.com:saml:roland:idp', 'response_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']} ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:733: SAMLError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpfel5_2nq.xml" output= ERROR saml2.mdstore:mdstore.py:1184 Unsupported binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (urn:mace:example.com:saml:roland:idp) ERROR saml2.entity:entity.py:352 Failed to find consumer URL: urn:mace:example.com:saml:roland:idp, ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'], idpsso __________________________ TestClient.test_response_1 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpa1afb8cb9426f1d3cf7dc3a0afdcfadb5f50ee046074d7c3a17a2a84218b0dcaurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-dzA2reRs8zsANpfKG' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp55_qp4wi.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp55_qp4wi.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_1(self): IDP = "urn:mace:example.com:saml:roland:idp" ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id_policy=nameid_policy, sign_response=True, userid="foba0001@example.com", authn=AUTHN, ) tests/test_51_client.py:469: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpa1afb8cb9426f1d3cf7dc3a0afdcfadb5f50ee046074d7c3a17a2a84218b0dcaurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-dzA2reRs8zsANpfKG' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-dzA2reRs8zsANpfKG', '--output', '/tmp/tmpdthqdv5c.xml', '/tmp/tmp55_qp4wi.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp55_qp4wi.xml" output= __________________________ TestClient.test_response_2 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=9f80add24ed2e818079630e73cc33f4a5539a84cf855ba632697dd2670b650e1urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODUyWhcNMzQxMTEzMTYzODUyWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA4LWEzl+xvComsF/frYZHcz1jSQE5zrK6s5AeuWhzjwvLv/hIgkzjVoQk\nHqtKVj4qL2CfFAqAOPx4tQPX9zQz9ymYssHVM2iiHWxQ9E8uPRrDbN+c6V75567f\n5gm97p5VMvH3WPjLWCFnE7/cKBE3G38r/LtHwWFSJLtGyqtm9JYiT8ZQ7977C8eW\njuJCuPH38Kkg4yBSQtdmURy7oqr8IwhDJ/isJZ87yHr4tAie2PqvsRIz9wIgES51\nGbbglFQkjR/I9LtrfJ2kjdmmpp56+b1cW2m74NtBjQCqe2UAwGj+WydyeGlFfk9T\nnbFZ6TKmjghLSjSglDPUL7WkaPhCZwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBALj7\nIXkNmimnhDPSFewzaamNunwlcSk6rYxhz1EF7OBH+0KasCbQ6A5Nr1iKgPDhHs9g\nApqltsQRB6zTAVgb01GiE197UX8zXpWEf3G8yp3jWLCEvE0YwhRIm1xGM2wRbZPJ\n524CAPacOFUMq/j7syeMjnmgP3/ZwABf2vjaDkoGVOQfs2Tc77NNrw/Pwl8Qv2f104Or+6eImBlfY3dNOz9KPuCxCT/389yPc59WLLfJ\n4x3DSKLfXPsSAHaM9IvHh0QmVzPPBive1ssXhtshmXb+CnX0l8oK6IBqk5klVT7Q\nyvIB/5EiFqQ+pnhB/B7A+BylC1lyLqnXix6oS4zvGsRC2IcUCLSHU/3Msd8VAhtC\nNrm4W7pjHqMo10basXOmqIluvuEUH96kWNxLXB12Dz8JQHWN3JU+Qd9ofXljAJ6L\nehCTDFuSh+8VUMYcxrZ5nwb58LRjL/74tnfF/0/nqf2ZXz//12ZTKIqyU1Sn0RBy\n75cmq6NQOmB4kH/paIVwog==Rdd0NGV5dIkSNx4y171+2W41DEs7xeWGvFQk487jf1x7HVZ7cblScxQtbEBMwL9L\nnsguhFq3+umJLt/OZX14EI2kx+/fdRjxzrqbPa7lWvS50U7bWnEuvnnTFz4lrD8D\nN7Co+gFdj2daQPfX2qIpLe6bHGwpXvxa7+o9WAM1bnli0u6YPSQ8Gm5Da9KKGESY\nMt9vJZPJSc0ui9e+3HOT82YxvDKSO0uEK39vI1IxuCW+dIHTxjiLGxejrpIoWbEh\n0KiioaqDIQqPm2TdvKI2ncHDYD+KXqf3dR1WssViKNxUtfxFJ2+EUhOFoaQbO70f\n7zMkKwq/dECypfVu18YYlNKJQ7AzeDw4VSv1bmnDsDRG78Vhz2sw9n0JE1ItjqmV\nFVZ7Y2sZIfIjL2eg2BngUXgRZZRtb72MTwfsDcmMZAXnA4ODgyA+ir7tXDERgc7c\nGXqtOgJ2E+hAlPQwe3NJbJBRJJPjECgwccOk5W0b0KvTBO24uqcUUaoV2y4ELRld\nfl3F4ub2CjbHf2Mpzs9IVx8WSoE1qX6ChvuwrNqrsWG6di7mLudYP0Fjd714351r\n2mUw1mOHTKSW9iM0joVUUDcQ7be1KW++I/MEYtd/S0NI7csh1a1qyO+djIBIIQpD\nG8AyatE7WrSr4Aq+mZWozfMkkGVSP30eu0TAWgKpmAr9teZ171QO321wRUxylmV/\nQmivDzrAouiRKrkKF2sz6J50drOv6fUo/1yyRWH42c9V+Ugwozvepppbp/PzrXya\ncq5YrIaTkKV5+us96z8DbhDdaYuA23Iz15NyWaMfqdZxjQZpp3UWP+Nvkexh6Mld\nobpjDhEmqahIW5bn8IJgLlIezDd/LQCn72wDvUvnc5mISmTt12R9eF2R+JNFwBU7\ny6JnjyZ6XTHsmi9jfFAtCBRyqql6MC1rrtv7b7aWzQtY4wuDeE5eWwJu1JqNV+T/\ntaszkfWx51lRKpveQjS0ghGK9pw74EppV5Gnrw3bJDi3wH4HXnJz0mYP+OqD+iOW\nwOJ+x+ai5M8Z7gdJC//VNGDYLj6CtjoN8MdT8XywBRfmw/HovRd68v/pET2m1QcU\nLRH132YRae5B3fru96isVFEC3PBXq2qqOfu2a+AFFo8HLmHxY8c70ABfgNS8zMbS\njb2/8pesFreJP35h8MuDtL0TotBS9CvdI30GrwenUbXedUMfFtq9Qs2yTR+oYGUW\nWxriM0mncC6feJ2l3vQ6AbI9q/+GnTa+Mp4GfQB6izvxOVS6DyCZWgkGkEjs6ifu\nIFzoCiefh23FOi+fAOsYznb/e1E5qmbWNU5f6C4ZlDHpZDgtT3X54C3oUatUudeM\ncZp26zITFwxj/m7SuZl+UAy/smR9icBGGa+uhZ0aA70V9C1tR34sys5kgcK2/JAY\nn1f/zNJxciy2clreaBxynBNMdt21V6v1DmXq6+5MlmeJ1FfIYx59HtYdsiCSDLwU\nueCfl4azjS9wNYmZBA+9FHFl5PGmrMIGuJ4Inal0spcJLGCT3E3mLvstxi8ZBghA\nE/vWJaxv1Aaiwo3GpG3Y5OWVvw1PbHm/yR3YjZqTVNZZ4Jm5OBoCtKLu14DHR+oR\nYVgNkxqtdLD6e0MbrwYsJgUjXGKsk67PO6fVcGCSQyL2i9JE9uZKD9T2fNm0ZUdH\nLNlht1n7uWBnirxVrlbp1WfjIl6sV0pXjaFopHIDjVz5Syc8L1/ieSWQkMffFYx2\n2pHl7gyhCo+HNFLHf4vhNKBtcBSUJKJUdqvvolLp2j4CXb2RTyQ0wxsn7PqwvUQ7\niY/UgFdZQchyAYLIwPyFC53IS0L9jufHS3wonEpGPQTyOOXPAx1T1xyxETPwF76e\nglf6O4yLB9lr3iBZkoGf3+tSEuh3XnCbk4uF+TJRbzI764RFICa27jSXvaj5RhIZ\n5bZQc66p5VnLYmUBkqbfHtWtT/lCh7sU3BoIh8QBlDE78DImRSfkr+XYTqcgQJXM\n5c7i+gAB6/1B56AlEbyj2Gp10ng5KwKGzaBtC2DfIHDTQbnoUbHu5elv3ByouLnS\n/oToqDKj8oedTBfvCQYCtATmar+KE75JFcnMcplfg+8YuXC2K/8T/sDZUWDNW7U3\n6xVkLVeVuy3LPhbOOPu9QovoPTwXWePDETx1FxYQ/ZEQ0ZZXkcVi1Wu+p3HsRant\n2lQ+rlhM2mZw9mQYopufvtLqy5ncO+ALjhB9u4P/qPCHXacXZn5UrA2pt3FMCqJl\nA91pJd8w4E5uMurryruIfXEixmYhASTrYUXH+Mdc32TawEzxsD2MmiyubT9tv8hk\nnuxS8h+Sk5Kq6ihs7oJM1EgHJ1WDlfD14VfONaNvl79syYq6tLx3NfgAsbjUsDYx\nRWkFc+fBNa11CVDwrYbPneyafGl46qNE1fo3VykVFJzWcApTm/Mrmw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-V0dmURQ2vTFSanfoT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp1537b_yu.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1537b_yu.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_2(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_51_client.py:549: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=9f80add24ed2e818079630e73cc33f4a5539a84cf855ba632697dd2670b650e1urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODUyWhcNMzQxMTEzMTYzODUyWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA4LWEzl+xvComsF/frYZHcz1jSQE5zrK6s5AeuWhzjwvLv/hIgkzjVoQk\nHqtKVj4qL2CfFAqAOPx4tQPX9zQz9ymYssHVM2iiHWxQ9E8uPRrDbN+c6V75567f\n5gm97p5VMvH3WPjLWCFnE7/cKBE3G38r/LtHwWFSJLtGyqtm9JYiT8ZQ7977C8eW\njuJCuPH38Kkg4yBSQtdmURy7oqr8IwhDJ/isJZ87yHr4tAie2PqvsRIz9wIgES51\nGbbglFQkjR/I9LtrfJ2kjdmmpp56+b1cW2m74NtBjQCqe2UAwGj+WydyeGlFfk9T\nnbFZ6TKmjghLSjSglDPUL7WkaPhCZwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBALj7\nIXkNmimnhDPSFewzaamNunwlcSk6rYxhz1EF7OBH+0KasCbQ6A5Nr1iKgPDhHs9g\nApqltsQRB6zTAVgb01GiE197UX8zXpWEf3G8yp3jWLCEvE0YwhRIm1xGM2wRbZPJ\n524CAPacOFUMq/j7syeMjnmgP3/ZwABf2vjaDkoGVOQfs2Tc77NNrw/Pwl8Qv2f104Or+6eImBlfY3dNOz9KPuCxCT/389yPc59WLLfJ\n4x3DSKLfXPsSAHaM9IvHh0QmVzPPBive1ssXhtshmXb+CnX0l8oK6IBqk5klVT7Q\nyvIB/5EiFqQ+pnhB/B7A+BylC1lyLqnXix6oS4zvGsRC2IcUCLSHU/3Msd8VAhtC\nNrm4W7pjHqMo10basXOmqIluvuEUH96kWNxLXB12Dz8JQHWN3JU+Qd9ofXljAJ6L\nehCTDFuSh+8VUMYcxrZ5nwb58LRjL/74tnfF/0/nqf2ZXz//12ZTKIqyU1Sn0RBy\n75cmq6NQOmB4kH/paIVwog==Rdd0NGV5dIkSNx4y171+2W41DEs7xeWGvFQk487jf1x7HVZ7cblScxQtbEBMwL9L\nnsguhFq3+umJLt/OZX14EI2kx+/fdRjxzrqbPa7lWvS50U7bWnEuvnnTFz4lrD8D\nN7Co+gFdj2daQPfX2qIpLe6bHGwpXvxa7+o9WAM1bnli0u6YPSQ8Gm5Da9KKGESY\nMt9vJZPJSc0ui9e+3HOT82YxvDKSO0uEK39vI1IxuCW+dIHTxjiLGxejrpIoWbEh\n0KiioaqDIQqPm2TdvKI2ncHDYD+KXqf3dR1WssViKNxUtfxFJ2+EUhOFoaQbO70f\n7zMkKwq/dECypfVu18YYlNKJQ7AzeDw4VSv1bmnDsDRG78Vhz2sw9n0JE1ItjqmV\nFVZ7Y2sZIfIjL2eg2BngUXgRZZRtb72MTwfsDcmMZAXnA4ODgyA+ir7tXDERgc7c\nGXqtOgJ2E+hAlPQwe3NJbJBRJJPjECgwccOk5W0b0KvTBO24uqcUUaoV2y4ELRld\nfl3F4ub2CjbHf2Mpzs9IVx8WSoE1qX6ChvuwrNqrsWG6di7mLudYP0Fjd714351r\n2mUw1mOHTKSW9iM0joVUUDcQ7be1KW++I/MEYtd/S0NI7csh1a1qyO+djIBIIQpD\nG8AyatE7WrSr4Aq+mZWozfMkkGVSP30eu0TAWgKpmAr9teZ171QO321wRUxylmV/\nQmivDzrAouiRKrkKF2sz6J50drOv6fUo/1yyRWH42c9V+Ugwozvepppbp/PzrXya\ncq5YrIaTkKV5+us96z8DbhDdaYuA23Iz15NyWaMfqdZxjQZpp3UWP+Nvkexh6Mld\nobpjDhEmqahIW5bn8IJgLlIezDd/LQCn72wDvUvnc5mISmTt12R9eF2R+JNFwBU7\ny6JnjyZ6XTHsmi9jfFAtCBRyqql6MC1rrtv7b7aWzQtY4wuDeE5eWwJu1JqNV+T/\ntaszkfWx51lRKpveQjS0ghGK9pw74EppV5Gnrw3bJDi3wH4HXnJz0mYP+OqD+iOW\nwOJ+x+ai5M8Z7gdJC//VNGDYLj6CtjoN8MdT8XywBRfmw/HovRd68v/pET2m1QcU\nLRH132YRae5B3fru96isVFEC3PBXq2qqOfu2a+AFFo8HLmHxY8c70ABfgNS8zMbS\njb2/8pesFreJP35h8MuDtL0TotBS9CvdI30GrwenUbXedUMfFtq9Qs2yTR+oYGUW\nWxriM0mncC6feJ2l3vQ6AbI9q/+GnTa+Mp4GfQB6izvxOVS6DyCZWgkGkEjs6ifu\nIFzoCiefh23FOi+fAOsYznb/e1E5qmbWNU5f6C4ZlDHpZDgtT3X54C3oUatUudeM\ncZp26zITFwxj/m7SuZl+UAy/smR9icBGGa+uhZ0aA70V9C1tR34sys5kgcK2/JAY\nn1f/zNJxciy2clreaBxynBNMdt21V6v1DmXq6+5MlmeJ1FfIYx59HtYdsiCSDLwU\nueCfl4azjS9wNYmZBA+9FHFl5PGmrMIGuJ4Inal0spcJLGCT3E3mLvstxi8ZBghA\nE/vWJaxv1Aaiwo3GpG3Y5OWVvw1PbHm/yR3YjZqTVNZZ4Jm5OBoCtKLu14DHR+oR\nYVgNkxqtdLD6e0MbrwYsJgUjXGKsk67PO6fVcGCSQyL2i9JE9uZKD9T2fNm0ZUdH\nLNlht1n7uWBnirxVrlbp1WfjIl6sV0pXjaFopHIDjVz5Syc8L1/ieSWQkMffFYx2\n2pHl7gyhCo+HNFLHf4vhNKBtcBSUJKJUdqvvolLp2j4CXb2RTyQ0wxsn7PqwvUQ7\niY/UgFdZQchyAYLIwPyFC53IS0L9jufHS3wonEpGPQTyOOXPAx1T1xyxETPwF76e\nglf6O4yLB9lr3iBZkoGf3+tSEuh3XnCbk4uF+TJRbzI764RFICa27jSXvaj5RhIZ\n5bZQc66p5VnLYmUBkqbfHtWtT/lCh7sU3BoIh8QBlDE78DImRSfkr+XYTqcgQJXM\n5c7i+gAB6/1B56AlEbyj2Gp10ng5KwKGzaBtC2DfIHDTQbnoUbHu5elv3ByouLnS\n/oToqDKj8oedTBfvCQYCtATmar+KE75JFcnMcplfg+8YuXC2K/8T/sDZUWDNW7U3\n6xVkLVeVuy3LPhbOOPu9QovoPTwXWePDETx1FxYQ/ZEQ0ZZXkcVi1Wu+p3HsRant\n2lQ+rlhM2mZw9mQYopufvtLqy5ncO+ALjhB9u4P/qPCHXacXZn5UrA2pt3FMCqJl\nA91pJd8w4E5uMurryruIfXEixmYhASTrYUXH+Mdc32TawEzxsD2MmiyubT9tv8hk\nnuxS8h+Sk5Kq6ihs7oJM1EgHJ1WDlfD14VfONaNvl79syYq6tLx3NfgAsbjUsDYx\nRWkFc+fBNa11CVDwrYbPneyafGl46qNE1fo3VykVFJzWcApTm/Mrmw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-V0dmURQ2vTFSanfoT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-V0dmURQ2vTFSanfoT', '--output', '/tmp/tmp05dzdsqh.xml', '/tmp/tmp1537b_yu.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1537b_yu.xml" output= __________________________ TestClient.test_response_3 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=612658b13e173e428d33d8b07de855ea7eef126bc5854d01cd406eca28d127d3urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==dlXiwNrVyiRekr0YHpJXxASHOc/3r3sAcD8EjAmLDqTToe18Vg16UCM38yqKrOfw\nGlm1uU1Mglbzu0ICpKja7Ki/2uyI3Ji2uHY7l4vVDWhUV+p6y+peOH4/ZVRM6ZNY\nHhhUbb+PIcHXp3Hg0nI56Jxbl/akYCsEDU7dg5UMJV0=gp5OmtSMWhBKUK5H5NRMYXWyVr7bIUOEIsGjerSdunUiAp4uw5xNLfgS4IAZYi7P\ngPr3kSA3MiikVtdPULO4vGAU0nCsURrbIfO5jmPosyG+iG7Q0OmTWp4OzV2m/3z7\n9MXEXhAccDX3mjctiw6aqc3xlc/+kkTPMc0ut72E95h7Fh94lK85iuQR1kMDrt67\nce4x3GHp3V5eIhCAutyHX9foZP5MKxw6HS+21VGrFcvASTJ393yIiFgm1dpAMCWG\nYORrOOGy/7RA5JxcL+2+Mcg7dYyNmkHGTvXEpCDBwbUez58Kq61sCrvD2k6Xd8Xe\nC1ELel0NcLVzXBrEQD0xMtbwDt87vOajy5KDrxCPqyG8YuQJrOSp99yMnOuGgu90\nO8UHGaZK4pwfGY0VQIIWDU1ajobnfgVSi7enWswtgd4yGOBbNS64imprMUeSuLJU\nPHso6i0ihJ5XHN992hmZEbOxEqc0osC8U9yNPFghVDmRkqKpjr/aOblNAKksw+i5\nJLa8xMbkNAJwRgy0qQ+ZdOXV3ieQlsR8rnSC2IB/oFM7vncKdAoF0rsLhEodDVMk\nWZ+nXVi5AVyrr1OL2FUWChCm2bj4y8/XfmXzvaFNVkzQoOOBd/PBFneHETLx6Uw2\nexmBeXl6rytmnEwmQ5w7WfK6dwz591tK41Q9yv2rDAeecL/tqmoFKvruYo/5vCfc\nzHJlaNiQwzbbNoSh/pzuiw1xfWzrvmvZGs6ukWZgs35uROYPV3jmLzjOhim9wPz5\n6VzFqelH+sONMUE/ZVRYJNtJfFMdhweMz/HPgdaV5I/is4BhTNxGSUcPBQKO43FV\n70I3vnsGvEzz24EwI7NSsaD67jycflEoSxg7nouQPBgoTKtfhlfF/mgy8q3anR0U\nvpGXi4L35m0tlcFuoz+27zCHtX1cuAv5azNtNetA26iIFh7Y4tMHYXkntwTrAXZa\n3vEpSYfCyy13gFrTsxEIsseGhjEtJpbnZMWPS1p1iJd7aLgxlajBlbsLHTk5fgog\nCZlPzwZohkaC3jBOBc4G/oHStYB3r6JZfrI5hI0Rj2KIZFIUJbZ/HhaHRYCuUmYQ\nH9h2aHoIOeBrnNJywwl4EQccUS+gawlalPvq1JugyEQeJuIabltE3rGiO3hM7Jai\nWKQ8EO3LEB4u+Vzps9F+bN2rdgbKKCN8sjZxvg7g6hrqi0fOr+WL6WqoNjMEIJ24\nWInyRZ+xeK5y/v7GRxqJFg/njtSfdayaZQJ1YzqNcpn8Z2l81uglzQr2ZTQesWpn\nxxOzRVA2cQNI+/yJQ6xA57DFyjMWVRpAFWbXvAebkWZM7gH+A29sk5oVpXKkUSUO\n8+2aBHdGljNxSCGdOxhSmJE68Qe7wq4yCOafgyEinxn20vCzVYJUveT7r9lu8KzH\nC510PBkSXCr8AyHyxPhVEfK4/ykmcotQ1O0x7lZsnZIGEWYggPRRz23WjAha9Onr\nbMUmWbuWnKABS85KH/HZ08LwLDB3TbiK98+aLLSuZoImSmaaXiI/adw997avnco1\nYjxKnqfMi+RqAPU+UaKvYB/erLYenCWwKAxEkMcPg17PlTawb8r+AZvtE7lm7Ojk\nIH7tomF9W3V2U2mcceZbnZEjaxPKseQgN0NvcHVQJw5D3mLoS8Hm5ixguO+diTLG\n6H879+rN0eTjTKjYR4ctEuP2tw4xxOkGzkokl8MnGJqIlOCwG6GlVo1XI0Ljdh7n\nivUy87xx0TpeUh0NOKiw6l5OUZGLm1b5XfnJ5jTmzgjYZPET4eM0O7NRDYeaRCAc\n19k2xkUGsqnpyLnaz9G2bcv1Iq7mKJjDQ88FUVB9jxUPxfv+E5SUExCQa32+r8w5\ndag0K5lKhWW83epYidqwi0RFkpOF1wcQu5ly4dYIwKeZ+D2mZcysRxGfWFuc7qdn\nmnpDtzPYoYPor3HmxXrXk4I2rsbwBlInLKcm+/ctu5yDZqc+bRDG9+abNncUVDPc\nKQUOfquAmYTeY0cudZAWExan9132bsJYTAf44egSjCynPaAWUWao8Tqx2dSEJYOI\nfUhN8rVbW6cdAnMji0JW/9C5ZQ2iSNy//8M26V5+MwnmcAtyRFQA1I8TWReNUY4D\nJRww3EpZp3JEB5k8oIoZa6DJTt9HXj9VccXlxTgKMaaC3RLB8rRCaOjSGFU/dJSf\nn//eBzpppK9YQiojfPWVOMK5alBojz6/8ZhAGkiecLp14NVtyR4lcwn7c40yZRdM\nDwTFZSjBYux0yaXioNaRyjs2v+j+mgxIvplp++09ZHb+KFM2tcs2kkfDXm6vOb52\nORjEpDys5BN2JXOY8/7zNySRJ8qdVkhVfELCkgFV5wU5o1oXACuDRbxjij6aQuux\nDutHUMBi/lKdct5IUH9V5Dg7hkq5zg41lqOKu+WO5U7CAoygV1+hoA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ECWrDCUiC6Lbk2Ae9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpwqln82j6.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpwqln82j6.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_3(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:584: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=612658b13e173e428d33d8b07de855ea7eef126bc5854d01cd406eca28d127d3urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==dlXiwNrVyiRekr0YHpJXxASHOc/3r3sAcD8EjAmLDqTToe18Vg16UCM38yqKrOfw\nGlm1uU1Mglbzu0ICpKja7Ki/2uyI3Ji2uHY7l4vVDWhUV+p6y+peOH4/ZVRM6ZNY\nHhhUbb+PIcHXp3Hg0nI56Jxbl/akYCsEDU7dg5UMJV0=gp5OmtSMWhBKUK5H5NRMYXWyVr7bIUOEIsGjerSdunUiAp4uw5xNLfgS4IAZYi7P\ngPr3kSA3MiikVtdPULO4vGAU0nCsURrbIfO5jmPosyG+iG7Q0OmTWp4OzV2m/3z7\n9MXEXhAccDX3mjctiw6aqc3xlc/+kkTPMc0ut72E95h7Fh94lK85iuQR1kMDrt67\nce4x3GHp3V5eIhCAutyHX9foZP5MKxw6HS+21VGrFcvASTJ393yIiFgm1dpAMCWG\nYORrOOGy/7RA5JxcL+2+Mcg7dYyNmkHGTvXEpCDBwbUez58Kq61sCrvD2k6Xd8Xe\nC1ELel0NcLVzXBrEQD0xMtbwDt87vOajy5KDrxCPqyG8YuQJrOSp99yMnOuGgu90\nO8UHGaZK4pwfGY0VQIIWDU1ajobnfgVSi7enWswtgd4yGOBbNS64imprMUeSuLJU\nPHso6i0ihJ5XHN992hmZEbOxEqc0osC8U9yNPFghVDmRkqKpjr/aOblNAKksw+i5\nJLa8xMbkNAJwRgy0qQ+ZdOXV3ieQlsR8rnSC2IB/oFM7vncKdAoF0rsLhEodDVMk\nWZ+nXVi5AVyrr1OL2FUWChCm2bj4y8/XfmXzvaFNVkzQoOOBd/PBFneHETLx6Uw2\nexmBeXl6rytmnEwmQ5w7WfK6dwz591tK41Q9yv2rDAeecL/tqmoFKvruYo/5vCfc\nzHJlaNiQwzbbNoSh/pzuiw1xfWzrvmvZGs6ukWZgs35uROYPV3jmLzjOhim9wPz5\n6VzFqelH+sONMUE/ZVRYJNtJfFMdhweMz/HPgdaV5I/is4BhTNxGSUcPBQKO43FV\n70I3vnsGvEzz24EwI7NSsaD67jycflEoSxg7nouQPBgoTKtfhlfF/mgy8q3anR0U\nvpGXi4L35m0tlcFuoz+27zCHtX1cuAv5azNtNetA26iIFh7Y4tMHYXkntwTrAXZa\n3vEpSYfCyy13gFrTsxEIsseGhjEtJpbnZMWPS1p1iJd7aLgxlajBlbsLHTk5fgog\nCZlPzwZohkaC3jBOBc4G/oHStYB3r6JZfrI5hI0Rj2KIZFIUJbZ/HhaHRYCuUmYQ\nH9h2aHoIOeBrnNJywwl4EQccUS+gawlalPvq1JugyEQeJuIabltE3rGiO3hM7Jai\nWKQ8EO3LEB4u+Vzps9F+bN2rdgbKKCN8sjZxvg7g6hrqi0fOr+WL6WqoNjMEIJ24\nWInyRZ+xeK5y/v7GRxqJFg/njtSfdayaZQJ1YzqNcpn8Z2l81uglzQr2ZTQesWpn\nxxOzRVA2cQNI+/yJQ6xA57DFyjMWVRpAFWbXvAebkWZM7gH+A29sk5oVpXKkUSUO\n8+2aBHdGljNxSCGdOxhSmJE68Qe7wq4yCOafgyEinxn20vCzVYJUveT7r9lu8KzH\nC510PBkSXCr8AyHyxPhVEfK4/ykmcotQ1O0x7lZsnZIGEWYggPRRz23WjAha9Onr\nbMUmWbuWnKABS85KH/HZ08LwLDB3TbiK98+aLLSuZoImSmaaXiI/adw997avnco1\nYjxKnqfMi+RqAPU+UaKvYB/erLYenCWwKAxEkMcPg17PlTawb8r+AZvtE7lm7Ojk\nIH7tomF9W3V2U2mcceZbnZEjaxPKseQgN0NvcHVQJw5D3mLoS8Hm5ixguO+diTLG\n6H879+rN0eTjTKjYR4ctEuP2tw4xxOkGzkokl8MnGJqIlOCwG6GlVo1XI0Ljdh7n\nivUy87xx0TpeUh0NOKiw6l5OUZGLm1b5XfnJ5jTmzgjYZPET4eM0O7NRDYeaRCAc\n19k2xkUGsqnpyLnaz9G2bcv1Iq7mKJjDQ88FUVB9jxUPxfv+E5SUExCQa32+r8w5\ndag0K5lKhWW83epYidqwi0RFkpOF1wcQu5ly4dYIwKeZ+D2mZcysRxGfWFuc7qdn\nmnpDtzPYoYPor3HmxXrXk4I2rsbwBlInLKcm+/ctu5yDZqc+bRDG9+abNncUVDPc\nKQUOfquAmYTeY0cudZAWExan9132bsJYTAf44egSjCynPaAWUWao8Tqx2dSEJYOI\nfUhN8rVbW6cdAnMji0JW/9C5ZQ2iSNy//8M26V5+MwnmcAtyRFQA1I8TWReNUY4D\nJRww3EpZp3JEB5k8oIoZa6DJTt9HXj9VccXlxTgKMaaC3RLB8rRCaOjSGFU/dJSf\nn//eBzpppK9YQiojfPWVOMK5alBojz6/8ZhAGkiecLp14NVtyR4lcwn7c40yZRdM\nDwTFZSjBYux0yaXioNaRyjs2v+j+mgxIvplp++09ZHb+KFM2tcs2kkfDXm6vOb52\nORjEpDys5BN2JXOY8/7zNySRJ8qdVkhVfELCkgFV5wU5o1oXACuDRbxjij6aQuux\nDutHUMBi/lKdct5IUH9V5Dg7hkq5zg41lqOKu+WO5U7CAoygV1+hoA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ECWrDCUiC6Lbk2Ae9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ECWrDCUiC6Lbk2Ae9', '--output', '/tmp/tmpyxbi647_.xml', '/tmp/tmpwqln82j6.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpwqln82j6.xml" output= __________________________ TestClient.test_response_4 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6e9e6019fa696768e206298e784826338dbce1e37194a70a5d33f561d01a590furn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==xDf6CO5eW6B11+pk5mriNay8CorSX3/OW3AAuocJlX9s0rNpsqL4i3sW877Swgy5\n+HJac/wnQ/czYX6FNyTgc3fozU0dJApqg5izSaQ2Urhw5l3z++efyx/2VN9Xblgd\nD4Cx7/yWjI9WUvNbr+0jZca78u8Ip3TbES0r1s4g2Wo=LMPcQ7gSx6GtZcqOME/3LC3Byje6KBq2ESe421gToPkhugTRnPDrd7tJOpusD47Z\nDjyG45B4cWRlPuW5VarwuzCcFazLQ8cbNIXHNtsWv+RAwMJxVaX9jjAv0Pyd7rZh\nV68RPW0VRFpLuf5c2wXcJFr2eailkfwTZdR/D9fj6n/qYCmWawRvSmOksfKMMxVA\ni5cGeb2UlKj6eGXsITN1K11qeyW0DzTLh2FPGRiES92nxffy35RqUshx3mG6R5DL\ntHe2avkwwAA3tRETl8LoDOQdYZ/AZWs5a5FtzZ6+pWhQJvVj+kFCM0X64hi6YyXf\nYA4LUs5QGVrzjLWgXTOle3Zg+zsMhIxgooQ0E7fASP6Aa2TI21SifzqYsQbWZhoL\nszzQt2d4N6NBr0kKXdd+yh5WeTBssnGmLPYOPzqR2/BjfTXead6UGZdps0A5rGMT\noIrDjw4O+eXg0XeZi1tLDWjtWvPYnmTC0VPWXJmDjuogV1AGuLv3UVEcQDXqejDT\nUsVQe0OZj0RqLb+LnCiG3OGqsEupVZCXNOAw3C/2iGQRry+0hoSOvAIn9f3aLjej\nmNA4VPjkILh4Vq5HTk9hHV153PEvlaxcK/VeMD2jiwaF5bOFyiI3ZQdDOISAQxKU\nCKNKymZJrDaDDsUm2OhLuRJQMBRCAwjQMGRLESkByr8R9kUhNnq3qC0lVHo+FJMb\nLk1nrYpcvwIXjFaSDWeuSh20O4p9n7atjNv5RvjChFnkNCCFZgMpct0syKOmHrcf\n9jmMmkTtMRUNAso2Z1Pin162I7grTQb5iZGWdBgW+ZHeL/W1Vcgt9Kdu2ENQxTRn\nfq+gohi8j9bbmJ4gP7VJ8i64UxCe939441dmM0Xpw6L7ujUKjicq15ftYpdGqPqf\nugSUOQyR4sNzT9ZSzSDW0dkhaZdzOvlQa1cD3XSF6sya2iKOvzR5jqyQNJcXov4J\nX5HB2Qbp4Gs1KTBmIhwzr7GzOggb4jFrbUWF53G4hIKV8vDzyxJ5+cZKF9v2Rj3J\nHf1sp54CDbSfeapgW8Bdk6LKwCNsshrBN2Qn/ItOaAmxhXJIv+QueQbkzF6wgQJt\n4sTOfVtXLJZhd6moD84/gZL7XgcwW3RawbfFVJIcfw3VRcPjetNXlkCBT5ORBn/v\nP2tZ8lugWTHkdiE+gi8p6bAbsvaSOkb1vtuIJTklfvyIjGKMEQLDJKA4ieWkUw89\nVF2YdKRuuKXyE2QzgXisRmmWKNuV5AlsaUm8te/Ts0LL1E2I6GajALVnFfcG6Xlk\n+qqHDYi4BetKO/3UTmHSpc06ExAev6YUbo6CzkNEzT3DqP8EOP8ThFZCdINtgth8\nObRNx16eh34dvsUFgQuN6lzrCDBvzBRknga+n5abb2LQsvcm4Hth0jUHEnP9NtON\njAznfiWGcikDh3NIAJTmGZlWhv6xVk9oiuQ0hOObUOCAbZkr/pQSqwACdX2seqFl\n3C4jB+rMXqkhNAOLAemplzs6fwp7uFu73oiJmVrYhMOxi8I7NRu2UVWMODmnj9tb\nFgF6HWGzRdy58EU1TQS+JOHDgz6mJ4Y0X2uNuLWUTbdX2OAYGJI0AzkzpWI68f1T\nc1S5zHqkzVt8+uxjPhUu+5NNqof6LwoVORWW/pMj5Qg2KequvXPEFlRx6fFC8jZv\ngskC8CfKruw9eHfmwp+gqxe9RfvK+p+Y+BVQ1kp3LpjUGXPTx02BFFPBi8psKbEG\npY3z6UyhcgZ+ssUqSrgRTCkg1pFs9g9MHguUegYqpUBr3VCaJ1KqHGs2ab/+eK1E\nemg7nL0E4iKjQRajH+EE1di5VTpmGgIABIVhreoPFbhApFbPffzE0ZaJRDxIgmkP\nzP9H0nwUrdjJFURSci8NTyp/GyDBPBy3t7xaqqb+DULUyc5ADj1wTK7C7jpNcKVO\noIsYGEpWvvZOiG9+jn9TalR/Rcs6saSeqJRYVsaj4lRmGsLFG0C6m1cSsJgRoaCz\nFHiFOEnQECzbPDnW43cZoDWMYAE2/KJzsjjLA7vqRgndAF+ARIq/a+ZqgwaK+00Y\nP7j1B8F3DMtDFy4DDPPm0Q0vqu37GIzOsM4ukmdeEQ3Hclijazsbr0M2Uw6FKGFi\n+MBtfb2FJvBohxTxdXzMn/a5fp+J99WW1sY3UfC78075F3rr8IE2eDWRA9M1OcuV\nkiWxhpOtx5QWQVFSD91LPFNemT4ecqBEkRgTJc9U1XcIDF2wVVvf8yrYuwTfZK2L\nCTwMvwPnZMjJkG4Acp4UHZkE7EZIWySCeZx55MhcycgJTTNAypLoApp9XDLUavaZ\nOHQNDNxzykByyK17AU1euzVOluBpqjFk9nLTUl1o9kxsXiN9Xmo/bvFe7wBkX3ds\nhkQwErqJel63zBNAWrBEtc9bz9GRQY73YTZ8cPcThkLVV+fVJXozBg==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-j38pa87ZhUtboBPN4' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmphuihly15.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmphuihly15.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_4(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:618: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6e9e6019fa696768e206298e784826338dbce1e37194a70a5d33f561d01a590furn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==xDf6CO5eW6B11+pk5mriNay8CorSX3/OW3AAuocJlX9s0rNpsqL4i3sW877Swgy5\n+HJac/wnQ/czYX6FNyTgc3fozU0dJApqg5izSaQ2Urhw5l3z++efyx/2VN9Xblgd\nD4Cx7/yWjI9WUvNbr+0jZca78u8Ip3TbES0r1s4g2Wo=LMPcQ7gSx6GtZcqOME/3LC3Byje6KBq2ESe421gToPkhugTRnPDrd7tJOpusD47Z\nDjyG45B4cWRlPuW5VarwuzCcFazLQ8cbNIXHNtsWv+RAwMJxVaX9jjAv0Pyd7rZh\nV68RPW0VRFpLuf5c2wXcJFr2eailkfwTZdR/D9fj6n/qYCmWawRvSmOksfKMMxVA\ni5cGeb2UlKj6eGXsITN1K11qeyW0DzTLh2FPGRiES92nxffy35RqUshx3mG6R5DL\ntHe2avkwwAA3tRETl8LoDOQdYZ/AZWs5a5FtzZ6+pWhQJvVj+kFCM0X64hi6YyXf\nYA4LUs5QGVrzjLWgXTOle3Zg+zsMhIxgooQ0E7fASP6Aa2TI21SifzqYsQbWZhoL\nszzQt2d4N6NBr0kKXdd+yh5WeTBssnGmLPYOPzqR2/BjfTXead6UGZdps0A5rGMT\noIrDjw4O+eXg0XeZi1tLDWjtWvPYnmTC0VPWXJmDjuogV1AGuLv3UVEcQDXqejDT\nUsVQe0OZj0RqLb+LnCiG3OGqsEupVZCXNOAw3C/2iGQRry+0hoSOvAIn9f3aLjej\nmNA4VPjkILh4Vq5HTk9hHV153PEvlaxcK/VeMD2jiwaF5bOFyiI3ZQdDOISAQxKU\nCKNKymZJrDaDDsUm2OhLuRJQMBRCAwjQMGRLESkByr8R9kUhNnq3qC0lVHo+FJMb\nLk1nrYpcvwIXjFaSDWeuSh20O4p9n7atjNv5RvjChFnkNCCFZgMpct0syKOmHrcf\n9jmMmkTtMRUNAso2Z1Pin162I7grTQb5iZGWdBgW+ZHeL/W1Vcgt9Kdu2ENQxTRn\nfq+gohi8j9bbmJ4gP7VJ8i64UxCe939441dmM0Xpw6L7ujUKjicq15ftYpdGqPqf\nugSUOQyR4sNzT9ZSzSDW0dkhaZdzOvlQa1cD3XSF6sya2iKOvzR5jqyQNJcXov4J\nX5HB2Qbp4Gs1KTBmIhwzr7GzOggb4jFrbUWF53G4hIKV8vDzyxJ5+cZKF9v2Rj3J\nHf1sp54CDbSfeapgW8Bdk6LKwCNsshrBN2Qn/ItOaAmxhXJIv+QueQbkzF6wgQJt\n4sTOfVtXLJZhd6moD84/gZL7XgcwW3RawbfFVJIcfw3VRcPjetNXlkCBT5ORBn/v\nP2tZ8lugWTHkdiE+gi8p6bAbsvaSOkb1vtuIJTklfvyIjGKMEQLDJKA4ieWkUw89\nVF2YdKRuuKXyE2QzgXisRmmWKNuV5AlsaUm8te/Ts0LL1E2I6GajALVnFfcG6Xlk\n+qqHDYi4BetKO/3UTmHSpc06ExAev6YUbo6CzkNEzT3DqP8EOP8ThFZCdINtgth8\nObRNx16eh34dvsUFgQuN6lzrCDBvzBRknga+n5abb2LQsvcm4Hth0jUHEnP9NtON\njAznfiWGcikDh3NIAJTmGZlWhv6xVk9oiuQ0hOObUOCAbZkr/pQSqwACdX2seqFl\n3C4jB+rMXqkhNAOLAemplzs6fwp7uFu73oiJmVrYhMOxi8I7NRu2UVWMODmnj9tb\nFgF6HWGzRdy58EU1TQS+JOHDgz6mJ4Y0X2uNuLWUTbdX2OAYGJI0AzkzpWI68f1T\nc1S5zHqkzVt8+uxjPhUu+5NNqof6LwoVORWW/pMj5Qg2KequvXPEFlRx6fFC8jZv\ngskC8CfKruw9eHfmwp+gqxe9RfvK+p+Y+BVQ1kp3LpjUGXPTx02BFFPBi8psKbEG\npY3z6UyhcgZ+ssUqSrgRTCkg1pFs9g9MHguUegYqpUBr3VCaJ1KqHGs2ab/+eK1E\nemg7nL0E4iKjQRajH+EE1di5VTpmGgIABIVhreoPFbhApFbPffzE0ZaJRDxIgmkP\nzP9H0nwUrdjJFURSci8NTyp/GyDBPBy3t7xaqqb+DULUyc5ADj1wTK7C7jpNcKVO\noIsYGEpWvvZOiG9+jn9TalR/Rcs6saSeqJRYVsaj4lRmGsLFG0C6m1cSsJgRoaCz\nFHiFOEnQECzbPDnW43cZoDWMYAE2/KJzsjjLA7vqRgndAF+ARIq/a+ZqgwaK+00Y\nP7j1B8F3DMtDFy4DDPPm0Q0vqu37GIzOsM4ukmdeEQ3Hclijazsbr0M2Uw6FKGFi\n+MBtfb2FJvBohxTxdXzMn/a5fp+J99WW1sY3UfC78075F3rr8IE2eDWRA9M1OcuV\nkiWxhpOtx5QWQVFSD91LPFNemT4ecqBEkRgTJc9U1XcIDF2wVVvf8yrYuwTfZK2L\nCTwMvwPnZMjJkG4Acp4UHZkE7EZIWySCeZx55MhcycgJTTNAypLoApp9XDLUavaZ\nOHQNDNxzykByyK17AU1euzVOluBpqjFk9nLTUl1o9kxsXiN9Xmo/bvFe7wBkX3ds\nhkQwErqJel63zBNAWrBEtc9bz9GRQY73YTZ8cPcThkLVV+fVJXozBg==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-j38pa87ZhUtboBPN4' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-j38pa87ZhUtboBPN4', '--output', '/tmp/tmpzzmtq6gd.xml', '/tmp/tmphuihly15.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmphuihly15.xml" output= __________________________ TestClient.test_response_5 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=fcb00e76b4eb38af653a1ae79afaf7fe16dec1c33f598229880c02d8e04e188curn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==zqKljr+jcrcvs3X+TSVEVfMtafPXyGdA6yQLmZgfYTQyCdMZL/FILeJQ37Abt+Z3\nDchuayGe1Ir4/+8RHoDcjNQ9ioQ1MoBKBe5yEIMS331utmFgwlQIyxTcgigCLhBc\nlMJYkkTGiduErXeYoOHXCJNIj16gbJcTy4En7Qe0THs=+zolSJt/fZXnJSXl8X7HHlJJ4Z0HVgiGS3jPdLsqfroMD1rJzcOcOFGRVGgUShok\n5c9FLxvla61s6BAgRE2JNh7/khzm+XwymgxVCUWYgTBnOqzRwIfDGKzbHQzFvD1e\ngb0iXVQ0WhEZPozxS3okWU/PQZVuknhVXA2aNGoppaGtdUMzs12J3f+nyXcQtJn2\nEgIJ8RpaYmjDkCAsi9vqacwPdVoDPPfLFKS+n13tu+WO8bvyZTLQ5lCOjYQQ2F4Z\nC2xQ+BH7ICdWC9c7VsnfvFhE9qAgXs+8267DW9GkIkgNqHJfK0PYBFjKQCOE2ZMe\noCz8APUV+CPOui+QYwO0uNEojGi3BK+vceEBroPaVFPaE3EeviOCDD4uUXyz20I+\ngfamaAAy/b6ML5kUdakiVob05GMIMt/fcVZU8nbkywMp13+kIhanCX7owbIAUtzf\nVJqZ2Ja3l7HaCi1IGlyZrifgBUyjubDeda5zLpMsKouJ3de5+MPk33qM2aXW69JP\nwFK2rWxL6yQh66xZpuKkIm8MidgREd/xwJzYH5kGFHBNodXKOGac4y/OeCAP3ZK+\nAogmL4PHNlv05P3KdZdudQBBcFql3D4Bs3mBXnJ5kIAibe/4S4hmFYrIaWUh8lNl\noG3Cfz+4QQlyk+mUlq1gQ18Crz0Tjf1PZ9CLli/kBGt3kKDoPFAq5HxCmvT7mzfv\nR2YpM4dEmhw0IC5+yihf+EJGlwh6ETRiuIaZzSm4uTolAleUWCtPCgpSXhOFmcfX\nN0ofpyE3kDD6GuCuSDtEpG4uirlqY6zxNrpB5DouDMmIdxl0RcDWYKRJvjtPaPH1\nPQHLuvWbzMH4nq9SOophdeO3eKe3EwxqsStvbFiIA2eckKdXj6FQmGd0vhEfsu6l\ni/uDXwtJ/ixND0zQHy2Yacn50WbbBg7rlIEhnNW2gqBkhjlrAVGmHEr/1r4rdChg\nBd1iENte05QhWVbK/0BMEfl0NVr6lw4/gjn2VqeZ80h8lb/GLVV807oHyubYP9zg\nUXVC4CuWnwxcruDJi8L94qpQVXI8KCxl5ignlXQwizmzEqW6X/LEOOc6AS/w+jUp\nT37b+PHpwxNz2eSeMegaarFrjtGqo+9TWSWBy3OmeJSve678YotWAXK5bBLVU6kL\n0cLhj088Sqzmw4G63eMe/fiupdIZ/4FgcdSh9zP7zrb3LWkZ5r6XfGwbz2AQl2SZ\nazeCoKxNFLjSR3E0oCYX6P/h6BvtBgfTL1vRQvWCzLmuUgkaf/tHOy1uAT8wue86\n3ISxUNS200mnR82lqVh0WnEcVMFVJheVClRlK2fbD5wHdHb+hIvrc9qh5ENcSPQ1\nvbHso5hcMvAp4jp7sFxWI6wZWSS9v04+XBDsAuuR+cO03TbGtT3hWjhcvGqsxJZc\n0/vZI65D1+PNNmgRzacYvYhgYcRY9d91YR3ETAmgnEt9Tehtqm8ePhCJKYionXDB\ncWy+8+jBWkhr2DHT5ICBvrPwdWfO9brHubU4xQ9fRBCVmWTwb0+x4MCpA6IyqWag\nnK9bwkAQllq/mzU5GFhSB/zzihSiEmGYZwbh8ZDZa7rBhPH0rgcVM88YdEM+yU2M\nQ/fKxemy7V4NqD3GaMFUY4MuzjKpOHWD6qVCqr4/a65CMbR23eGSHtB3BmaXkDlr\nkKWCIxoFDklVCMt3ht18uzJQ0DF4h6+CBnISKCO+Xzg8p0njxhcNM6VnZQoDbSmt\nd97NjPSjWL2IeauvfWbWdPgQJXSZlpYqV0EyXPCCM/Kh2l7Lhfy5AC1Q/Ql2Ihgl\nvCdRD0ewMDZXUKQ9WxwK4AaqqO72fHzr9LojAqboB0idPlucg41YsEfHgyDwUL6p\neuKZ0klaRWq1ZMyTckRwUayRg6DsVYTidvFtFLONe75pP2R30NNGKsdWER5zv8lm\nxWuP8Wkdw9fnSfMuZH/N1JOL89s4vYOj8K+WediFgZ44GQ347c+1WmFlMMFn/pJS\nqhe/GQQSAr5Gi3AJUvGOniKA3Otxz77bTJcejrj6KCBEbpxGh9soE8SPOPfocRAs\nSqOLC5ofXV/dhiCjYT2JorcpoNiWX7f+hIAwn88vLIOiDst9AJD6mBxye/tCuZYt\nFMCiGNQkTnwWvkWtowLNXfCX4L6WUzKbwMgui+457gsVUYsiS0QFouz0DboNUt5M\nCwR+GAarnCi1mEMPGEyR7sOT7wHtHYQhrJaqGB30YheCB3DdaowT9jS7ZY7YjOj9\nNy8Gs3fWLTjMUm9BBeri0Wwiv1XhafizLQmmw3KaSbxLuVbuJtxCLyoGjkDvLcBI\nC1v8hTBBKrAD92Br/k2o2jNpRtsiOVNffZ/1qwj3DnebYjQkUzqsbmGk82sW/Y5z\nRo9f0hI6ewyq4/Lyi730/740lDwA8IaYTwUt+5XN5qH2qMuoQ8Y7BA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-acz7PgWb1Qb87D4sj' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpi9a2ehxo.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpi9a2ehxo.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_5(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:656: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=fcb00e76b4eb38af653a1ae79afaf7fe16dec1c33f598229880c02d8e04e188curn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==zqKljr+jcrcvs3X+TSVEVfMtafPXyGdA6yQLmZgfYTQyCdMZL/FILeJQ37Abt+Z3\nDchuayGe1Ir4/+8RHoDcjNQ9ioQ1MoBKBe5yEIMS331utmFgwlQIyxTcgigCLhBc\nlMJYkkTGiduErXeYoOHXCJNIj16gbJcTy4En7Qe0THs=+zolSJt/fZXnJSXl8X7HHlJJ4Z0HVgiGS3jPdLsqfroMD1rJzcOcOFGRVGgUShok\n5c9FLxvla61s6BAgRE2JNh7/khzm+XwymgxVCUWYgTBnOqzRwIfDGKzbHQzFvD1e\ngb0iXVQ0WhEZPozxS3okWU/PQZVuknhVXA2aNGoppaGtdUMzs12J3f+nyXcQtJn2\nEgIJ8RpaYmjDkCAsi9vqacwPdVoDPPfLFKS+n13tu+WO8bvyZTLQ5lCOjYQQ2F4Z\nC2xQ+BH7ICdWC9c7VsnfvFhE9qAgXs+8267DW9GkIkgNqHJfK0PYBFjKQCOE2ZMe\noCz8APUV+CPOui+QYwO0uNEojGi3BK+vceEBroPaVFPaE3EeviOCDD4uUXyz20I+\ngfamaAAy/b6ML5kUdakiVob05GMIMt/fcVZU8nbkywMp13+kIhanCX7owbIAUtzf\nVJqZ2Ja3l7HaCi1IGlyZrifgBUyjubDeda5zLpMsKouJ3de5+MPk33qM2aXW69JP\nwFK2rWxL6yQh66xZpuKkIm8MidgREd/xwJzYH5kGFHBNodXKOGac4y/OeCAP3ZK+\nAogmL4PHNlv05P3KdZdudQBBcFql3D4Bs3mBXnJ5kIAibe/4S4hmFYrIaWUh8lNl\noG3Cfz+4QQlyk+mUlq1gQ18Crz0Tjf1PZ9CLli/kBGt3kKDoPFAq5HxCmvT7mzfv\nR2YpM4dEmhw0IC5+yihf+EJGlwh6ETRiuIaZzSm4uTolAleUWCtPCgpSXhOFmcfX\nN0ofpyE3kDD6GuCuSDtEpG4uirlqY6zxNrpB5DouDMmIdxl0RcDWYKRJvjtPaPH1\nPQHLuvWbzMH4nq9SOophdeO3eKe3EwxqsStvbFiIA2eckKdXj6FQmGd0vhEfsu6l\ni/uDXwtJ/ixND0zQHy2Yacn50WbbBg7rlIEhnNW2gqBkhjlrAVGmHEr/1r4rdChg\nBd1iENte05QhWVbK/0BMEfl0NVr6lw4/gjn2VqeZ80h8lb/GLVV807oHyubYP9zg\nUXVC4CuWnwxcruDJi8L94qpQVXI8KCxl5ignlXQwizmzEqW6X/LEOOc6AS/w+jUp\nT37b+PHpwxNz2eSeMegaarFrjtGqo+9TWSWBy3OmeJSve678YotWAXK5bBLVU6kL\n0cLhj088Sqzmw4G63eMe/fiupdIZ/4FgcdSh9zP7zrb3LWkZ5r6XfGwbz2AQl2SZ\nazeCoKxNFLjSR3E0oCYX6P/h6BvtBgfTL1vRQvWCzLmuUgkaf/tHOy1uAT8wue86\n3ISxUNS200mnR82lqVh0WnEcVMFVJheVClRlK2fbD5wHdHb+hIvrc9qh5ENcSPQ1\nvbHso5hcMvAp4jp7sFxWI6wZWSS9v04+XBDsAuuR+cO03TbGtT3hWjhcvGqsxJZc\n0/vZI65D1+PNNmgRzacYvYhgYcRY9d91YR3ETAmgnEt9Tehtqm8ePhCJKYionXDB\ncWy+8+jBWkhr2DHT5ICBvrPwdWfO9brHubU4xQ9fRBCVmWTwb0+x4MCpA6IyqWag\nnK9bwkAQllq/mzU5GFhSB/zzihSiEmGYZwbh8ZDZa7rBhPH0rgcVM88YdEM+yU2M\nQ/fKxemy7V4NqD3GaMFUY4MuzjKpOHWD6qVCqr4/a65CMbR23eGSHtB3BmaXkDlr\nkKWCIxoFDklVCMt3ht18uzJQ0DF4h6+CBnISKCO+Xzg8p0njxhcNM6VnZQoDbSmt\nd97NjPSjWL2IeauvfWbWdPgQJXSZlpYqV0EyXPCCM/Kh2l7Lhfy5AC1Q/Ql2Ihgl\nvCdRD0ewMDZXUKQ9WxwK4AaqqO72fHzr9LojAqboB0idPlucg41YsEfHgyDwUL6p\neuKZ0klaRWq1ZMyTckRwUayRg6DsVYTidvFtFLONe75pP2R30NNGKsdWER5zv8lm\nxWuP8Wkdw9fnSfMuZH/N1JOL89s4vYOj8K+WediFgZ44GQ347c+1WmFlMMFn/pJS\nqhe/GQQSAr5Gi3AJUvGOniKA3Otxz77bTJcejrj6KCBEbpxGh9soE8SPOPfocRAs\nSqOLC5ofXV/dhiCjYT2JorcpoNiWX7f+hIAwn88vLIOiDst9AJD6mBxye/tCuZYt\nFMCiGNQkTnwWvkWtowLNXfCX4L6WUzKbwMgui+457gsVUYsiS0QFouz0DboNUt5M\nCwR+GAarnCi1mEMPGEyR7sOT7wHtHYQhrJaqGB30YheCB3DdaowT9jS7ZY7YjOj9\nNy8Gs3fWLTjMUm9BBeri0Wwiv1XhafizLQmmw3KaSbxLuVbuJtxCLyoGjkDvLcBI\nC1v8hTBBKrAD92Br/k2o2jNpRtsiOVNffZ/1qwj3DnebYjQkUzqsbmGk82sW/Y5z\nRo9f0hI6ewyq4/Lyi730/740lDwA8IaYTwUt+5XN5qH2qMuoQ8Y7BA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-acz7PgWb1Qb87D4sj' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-acz7PgWb1Qb87D4sj', '--output', '/tmp/tmpks7n1ua5.xml', '/tmp/tmpi9a2ehxo.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpi9a2ehxo.xml" output= __________________________ TestClient.test_response_6 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6355e8e953d59a83840639cb713c12a84d9134b03b488914f9e1e53acfa93a50urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODUzWhcNMzQxMTEzMTYzODUzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAvj9rxp1rIQZgdX/en5GTFDv8ypZjbC0oYHahbYr2rmOOvBD/K2wgceUc\nh+f4gHeHB9JUcN1o+rRvhSB27o+jTvNXQxLo2+SFarhf7DBeToCSQbP5z36E5xxh\ndlOgSFtows4gJq2S1vW9iljK0dtfEiAjaFjhE4PH9PMPqGayWFzX594cdANV4K9F\nRsHZFtrkMum/ae/cwTUgZFoo8JsZ/RdgYX4qou6jHAe9TqMY56IaokV1tYnAEusK\nqhA+5x9/P05OgMC+GCf8v+RT/XOIWqi94EHN9piCFl5M/21FeCx492iuDEli/TDT\ndiquHaKTvLXYOcFAth205mNdeMn7zQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACLl\nOUmn7TnvInxMb7kIoBBep0zf91OxUpvmXcjH0rHtEO2YqGcPJIC4kn4hatweUxD+\neguOxzG0LXApoWIDy6g3vvUslM4ixabgz7H/X1K5bUxktBfzI2ID/TLEFbDS6hGg\nXGjjs3LGB8MJFdwFtyKqoN2726EB0a3CTzYSXVW9bk1VpCXGgZmWwsgxDsF0DBZFNaMHm/Met/rM9pLcuWpZe8opOngP2sS7DpOUm1KX\nlmXNJwrKVNm/mhLZEJkPgeBjMSCIKXRgUrbs1+O1ySa1T+/IvqejH2AUU1JrAq+V\ncTPGDvVsgV9Xsy4jQnHvURpsYvHACf2dxUQePaDPrAWmzv2pmAS0ZJBDa0g0NpBV\nGdEh/tpVJP8PJKbfiXk7XrVEc3n687E+9GXzFivPUcdotJfmPWYCzQZf+kMVCYqB\nZ371wB1IbJXoAt2zKQMt92srDD3pl7tzrQld15UltEo4lW5QlRoLEsKUAzHy7Fj/\nBC7+7UOoVTY+boaw+rlpVQ==AGYsZuHF0SkWDYJlDHcRlegKTg0zKVEA2N1YbXRN8AQbBqcfey5KnJOcEU32uV76\nRJjn3K5+BQO/5Z8D2q6RDzIilSle1vYLqj/N0h5DOucK50Ks66xmWdy7qmHraPC7\nnZhP5o1OZr7Q4F3aX6PKpuja8mnXcsqCjUwDMylB6l1S2+CU+DfpDZLwVPoolWTc\n/vzdgdHTozkpfPBk6072g455zbOIiaoPvupPwjV9bpnhoEcV0lSCW/6WrTluCJZd\nWtukZ7AVcKwklHWrUqlfN9Bh9tvb2gXSePCLoXSPK9cAk6q9j93MMKAKpqQ7YAcx\nxHeO/kUACMxZXOy357A9DRN/uVYWi6+SqRSMxx1gqnTn2H6mhO0JBFKQyfBXvtrI\n4ZfKz0EBZIQokwooAxIpHJlrCBHYQRn3AqFm43ImLtN4me/3NR9n23YIaxLvTmrJ\ntkyrhRLCrXruTRxR6IARy45G6WFrqAAxFeQJ+83mgCdIpkxwzqFik7KlaQk+Qo3q\nGf175vRJy7AMh+P1tCRYBuKHXsvGFtpmrSw09y+A4VMpl2LYDALfvrWwIbBJA3hE\n4fe2sqBOcmdVbB1Hz/CYvjKUszTjT+cH8reovhGg7acI2bIubM1FgQpaAfaM76Y5\nZsA/yAVlYtqVxJlMe/BNRwZiRsGbftH1wuIBGt4Prj/+VjMFERepgtrIfGBbYJf1\nivOUC+u4IPLrBlpMvuoAMd7YYMgh28w7Mg1L7f0ASt3u5BOyy5loT8KHbfqX1CXT\nWnZUIyQ+b3aAoOJZ6wZWlc+OKA92bUTLXkx8Drtdai5VJ4nqY+7DzaDI/KYbQguh\nn9BdJ4dnpHNId6ZgKmqkMk/LJ4AfIMnsv/2Z4aMgKcIJm1u2D3X69ulI6oO700pN\nMxFi07A20y8ie9OzeyddnAKs0C3BptHFSD0Rwb6rg+3TJLO9Yo/pJb+iA1ncvH3R\ndCEGEK8+alEFvhsV/NweKs1k1gvBX2ysPIcVMgXL3LXeytDBdKnulWXOECJRMOzF\n3tgwg2+5zLE5TFlUEiORabCOE9gI3XCbgM7LKBkpjyYEYBgfcj/TyrO4O1zc3TOZ\nrkjATO6fUdsS0Q1ARwFVwSgk+Wuk6qpQWQELERLTfFFip+85l5zNL85JD69xcwLY\ndNXsQRh0kuCUIX/MuCwmTLbCkPFZUDgSGRDC6c7fdsUPZcXLZ5QD8AYyRU5wO5yB\n3s/E1HMwrJ0zzZsDj51UU4r1Gj/rHLBlqYJx5GKsPamaHgYboRQGHiVB/x1wUqHs\nxRWLBaQwvuhYSxmwz/huqHczzQIKQGjC9+HhJwKumGBA7sJ/UlbmHcfU516UvqA7\n3SP6xs7RmIdecgRibX82LxV9QfYBzv5NZOSFWUcg9qqP8FVkDpu6d/lHXaf4mrVd\nFP2Lu46IjDGp2TuPF7MnshscPXRXGvrqht8KcvdrGmDijgw9tnDNmmLb62bzZABZ\ncvpjy0/hjZEFBaiTWVioX8rq6xURR2VWzZU3VJr4Q6KKt3BjXUYcJz0k9vE1lCDW\nxyyefovZCChzuaREE6hGvavu69WeqKnwwiPKbyUEp5YXpV44pTsQRHJ1rYS9UzRh\n8tFJ+12GtpgZUfJyFBiF3/J7iq6edGoLW3SV5vSgjpROukHAhsMGQr9xLIhfuCab\ne1Jk4EHl1/ehFbDtbeahEeefM8uk4qXmqKzgT9L6Z56lhlecy0k3yq+NnFz08Z1R\nctKy/fGGsGCJr/iBUyYCjzCMozNa9cuQk3XEkYz3lSZvhcUsmlYSIv895TdYGEz7\nlnqGyfaxgFNoOe/diwJlkxrVVskljfrbpwD7l6wFN+hcX2XiVuj7jVuhp1QWKwat\njq0qOMGPEfT9PDmxWf5PSqWb4cdD+aosCyoD6fzFC2hSsuCsjIdxFyoforwyjI0R\n5SFWcGYTaH5XOEYQmJT/C/SS3CYJ/hXX39SIhZNH9L41Wyw7m7HB2PmKuJY4HHX1\nXmaEKbGQlKabS5o8enH9jVIt6Hb8I5i+yuLDkZwGBOMJRk9xK5cg8+EqQMqeX3qY\nsW26p6W+8VPjsdRsqnhpRr80/OdZH/GrrmtXQwm85q/Nw+BdFskET6pDkTG+4GRB\nm3Jhcq6CmoqFtYgPHmDGaadCHLxEI/n2GUOesTmz2rY9kZelrMfosUHKpCg2HQRD\nIJcRO3SIE+evi352r88FS1300MgJ2HGKuXcHw3Fj9CZUT5959nixSTUQa51iR6MR\nt08KT4gEU/4C1iSft9emUwB+owBXmKJtnlv5XPn2hsZnH17Y6VxpsamVd8sJj2Sr\n0jTMHSFwJZD8ZJ7ciTMcmOGg+KIv13k4oCVNa4Ah8KwbjsQcB5KGGkfKzsF/j5B8\nrcRD35MCx4W8tC9NUvv3BMHJI93kq+n2X/KglRzf2OVGWAKV3r5Gow==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-OUD8bre9ySgqVFYtG' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmplvlycfdm.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmplvlycfdm.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_6(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_assertion_str, cert_key_assertion_str = generate_cert() cert_assertion = {"cert": cert_assertion_str, "key": cert_key_assertion_str} cert_advice_str, cert_key_advice_str = generate_cert() cert_advice = {"cert": cert_advice_str, "key": cert_key_advice_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_assertion_str, encrypt_cert_advice=cert_advice_str, ) tests/test_51_client.py:699: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6355e8e953d59a83840639cb713c12a84d9134b03b488914f9e1e53acfa93a50urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODUzWhcNMzQxMTEzMTYzODUzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAvj9rxp1rIQZgdX/en5GTFDv8ypZjbC0oYHahbYr2rmOOvBD/K2wgceUc\nh+f4gHeHB9JUcN1o+rRvhSB27o+jTvNXQxLo2+SFarhf7DBeToCSQbP5z36E5xxh\ndlOgSFtows4gJq2S1vW9iljK0dtfEiAjaFjhE4PH9PMPqGayWFzX594cdANV4K9F\nRsHZFtrkMum/ae/cwTUgZFoo8JsZ/RdgYX4qou6jHAe9TqMY56IaokV1tYnAEusK\nqhA+5x9/P05OgMC+GCf8v+RT/XOIWqi94EHN9piCFl5M/21FeCx492iuDEli/TDT\ndiquHaKTvLXYOcFAth205mNdeMn7zQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACLl\nOUmn7TnvInxMb7kIoBBep0zf91OxUpvmXcjH0rHtEO2YqGcPJIC4kn4hatweUxD+\neguOxzG0LXApoWIDy6g3vvUslM4ixabgz7H/X1K5bUxktBfzI2ID/TLEFbDS6hGg\nXGjjs3LGB8MJFdwFtyKqoN2726EB0a3CTzYSXVW9bk1VpCXGgZmWwsgxDsF0DBZFNaMHm/Met/rM9pLcuWpZe8opOngP2sS7DpOUm1KX\nlmXNJwrKVNm/mhLZEJkPgeBjMSCIKXRgUrbs1+O1ySa1T+/IvqejH2AUU1JrAq+V\ncTPGDvVsgV9Xsy4jQnHvURpsYvHACf2dxUQePaDPrAWmzv2pmAS0ZJBDa0g0NpBV\nGdEh/tpVJP8PJKbfiXk7XrVEc3n687E+9GXzFivPUcdotJfmPWYCzQZf+kMVCYqB\nZ371wB1IbJXoAt2zKQMt92srDD3pl7tzrQld15UltEo4lW5QlRoLEsKUAzHy7Fj/\nBC7+7UOoVTY+boaw+rlpVQ==AGYsZuHF0SkWDYJlDHcRlegKTg0zKVEA2N1YbXRN8AQbBqcfey5KnJOcEU32uV76\nRJjn3K5+BQO/5Z8D2q6RDzIilSle1vYLqj/N0h5DOucK50Ks66xmWdy7qmHraPC7\nnZhP5o1OZr7Q4F3aX6PKpuja8mnXcsqCjUwDMylB6l1S2+CU+DfpDZLwVPoolWTc\n/vzdgdHTozkpfPBk6072g455zbOIiaoPvupPwjV9bpnhoEcV0lSCW/6WrTluCJZd\nWtukZ7AVcKwklHWrUqlfN9Bh9tvb2gXSePCLoXSPK9cAk6q9j93MMKAKpqQ7YAcx\nxHeO/kUACMxZXOy357A9DRN/uVYWi6+SqRSMxx1gqnTn2H6mhO0JBFKQyfBXvtrI\n4ZfKz0EBZIQokwooAxIpHJlrCBHYQRn3AqFm43ImLtN4me/3NR9n23YIaxLvTmrJ\ntkyrhRLCrXruTRxR6IARy45G6WFrqAAxFeQJ+83mgCdIpkxwzqFik7KlaQk+Qo3q\nGf175vRJy7AMh+P1tCRYBuKHXsvGFtpmrSw09y+A4VMpl2LYDALfvrWwIbBJA3hE\n4fe2sqBOcmdVbB1Hz/CYvjKUszTjT+cH8reovhGg7acI2bIubM1FgQpaAfaM76Y5\nZsA/yAVlYtqVxJlMe/BNRwZiRsGbftH1wuIBGt4Prj/+VjMFERepgtrIfGBbYJf1\nivOUC+u4IPLrBlpMvuoAMd7YYMgh28w7Mg1L7f0ASt3u5BOyy5loT8KHbfqX1CXT\nWnZUIyQ+b3aAoOJZ6wZWlc+OKA92bUTLXkx8Drtdai5VJ4nqY+7DzaDI/KYbQguh\nn9BdJ4dnpHNId6ZgKmqkMk/LJ4AfIMnsv/2Z4aMgKcIJm1u2D3X69ulI6oO700pN\nMxFi07A20y8ie9OzeyddnAKs0C3BptHFSD0Rwb6rg+3TJLO9Yo/pJb+iA1ncvH3R\ndCEGEK8+alEFvhsV/NweKs1k1gvBX2ysPIcVMgXL3LXeytDBdKnulWXOECJRMOzF\n3tgwg2+5zLE5TFlUEiORabCOE9gI3XCbgM7LKBkpjyYEYBgfcj/TyrO4O1zc3TOZ\nrkjATO6fUdsS0Q1ARwFVwSgk+Wuk6qpQWQELERLTfFFip+85l5zNL85JD69xcwLY\ndNXsQRh0kuCUIX/MuCwmTLbCkPFZUDgSGRDC6c7fdsUPZcXLZ5QD8AYyRU5wO5yB\n3s/E1HMwrJ0zzZsDj51UU4r1Gj/rHLBlqYJx5GKsPamaHgYboRQGHiVB/x1wUqHs\nxRWLBaQwvuhYSxmwz/huqHczzQIKQGjC9+HhJwKumGBA7sJ/UlbmHcfU516UvqA7\n3SP6xs7RmIdecgRibX82LxV9QfYBzv5NZOSFWUcg9qqP8FVkDpu6d/lHXaf4mrVd\nFP2Lu46IjDGp2TuPF7MnshscPXRXGvrqht8KcvdrGmDijgw9tnDNmmLb62bzZABZ\ncvpjy0/hjZEFBaiTWVioX8rq6xURR2VWzZU3VJr4Q6KKt3BjXUYcJz0k9vE1lCDW\nxyyefovZCChzuaREE6hGvavu69WeqKnwwiPKbyUEp5YXpV44pTsQRHJ1rYS9UzRh\n8tFJ+12GtpgZUfJyFBiF3/J7iq6edGoLW3SV5vSgjpROukHAhsMGQr9xLIhfuCab\ne1Jk4EHl1/ehFbDtbeahEeefM8uk4qXmqKzgT9L6Z56lhlecy0k3yq+NnFz08Z1R\nctKy/fGGsGCJr/iBUyYCjzCMozNa9cuQk3XEkYz3lSZvhcUsmlYSIv895TdYGEz7\nlnqGyfaxgFNoOe/diwJlkxrVVskljfrbpwD7l6wFN+hcX2XiVuj7jVuhp1QWKwat\njq0qOMGPEfT9PDmxWf5PSqWb4cdD+aosCyoD6fzFC2hSsuCsjIdxFyoforwyjI0R\n5SFWcGYTaH5XOEYQmJT/C/SS3CYJ/hXX39SIhZNH9L41Wyw7m7HB2PmKuJY4HHX1\nXmaEKbGQlKabS5o8enH9jVIt6Hb8I5i+yuLDkZwGBOMJRk9xK5cg8+EqQMqeX3qY\nsW26p6W+8VPjsdRsqnhpRr80/OdZH/GrrmtXQwm85q/Nw+BdFskET6pDkTG+4GRB\nm3Jhcq6CmoqFtYgPHmDGaadCHLxEI/n2GUOesTmz2rY9kZelrMfosUHKpCg2HQRD\nIJcRO3SIE+evi352r88FS1300MgJ2HGKuXcHw3Fj9CZUT5959nixSTUQa51iR6MR\nt08KT4gEU/4C1iSft9emUwB+owBXmKJtnlv5XPn2hsZnH17Y6VxpsamVd8sJj2Sr\n0jTMHSFwJZD8ZJ7ciTMcmOGg+KIv13k4oCVNa4Ah8KwbjsQcB5KGGkfKzsF/j5B8\nrcRD35MCx4W8tC9NUvv3BMHJI93kq+n2X/KglRzf2OVGWAKV3r5Gow==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-OUD8bre9ySgqVFYtG' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-OUD8bre9ySgqVFYtG', '--output', '/tmp/tmp8edfi4vw.xml', '/tmp/tmplvlycfdm.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmplvlycfdm.xml" output= __________________________ TestClient.test_response_7 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=7cc2666c3c7a610985f017271abacb7cdbe3bb8c702cc8f67bc6390c4b4fcae6urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-krumpp5aTRxnPS2vC' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpydsmtu4j.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpydsmtu4j.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_7(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypted_advice_attributes=True, ) tests/test_51_client.py:738: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=7cc2666c3c7a610985f017271abacb7cdbe3bb8c702cc8f67bc6390c4b4fcae6urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-krumpp5aTRxnPS2vC' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-krumpp5aTRxnPS2vC', '--output', '/tmp/tmp63pgpmm6.xml', '/tmp/tmpydsmtu4j.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpydsmtu4j.xml" output= __________________________ TestClient.test_response_8 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d15e73b1263689f1971cc652f3838cd515853f5ace218f023d26b4f4ba9c4528urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Kr1XUVWbL5rZhaTvQ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpk7nrkp51.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpk7nrkp51.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_8(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:776: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d15e73b1263689f1971cc652f3838cd515853f5ace218f023d26b4f4ba9c4528urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Kr1XUVWbL5rZhaTvQ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Kr1XUVWbL5rZhaTvQ', '--output', '/tmp/tmpym7hvloo.xml', '/tmp/tmpk7nrkp51.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpk7nrkp51.xml" output= _________________ TestClient.test_sign_then_encrypt_assertion __________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-3j2eUSKdJrWPMjxd5' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpue44_q2m.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpue44_q2m.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion(self): # Begin with the IdPs side _sec = self.server.sec assertion = s_utils.assertion_factory( subject=factory(saml.Subject, text="_aaa", name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)), attribute_statement=do_attribute_statement( { ("", "", "sn"): ("Jeter", ""), ("", "", "givenName"): ("Derek", ""), } ), issuer=self.server._issuer(), ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id ) tests/test_51_client.py:906: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-3j2eUSKdJrWPMjxd5' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-3j2eUSKdJrWPMjxd5', '--output', '/tmp/tmp5hi9wr4o.xml', '/tmp/tmpue44_q2m.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpue44_q2m.xml" output= _________________ TestClient.test_sign_then_encrypt_assertion2 _________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-K9vx95yPEGgVd9eZ5' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpzsxf_hiw.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpzsxf_hiw.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Derek", "sn": "Jeter"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=self.client.sec.key_file, node_id=assertion.id ) tests/test_51_client.py:979: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-K9vx95yPEGgVd9eZ5' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-K9vx95yPEGgVd9eZ5', '--output', '/tmp/tmp8zfiziyh.xml', '/tmp/tmpzsxf_hiw.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpzsxf_hiw.xml" output= _____________ TestClient.test_sign_then_encrypt_assertion_advice_1 _____________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-EG886WBwnv57kZDXk' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpzmlappr4.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpzmlappr4.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_1(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Derek", "sn": "Jeter"}) subject_confirmation_specs = { "recipient": "http://lingon.catalogix.se:8087/", "in_response_to": "_012345", "subject_confirmation_method": saml.SCM_BEARER, } name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), name_id=name_id, authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"}) a_assertion = a_asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion.signature = sigver.pre_signature_part(a_assertion.id, _sec.my_cert, 1) assertion.advice = Advice() assertion.advice.encrypted_assertion = [] assertion.advice.encrypted_assertion.append(EncryptedAssertion()) assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion.append(assertion) > response = _sec.sign_statement( f"{response}", class_name(a_assertion), key_file=self.client.sec.key_file, node_id=a_assertion.id ) tests/test_51_client.py:1081: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-EG886WBwnv57kZDXk' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-EG886WBwnv57kZDXk', '--output', '/tmp/tmp7hz3l3s7.xml', '/tmp/tmpzmlappr4.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpzmlappr4.xml" output= _____________ TestClient.test_sign_then_encrypt_assertion_advice_2 _____________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-vRLSs3wnSWZ66VSIy' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp578khvlk.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp578khvlk.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser_1 = Assertion({"givenName": "Derek"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) assertion_1 = asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) asser_2 = Assertion({"sn": "Jeter"}) assertion_2 = asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_1 = Assertion({"uid": "test01"}) a_assertion_1 = a_asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_2 = Assertion({"email": "test.testsson@test.se"}) a_assertion_2 = a_asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_3 = Assertion({"street": "street"}) a_assertion_3 = a_asser_3.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_4 = Assertion({"title": "title"}) a_assertion_4 = a_asser_4.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion_1.signature = sigver.pre_signature_part(a_assertion_1.id, _sec.my_cert, 1) a_assertion_2.signature = sigver.pre_signature_part(a_assertion_2.id, _sec.my_cert, 1) a_assertion_3.signature = sigver.pre_signature_part(a_assertion_3.id, _sec.my_cert, 1) a_assertion_4.signature = sigver.pre_signature_part(a_assertion_4.id, _sec.my_cert, 1) assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1) assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion = assertion_1 response.assertion.advice = Advice() response.assertion.advice.encrypted_assertion = [] response.assertion.advice.encrypted_assertion.append(EncryptedAssertion()) response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1) advice_tag = response.assertion.advice._to_element_tree().tag assertion_tag = a_assertion_1._to_element_tree().tag response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion( assertion_tag, advice_tag ) > response = _sec.sign_statement( f"{response}", class_name(a_assertion_1), key_file=self.server.sec.key_file, node_id=a_assertion_1.id ) tests/test_51_client.py:1242: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-vRLSs3wnSWZ66VSIy' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-vRLSs3wnSWZ66VSIy', '--output', '/tmp/tmps7cbrrne.xml', '/tmp/tmp578khvlk.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp578khvlk.xml" output= ______________ TestClient.test_signed_with_default_algo_redirect _______________ self = def test_signed_with_default_algo_redirect(self): # Revert configuration change to disallow unsinged responses self.client.want_response_signed = True reqid, req = self.client.create_authn_request("http://localhost:8088/sso", message_id="id1") msg_str = str(req) > info = self.client.apply_binding( BINDING_HTTP_REDIRECT, msg_str, destination="", relay_state="relay2", sign=True, ) tests/test_51_client.py:1389: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=tZRvb9owEMa%2FiuX3cf4AHbMIUrauGlLXocL2Yu9MfMBpiZ35LhX99lMCtFVFEZs25ZXPd%2Fk9z%2FnsiaNEFy1v3T38aoFY7OrKkXaU5LINTntDSNqZGkhzqRfFl1udqUQ3wbMvfSWfCrJcbpkbHceA1pCCNvjGKGhjMnUVwY7BEXpHx5IufB5iiCAweifF7DqXaFMpvkPo%2FpLLTCVSzIhamDli4ziXWZINozSN0tEyvdKDsR4Nf0hxDcToDPdVB4mVL0219cR6nIzHMZGXYn6w9AGdRbc5L221TyL9ebmcR%2FOvi6UUxVHuR%2B%2BorSEsIDxgCd%2Fub5%2FB6DbeqdKwqfwGd4qgk%2FAu7vkPaCHcmRr28NqUoGFn6qYCVfq6b5kOvjLOamrkdNIH%2BiYEceNDbfi87C6CNlr3qRocIz%2FK6QWsSfwCNZ10Y%2FPp6US7daYPEwS2YA64ahne3BDPHj1anaqBulKpGqpUjd5nA5X2Xyb7vEt8GebQRY%2FO2oBS3AQEZ6vHPQxsO4dA3t1h%2BbPLlQKpk4YBbC7XpiKQIr5Act8qi6Gn9puRhbU%2BAfhb%2BStDWP6hAQ7tP9K%2FKH0DtlivsUKzv37%2Fx8gJ0Okjid%2Bcr%2Fj1JMavX7Tpbw%3D%3D&RelayState=relay2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm __________________ TestClient.test_do_logout_signed_redirect ___________________ self = def test_do_logout_signed_redirect(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT ) tests/test_51_client.py:1527: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVJLS8NAEP4ry97TPJrWOKSBQqoGasW2iHhb0o1d2OzEnYm0%2F14SexCFHjwNDN9zmNxRBGt8x563%2BqPXxOLUWkfgKFrI3jtARYbAqVYTcA275eMakkkEnUfGGq28EEi19jpDEWnPBp0UVbmQ5hAcP29X9%2BnDWW2Xr%2BXNfLeS4kV7MugWMplEUlREva4csXK8kEmUpEEcB%2FFsH89hmsEsfZOi1MTGKR5ZR%2BYOwtBirewRiSGLsiwki1JstaIBsjdeH6TYID%2B5J79sWPvf0ul0lC7yoRSMIby4Q98qvl5x2JhD0IxQ0I4Nn2UxMFpVa9An1XZWT2psx3uBR6vcAajLwx9WF9%2BNanVVimE898qaxgxJG0T5jyzslSOjHcsiTqbpbH5x%2FDYp8vDPIxRf&RelayState=id-hv9EG4HyaRAXD76SE%7C1731688734%7C0866aebfbffde9992ca7c561bffeb96413bf4271&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm ______________ TestClient.test_do_logout_signed_redirect_invalid _______________ self = def test_do_logout_signed_redirect_invalid(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT, ) tests/test_51_client.py:1565: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVJLa8JAEP4ry941D42EIQlEVAhYpVaKeFuSTV3Y7KQ7E7D%2FviT1UFrooaeB4XsOkzkKYY9vOPBJvw%2BaWNw76wgchbkcvANUZAic6jQB1%2FBSPu0hnofQe2Ss0coHgVRn%2F2YoIu3ZoJOi2uTSNLNTXG%2FL7Q7Li7le1usbSfGqPRl0uYznoRQV0aArR6wc5zIO4%2BUsimZRco5WsEghSa5SbDSxcYon1o25hyCwWCt7Q2JIwzQNyKIUJ61ohJyN140UB%2BSjO%2FqyZe1%2FSi8Xk3SRjaVgCuHFDn2n%2BO%2BK48Y0s3aCgnZs%2BEMWI6NTtQZ9V11v9bzGbroXeLTKNUB9FnyzevgeVKerjRjH86Csac2YtEWU%2F8jCXjky2rEsonixTFYPxy%2BTIgt%2BPULxCQ%3D%3D&RelayState=id-R2cEAEFoAXiZXBBhs%7C1731688735%7Cab180130ab21f4de82a48c2eaa133e1fae5846ac&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm ________________________ TestClient.test_do_logout_post ________________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-THxfDAEDq2ak2uZJa' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmp2_jypkn0.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp2_jypkn0.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_post(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:1609: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-THxfDAEDq2ak2uZJa' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-THxfDAEDq2ak2uZJa', '--output', '/tmp/tmpuau1hti8.xml', '/tmp/tmp2_jypkn0.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp2_jypkn0.xml" output= __________________ TestClient.test_do_logout_session_expired ___________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-XSq2LeV0DgbQt5MxL' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmp7ze__871.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp7ze__871.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_session_expired(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": a_while_ago(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:1661: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-XSq2LeV0DgbQt5MxL' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-XSq2LeV0DgbQt5MxL', '--output', '/tmp/tmp95cxvz65.xml', '/tmp/tmp7ze__871.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp7ze__871.xml" output= _______________________ TestClient.test_signature_wants ________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpa1afb8cb9426f1d3cf7dc3a0afdcfadb5f50ee046074d7c3a17a2a84218b0dcaurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sknjBfpMWE2sIcrF8' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpk_lnv1gz.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpk_lnv1gz.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signature_wants(self): ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) kwargs = { "identity": ava, "in_response_to": "id1", "destination": "http://lingon.catalogix.se:8087/", "sp_entity_id": "urn:mace:example.com:saml:roland:sp", "name_id_policy": nameid_policy, "userid": "foba0001@example.com", "authn": AUTHN, } outstanding = {"id1": "http://foo.example.com/service"} def create_authn_response(**kwargs): return b64encode(str(self.server.create_authn_response(**kwargs)).encode()) def parse_authn_response(response): self.client.parse_authn_request_response(response, BINDING_HTTP_POST, outstanding) def set_client_want(response, assertion, either): self.client.want_response_signed = response self.client.want_assertions_signed = assertion self.client.want_assertions_or_response_signed = either # Response is signed but assertion is not. kwargs["sign_response"] = True kwargs["sign_assertion"] = False > response = create_authn_response(**kwargs) tests/test_51_client.py:1706: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/test_51_client.py:1693: in create_authn_response return b64encode(str(self.server.create_authn_response(**kwargs)).encode()) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpa1afb8cb9426f1d3cf7dc3a0afdcfadb5f50ee046074d7c3a17a2a84218b0dcaurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sknjBfpMWE2sIcrF8' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-sknjBfpMWE2sIcrF8', '--output', '/tmp/tmpr5d390oc.xml', '/tmp/tmpk_lnv1gz.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpk_lnv1gz.xml" output= ________________ TestClientNonAsciiAva.test_sign_auth_request_0 ________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', ...] extra_args = ['/tmp/tmp7my6fvj_.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp7my6fvj_.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_auth_request_0(self): > req_id, areq = self.client.create_authn_request("http://www.example.com/sso", sign=True, message_id="id1") tests/test_51_client.py:2023: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client_base.py:445: in create_authn_request msg = self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpwdwwhnur.xml', '/tmp/tmp7my6fvj_.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp7my6fvj_.xml" output= ____________________ TestClientNonAsciiAva.test_response_1 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpa1afb8cb9426f1d3cf7dc3a0afdcfadb5f50ee046074d7c3a17a2a84218b0dcaurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepci\xc3\xb3nDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-uRxiuhEp148NQxlLc' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp9o3e6yv9.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp9o3e6yv9.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_1(self): IDP = "urn:mace:example.com:saml:roland:idp" ava = {"givenName": ["Dave"], "sn": ["Concepción"], "mail": ["Dave@cnr.mlb.com"], "title": ["#13"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id_policy=nameid_policy, sign_response=True, userid="foba0001@example.com", authn=AUTHN, ) tests/test_51_client.py:2066: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpa1afb8cb9426f1d3cf7dc3a0afdcfadb5f50ee046074d7c3a17a2a84218b0dcaurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepci\xc3\xb3nDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-uRxiuhEp148NQxlLc' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-uRxiuhEp148NQxlLc', '--output', '/tmp/tmpl1ocqep7.xml', '/tmp/tmp9o3e6yv9.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp9o3e6yv9.xml" output= ____________________ TestClientNonAsciiAva.test_response_2 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=0095996fc8f73f97e9fcef423ba82401d2881f293719e24f9ac40d929a6b8113urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODU2WhcNMzQxMTEzMTYzODU2WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAoXA76ww9gpXdLaxF9vgBVWLaqdXKEAjzAd8XbdbEXdkpPonCtWQHeRfw\nA0heaDy1lQmYYGDKH+Mmj4MHnyZ3LtN7/69W67C/55N0HZ9gP9bv56BtTSDDWQXB\nMjNLxzqJSCm5R+zWBNIopwlzqlGAuRw17RPnw4T8Rrm6b7CHSoRdJlKT7PxmDmT7\nAf2AP8mfgLJV0IIJ7Ot522M6s+IHp+wlFCQNn8cIpFB7xyj09osS7JXfJWj/GLFM\nXD+crPUo3dSsR6zbsy43gecMp3PS4jLZKf4YRjPL4nXnMqBzlz/QQ49tnVzpMdjl\nBeT/Sp0IOE33uiHcdmooTL+mkytu/wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBADX4\n7e6uSnYIGVoh1tU5LJ/PtuteqxW/Ufklao7QTYmQVyBt+fX+dCLeqONTFJneodw8\nrCu5z0kkIVbwA2wwep/jpteqcDyL8WHc6IIS6ns71Ab8tzWjqq/4qtZ6bzmT00Te\niIPAu4+vKbEEgyr95tBHjLQkv88RhVYEQHRQQPnWXGIq6p0BtGohSo/MYVKFtWo06ecvqo7b4uI/ir1GyaDBdlwwLlQacWplXpZJXvNi\njKvCQ6sk+19pIPPti23F56RDDEYi5hXn64vOw8lS95Ixwo4qFCDl5r4KhPL8q/YR\nHjXKtpMNO0agtFZ/p+FWjChIQkXfMAvsUj85B9yLMnNFPUc+zEh1nCA8auz78oR6\n22kuuKUJIwQISwUJM9zuWFxlo3M6euVGVwhtaa1ghO+dgQJXrJ0Z2RIAcCYahjd0\nLVlEsaxd/kswoJoBAHShpeUMWzjk0s/1WAMyTWVBCo16aqw+rkVS4HuIr1R1pidt\n5p6w7EsCMj/KplNtEO6DTw==UO3EFigkgAxfnbc1Va/SPVWOJ+e1/aM03hqIZAKD5QeJgp9fIXTyVBLkVXxOPTw4\ndKA1cvL1Y4sstFeE6bN+NMVGjM9E23XozhDKKT6bFFPmwikWoOIAajQd31/7tJPw\nbepFcK9hNkxaAXqzdNROV3ENkCvOAIQQ4RhC1xa6rQmpYltU6J7HJ2SNbSXNqpGm\nzFJjqChjCaA/+Mgu7ve4KeV2rRsnBlLetk/5TgnO9eqw4T2SpCQvO2zLyNsVN5kC\no+BxcpdGUwUPEkhBmVBcAO/mIek88yv38w6icbwfT/VI0RF6yQkYbGUoOAmvS2yJ\nvWVF331wwigkYR3BXVS3PqzP/pilu8I0L78HV9zGAWhBCIeac08A9SC7hPnDyfm0\nfrlVqDa0JMS5Urg5ODDb+8K/1tCBpBQMI7BcLTL+NqAW085ZvjfW6K+mWCsdypM0\nIcX2xw+sYRhIhTqNsjtwVPjlnsgOWxK1iAnJecZIGRlQ/bLO94vZA5n/pzsiPLSq\nnFNKye0SGLW9nTtYON9b0NGVPqD/zyYw/mttWaoe7xB2Q4zqtukJACaZcVdfajIh\nG0WU+Geti4BWkeECoHwT2SU4bhsYF6nS26mzU5MniBlnsa0lZq5o+bT6iXtqru4d\nxayjJdB1mFhRdq3/+GBEwJLDmrhq0mCkG8S5wCayxZT2mTk5/HMER6E6LhNGN9aa\nRMliWD23ncAj7vPOAnqS3Zy7Posh/IRPsp+2KxkpDplfhxRqZ+3QG5C8L8pxbJI0\npwdpyMd9uIqE0BCqu0qo0TKAFtP6tEzkW20ageiZvHGcSTMW8c/scGZlnwEd7rHs\nNC70pLdtn0Zm0m4PansLoXcnfntEaD29cC3xaSd1XLQ9fSUYGgOewPHN6P6WT81r\npAjffA19UbDNalV5yckirefCX+DnGzh45DdOusruzjSla+c5CkMA5pdfNeGHqj0S\nDrCVIKllZ7EYUmuch4Cou+HUj6NrhHt2d4bib1zNNHUefE6kS/f+UWa8fd2Fh9yy\nKVB+BmEFDahZW8TLxsJDVBSx57fH/Kb3L/zZjdwXE5xf3hZUCCTdqwebvPPJVib6\nvclakP3FmTxh4PYd+EM/Np+ehT5HfN1xZpa+eB/0eq8W152NhlxKsXTgLpA9rX3p\nKrfpAlmORRUNS71JSRuPnW6GjZ84SBFuWNCE7xthjX4IaHlb8O8fUIsUXJfanCWJ\n1IxssxM82n6agdhPRE31Z8xuSkiJApdcb/wA/2vZ2lDvahYqm7zufnPKUB41o3tL\nEgVst9fW9PVMY4Vm1IGXb67WOpTr+9h2F/msF+bkfhh7G8/hZi0RP/6ZOdvA/iz9\nVC/FY+Tkzadk3W7VnxvQQe2tPRzAuC5ePbqgKFi4qvcNyO9p80jX8YkeQAdQgs41\nHVQAe0CkD/ElvSstSE5bfYFplC72VQbKb5TYOmBG+t/1Box4VtfTdElT8A8jziQF\noPQIgXEiiXtqYdV/zDUy+hhJ6PM/fCtstbayRY9Bqrlstdf0udBaHlYMZKmiSrJj\nJPoDY4WKj7ilPEDDLIw3tciOcnKEdUErOOKom1A42MOUPRl14aVDvCTw+4z6Izh5\nlahEo7+ifJeE1E1oZDrXLe78qW/wX+oU6iqBo5FPuSvnSID+RZsCNEdI0tkg6cPf\nREltvD7Ib8N7WrBGYgEQ0GqNEQWIMILGbQvcycfdenEtxmM9JqypH8k+GVNB2keo\n+Hb373QX26rfVj+dc5Z5tojGnONonZYR/Xfpczo7xB/xGaBJhADEB2p4nK2/uc5X\n0mQlKV8XQC0d+anI+KYbVH+hWXQpZx9IDaenxXxaKszDbA/ZY3Lt7zdLgXth6BxT\nyxKH+kugihD93BR5UGjSg4osXzWheeKUAqTGidBecGd1CNKzEmfylIFItcsQVQvr\nHHQSdYCE28a6ID+zoCk9Xn1yD6FFHwfS0NflqoUSdWsAxX3GYKPUoUq+FsRjaP1B\nOqjDSLggOsj1Xnd3bjUtaZvvBLono71rWpcoAKzcsbYdvQ2R71yNpWQUuJb4+xZG\nNWGqBWWEQYndKaD+s6CF/Ri4ZKWulzPNee8lhysk4oEe46XpXO9tLjwJDii8yArw\nXzJQnb4raafM9ODb5ZJzR8U8xQ+Y8YAGy2NkzpfifC3rqL7/IqR9Wzkr/W/MqdMD\nkOtuB1dY+311ycRw+jLjNzUlk2i7evaO7ZTxiMx3SFfQJCaJjILiSYjLxEEW/8xe\nyRSoqH7yo1ReRMDnLG3mVKE855fz+IPrt6/378IJ3XPLbkvDOm09Sm3+nF/E32Kj\n/ljx8QsORjS/qX+BF3UVUHd7iyP2jfCJoN3PC3g+TFlN3Q2qyDTUWdHra7RQCd9T\nZFXL6Q/iSmYRX0Sz/nlmWrHWs/efFEL+7hWkje9t/tKMuYIxeoxjxw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-BbYNSIY7OnHAUq84D' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpghr3vc3g.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpghr3vc3g.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_2(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_51_client.py:2146: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=0095996fc8f73f97e9fcef423ba82401d2881f293719e24f9ac40d929a6b8113urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODU2WhcNMzQxMTEzMTYzODU2WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAoXA76ww9gpXdLaxF9vgBVWLaqdXKEAjzAd8XbdbEXdkpPonCtWQHeRfw\nA0heaDy1lQmYYGDKH+Mmj4MHnyZ3LtN7/69W67C/55N0HZ9gP9bv56BtTSDDWQXB\nMjNLxzqJSCm5R+zWBNIopwlzqlGAuRw17RPnw4T8Rrm6b7CHSoRdJlKT7PxmDmT7\nAf2AP8mfgLJV0IIJ7Ot522M6s+IHp+wlFCQNn8cIpFB7xyj09osS7JXfJWj/GLFM\nXD+crPUo3dSsR6zbsy43gecMp3PS4jLZKf4YRjPL4nXnMqBzlz/QQ49tnVzpMdjl\nBeT/Sp0IOE33uiHcdmooTL+mkytu/wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBADX4\n7e6uSnYIGVoh1tU5LJ/PtuteqxW/Ufklao7QTYmQVyBt+fX+dCLeqONTFJneodw8\nrCu5z0kkIVbwA2wwep/jpteqcDyL8WHc6IIS6ns71Ab8tzWjqq/4qtZ6bzmT00Te\niIPAu4+vKbEEgyr95tBHjLQkv88RhVYEQHRQQPnWXGIq6p0BtGohSo/MYVKFtWo06ecvqo7b4uI/ir1GyaDBdlwwLlQacWplXpZJXvNi\njKvCQ6sk+19pIPPti23F56RDDEYi5hXn64vOw8lS95Ixwo4qFCDl5r4KhPL8q/YR\nHjXKtpMNO0agtFZ/p+FWjChIQkXfMAvsUj85B9yLMnNFPUc+zEh1nCA8auz78oR6\n22kuuKUJIwQISwUJM9zuWFxlo3M6euVGVwhtaa1ghO+dgQJXrJ0Z2RIAcCYahjd0\nLVlEsaxd/kswoJoBAHShpeUMWzjk0s/1WAMyTWVBCo16aqw+rkVS4HuIr1R1pidt\n5p6w7EsCMj/KplNtEO6DTw==UO3EFigkgAxfnbc1Va/SPVWOJ+e1/aM03hqIZAKD5QeJgp9fIXTyVBLkVXxOPTw4\ndKA1cvL1Y4sstFeE6bN+NMVGjM9E23XozhDKKT6bFFPmwikWoOIAajQd31/7tJPw\nbepFcK9hNkxaAXqzdNROV3ENkCvOAIQQ4RhC1xa6rQmpYltU6J7HJ2SNbSXNqpGm\nzFJjqChjCaA/+Mgu7ve4KeV2rRsnBlLetk/5TgnO9eqw4T2SpCQvO2zLyNsVN5kC\no+BxcpdGUwUPEkhBmVBcAO/mIek88yv38w6icbwfT/VI0RF6yQkYbGUoOAmvS2yJ\nvWVF331wwigkYR3BXVS3PqzP/pilu8I0L78HV9zGAWhBCIeac08A9SC7hPnDyfm0\nfrlVqDa0JMS5Urg5ODDb+8K/1tCBpBQMI7BcLTL+NqAW085ZvjfW6K+mWCsdypM0\nIcX2xw+sYRhIhTqNsjtwVPjlnsgOWxK1iAnJecZIGRlQ/bLO94vZA5n/pzsiPLSq\nnFNKye0SGLW9nTtYON9b0NGVPqD/zyYw/mttWaoe7xB2Q4zqtukJACaZcVdfajIh\nG0WU+Geti4BWkeECoHwT2SU4bhsYF6nS26mzU5MniBlnsa0lZq5o+bT6iXtqru4d\nxayjJdB1mFhRdq3/+GBEwJLDmrhq0mCkG8S5wCayxZT2mTk5/HMER6E6LhNGN9aa\nRMliWD23ncAj7vPOAnqS3Zy7Posh/IRPsp+2KxkpDplfhxRqZ+3QG5C8L8pxbJI0\npwdpyMd9uIqE0BCqu0qo0TKAFtP6tEzkW20ageiZvHGcSTMW8c/scGZlnwEd7rHs\nNC70pLdtn0Zm0m4PansLoXcnfntEaD29cC3xaSd1XLQ9fSUYGgOewPHN6P6WT81r\npAjffA19UbDNalV5yckirefCX+DnGzh45DdOusruzjSla+c5CkMA5pdfNeGHqj0S\nDrCVIKllZ7EYUmuch4Cou+HUj6NrhHt2d4bib1zNNHUefE6kS/f+UWa8fd2Fh9yy\nKVB+BmEFDahZW8TLxsJDVBSx57fH/Kb3L/zZjdwXE5xf3hZUCCTdqwebvPPJVib6\nvclakP3FmTxh4PYd+EM/Np+ehT5HfN1xZpa+eB/0eq8W152NhlxKsXTgLpA9rX3p\nKrfpAlmORRUNS71JSRuPnW6GjZ84SBFuWNCE7xthjX4IaHlb8O8fUIsUXJfanCWJ\n1IxssxM82n6agdhPRE31Z8xuSkiJApdcb/wA/2vZ2lDvahYqm7zufnPKUB41o3tL\nEgVst9fW9PVMY4Vm1IGXb67WOpTr+9h2F/msF+bkfhh7G8/hZi0RP/6ZOdvA/iz9\nVC/FY+Tkzadk3W7VnxvQQe2tPRzAuC5ePbqgKFi4qvcNyO9p80jX8YkeQAdQgs41\nHVQAe0CkD/ElvSstSE5bfYFplC72VQbKb5TYOmBG+t/1Box4VtfTdElT8A8jziQF\noPQIgXEiiXtqYdV/zDUy+hhJ6PM/fCtstbayRY9Bqrlstdf0udBaHlYMZKmiSrJj\nJPoDY4WKj7ilPEDDLIw3tciOcnKEdUErOOKom1A42MOUPRl14aVDvCTw+4z6Izh5\nlahEo7+ifJeE1E1oZDrXLe78qW/wX+oU6iqBo5FPuSvnSID+RZsCNEdI0tkg6cPf\nREltvD7Ib8N7WrBGYgEQ0GqNEQWIMILGbQvcycfdenEtxmM9JqypH8k+GVNB2keo\n+Hb373QX26rfVj+dc5Z5tojGnONonZYR/Xfpczo7xB/xGaBJhADEB2p4nK2/uc5X\n0mQlKV8XQC0d+anI+KYbVH+hWXQpZx9IDaenxXxaKszDbA/ZY3Lt7zdLgXth6BxT\nyxKH+kugihD93BR5UGjSg4osXzWheeKUAqTGidBecGd1CNKzEmfylIFItcsQVQvr\nHHQSdYCE28a6ID+zoCk9Xn1yD6FFHwfS0NflqoUSdWsAxX3GYKPUoUq+FsRjaP1B\nOqjDSLggOsj1Xnd3bjUtaZvvBLono71rWpcoAKzcsbYdvQ2R71yNpWQUuJb4+xZG\nNWGqBWWEQYndKaD+s6CF/Ri4ZKWulzPNee8lhysk4oEe46XpXO9tLjwJDii8yArw\nXzJQnb4raafM9ODb5ZJzR8U8xQ+Y8YAGy2NkzpfifC3rqL7/IqR9Wzkr/W/MqdMD\nkOtuB1dY+311ycRw+jLjNzUlk2i7evaO7ZTxiMx3SFfQJCaJjILiSYjLxEEW/8xe\nyRSoqH7yo1ReRMDnLG3mVKE855fz+IPrt6/378IJ3XPLbkvDOm09Sm3+nF/E32Kj\n/ljx8QsORjS/qX+BF3UVUHd7iyP2jfCJoN3PC3g+TFlN3Q2qyDTUWdHra7RQCd9T\nZFXL6Q/iSmYRX0Sz/nlmWrHWs/efFEL+7hWkje9t/tKMuYIxeoxjxw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-BbYNSIY7OnHAUq84D' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-BbYNSIY7OnHAUq84D', '--output', '/tmp/tmpvcz1h22z.xml', '/tmp/tmpghr3vc3g.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpghr3vc3g.xml" output= ____________________ TestClientNonAsciiAva.test_response_3 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=82ea610707b95a9a307d58ad2eeee37a469c73d4f2147dcf8299f298d95a8444urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==DY/xU30fLu59Y3drTqiQxK8+JxHZHfJZWA152CZEkpmM9B2f8T5sHnOx3ZPYNhJJ\n0x16YgTDBFOLOEvbQzJ6nDcUIPFKEXT5UM12EE3+XYur2iCh9+VOlJOu1wiAyU6h\nvwpLlZb3U4j3dRw7GeveIQ1yif+PXtwhNtS9y2W9Kl0=rClRduob0gobg2DRRknE4vC85BkTmr4xBdYoErMv3WqbmNLVf+09/719UToz17NI\nA6ztemOfvAtsVBmzbRhR7NIR7WGSovXgJBqFm3f8FE5fxgd2fW57ZAOuuhkTHA/x\nIa/7PbM+gPaCf2xLyPRln1Ds2rJcQpv21H769f19MB/8Rnbyq784pwW5B0VUmcas\nasR/Ys1598IU3OJ0MKGZYbJyEd4VfmgVl/MM0iyYNWVNwOxtYyZvHX3JPRb/Gcqw\nObhT6FbxouMJnKBeO5xab6XT6f/G5RFkdEZYAOCx0/4uX6k/fzheTLfgjAqS3WaD\nIOCUt5QFFLIQDeqQRO2AAGQwhTMA0JOqCp3ZZXNzg1GfeLv68M5UJrkscWdlAbCk\ndiqF6KQ+l1ViETFQ8BN8KCLXqaAwp3+7peal8NVylpoBQQl62t3Pg4YjNc1eQY/d\nx/R1kORbCboE/ZKJjpnuVkz28DPvUKwe5vmwYzrx+spoqakLQvTf4X4Norw22NFN\nd/kBaR06vQYLkB3PpB3mnAiGPm7kHNojCKyj+rWJfO+u9+3rEFLCVhPmWZlBIOxZ\nvH/cGtrK954j5Y+4Ta0Wnome4BiDPaI/BG9/N7oQNJJcaETPBAq1OvHpE0+Vj+0c\nsaE5BE7hCDRcKRR1/lN3eqdgGtRWUkx6kDOCPzDAoc9+6Q4aOVq2SXjSqpB2GruH\nsiiTnVlRizQM3MUQwU7q14azNUCz4Vnizyf9kK2TN5YwFwCe6/e+vI+etY0rAohX\nMj3NKNGe0X0HdJacXoSzRaeos7fn4PU5lAnmrB4UovV++aqyScxmImAZTvqmhxvZ\n+aoXe5UlbWeTxLnYUc3Ep3WRsuERjzCovF0+H8Z8HVUF1fLLqj1Kf0uZ0QggbUFA\nm8siCjDKQY3TeH5Av2qhzP4BLIvZNz9tDt/7EsVgK2GuzQLhKbNkiYpLJJjYpdL7\nDL0XC6fETzmJ3YEvVNa7jVmpN7A7iHMpF/icZEEVInt8ElrGCHta2QAb1pFvlD3o\nyHb9AKR+nhDNeW/reK9hcfYskSUGo/kqE/FecDF6982FnsparLKCWU/OOszkWi54\nQG/+gmWo/OwoNHXwur7KOAr8xVENS7vK3U2Tjg2DvoXc1EnG+5La3FD8FN326qwy\naYaazPyLUNdIznjqqUWjO/4gQPsGFTO44LfNHN3TM5W0Vg0CP/RungqTVvjVb2e7\nkpUkD3dbfWseEX9uL8YrYORk95O7VhqI8N5F1Ky2gpWZa0E6qpNTygYgaByCpjbE\nxJcLU/DOk57M4FR3o2JIMFLohyHlLfsl8Y00PQuwNJI8y79Os5pRGcUwn2m7DpHv\nWVmgac92Qv8GyJFpKI4oG7Q81qrbLcXXmqMa015dGLOeQqP/Obt+djmW7gA43e9d\nnj2b/vJGr/tdidZ2tkJiw0ACNhXGM/iLROq9frQvLd5vVjFrfc+EZQQUOPvtczLa\nMW+42tc0fo55P9hfvEizaZaBDLNRVz7pmL+m3Ouzi/IRyigXeXnp4lBtosRQLru8\njWHvsyiyDJxpzIkU6TPF4D9fTNRVqFXP8EJRr4NslB3XVRVIKyqKcO6AVWJt/zYp\nDL2cGzsJXc+tQNc6kY8/qzH82KdgPX+VwM96GR8UGIj7huoiITHhIJPu7beoAAMf\ngK8SR+g66BLG1Dp4do+a/fH26nhxahgXK2C0LfJxQD6p+BIVBq3uZqrpdoJ6gOeS\nCmNgqQDDwyFVqpaMpY+zBdeWTe8TD06CZeFXetMvk37U6PnJ+xnsF2FpvQZ91U0B\naC9LrRDHdeh5oEc68DfbybYh7HGFM1lI23wa0/VXGNfZs8DQ6GmUozU8Xa5fCqS7\n5/nrwT9+2ADXVvJFxmh0DPvatGIYRw8dkcz9H8+YRuWgF1IDODX1Al5CL58SPvxu\nzUO1SbwBEQhnpbkcqjWa+SGMK2nYcpAanHolGRmu+Ff5dbVp2cGsYncWLGRnAXii\nvap0qbaxm7mksqdLj/rAKcz6igUZhbqF2MouB4/qYs6qzEFMv3zE0X0P/y8roInt\nTqpvDkZBWSPaHomfMk3/UmgkLcOMoMcd1aZw0byxUV5YFje0gqOliZxhaeBpNT52\nR7neh/xlf/3ECMJ+auCZHOtrsspVNAcURR3VCz7274UhmjQSCBfpiymSBmZw3vCU\n5xUqtcQ8rEWGi5GaJJHFqTfyNOGTqjSBerxKuHnXgCuYCGzMwu996PibCIXolFdr\nsvocpE9NvwtoN/aQJR6pnMDOt70CH1/IhKEMxWSdVUMDK++uxiMGK/YisIA+zJza\n+AetD+4S2FPuXE7YVApstaND7wXO6o8hQVlSyUQRMziAo7QduHkgGsN/4u+0TyIm\nkVJ9uVHnsAyyHZj0MagwPoiF0wiwirQAUs2Zr6awy7OszWxyVTPv8g==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-J8xZIrWGWb3boKF7T' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpys014czs.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpys014czs.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_3(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:2181: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=82ea610707b95a9a307d58ad2eeee37a469c73d4f2147dcf8299f298d95a8444urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==DY/xU30fLu59Y3drTqiQxK8+JxHZHfJZWA152CZEkpmM9B2f8T5sHnOx3ZPYNhJJ\n0x16YgTDBFOLOEvbQzJ6nDcUIPFKEXT5UM12EE3+XYur2iCh9+VOlJOu1wiAyU6h\nvwpLlZb3U4j3dRw7GeveIQ1yif+PXtwhNtS9y2W9Kl0=rClRduob0gobg2DRRknE4vC85BkTmr4xBdYoErMv3WqbmNLVf+09/719UToz17NI\nA6ztemOfvAtsVBmzbRhR7NIR7WGSovXgJBqFm3f8FE5fxgd2fW57ZAOuuhkTHA/x\nIa/7PbM+gPaCf2xLyPRln1Ds2rJcQpv21H769f19MB/8Rnbyq784pwW5B0VUmcas\nasR/Ys1598IU3OJ0MKGZYbJyEd4VfmgVl/MM0iyYNWVNwOxtYyZvHX3JPRb/Gcqw\nObhT6FbxouMJnKBeO5xab6XT6f/G5RFkdEZYAOCx0/4uX6k/fzheTLfgjAqS3WaD\nIOCUt5QFFLIQDeqQRO2AAGQwhTMA0JOqCp3ZZXNzg1GfeLv68M5UJrkscWdlAbCk\ndiqF6KQ+l1ViETFQ8BN8KCLXqaAwp3+7peal8NVylpoBQQl62t3Pg4YjNc1eQY/d\nx/R1kORbCboE/ZKJjpnuVkz28DPvUKwe5vmwYzrx+spoqakLQvTf4X4Norw22NFN\nd/kBaR06vQYLkB3PpB3mnAiGPm7kHNojCKyj+rWJfO+u9+3rEFLCVhPmWZlBIOxZ\nvH/cGtrK954j5Y+4Ta0Wnome4BiDPaI/BG9/N7oQNJJcaETPBAq1OvHpE0+Vj+0c\nsaE5BE7hCDRcKRR1/lN3eqdgGtRWUkx6kDOCPzDAoc9+6Q4aOVq2SXjSqpB2GruH\nsiiTnVlRizQM3MUQwU7q14azNUCz4Vnizyf9kK2TN5YwFwCe6/e+vI+etY0rAohX\nMj3NKNGe0X0HdJacXoSzRaeos7fn4PU5lAnmrB4UovV++aqyScxmImAZTvqmhxvZ\n+aoXe5UlbWeTxLnYUc3Ep3WRsuERjzCovF0+H8Z8HVUF1fLLqj1Kf0uZ0QggbUFA\nm8siCjDKQY3TeH5Av2qhzP4BLIvZNz9tDt/7EsVgK2GuzQLhKbNkiYpLJJjYpdL7\nDL0XC6fETzmJ3YEvVNa7jVmpN7A7iHMpF/icZEEVInt8ElrGCHta2QAb1pFvlD3o\nyHb9AKR+nhDNeW/reK9hcfYskSUGo/kqE/FecDF6982FnsparLKCWU/OOszkWi54\nQG/+gmWo/OwoNHXwur7KOAr8xVENS7vK3U2Tjg2DvoXc1EnG+5La3FD8FN326qwy\naYaazPyLUNdIznjqqUWjO/4gQPsGFTO44LfNHN3TM5W0Vg0CP/RungqTVvjVb2e7\nkpUkD3dbfWseEX9uL8YrYORk95O7VhqI8N5F1Ky2gpWZa0E6qpNTygYgaByCpjbE\nxJcLU/DOk57M4FR3o2JIMFLohyHlLfsl8Y00PQuwNJI8y79Os5pRGcUwn2m7DpHv\nWVmgac92Qv8GyJFpKI4oG7Q81qrbLcXXmqMa015dGLOeQqP/Obt+djmW7gA43e9d\nnj2b/vJGr/tdidZ2tkJiw0ACNhXGM/iLROq9frQvLd5vVjFrfc+EZQQUOPvtczLa\nMW+42tc0fo55P9hfvEizaZaBDLNRVz7pmL+m3Ouzi/IRyigXeXnp4lBtosRQLru8\njWHvsyiyDJxpzIkU6TPF4D9fTNRVqFXP8EJRr4NslB3XVRVIKyqKcO6AVWJt/zYp\nDL2cGzsJXc+tQNc6kY8/qzH82KdgPX+VwM96GR8UGIj7huoiITHhIJPu7beoAAMf\ngK8SR+g66BLG1Dp4do+a/fH26nhxahgXK2C0LfJxQD6p+BIVBq3uZqrpdoJ6gOeS\nCmNgqQDDwyFVqpaMpY+zBdeWTe8TD06CZeFXetMvk37U6PnJ+xnsF2FpvQZ91U0B\naC9LrRDHdeh5oEc68DfbybYh7HGFM1lI23wa0/VXGNfZs8DQ6GmUozU8Xa5fCqS7\n5/nrwT9+2ADXVvJFxmh0DPvatGIYRw8dkcz9H8+YRuWgF1IDODX1Al5CL58SPvxu\nzUO1SbwBEQhnpbkcqjWa+SGMK2nYcpAanHolGRmu+Ff5dbVp2cGsYncWLGRnAXii\nvap0qbaxm7mksqdLj/rAKcz6igUZhbqF2MouB4/qYs6qzEFMv3zE0X0P/y8roInt\nTqpvDkZBWSPaHomfMk3/UmgkLcOMoMcd1aZw0byxUV5YFje0gqOliZxhaeBpNT52\nR7neh/xlf/3ECMJ+auCZHOtrsspVNAcURR3VCz7274UhmjQSCBfpiymSBmZw3vCU\n5xUqtcQ8rEWGi5GaJJHFqTfyNOGTqjSBerxKuHnXgCuYCGzMwu996PibCIXolFdr\nsvocpE9NvwtoN/aQJR6pnMDOt70CH1/IhKEMxWSdVUMDK++uxiMGK/YisIA+zJza\n+AetD+4S2FPuXE7YVApstaND7wXO6o8hQVlSyUQRMziAo7QduHkgGsN/4u+0TyIm\nkVJ9uVHnsAyyHZj0MagwPoiF0wiwirQAUs2Zr6awy7OszWxyVTPv8g==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-J8xZIrWGWb3boKF7T' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-J8xZIrWGWb3boKF7T', '--output', '/tmp/tmp1w6szyld.xml', '/tmp/tmpys014czs.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpys014czs.xml" output= ____________________ TestClientNonAsciiAva.test_response_4 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6bb5f20ecb49ff6719d719b95a9681648aae7037a92beb3ee386615f45e2586eurn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==sik+R6n8HJO/RmwTryxq6CzEU7RPG3PKLHQ3nO7YtKQ2P8Q3VvGmp5ri8y1RcAYo\nDaOTB2mBXequ8cYYPcO1ui0o931ovq+DdACBjhhvCEoKCOidbPtdX5R9yKrGmA9+\nTMZeAJXqxepqNk0bZ1Bb30ipoL+8Nai0MSMv5DzmoYs=zpIorbpqP3HHGSq3TceQQgl7F1fwjx3yzzp2+4n9Pu1sPZdXSWPt74CuhuPTb0i0\n19GJv6mS/m/lS97i1QWF1T9Kwf6NTrt+NHFOgbBGzDZPiPr4m4r/5zqZatbjk9q5\nzdSA5gyYe43adw+4b8EpQyM5NwSIdiEFfVAhhndGQsW+mSGdv3wN//sSS2XXyXR2\nuXz4XNCWcAm4fq+ZMDLe8AOuRNxXt++598ladNp4TyqkDKOjucqOFZGV8jp10lWc\nn0HvC4aXgQTMCoiZXUWWguP553PsGJzvd1Wpl70q23fSfRVlMMFHoV38UY2qU+cK\nKOjUGuG55oKU/c1gcmVKLMtuuQs10rW9sFXDroV075PpLs2IXEXGZlEoKWW5yBF/\nwan6mIRvU8N7QmJ9liCtDAES+dqzxYHjXIkNOwmnLFePCbDRYkm90juEr5wFkL/k\nQOlN2IQRYA2/GUeimPKPq5H+26D/29A4E7OFpbd7OzKxHxOWU2TFVcWFl24OfDfF\ngQTumqhw8P2t4yy9+hKglSWBiEWTOO2qxui4L2+uC8vZAxuYxwz6Bl2n8NL2xfO9\nmmjeS0ru/j/xruPAiNCwIdLCQpU+DRnpYu7GH3HoLVqILJ26ShkqFM/2Ix3UWtlW\nk9dyLf/jgmdYcjSNO3TzhKmF21DlNv00F4c/fwqIzinyQhbX8mUsMsTptBb1y9d2\n6PiAOaDWu4I42mmYTyZk1ewHGbKLn9RWE91ydOvGGfqMADnzouljs5+j/iaRZCTO\nEZEQ+RNDkp1lvp1lG8A6zP3QFVyykD9T8KMYfiMwxoutpfxCrNTvPPVu60SVfMrj\n67vv1KwllfwqEECuUzq1bk+SrlYqNuHQIScwJgkmky+id5U84laPu4qKeKhUjauF\neJ5LD8WVuOsKneO1Aw1r1cEXn6z6r6glqLmwPWjXk0WUjp9ByKCryCXXslhbeIMH\nnZBWL/aKgSjjXjyh0NTnQ6lO0SYLUiDdSietn2cbpzK+JiZbTwWwo1Q4zdmuG09k\ni3F5oJxc7MK7UD/t9DLt0UCBC/IY0Nq5Ese9zQb4YzzXXPG+ryRE3oZ5m4phnL2X\ncILHS2P6J0Nxyj53Kj+8KeyDv5Hd+XwROo2xnQC8shDjVWQibZCmGRLICWQLhSe0\n3kpQr5YtKkHUGf+2N0YdXCXP/rDgbvWq8LQuifgb5HUw5HaDz9yeonQYgotM6TO1\niKjnMVwEsTyoTmMNxkqRf9fjoBsOReZIHBSRP8W6qqQ/V9aPvDKVQEJ5A4gzM+45\nGG++CqTvpRd2ZW6gPbxMeyUSFvPlPTQgTjwW6Uc3BcX//HStYb7UsKkNIXkkpU4o\n5kB8XeWd+5PfVfAV3PR0ZTcZBo5TwDbCH9XB7UqKXl4MQ4O25o5BQOyZUWMMMCJ9\n344qVCcavZzbNdq4a6yaoRtOnb1/ntKJYF1l3Uxqao7zfv+FDVyWP3PodyIP9OkG\nXPobzMXLnOZmuFSgiSr1nlEhSEoaxHDRD/NdoqLLf9nZcRg8Bd7XgIIJ6D0DqUFf\ngwlvuZqv6lPr8D/r7n1dZZMl4Tzq2gUo5TnbyfZkJsW8S3EPloaJ06Gc1D3ChkIC\n4eqhhVQkns2p8VQ4U2GUjt50pZ3wDVJZzlX1rEJYtiHDke7e5xJZoruHCvbm9n8V\nOmbHFCb1oUZcHB9UmAXpmS4Vxa6sg7IjugV7RGb2+QUK2FO2Gv+qsEZPgssygWuR\nqCCIxt5VyqNntWF8tZWGf95eMkWyrkYHXdT4ZKDtg7vNB4NY0uROb14LSMq5iWBQ\nV5repabWLzKfndFRMZjEaqfBXosBmD6EATt39s1xySWEYFVyTlSciScKgGpwrXan\neZCC79uwUFxOjl3r0TGtanyedhkV4gHmoroXzj3EsmSca2Y5NCgGQFla1bwXRNO7\nKO+GNlF2ZCXF6TQ/D1m2bC54YLTwdOztMQuQRgk9O3haUfecqvruvF3ugZ15ezTC\nTQYZznUPGW6qEtZAgA0TByOKwJNfCQ+6rq7DpUeq4gU6tcSjqJCb13hv0uEps3RM\nlsi9Bp/Gw12BiUcDDDrq33co8z4ozA7ljKvnz87BWgrGaJEwBRfeqnzPZe5+LbkF\nTwmJT9slOaY//5cITHDwORKkC9KqdEaOWABCLlU7TSKKJd4gROGz0H7fLpAIVEvY\nIW+5tRkDsGB6rMBzGJMDetbaTk6yBXIe6rMLpP0j0WOR05U4iFJD6ht67WXonR7p\n1UCU8/Mt1NVCJaPoaeCAPmOLyCgqbcUg5Jb4DhyVgoQo28eQ5LV5eslzKWjRSKzo\ncDEqRv/3r8HTEggyxGU1DuRpUyxevG6/S9irt09wqQCPBzBvuUQMhXiZYXbtYjNw\nwlyeuVj6vNiuYDUvyUvvXVUQjhOeecdGqZIy99p4ucFcEoUp9ysHYA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-lCXavUvEyyxEJ4pfc' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpolfus3q2.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpolfus3q2.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_4(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:2215: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6bb5f20ecb49ff6719d719b95a9681648aae7037a92beb3ee386615f45e2586eurn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==sik+R6n8HJO/RmwTryxq6CzEU7RPG3PKLHQ3nO7YtKQ2P8Q3VvGmp5ri8y1RcAYo\nDaOTB2mBXequ8cYYPcO1ui0o931ovq+DdACBjhhvCEoKCOidbPtdX5R9yKrGmA9+\nTMZeAJXqxepqNk0bZ1Bb30ipoL+8Nai0MSMv5DzmoYs=zpIorbpqP3HHGSq3TceQQgl7F1fwjx3yzzp2+4n9Pu1sPZdXSWPt74CuhuPTb0i0\n19GJv6mS/m/lS97i1QWF1T9Kwf6NTrt+NHFOgbBGzDZPiPr4m4r/5zqZatbjk9q5\nzdSA5gyYe43adw+4b8EpQyM5NwSIdiEFfVAhhndGQsW+mSGdv3wN//sSS2XXyXR2\nuXz4XNCWcAm4fq+ZMDLe8AOuRNxXt++598ladNp4TyqkDKOjucqOFZGV8jp10lWc\nn0HvC4aXgQTMCoiZXUWWguP553PsGJzvd1Wpl70q23fSfRVlMMFHoV38UY2qU+cK\nKOjUGuG55oKU/c1gcmVKLMtuuQs10rW9sFXDroV075PpLs2IXEXGZlEoKWW5yBF/\nwan6mIRvU8N7QmJ9liCtDAES+dqzxYHjXIkNOwmnLFePCbDRYkm90juEr5wFkL/k\nQOlN2IQRYA2/GUeimPKPq5H+26D/29A4E7OFpbd7OzKxHxOWU2TFVcWFl24OfDfF\ngQTumqhw8P2t4yy9+hKglSWBiEWTOO2qxui4L2+uC8vZAxuYxwz6Bl2n8NL2xfO9\nmmjeS0ru/j/xruPAiNCwIdLCQpU+DRnpYu7GH3HoLVqILJ26ShkqFM/2Ix3UWtlW\nk9dyLf/jgmdYcjSNO3TzhKmF21DlNv00F4c/fwqIzinyQhbX8mUsMsTptBb1y9d2\n6PiAOaDWu4I42mmYTyZk1ewHGbKLn9RWE91ydOvGGfqMADnzouljs5+j/iaRZCTO\nEZEQ+RNDkp1lvp1lG8A6zP3QFVyykD9T8KMYfiMwxoutpfxCrNTvPPVu60SVfMrj\n67vv1KwllfwqEECuUzq1bk+SrlYqNuHQIScwJgkmky+id5U84laPu4qKeKhUjauF\neJ5LD8WVuOsKneO1Aw1r1cEXn6z6r6glqLmwPWjXk0WUjp9ByKCryCXXslhbeIMH\nnZBWL/aKgSjjXjyh0NTnQ6lO0SYLUiDdSietn2cbpzK+JiZbTwWwo1Q4zdmuG09k\ni3F5oJxc7MK7UD/t9DLt0UCBC/IY0Nq5Ese9zQb4YzzXXPG+ryRE3oZ5m4phnL2X\ncILHS2P6J0Nxyj53Kj+8KeyDv5Hd+XwROo2xnQC8shDjVWQibZCmGRLICWQLhSe0\n3kpQr5YtKkHUGf+2N0YdXCXP/rDgbvWq8LQuifgb5HUw5HaDz9yeonQYgotM6TO1\niKjnMVwEsTyoTmMNxkqRf9fjoBsOReZIHBSRP8W6qqQ/V9aPvDKVQEJ5A4gzM+45\nGG++CqTvpRd2ZW6gPbxMeyUSFvPlPTQgTjwW6Uc3BcX//HStYb7UsKkNIXkkpU4o\n5kB8XeWd+5PfVfAV3PR0ZTcZBo5TwDbCH9XB7UqKXl4MQ4O25o5BQOyZUWMMMCJ9\n344qVCcavZzbNdq4a6yaoRtOnb1/ntKJYF1l3Uxqao7zfv+FDVyWP3PodyIP9OkG\nXPobzMXLnOZmuFSgiSr1nlEhSEoaxHDRD/NdoqLLf9nZcRg8Bd7XgIIJ6D0DqUFf\ngwlvuZqv6lPr8D/r7n1dZZMl4Tzq2gUo5TnbyfZkJsW8S3EPloaJ06Gc1D3ChkIC\n4eqhhVQkns2p8VQ4U2GUjt50pZ3wDVJZzlX1rEJYtiHDke7e5xJZoruHCvbm9n8V\nOmbHFCb1oUZcHB9UmAXpmS4Vxa6sg7IjugV7RGb2+QUK2FO2Gv+qsEZPgssygWuR\nqCCIxt5VyqNntWF8tZWGf95eMkWyrkYHXdT4ZKDtg7vNB4NY0uROb14LSMq5iWBQ\nV5repabWLzKfndFRMZjEaqfBXosBmD6EATt39s1xySWEYFVyTlSciScKgGpwrXan\neZCC79uwUFxOjl3r0TGtanyedhkV4gHmoroXzj3EsmSca2Y5NCgGQFla1bwXRNO7\nKO+GNlF2ZCXF6TQ/D1m2bC54YLTwdOztMQuQRgk9O3haUfecqvruvF3ugZ15ezTC\nTQYZznUPGW6qEtZAgA0TByOKwJNfCQ+6rq7DpUeq4gU6tcSjqJCb13hv0uEps3RM\nlsi9Bp/Gw12BiUcDDDrq33co8z4ozA7ljKvnz87BWgrGaJEwBRfeqnzPZe5+LbkF\nTwmJT9slOaY//5cITHDwORKkC9KqdEaOWABCLlU7TSKKJd4gROGz0H7fLpAIVEvY\nIW+5tRkDsGB6rMBzGJMDetbaTk6yBXIe6rMLpP0j0WOR05U4iFJD6ht67WXonR7p\n1UCU8/Mt1NVCJaPoaeCAPmOLyCgqbcUg5Jb4DhyVgoQo28eQ5LV5eslzKWjRSKzo\ncDEqRv/3r8HTEggyxGU1DuRpUyxevG6/S9irt09wqQCPBzBvuUQMhXiZYXbtYjNw\nwlyeuVj6vNiuYDUvyUvvXVUQjhOeecdGqZIy99p4ucFcEoUp9ysHYA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-lCXavUvEyyxEJ4pfc' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-lCXavUvEyyxEJ4pfc', '--output', '/tmp/tmp59jynyrb.xml', '/tmp/tmpolfus3q2.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpolfus3q2.xml" output= ____________________ TestClientNonAsciiAva.test_response_5 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=2b3bd94e4d9d89bdfdd192713e7025f48ba50c2795d06ce31876f7ae00e202b6urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==gWFHGa3qJNKFHK5SubESjAtmHT3ce9j5IuE4IYu2XAc451H6CzSUg2KF0of748oS\n5AQMR4Hj4eFNRYYMB/ENKrl/ndylUpjzzIcyQu47Fe7BJ50ZDBldKhUibJglm5qz\nNaFE6qPLSYWoSK3MwaL/IkxvrKk00opPOedIqv9dVMA=Mio9oqGavromdHYN0zi0PdYQF/GvyV+MVhmGMkjvKAbvFOQa9eILcI8j+0trq6E5\npqHoTYY+ISUN4QscSEKtdY3MgeApkA3FCLOp9XEdyqs81lQeKTcXYy5K/yuBCEHg\ncXMyWm0hNurovqbDTgIJwO2/5CZygWlPC98fUuty3d+n99he3KF/JUAhjP9XyU3R\n2a4CFezNIi4rYbIiy/LKnZbLou1ZMIJBtLspKa2tzackyUPse1iUhAXpAjNAZQDf\nomw1Io9AHLMl2Y+LVLUC42wSmTlJSf05NjshMtcLlQcbcfnMkGN1yCpIdsnqUC2Y\nf9IA0bNiW7qoVB1oxYFLfc3p542WkHFO9NW9pDqOlUKaXezcmFoneTojqcQlIRKn\n+hGfWHTxEFIcidleqXpAHqHhuqkpkffAEnsy4BI7Pv06DZPrFW6lLTsdJJUDMuih\nbqEar4uvytALkXr5VVkL2gqhfqSUB8dvyWQKCEZBUpatFyPjHjKoUfnHSF7ly4Ov\nf8jix5QoGuUhMqmJ4Iqk+j+R8xjEneMgC9mBNItn/NN9fStIOoRZBpvUp4v1jB/n\nN+4jV3Yq4N1jELeJK9PCYB1Vhc6BwEVpGFBv9JwgQD2ncQTdQFYCIpM2+ntJ//fi\noanfAJlrB6s/oOhdHga5pdPy3OdIreUF+afkB27s5WdjRowkkcCHs/HQgTRh/DEM\nc5uJvLGe81MRsld92dNzPbKgsDCmatQLOPcdXlVZILNvJ+VXMeocnlLGR4N8TrhJ\nei96woIMz3MTLXd2z6Dg7nInrzkOWMP4AH9lIV8QhQf7XGEpw0lltTIaCtklcU1y\nhQ/uaiR+icylgnH7Ckmo6BVxniaXdOpGB3IKCddznG1UoID1IxrcwFj/emLqecZv\nODqDho6mqdpCuyZyRAyj5iP7bCTlh2Q/9YAJdW4l1gxs9JyiPOybS10R7Y1Rs8mn\n3osns6CY3ozdG5g0JE7YtNJYi9VKatsCYlMOS1XeVyXIrA4iJb/ihJy4yYYPYLIr\noZczonznv7EO+5+582kNm3ZHo7DH9i9UjSrZos3wEwK1V3PbS9THbKq/A6OL5xrE\nzF8kRUfTCtBXTzJMVrymXjJ4UEElfXxwI1WdNI+S5T+npisIQZXFC0OCe96eR06V\nFZ4m6ehbyAYoTDgwgTSH+LWmbuFpPpdcnkMN6Yza9QuWMMgnuygRxUMjLJm+adpD\nP1x+q4qe0Bi8IhZvGzv+dgKD5Z34C6wLDCeaamUZdCc//xLtaqVzsCAyPlvpH/UM\nr3IYRVijzeuDcH9QFP6w+E0Z4dnnkAZH6neaAl9T6lNRhOpZpBkHdsFiPc2lM6Sv\n8rvTenAfybwKQqDL/EMwlQrn1ewDKA+S+f0nG6Be7vevA7/K1+aFktut6sOrSd9K\nKjeBY6UQG69rlFQQBtnFwu+wF7APAsP0Jxhq4E8VrVXJhUqqcew/JS8i/TJbsz5V\nAeVMmGQQYfrnNfY1F3fqZr4UXSCTz8N3zF8VXJuuU9sO23czrig7zQrZAiYAWK83\nzCUm5VXf667D2F/DLLMHKAhUWwWQ6pFrt97uI2dNCqzPxYj7thIBY5Fwz+0MuqzF\nW5yXSkcEu8MihRXEYD+6J481G1JQrXPBIJMx/PCsuMfVyv4/l8oNMhvGzNnaP34A\nm2TtTKYBYopMMH8rMvsQhsUFH6q9uWjN0+ryTBnMjrXZNDazEItya5gI+UhSM8r7\nUMGPuikSY9mGO/WIO3MPWRwNtlFvM+gTlhvad6gGdfd99kLmAVonIbNVs6PIj4aX\nSU01r0omjSegDwvSWiUUaqV5u14DKbhF5E2WJPX5T5OlxEMfY9LAtOuLmoHGKP/x\n7qIgupPzffA/C0v7KQsrxR7YyVx/kY7VbletuaTJTs7mmTdI3jd3eJSEFXAqJYNw\n5nLC6Ms9xX8i3JCR1byss/C3nkcD+5ZESZsXsHBdKCPQwnP6iDZwC+Pa6Z3Mc1s5\nDGKLE5DerZAY/QN9y0W96OyMWW8HC3jSUL77G5sg+t+hKYiYoEF2i1H9hI717uFa\npnZ+JYTELDMC+xRUT2ryamtIRjcb7doVgC7HK4NXxTUIhUNpMhd89vjEuFH2ZqXk\nHGgqhB7CHiE39sG/YZEkQiRiUlluNRW+4dNEcHiED6Li2twy2YIJA0Td9kwwd22M\n419ZqDPWrg6ei+SNJYj04IIU7n8kbKxiBZkt1+XAgbtogXeK8r/koaqy+Mq+J+K3\nK65yeVCBg+U4CuGBzrWXU0xw0RNMmB04mHWq7gqr9fGPx8trSg0DSXs2D5IdOkPf\nCslHIM/epJ9TgH4NQkwIM9lRjy2V4Lq35CV0wg5WHM649ZpKANQN7bjAxVDX1lg2\nyDw+Gfl1biasFhT85N3MSDWG9gjTrlHplaGHZnxaAxZizrA0i94c9w==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wTzmDm07M5ZWpalJx' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpdjgznd24.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpdjgznd24.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_5(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:2253: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=2b3bd94e4d9d89bdfdd192713e7025f48ba50c2795d06ce31876f7ae00e202b6urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==gWFHGa3qJNKFHK5SubESjAtmHT3ce9j5IuE4IYu2XAc451H6CzSUg2KF0of748oS\n5AQMR4Hj4eFNRYYMB/ENKrl/ndylUpjzzIcyQu47Fe7BJ50ZDBldKhUibJglm5qz\nNaFE6qPLSYWoSK3MwaL/IkxvrKk00opPOedIqv9dVMA=Mio9oqGavromdHYN0zi0PdYQF/GvyV+MVhmGMkjvKAbvFOQa9eILcI8j+0trq6E5\npqHoTYY+ISUN4QscSEKtdY3MgeApkA3FCLOp9XEdyqs81lQeKTcXYy5K/yuBCEHg\ncXMyWm0hNurovqbDTgIJwO2/5CZygWlPC98fUuty3d+n99he3KF/JUAhjP9XyU3R\n2a4CFezNIi4rYbIiy/LKnZbLou1ZMIJBtLspKa2tzackyUPse1iUhAXpAjNAZQDf\nomw1Io9AHLMl2Y+LVLUC42wSmTlJSf05NjshMtcLlQcbcfnMkGN1yCpIdsnqUC2Y\nf9IA0bNiW7qoVB1oxYFLfc3p542WkHFO9NW9pDqOlUKaXezcmFoneTojqcQlIRKn\n+hGfWHTxEFIcidleqXpAHqHhuqkpkffAEnsy4BI7Pv06DZPrFW6lLTsdJJUDMuih\nbqEar4uvytALkXr5VVkL2gqhfqSUB8dvyWQKCEZBUpatFyPjHjKoUfnHSF7ly4Ov\nf8jix5QoGuUhMqmJ4Iqk+j+R8xjEneMgC9mBNItn/NN9fStIOoRZBpvUp4v1jB/n\nN+4jV3Yq4N1jELeJK9PCYB1Vhc6BwEVpGFBv9JwgQD2ncQTdQFYCIpM2+ntJ//fi\noanfAJlrB6s/oOhdHga5pdPy3OdIreUF+afkB27s5WdjRowkkcCHs/HQgTRh/DEM\nc5uJvLGe81MRsld92dNzPbKgsDCmatQLOPcdXlVZILNvJ+VXMeocnlLGR4N8TrhJ\nei96woIMz3MTLXd2z6Dg7nInrzkOWMP4AH9lIV8QhQf7XGEpw0lltTIaCtklcU1y\nhQ/uaiR+icylgnH7Ckmo6BVxniaXdOpGB3IKCddznG1UoID1IxrcwFj/emLqecZv\nODqDho6mqdpCuyZyRAyj5iP7bCTlh2Q/9YAJdW4l1gxs9JyiPOybS10R7Y1Rs8mn\n3osns6CY3ozdG5g0JE7YtNJYi9VKatsCYlMOS1XeVyXIrA4iJb/ihJy4yYYPYLIr\noZczonznv7EO+5+582kNm3ZHo7DH9i9UjSrZos3wEwK1V3PbS9THbKq/A6OL5xrE\nzF8kRUfTCtBXTzJMVrymXjJ4UEElfXxwI1WdNI+S5T+npisIQZXFC0OCe96eR06V\nFZ4m6ehbyAYoTDgwgTSH+LWmbuFpPpdcnkMN6Yza9QuWMMgnuygRxUMjLJm+adpD\nP1x+q4qe0Bi8IhZvGzv+dgKD5Z34C6wLDCeaamUZdCc//xLtaqVzsCAyPlvpH/UM\nr3IYRVijzeuDcH9QFP6w+E0Z4dnnkAZH6neaAl9T6lNRhOpZpBkHdsFiPc2lM6Sv\n8rvTenAfybwKQqDL/EMwlQrn1ewDKA+S+f0nG6Be7vevA7/K1+aFktut6sOrSd9K\nKjeBY6UQG69rlFQQBtnFwu+wF7APAsP0Jxhq4E8VrVXJhUqqcew/JS8i/TJbsz5V\nAeVMmGQQYfrnNfY1F3fqZr4UXSCTz8N3zF8VXJuuU9sO23czrig7zQrZAiYAWK83\nzCUm5VXf667D2F/DLLMHKAhUWwWQ6pFrt97uI2dNCqzPxYj7thIBY5Fwz+0MuqzF\nW5yXSkcEu8MihRXEYD+6J481G1JQrXPBIJMx/PCsuMfVyv4/l8oNMhvGzNnaP34A\nm2TtTKYBYopMMH8rMvsQhsUFH6q9uWjN0+ryTBnMjrXZNDazEItya5gI+UhSM8r7\nUMGPuikSY9mGO/WIO3MPWRwNtlFvM+gTlhvad6gGdfd99kLmAVonIbNVs6PIj4aX\nSU01r0omjSegDwvSWiUUaqV5u14DKbhF5E2WJPX5T5OlxEMfY9LAtOuLmoHGKP/x\n7qIgupPzffA/C0v7KQsrxR7YyVx/kY7VbletuaTJTs7mmTdI3jd3eJSEFXAqJYNw\n5nLC6Ms9xX8i3JCR1byss/C3nkcD+5ZESZsXsHBdKCPQwnP6iDZwC+Pa6Z3Mc1s5\nDGKLE5DerZAY/QN9y0W96OyMWW8HC3jSUL77G5sg+t+hKYiYoEF2i1H9hI717uFa\npnZ+JYTELDMC+xRUT2ryamtIRjcb7doVgC7HK4NXxTUIhUNpMhd89vjEuFH2ZqXk\nHGgqhB7CHiE39sG/YZEkQiRiUlluNRW+4dNEcHiED6Li2twy2YIJA0Td9kwwd22M\n419ZqDPWrg6ei+SNJYj04IIU7n8kbKxiBZkt1+XAgbtogXeK8r/koaqy+Mq+J+K3\nK65yeVCBg+U4CuGBzrWXU0xw0RNMmB04mHWq7gqr9fGPx8trSg0DSXs2D5IdOkPf\nCslHIM/epJ9TgH4NQkwIM9lRjy2V4Lq35CV0wg5WHM649ZpKANQN7bjAxVDX1lg2\nyDw+Gfl1biasFhT85N3MSDWG9gjTrlHplaGHZnxaAxZizrA0i94c9w==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wTzmDm07M5ZWpalJx' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wTzmDm07M5ZWpalJx', '--output', '/tmp/tmpx5aq2nch.xml', '/tmp/tmpdjgznd24.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpdjgznd24.xml" output= ____________________ TestClientNonAsciiAva.test_response_6 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3b3835d52e9a35201481c85ad7246025b47f0589d06a35526bb09ac30aa4b222urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODU3WhcNMzQxMTEzMTYzODU3WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwmmdPMyRGvSkK+aVyHwR8HhREHaOtxjJk26Pf8s3cB65pWxYLZOVYp9z\nIyhM5SwFaVlsTW+Cv9cClofWL8KTh6hxWmL54+U3PzpnMoODn9XWRe1klh9+brrG\ngCHqwDUYJCR9MA2clRhvid+83tQvp9lC+MVW62nfYMOdit02yRlzKLfV+O4sGSZv\njMW914EcUQUex07MdEstqW4uUFyAj+8DrS1mmEK4nOngjaBrWTha1OCOurjtoNeW\nVxfGu0Z0ryCjE7PAQlVYto062KeC5TzflQX8m2STOZvhOWEiG+yw6oBYYS3dlClE\n1gC0sC1HN+ltBEVILZMt0Ns2KZKyiwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBABuy\ndL14btwLS4L57pAKygzlJsvp4DVLTZJThJyrBBUXVSWj9gO90mTz35PuXB5XQm6e\nYuhXO8ZngiBgja/ocxnhm1sFr7KLs2utkCMpJruqWze57S1ly/6Xta3XkNyQnWtX\nTViA7czcumbENSd6LidyVsYjskFt4+TKKs0PZMKPDUl4cW3W/Y0GS4MmsV3snI/eHVfYtHHMliNLFGS/IomgFOoEHda77/yv9R5kI/fk\nWiCbLegIUjQqpXUHT4weIDFqyrhqqCBT9J7sxhj3Wv+sY5RSxxlH3EqcyqZA8I0L\n5GwIVnFtvjAtFl3gjf7+Jx5hPe4EB3NkNotNPiSgBBqXyyOTwKmeZIC8woJPQCI6\nxGu1+tIHLoPkc5g2p3/pjDmPBL2HsBF0XbnuLVbEy6WTpb7c81O7Cxy/rHssHTX9\nRrqQYqSg1RLYpbcBTNsgi7Wy4CpY8edFdC+k/L9RWae5hCPQEgbr8ne3N3w+d49l\nfGOdylKGK405HtjlrBftQQ==r3at+8033UcDoQ8AVUXKfoEnjm1CkMi6hiGawSU+sIoHiPB7SEyBk21bWoGJxn6l\nguMMwbOZIVWyIa3BM1ITvfF5hRwKJBqzHWp1KfQU7UwHBpeimL/XOyHz2RBwgugf\nWfRVZOQCOa/CUgUbNe8xAqG6XvlZqNAFf4RDzeysDQNaCvD9VJDCQQkJCYYuDrMH\nuVBGGK+Pqh9eWI9Z2OdoZat97mna/MSP1e+uuKPfcPAUVcK4o4tMLWclPBvL2u0T\nvB6qrVUg8xSux0BcPzysvAV1Ec8k00GSofIQktmSjMW4bkfEsBk0nS/oANG+M+lz\nKnaMoE9oC2F4ad/00VQJH2WCTU8cVL+7UzMu3gA1bs/a6PtbWlwRke32BASXiBry\n4gDHz7wL/GBtgKRxRO2fS0hRALN9kP//efX5MRWaVVRlfsK5Ir1EUY/jLH6KN7Cc\ncNPuBP1sdP7GBF2s+705K7+CLE1611AUqi/AjRehWmGo218AbP5E5cLqS2aEjcDx\npQPHEu/8BZN2VQCX6Gq0ykk4A54tXq33dYTg87a7MDzC9b9IFkpaxqT9gxbfJTKE\n+1E03y6rnf/j+kG2tYUmoP/cHg4HPitzHawYx258zsGG6UFujkXpmcIFrqwPqyZX\n4g8XcUlCvb+WUcxruA2YlUxq3sO/o9pFM0vndxSSBn+yOiJpcra5F3TgHhIigwM0\nX03hydqDKlPRLyl5dgBKjsnQD0haynTXt/72HGzW4QL0AmPqqJ6lqvsL9sq6hpKA\nGRXdUqp+pg4Pqu6WLQ+nXPvZ//N42QxRtz0uE36V4IKnoJ12qbHt9kVhZPPkDdX9\nwEg6NGDq8dVYdnH/9BLsi1z4Drh+tWewHJ+WIBQumEzHA62UZZpty+7h2ATUl8t5\nHliUm1b/atbYA5cigLq8XzizMDuLcA3MhNLnmXGQRNKCEzOWYsNEDJMqLQtbV+J2\nyxJLmCez0xYhBQn2YFrXGymBPkbAOex1/ZYgfW2hP+OVpzyIafol6CqPdCikx1wD\nlvRh1SLDZa8hvxVZ4hR7UBkYKeHb+sP64C9cTVRkWr/EaLDoY0MHygo44lN22Wav\noeCUgVMHj6CxGzHKSWSMH7pg4f9HRMHGsAvIWexrj5N1EVXFnCzqZWrtKQsI8RM6\nYYz2rnqOhUor8/HKjUueWaSbQIbbPXu99pgiZOEARipsLE+K5wNGFgr4PjrGjUU7\nPwooeUHs2nhQzzVyDX9rtt8w7MBedCEqVRbXsLOrK4XrHIUxhLkCkBpYAwAagklY\nrLqAodmAWwcwIF1Usg4TcYI8soGKUYg//BsNT6fvyXoFp0rapIANxkYxjYp5F6Gq\nUQF2fxJ7YVHonahlSzCz8ji4pCqc+7SuF0O9t/WDPG0fNlUNyRzJHWyzZArSo70i\nosskM/S8J6pP50xiE65NX48Vu46Ek+id0I0Xjzk2WVDVf7V1baF5AZ1JxsUmSr37\n+nEipFUw+W07NNKBGFK3pgOdPV2t7+3MuShxTW2gObUsMzwoywDMz+wFUma3sNA1\ns9xcqaeC9bOOTTVgS4T+UQWC6JtrQV6TbZJFuIR2DapaoV8LZWTyZp2RDbn3o832\nfpwZTn3PB48BM7tnZQgZCz9YpxulTYPkQxHOK9RKCI8SG1edxwTR2smX7Nsbz9mZ\nuMh4M/d6QNJZe2IhYbUsl57ywTSa8thTgJlizjF91y4YJr0lnVHlvvMI37zZAlv7\n9JOqh/azcTWt+VM+/Juud+N8r6Lt6MXTUm42WVfjJC+18PInMSfVoRqrNf5XgomO\nnGjAJ4A96W5l2sQNF8lelvfh/jWbIlcggT+1WDgfMBWcXeJTkprUolljdU58rH6A\n6hKF8o5Ized865YpWIrG74GRZ3WAlEFEG5kyhurakMZFqMr0AYyTZDbwBfjgY3Zm\npUuZpKTps4xU1qNYYgQcIyLMJ+vsKsu303JalKaBPUi0Ykz2GTE9PdZomiJ2HrfH\n76aRPcwGgaHBLm1AFI0kxhhMacY7p7nkr6XdDGP7pZfW3VbJjSkuhT9Yj38vTDtD\nJd7TP3Dnlbi6ARfWIhp8fwRH6I6F/DDnDPAQWvuqFowsgL1uDyI9F25a0M3FBPDk\ndKhrl9Ac/7ENZ1hYgMeEwSNcCwJk2hMNQe6UUiqsGC8jr3DqctYzSUOIcZ6cb2Fr\ncVlgoXcmjLwJTz664ybfAlYRW9s8lw3VtwTExdV20b2UTKfDmw58oHHdgYF2ZCyf\n1azMxEc+9SiYnxWLUMfA6gYBCL98lBw6yIrITpr1FIYy23PRTrh0ixH4ZP9qSUl+\n4q8fh/m7ddYzcUNmMMWSX8db/S6F1hNWdYDerxyNixAjWGYj1cSqJ1ORU+nlwARR\n71Wn/pd2tte4c1G4BeJsP2ZcLStrLygn2AqiTOMxnXsp73iluz0dgw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-r9Ybsy13CYVMvsGOl' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp_nc3nmjr.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp_nc3nmjr.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_6(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_assertion_str, cert_key_assertion_str = generate_cert() cert_assertion = {"cert": cert_assertion_str, "key": cert_key_assertion_str} cert_advice_str, cert_key_advice_str = generate_cert() cert_advice = {"cert": cert_advice_str, "key": cert_key_advice_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_assertion_str, encrypt_cert_advice=cert_advice_str, ) tests/test_51_client.py:2296: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3b3835d52e9a35201481c85ad7246025b47f0589d06a35526bb09ac30aa4b222urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMTE1MTYzODU3WhcNMzQxMTEzMTYzODU3WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwmmdPMyRGvSkK+aVyHwR8HhREHaOtxjJk26Pf8s3cB65pWxYLZOVYp9z\nIyhM5SwFaVlsTW+Cv9cClofWL8KTh6hxWmL54+U3PzpnMoODn9XWRe1klh9+brrG\ngCHqwDUYJCR9MA2clRhvid+83tQvp9lC+MVW62nfYMOdit02yRlzKLfV+O4sGSZv\njMW914EcUQUex07MdEstqW4uUFyAj+8DrS1mmEK4nOngjaBrWTha1OCOurjtoNeW\nVxfGu0Z0ryCjE7PAQlVYto062KeC5TzflQX8m2STOZvhOWEiG+yw6oBYYS3dlClE\n1gC0sC1HN+ltBEVILZMt0Ns2KZKyiwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBABuy\ndL14btwLS4L57pAKygzlJsvp4DVLTZJThJyrBBUXVSWj9gO90mTz35PuXB5XQm6e\nYuhXO8ZngiBgja/ocxnhm1sFr7KLs2utkCMpJruqWze57S1ly/6Xta3XkNyQnWtX\nTViA7czcumbENSd6LidyVsYjskFt4+TKKs0PZMKPDUl4cW3W/Y0GS4MmsV3snI/eHVfYtHHMliNLFGS/IomgFOoEHda77/yv9R5kI/fk\nWiCbLegIUjQqpXUHT4weIDFqyrhqqCBT9J7sxhj3Wv+sY5RSxxlH3EqcyqZA8I0L\n5GwIVnFtvjAtFl3gjf7+Jx5hPe4EB3NkNotNPiSgBBqXyyOTwKmeZIC8woJPQCI6\nxGu1+tIHLoPkc5g2p3/pjDmPBL2HsBF0XbnuLVbEy6WTpb7c81O7Cxy/rHssHTX9\nRrqQYqSg1RLYpbcBTNsgi7Wy4CpY8edFdC+k/L9RWae5hCPQEgbr8ne3N3w+d49l\nfGOdylKGK405HtjlrBftQQ==r3at+8033UcDoQ8AVUXKfoEnjm1CkMi6hiGawSU+sIoHiPB7SEyBk21bWoGJxn6l\nguMMwbOZIVWyIa3BM1ITvfF5hRwKJBqzHWp1KfQU7UwHBpeimL/XOyHz2RBwgugf\nWfRVZOQCOa/CUgUbNe8xAqG6XvlZqNAFf4RDzeysDQNaCvD9VJDCQQkJCYYuDrMH\nuVBGGK+Pqh9eWI9Z2OdoZat97mna/MSP1e+uuKPfcPAUVcK4o4tMLWclPBvL2u0T\nvB6qrVUg8xSux0BcPzysvAV1Ec8k00GSofIQktmSjMW4bkfEsBk0nS/oANG+M+lz\nKnaMoE9oC2F4ad/00VQJH2WCTU8cVL+7UzMu3gA1bs/a6PtbWlwRke32BASXiBry\n4gDHz7wL/GBtgKRxRO2fS0hRALN9kP//efX5MRWaVVRlfsK5Ir1EUY/jLH6KN7Cc\ncNPuBP1sdP7GBF2s+705K7+CLE1611AUqi/AjRehWmGo218AbP5E5cLqS2aEjcDx\npQPHEu/8BZN2VQCX6Gq0ykk4A54tXq33dYTg87a7MDzC9b9IFkpaxqT9gxbfJTKE\n+1E03y6rnf/j+kG2tYUmoP/cHg4HPitzHawYx258zsGG6UFujkXpmcIFrqwPqyZX\n4g8XcUlCvb+WUcxruA2YlUxq3sO/o9pFM0vndxSSBn+yOiJpcra5F3TgHhIigwM0\nX03hydqDKlPRLyl5dgBKjsnQD0haynTXt/72HGzW4QL0AmPqqJ6lqvsL9sq6hpKA\nGRXdUqp+pg4Pqu6WLQ+nXPvZ//N42QxRtz0uE36V4IKnoJ12qbHt9kVhZPPkDdX9\nwEg6NGDq8dVYdnH/9BLsi1z4Drh+tWewHJ+WIBQumEzHA62UZZpty+7h2ATUl8t5\nHliUm1b/atbYA5cigLq8XzizMDuLcA3MhNLnmXGQRNKCEzOWYsNEDJMqLQtbV+J2\nyxJLmCez0xYhBQn2YFrXGymBPkbAOex1/ZYgfW2hP+OVpzyIafol6CqPdCikx1wD\nlvRh1SLDZa8hvxVZ4hR7UBkYKeHb+sP64C9cTVRkWr/EaLDoY0MHygo44lN22Wav\noeCUgVMHj6CxGzHKSWSMH7pg4f9HRMHGsAvIWexrj5N1EVXFnCzqZWrtKQsI8RM6\nYYz2rnqOhUor8/HKjUueWaSbQIbbPXu99pgiZOEARipsLE+K5wNGFgr4PjrGjUU7\nPwooeUHs2nhQzzVyDX9rtt8w7MBedCEqVRbXsLOrK4XrHIUxhLkCkBpYAwAagklY\nrLqAodmAWwcwIF1Usg4TcYI8soGKUYg//BsNT6fvyXoFp0rapIANxkYxjYp5F6Gq\nUQF2fxJ7YVHonahlSzCz8ji4pCqc+7SuF0O9t/WDPG0fNlUNyRzJHWyzZArSo70i\nosskM/S8J6pP50xiE65NX48Vu46Ek+id0I0Xjzk2WVDVf7V1baF5AZ1JxsUmSr37\n+nEipFUw+W07NNKBGFK3pgOdPV2t7+3MuShxTW2gObUsMzwoywDMz+wFUma3sNA1\ns9xcqaeC9bOOTTVgS4T+UQWC6JtrQV6TbZJFuIR2DapaoV8LZWTyZp2RDbn3o832\nfpwZTn3PB48BM7tnZQgZCz9YpxulTYPkQxHOK9RKCI8SG1edxwTR2smX7Nsbz9mZ\nuMh4M/d6QNJZe2IhYbUsl57ywTSa8thTgJlizjF91y4YJr0lnVHlvvMI37zZAlv7\n9JOqh/azcTWt+VM+/Juud+N8r6Lt6MXTUm42WVfjJC+18PInMSfVoRqrNf5XgomO\nnGjAJ4A96W5l2sQNF8lelvfh/jWbIlcggT+1WDgfMBWcXeJTkprUolljdU58rH6A\n6hKF8o5Ized865YpWIrG74GRZ3WAlEFEG5kyhurakMZFqMr0AYyTZDbwBfjgY3Zm\npUuZpKTps4xU1qNYYgQcIyLMJ+vsKsu303JalKaBPUi0Ykz2GTE9PdZomiJ2HrfH\n76aRPcwGgaHBLm1AFI0kxhhMacY7p7nkr6XdDGP7pZfW3VbJjSkuhT9Yj38vTDtD\nJd7TP3Dnlbi6ARfWIhp8fwRH6I6F/DDnDPAQWvuqFowsgL1uDyI9F25a0M3FBPDk\ndKhrl9Ac/7ENZ1hYgMeEwSNcCwJk2hMNQe6UUiqsGC8jr3DqctYzSUOIcZ6cb2Fr\ncVlgoXcmjLwJTz664ybfAlYRW9s8lw3VtwTExdV20b2UTKfDmw58oHHdgYF2ZCyf\n1azMxEc+9SiYnxWLUMfA6gYBCL98lBw6yIrITpr1FIYy23PRTrh0ixH4ZP9qSUl+\n4q8fh/m7ddYzcUNmMMWSX8db/S6F1hNWdYDerxyNixAjWGYj1cSqJ1ORU+nlwARR\n71Wn/pd2tte4c1G4BeJsP2ZcLStrLygn2AqiTOMxnXsp73iluz0dgw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-r9Ybsy13CYVMvsGOl' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-r9Ybsy13CYVMvsGOl', '--output', '/tmp/tmps8dye2y_.xml', '/tmp/tmp_nc3nmjr.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp_nc3nmjr.xml" output= ____________________ TestClientNonAsciiAva.test_response_7 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=cd191eec1ad46b1dc8ba41c11f64f61012595cab5fe8aaab747a526ce62ddce6urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-n9mm7vwZN7y3e066m' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp5954o10d.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp5954o10d.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_7(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypted_advice_attributes=True, ) tests/test_51_client.py:2335: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=cd191eec1ad46b1dc8ba41c11f64f61012595cab5fe8aaab747a526ce62ddce6urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-n9mm7vwZN7y3e066m' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-n9mm7vwZN7y3e066m', '--output', '/tmp/tmp4e_nb57u.xml', '/tmp/tmp5954o10d.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp5954o10d.xml" output= ____________________ TestClientNonAsciiAva.test_response_8 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=82c5c48f51dc1ca0671e4893467d549ba66b8f3f112a1842d8df152917d21368urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-AqYaDgQz7QUV1v2wb' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpsqgog1b4.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpsqgog1b4.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_8(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:2373: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=82c5c48f51dc1ca0671e4893467d549ba66b8f3f112a1842d8df152917d21368urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-AqYaDgQz7QUV1v2wb' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-AqYaDgQz7QUV1v2wb', '--output', '/tmp/tmpgfc3n4bn.xml', '/tmp/tmpsqgog1b4.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpsqgog1b4.xml" output= ____________ TestClientNonAsciiAva.test_sign_then_encrypt_assertion ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-XtKH6pGtbSg8lRh3U' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp2f3nnje3.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp2f3nnje3.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion(self): # Begin with the IdPs side _sec = self.server.sec assertion = s_utils.assertion_factory( subject=factory(saml.Subject, text="_aaa", name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)), attribute_statement=do_attribute_statement( { ("", "", "sn"): ("Jeter", ""), ("", "", "givenName"): ("Derek", ""), } ), issuer=self.server._issuer(), ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id ) tests/test_51_client.py:2557: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-XtKH6pGtbSg8lRh3U' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XtKH6pGtbSg8lRh3U', '--output', '/tmp/tmpvljh1yer.xml', '/tmp/tmp2f3nnje3.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp2f3nnje3.xml" output= ___________ TestClientNonAsciiAva.test_sign_then_encrypt_assertion2 ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-jZsz7QuHHFRdj0VDJ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmply5935n5.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmply5935n5.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Dave", "sn": "Concepción"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=self.client.sec.key_file, node_id=assertion.id ) tests/test_51_client.py:2628: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-jZsz7QuHHFRdj0VDJ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-jZsz7QuHHFRdj0VDJ', '--output', '/tmp/tmpgzbspluf.xml', '/tmp/tmply5935n5.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmply5935n5.xml" output= _______ TestClientNonAsciiAva.test_sign_then_encrypt_assertion_advice_1 ________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ENcRxW6XfEep6U4B8' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpxie7gjl2.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpxie7gjl2.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_1(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Dave", "sn": "Concepción"}) subject_confirmation_specs = { "recipient": "http://lingon.catalogix.se:8087/", "in_response_to": "_012345", "subject_confirmation_method": saml.SCM_BEARER, } name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), name_id=name_id, authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"}) a_assertion = a_asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion.signature = sigver.pre_signature_part(a_assertion.id, _sec.my_cert, 1) assertion.advice = Advice() assertion.advice.encrypted_assertion = [] assertion.advice.encrypted_assertion.append(EncryptedAssertion()) assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion.append(assertion) > response = _sec.sign_statement( f"{response}", class_name(a_assertion), key_file=self.client.sec.key_file, node_id=a_assertion.id ) tests/test_51_client.py:2730: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ENcRxW6XfEep6U4B8' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ENcRxW6XfEep6U4B8', '--output', '/tmp/tmpdse1d2gv.xml', '/tmp/tmpxie7gjl2.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpxie7gjl2.xml" output= _______ TestClientNonAsciiAva.test_sign_then_encrypt_assertion_advice_2 ________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDave' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ND1a92yGEgPotz2gi' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpdalqbdcj.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpdalqbdcj.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_2(self): # Begin with the IdPs side _sec = self.server.sec asser_1 = Assertion({"givenName": "Dave"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) assertion_1 = asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) asser_2 = Assertion({"sn": "Concepción"}) assertion_2 = asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_1 = Assertion({"uid": "test01"}) a_assertion_1 = a_asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_2 = Assertion({"email": "test.testsson@test.se"}) a_assertion_2 = a_asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_3 = Assertion({"street": "street"}) a_assertion_3 = a_asser_3.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_4 = Assertion({"title": "title"}) a_assertion_4 = a_asser_4.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion_1.signature = sigver.pre_signature_part(a_assertion_1.id, _sec.my_cert, 1) a_assertion_2.signature = sigver.pre_signature_part(a_assertion_2.id, _sec.my_cert, 1) a_assertion_3.signature = sigver.pre_signature_part(a_assertion_3.id, _sec.my_cert, 1) a_assertion_4.signature = sigver.pre_signature_part(a_assertion_4.id, _sec.my_cert, 1) assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1) assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion = assertion_1 response.assertion.advice = Advice() response.assertion.advice.encrypted_assertion = [] response.assertion.advice.encrypted_assertion.append(EncryptedAssertion()) response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1) advice_tag = response.assertion.advice._to_element_tree().tag assertion_tag = a_assertion_1._to_element_tree().tag response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion( assertion_tag, advice_tag ) > response = _sec.sign_statement( f"{response}", class_name(a_assertion_1), key_file=self.server.sec.key_file, node_id=a_assertion_1.id ) tests/test_51_client.py:2890: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDave' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ND1a92yGEgPotz2gi' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ND1a92yGEgPotz2gi', '--output', '/tmp/tmptcefm5fp.xml', '/tmp/tmpdalqbdcj.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpdalqbdcj.xml" output= _____________ TestClientNonAsciiAva.test_do_logout_signed_redirect _____________ self = def test_do_logout_signed_redirect(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT ) tests/test_51_client.py:3066: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVJLS8NAEP4ry97TvNoShyZQLGKgtlqLorcl2diF3Z26M4Hqr5fEHkShB08Dw%2FccZuEpgTW%2BYc87%2Fd5rYnFy1hN4SkrZBw%2BoyBB45TQBN%2FC4vFtDNkngGJCxQSvPBFLOXmYoIh3YoJeiXpXStNFV9rKcP6vbeXPtTjl93kvxpAMZ9KXMJokUNVGva0%2BsPJcyS7JplKZROtunc8gLmBWvUqw0sfGKR9aB%2BQhxbLFR9oDEUCRFEZNFKXZa0QDZm6BbKTbIW78Ny451%2BC09zUfpajGUgjFEEDcYnOLLFYeNaaNuhIL2bPhDVgPDqUaDPil3tHrSoBvvBQGt8i3QcRH%2FsDr7bpTT9UoM46FX1nRmSNohyn9k4aA8Ge1ZVmmWT2fzs%2BO3SbWI%2FzxC9QU%3D&RelayState=id-92YA6WaH6cCmx3szP%7C1731688738%7Cc09d8ed5033e46ffbd616a991592653fa703e524&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm __________________ TestClientNonAsciiAva.test_do_logout_post ___________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ARcGtmSDz2NKiC2ES' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmpygvx2syj.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpygvx2syj.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_post(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:3102: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ARcGtmSDz2NKiC2ES' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-ARcGtmSDz2NKiC2ES', '--output', '/tmp/tmpc_q2nirn.xml', '/tmp/tmpygvx2syj.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpygvx2syj.xml" output= _____________ TestClientNonAsciiAva.test_do_logout_session_expired _____________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-rlvnQGLNkXXUH82yl' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmpeh7m66qi.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpeh7m66qi.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_session_expired(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": a_while_ago(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:3127: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-rlvnQGLNkXXUH82yl' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-rlvnQGLNkXXUH82yl', '--output', '/tmp/tmpan8vwxrz.xml', '/tmp/tmpeh7m66qi.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpeh7m66qi.xml" output= ___________________ TestSignedResponse.test_signed_response ____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=eee3800fca50ecab85f0298cca36d49c22ef874f17bb957e22b02c0db04f77aeurn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-D77HKAt6DdN6mSaOM' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmprev93vml.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmprev93vml.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): print(ds.DefaultSignature().get_digest_alg()) name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_52_default_sign_alg.py:70: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=eee3800fca50ecab85f0298cca36d49c22ef874f17bb957e22b02c0db04f77aeurn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-D77HKAt6DdN6mSaOM' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-D77HKAt6DdN6mSaOM', '--output', '/tmp/tmpykbg3575.xml', '/tmp/tmprev93vml.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- http://www.w3.org/2000/09/xmldsig#sha1 ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmprev93vml.xml" output= __________________ TestSignedResponse.test_signed_response_1 ___________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d8cb54b6a029df50318997960f67f8588dbe84a7d09468d20b115bedfc9b278curn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-1lXGm7GEErWXHxBWw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp587hxlrp.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp587hxlrp.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_52_default_sign_alg.py:87: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d8cb54b6a029df50318997960f67f8588dbe84a7d09468d20b115bedfc9b278curn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-1lXGm7GEErWXHxBWw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-1lXGm7GEErWXHxBWw', '--output', '/tmp/tmpk3plw_9p.xml', '/tmp/tmp587hxlrp.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp587hxlrp.xml" output= _____________________________________ test _____________________________________ def test(): with closing(Server(config_file=dotname("idp_all_conf"))) as idp: conf = SPConfig() conf.load_file(dotname("servera_conf")) sp = Saml2Client(conf) srvs = sp.metadata.single_sign_on_service(idp.config.entityid, BINDING_HTTP_REDIRECT) destination = srvs[0]["location"] req_id, req = sp.create_authn_request(destination, id="id1") > info = http_redirect_message( req, destination, relay_state="RS", typ="SAMLRequest", sigalg=SIG_RSA_SHA1, sign=True, backend=sp.sec.sec_backend, ) tests/test_70_redirect_signing.py:33: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=pZNfb9MwFMW%2FSuT3%2FGnGoFhtpNIBqzS2qg088Gacu9ZafG%2FwvSnpt5%2BSZaIPECHxap%2Fr8%2FPx8QI506tWjriDny2wRJ2vkTVytlRtQE2GHWs0HliL1fvVlzudJ5luAglZqtU4wMbX0xOGGYI4QhVtbpbKVXFLT1cfP9%2FK%2BRofTvl5c6%2BibxDYES5VnmQq2jC3sEEWg7JUeZa%2FiWezeHZdzt7qq%2Fc6y76r6AZYHBoZpo4ijU7Tmqypj8Si59l8njJTGqByAayoaDuSf3BYOTxMQ%2F94EbG%2BLcttvH3YlypavV5kTcith7CHcHIWvu7ufhM4PBAm1oip6eC6hKFneZcO%2FidXQbg3Hl7MvbGgoTO%2BqSGx5IcwdaDaYKW5UcViWBjSCNEnCt7INHa%2F4qr4cZBqQHFyVsU%2FeC3SC6ti0bdjLAZUQ03WhAKdRGvyjQmO%2B9ShM1ZeKS9V69ow7%2BCxmOyF1bbXAeutYf5FoeqfCKxAVQaD3FCQkeuPh%2F%2B%2Fb%2Bk87M9oS3oCnLRK%2F5rIuHf5l4pn&RelayState=RS&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm _ TestAuthnResponse.test_signed_assertion_with_random_embedded_cert_should_be_ignored _ self = mock_validate_on_or_after = @patch("saml2.response.validate_on_or_after", return_value=True) def test_signed_assertion_with_random_embedded_cert_should_be_ignored(self, mock_validate_on_or_after): """ if the embedded cert is not ignored then verification will fail """ conf = config_factory("sp", dotname("server_conf")) ar = authn_response(conf, return_addrs="https://51.15.251.81.xip.io/acs/post") ar.issue_instant_ok = Mock(return_value=True) with open(SIGNED_ASSERTION_RANDOM_EMBEDDED_CERT) as fp: xml_response = fp.read() ar.outstanding_queries = {"id-abc": "http://localhost:8088/sso"} ar.timeslack = 10000 # .loads does not check the assertion, only the response signature # use .verify to verify the contents of the response assert ar.loads(xml_response, decode=False) > assert ar.verify() tests/test_xmlsec1_key_data.py:78: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:1026: in verify if self.parse_assertion(keys): ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:918: in parse_assertion if not self._assertion(assertion, False): ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:791: in _assertion self.sec.check_signature(assertion, class_name(assertion), self.xmlstr) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1538: in check_signature return self._check_signature( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = decoded_xml = '\n\n urn:mace:example.com:saml:roland:idp\n \n \n \n \n urn:mace:example.com:saml:roland:idp\n \n \n \n \n \n \n \n \n \n \n NHB0WhPWj5OyRz9N52fZrEBWK3dXT2pVVT54f4kg1tM=\n \n \n Mo4ZheAEDvdPQwWvT5SOYZZ2IBELwtmBpdsn+Th+IvsanychWQ6JHYKTI8hl+3DigbqQwdsqet8n9sfdvr+D+Q7XozjVaFPdzUGC9d96Mn/vrc+JIP/ESoDjDUQEsoSBhUFlrbu7tPJDJehPgd/maIwd/GqEHWXFlm1ZWVCmaH8=\n \n \n MIIFLDCCBBSgAwIBAgISA3UxXAgBWRS1D74GOLiAjky6MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTAxMTcyMDIxNTNaFw0yMTA0MTcyMDIxNTNaMB4xHDAaBgNVBAMTEzUxLjE1LjI1MS44MS54aXAuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkjSN9vZDOwE1m7g1vyiwBsKBKNItyy05BcHUkM8fabBcsavugT8uE4wYz5aeZrnKb5dbDLHaZe6Dl5GHgRO8s7REwSJ/BHT3/eMaEakLwIGE5/6QSWuBjOawPfmYarW5IqoITjSt/o/jxu3haouqbr7XYf1WOuZmc6iwGnEgm0+cVB4CA0VGnnLYfsjp9iMt3pFI8a8ipdwp5lfzZU+j8JMVEn6SZhNjjTAjcakBQmZv4Q5/yU6yqfGjG47DO62xB/PPbDy78hDorER2v8UkoDTGV4aZrZaNltHBUxNohIiQnkhuakMmbf0NhA2ExBJw6KTCCxfYkyUX3CgYzaAnxAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHD7gcF0sNITPqhwcUlFyOBrkxRFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEzUxLjE1LjI1MS44MS54aXAuaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXcSOcqvAAAEAwBGMEQCIFhvPWYY+2VO55bHO1Sa9zJQk7B1kvCi7sfDCxAYp7mEAiBTKx6XD0GkfNGhji0LGuelvfD7gZOUSzURlJW1ahYcgQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdxI5yq4AAAQDAEgwRgIhAONNwcNZ66IxsWcUNDS0B9KV8Kk4VS9b/wUFNBHAQl3SAiEAxO5GwgaK3glL/6L/J7qpiedJBAs3h5406MWC0v4uYZ8wDQYJKoZIhvcNAQELBQADggEBAAZgbgfOb4+uI9kMGF4fMiompHeUFDXGyIND6y4FsfWHJG4Fn3aG+VQN/UtHeO8UusjS13/2yw3O+PeNTstBl+q6Ssega8zTYx2j3h3RFqM9JR8SWa83B0UTgyaxX3PTmfegV4/RZxC7KQ8pqjcLwKJSTgZF6W40Jo16tKVoi0VQY/2Gre6E9D1tPVw//mDGJST/5IcbFvtr79uft76IA+T674qNgAriBKxWncSbGzE42w2QsYsGMHHJn3vKbNl7alll9eJBqvdi1Q7ay86oI7NDQ0PPwjnB0/i4BOO0qQBcBSUIPPEChcrooEqN9PwM20aoyIjje0rtDGSxnEQRrg0=\n MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==\n \n \n \n \n attack-name-id\n \n \n \n \n \n \n urn:mace:example.com:saml:roland:sp\n \n \n \n \n urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified\n \n \n \n\n' item = node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' origdoc = '\n\n urn:mace:example.com:saml:roland:idp\n \n \n \n \n urn:mace:example.com:saml:roland:idp\n \n \n \n \n \n \n \n \n \n \n NHB0WhPWj5OyRz9N52fZrEBWK3dXT2pVVT54f4kg1tM=\n \n \n Mo4ZheAEDvdPQwWvT5SOYZZ2IBELwtmBpdsn+Th+IvsanychWQ6JHYKTI8hl+3DigbqQwdsqet8n9sfdvr+D+Q7XozjVaFPdzUGC9d96Mn/vrc+JIP/ESoDjDUQEsoSBhUFlrbu7tPJDJehPgd/maIwd/GqEHWXFlm1ZWVCmaH8=\n \n \n MIIFLDCCBBSgAwIBAgISA3UxXAgBWRS1D74GOLiAjky6MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTAxMTcyMDIxNTNaFw0yMTA0MTcyMDIxNTNaMB4xHDAaBgNVBAMTEzUxLjE1LjI1MS44MS54aXAuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkjSN9vZDOwE1m7g1vyiwBsKBKNItyy05BcHUkM8fabBcsavugT8uE4wYz5aeZrnKb5dbDLHaZe6Dl5GHgRO8s7REwSJ/BHT3/eMaEakLwIGE5/6QSWuBjOawPfmYarW5IqoITjSt/o/jxu3haouqbr7XYf1WOuZmc6iwGnEgm0+cVB4CA0VGnnLYfsjp9iMt3pFI8a8ipdwp5lfzZU+j8JMVEn6SZhNjjTAjcakBQmZv4Q5/yU6yqfGjG47DO62xB/PPbDy78hDorER2v8UkoDTGV4aZrZaNltHBUxNohIiQnkhuakMmbf0NhA2ExBJw6KTCCxfYkyUX3CgYzaAnxAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHD7gcF0sNITPqhwcUlFyOBrkxRFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEzUxLjE1LjI1MS44MS54aXAuaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXcSOcqvAAAEAwBGMEQCIFhvPWYY+2VO55bHO1Sa9zJQk7B1kvCi7sfDCxAYp7mEAiBTKx6XD0GkfNGhji0LGuelvfD7gZOUSzURlJW1ahYcgQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdxI5yq4AAAQDAEgwRgIhAONNwcNZ66IxsWcUNDS0B9KV8Kk4VS9b/wUFNBHAQl3SAiEAxO5GwgaK3glL/6L/J7qpiedJBAs3h5406MWC0v4uYZ8wDQYJKoZIhvcNAQELBQADggEBAAZgbgfOb4+uI9kMGF4fMiompHeUFDXGyIND6y4FsfWHJG4Fn3aG+VQN/UtHeO8UusjS13/2yw3O+PeNTstBl+q6Ssega8zTYx2j3h3RFqM9JR8SWa83B0UTgyaxX3PTmfegV4/RZxC7KQ8pqjcLwKJSTgZF6W40Jo16tKVoi0VQY/2Gre6E9D1tPVw//mDGJST/5IcbFvtr79uft76IA+T674qNgAriBKxWncSbGzE42w2QsYsGMHHJn3vKbNl7alll9eJBqvdi1Q7ay86oI7NDQ0PPwjnB0/i4BOO0qQBcBSUIPPEChcrooEqN9PwM20aoyIjje0rtDGSxnEQRrg0=\n MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==\n \n \n \n \n attack-name-id\n \n \n \n \n \n \n urn:mace:example.com:saml:roland:sp\n \n \n \n \n urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified\n \n \n \n\n' must = False, only_valid_cert = False, issuer = None def _check_signature( self, decoded_xml, item, node_name=NODE_NAME, origdoc=None, must=False, only_valid_cert=False, issuer=None ): try: _issuer = item.issuer.text.strip() except AttributeError: _issuer = None if _issuer is None: try: _issuer = issuer.text.strip() except AttributeError: _issuer = None # More trust in certs from metadata then certs in the XML document if self.metadata: try: _certs = self.metadata.certs(_issuer, "any", "signing") except KeyError: _certs = [] certs = [] for cert_name, cert in _certs: if isinstance(cert, str): content = pem_format(cert) tmp = make_temp(content, suffix=".pem", decode=False, delete_tmpfiles=self.delete_tmpfiles) certs.append(tmp) else: certs.append(cert) else: certs = [] if not certs and not self.only_use_keys_in_metadata: logger.debug("==== Certs from instance ====") certs = [ make_temp(content=pem_format(cert), suffix=".pem", decode=False, delete_tmpfiles=self.delete_tmpfiles) for cert in cert_from_instance(item) ] else: logger.debug("==== Certs from metadata ==== %s: %s ====", _issuer, certs) if not certs: raise MissingKey(_issuer) try: validate_doc_with_schema(str(item)) except XMLSchemaError as e: error_context = { "message": "Signature verification failed. Invalid document format.", "reason": str(e), "ID": item.id, "issuer": _issuer, "type": node_name, "document": decoded_xml, } raise SignatureError(error_context) from e # saml-core section "5.4 XML Signature Profile" defines constrains on the # xmldsig-core facilities. It explicitly dictates that enveloped signatures # are the only signatures allowed. This means that: # * Assertion/RequestType/ResponseType elements must have an ID attribute # * signatures must have a single Reference element # * the Reference element must have a URI attribute # * the URI attribute contains an anchor # * the anchor points to the enclosing element's ID attribute signed_info = item.signature.signed_info references = signed_info.reference signatures_must_have_a_single_reference_element = len(references) == 1 the_Reference_element_must_have_a_URI_attribute = signatures_must_have_a_single_reference_element and hasattr( references[0], "uri" ) the_URI_attribute_contains_an_anchor = ( the_Reference_element_must_have_a_URI_attribute and references[0].uri.startswith("#") and len(references[0].uri) > 1 ) the_anchor_points_to_the_enclosing_element_ID_attribute = ( the_URI_attribute_contains_an_anchor and references[0].uri == f"#{item.id}" ) # SAML implementations SHOULD use Exclusive Canonicalization, # with or without comments canonicalization_method_is_c14n = signed_info.canonicalization_method.algorithm in ALLOWED_CANONICALIZATIONS # Signatures in SAML messages SHOULD NOT contain transforms other than the # - enveloped signature transform # (with the identifier http://www.w3.org/2000/09/xmldsig#enveloped-signature) # - or the exclusive canonicalization transforms # (with the identifier http://www.w3.org/2001/10/xml-exc-c14n# # or http://www.w3.org/2001/10/xml-exc-c14n#WithComments). transform_algos = [transform.algorithm for transform in references[0].transforms.transform] tranform_algos_valid = ALLOWED_TRANSFORMS.intersection(transform_algos) transform_algos_n = len(transform_algos) tranform_algos_valid_n = len(tranform_algos_valid) the_number_of_transforms_is_one_or_two = ( signatures_must_have_a_single_reference_element and 1 <= transform_algos_n <= 2 ) all_transform_algs_are_allowed = ( the_number_of_transforms_is_one_or_two and transform_algos_n == tranform_algos_valid_n ) the_enveloped_signature_transform_is_defined = ( the_number_of_transforms_is_one_or_two and TRANSFORM_ENVELOPED in transform_algos ) # The element is not defined for use with SAML signatures, # and SHOULD NOT be present. # Since it can be used in service of an attacker by carrying unsigned data, # verifiers SHOULD reject signatures that contain a element. object_element_is_not_present = not item.signature.object validators = { "signatures must have a single reference element": (signatures_must_have_a_single_reference_element), "the Reference element must have a URI attribute": (the_Reference_element_must_have_a_URI_attribute), "the URI attribute contains an anchor": (the_URI_attribute_contains_an_anchor), "the anchor points to the enclosing element ID attribute": ( the_anchor_points_to_the_enclosing_element_ID_attribute ), "canonicalization method is c14n": canonicalization_method_is_c14n, "the number of transforms is one or two": (the_number_of_transforms_is_one_or_two), "all transform algs are allowed": all_transform_algs_are_allowed, "the enveloped signature transform is defined": (the_enveloped_signature_transform_is_defined), "object element is not present": object_element_is_not_present, } if not all(validators.values()): error_context = { "message": "Signature failed to meet constraints on xmldsig", "validators": validators, "item ID": item.id, "reference URI": item.signature.signed_info.reference[0].uri, "issuer": _issuer, "node name": node_name, "xml document": decoded_xml, } raise SignatureError(error_context) verified = False last_pem_file = None for pem_fd in certs: try: last_pem_file = pem_fd.name if self.verify_signature( decoded_xml, pem_fd.name, node_name=node_name, node_id=item.id, ): verified = True break except XmlsecError as exc: logger.error("check_sig: %s", str(exc)) except Exception as exc: logger.error("check_sig: %s", str(exc)) raise if verified or only_valid_cert: if not self.cert_handler.verify_cert(last_pem_file): raise CertificateError("Invalid certificate!") else: > raise SignatureError("Failed to verify signature") E saml2.sigver.SignatureError: Failed to verify signature ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1525: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLEvpSignatureVerify:file=evp_signatures.c:line=449:obj=rsa-sha1:subj=EVP_VerifyFinal_ex:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformVerifyNodeContent:file=transforms.c:line=1544:obj=rsa-sha1:subj=xmlSecTransformVerify:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=367:obj=unknown:subj=xmlSecTransformVerifyNodeContent:error=1:xmlsec library function failed: Error: signature failed ERROR SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 Error: failed to verify file "/tmp/tmp71hqgac7.xml" output= ERROR saml2.sigver:sigver.py:1516 check_sig: ['/usr/bin/xmlsec1', '--verify', '--enabled-reference-uris', 'empty,same-doc', '--enabled-key-data', 'raw-x509-cert', '--pubkey-cert-pem', '/tmp/tmpcl8nnkhq.pem', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'the-assertion-id', '--output', '/tmp/tmp9u4e5g_c.xml', '/tmp/tmp71hqgac7.xml'] ERROR saml2.response:response.py:793 correctly_signed_response: Failed to verify signature =============================== warnings summary =============================== ../../../../../usr/lib64/python3.13/site-packages/bson/__init__.py:193 /usr/lib64/python3.13/site-packages/bson/__init__.py:193: DeprecationWarning: datetime.datetime.utcfromtimestamp() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.fromtimestamp(timestamp, datetime.UTC). EPOCH_NAIVE = datetime.datetime.utcfromtimestamp(0) tests/test_10_time_util.py: 2 warnings tests/test_20_assertion.py: 6 warnings tests/test_32_cache.py: 5 warnings tests/test_34_population.py: 4 warnings tests/test_41_response.py: 4 warnings tests/test_42_enc.py: 6 warnings tests/test_44_authnresp.py: 4 warnings tests/test_50_server.py: 160 warnings tests/test_51_client.py: 145 warnings tests/test_52_default_sign_alg.py: 6 warnings tests/test_62_vo.py: 2 warnings tests/test_63_ecp.py: 5 warnings tests/test_64_artifact.py: 4 warnings tests/test_65_authn_query.py: 7 warnings tests/test_66_name_id_mapping.py: 2 warnings tests/test_67_manage_name_id.py: 3 warnings tests/test_68_assertion_id.py: 4 warnings tests/test_89_http_post_relay_state.py: 2 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/time_util.py:177: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). return datetime.utcnow() + delta tests/test_50_server.py: 7 warnings tests/test_51_client.py: 27 warnings tests/test_63_ecp.py: 3 warnings tests/test_64_artifact.py: 2 warnings tests/test_65_authn_query.py: 5 warnings tests/test_66_name_id_mapping.py: 2 warnings tests/test_67_manage_name_id.py: 3 warnings tests/test_68_assertion_id.py: 2 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/time_util.py:187: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). return datetime.utcnow() - delta tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 12 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:141: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. cert = crypto.X509Req() tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 12 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:161: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. tmp_cert = crypto.dump_certificate_request(crypto.FILETYPE_PEM, cert) tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 12 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:246: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. req_cert = crypto.load_certificate_request(crypto.FILETYPE_PEM, request_cert_str) tests/test_50_server.py: 8 warnings tests/test_81_certificates.py: 17 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:281: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). now = pytz.UTC.localize(datetime.datetime.utcnow()) tests/test_50_server.py::TestServer1::test_encrypted_response_6 tests/test_50_server.py::TestServer1::test_encrypted_response_6 tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains tests/test_81_certificates.py::TestGenerateCertificates::test_validate_expire tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:331: DeprecationWarning: verify() is deprecated. Use the equivalent APIs in cryptography. crypto.verify(ca_cert, cert_crypto.signature, cert_crypto.tbs_certificate_bytes, cert_algorithm) tests/test_92_aes.py: 35 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/symmetric.py:124: DeprecationWarning: AESCipher type is deprecated. It will be removed in the next version. Use saml2.cryptography.symmetric.Default or saml2.cryptography.symmetric.Fernet instead. _warn(_deprecation_msg, DeprecationWarning) -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html =========================== short test summary info ============================ SKIPPED [1] tests/test_37_entity_categories.py:296: Temporarily disabled SKIPPED [1] tests/test_37_entity_categories.py:325: Temporarily disabled SKIPPED [1] tests/test_37_entity_categories.py:358: Temporarily disabled SKIPPED [1] tests/test_40_sigver.py:101: pyasn1 is not installed SKIPPED [1] tests/test_60_sp.py:59: s2repoze dependencies not installed SKIPPED [1] tests/test_60_sp.py:62: s2repoze dependencies not installed ERROR tests/test_41_response.py::TestResponse::test_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sHXDsiBrd2uD1mNvT', '--output', '/tmp/tmp58yqbavg.xml', '/tmp/tmpxpptibns.xml'] ERROR tests/test_41_response.py::TestResponse::test_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sHXDsiBrd2uD1mNvT', '--output', '/tmp/tmp58yqbavg.xml', '/tmp/tmpxpptibns.xml'] ERROR tests/test_41_response.py::TestResponse::test_issuer_none - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sHXDsiBrd2uD1mNvT', '--output', '/tmp/tmp58yqbavg.xml', '/tmp/tmpxpptibns.xml'] ERROR tests/test_41_response.py::TestResponse::test_false_sign - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sHXDsiBrd2uD1mNvT', '--output', '/tmp/tmp58yqbavg.xml', '/tmp/tmpxpptibns.xml'] ERROR tests/test_41_response.py::TestResponse::test_other_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sHXDsiBrd2uD1mNvT', '--output', '/tmp/tmp58yqbavg.xml', '/tmp/tmpxpptibns.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_signed_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_parse_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_w_authn - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_unpack_nested_eptid - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_multiple_attribute_statement - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-aXi9ZnNs0SbFaYwtf', '--output', '/tmp/tmpeaflynsb.xml', '/tmp/tmp6nupnkvo.xml'] FAILED tests/test_39_metadata.py::test_signed_metadata_proper_str_bytes_handling - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', '--output', '/tmp/tmp_hor594y.xml', '/tmp/tmpc_u467i_.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpo20zw5j1.xml', '/tmp/tmp1u4zy_48.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpo3yufycn.xml', '/tmp/tmp2d3w7d_5.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpfwnnaaqj.xml', '/tmp/tmp907e4up3.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp6bv2lmqk.xml', '/tmp/tmp5pu1jwuw.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmp4s5vtnch.xml', '/tmp/tmpft6x91yt.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpx5loi3vo.xml', '/tmp/tmpusjbxb3t.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp9kfa9ala.xml', '/tmp/tmp67rr3mh2.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify_assertion_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmp5gq1liqk.xml', '/tmp/tmp1939b68w.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_exception_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmp9fmtcase.xml', '/tmp/tmp4y3eqqik.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpgdaophhp.xml', '/tmp/tmpnbschs6w.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmparq5x88c.xml', '/tmp/tmptvav1273.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpic0pcyzi.xml', '/tmp/tmp06x96583.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp_j8rmjtn.xml', '/tmp/tmp_mwj96gp.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmph8dtcwgf.xml', '/tmp/tmpct1z78kw.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp08ernaoz.xml', '/tmp/tmp70ej9tg6.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpa6r6eh8s.xml', '/tmp/tmpx_po0jhw.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_assertion_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmpvas9lxc7.xml', '/tmp/tmpnjuf29jd.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_exception_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpg28ho1wr.xml', '/tmp/tmpc9z8myqz.xml'] FAILED tests/test_40_sigver.py::test_xbox - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp8wk8_1hg.xml', '/tmp/tmpl3o1nblx.xml'] FAILED tests/test_40_sigver.py::test_xbox_non_ascii_ava - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp1odjcjbn.xml', '/tmp/tmphi57e9ig.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-V0tffbka7b6G5lVmY', '--output', '/tmp/tmpin3w7emk.xml', '/tmp/tmp6rp8r6oc.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-d1gT6WLWiKgCKG233', '--output', '/tmp/tmp1zhcm0ei.xml', '/tmp/tmptkfzlyy_.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-fMp36e04Rcz88JEvs', '--output', '/tmp/tmpmpl4ho6v.xml', '/tmp/tmpo_9xmcrb.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-vTHRwJ7WzTs6GqLPR', '--output', '/tmp/tmpfxoj5iws.xml', '/tmp/tmpwkyn4ug6.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-hpWLlLpwvujUiS2ux', '--output', '/tmp/tmp6q_qys07.xml', '/tmp/tmpgy7dql9f.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-19wqWrw8Hm4HOyCHc', '--output', '/tmp/tmpf8i7kpoi.xml', '/tmp/tmpvkl3rvx3.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-x86fPbzbamU6SwQtV', '--output', '/tmp/tmpjq1ph3ho.xml', '/tmp/tmp9ng735nf.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Kq3ELpp4X8sQncDhS', '--output', '/tmp/tmp9se_8zqe.xml', '/tmp/tmpp3oa_9zf.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wt3WGSV2iCNbJlPfc', '--output', '/tmp/tmpm11tmse6.xml', '/tmp/tmpsk9_uoqq.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-bk79g6srGGwPM0Nlb', '--output', '/tmp/tmpqexvlxr5.xml', '/tmp/tmp3h0ajp_z.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-klXrOOpjfV9AQkuPv', '--output', '/tmp/tmpwjxgp7b4.xml', '/tmp/tmpj_qq24tx.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-pGhVt3oZFwfR8gPj4', '--output', '/tmp/tmpf_jox0fz.xml', '/tmp/tmpr7kxf0kn.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Nol8Jgr9i2PUBNppW', '--output', '/tmp/tmpkycjwy3u.xml', '/tmp/tmp74924_mg.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-GCKkfT57fyjR7MuHn', '--output', '/tmp/tmphincwj5b.xml', '/tmp/tmp5m52zwln.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-JWk7z6KAEvDQHQsaj', '--output', '/tmp/tmpk0r7jclf.xml', '/tmp/tmpry3wp358.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-LtSJm0iMfr9Z7BAkt', '--output', '/tmp/tmp_gq2ucjs.xml', '/tmp/tmphrzjg043.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_auth_request_0 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpd3tupc82.xml', '/tmp/tmprnt7938d.xml'] FAILED tests/test_51_client.py::TestClient::test_logout_response - saml2.SAMLError: {'message': 'No supported bindings found to create LogoutResponse', 'issuer': 'urn:mace:example.com:saml:roland:idp', 'response_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']} FAILED tests/test_51_client.py::TestClient::test_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-dzA2reRs8zsANpfKG', '--output', '/tmp/tmpdthqdv5c.xml', '/tmp/tmp55_qp4wi.xml'] FAILED tests/test_51_client.py::TestClient::test_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-V0dmURQ2vTFSanfoT', '--output', '/tmp/tmp05dzdsqh.xml', '/tmp/tmp1537b_yu.xml'] FAILED tests/test_51_client.py::TestClient::test_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ECWrDCUiC6Lbk2Ae9', '--output', '/tmp/tmpyxbi647_.xml', '/tmp/tmpwqln82j6.xml'] FAILED tests/test_51_client.py::TestClient::test_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-j38pa87ZhUtboBPN4', '--output', '/tmp/tmpzzmtq6gd.xml', '/tmp/tmphuihly15.xml'] FAILED tests/test_51_client.py::TestClient::test_response_5 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-acz7PgWb1Qb87D4sj', '--output', '/tmp/tmpks7n1ua5.xml', '/tmp/tmpi9a2ehxo.xml'] FAILED tests/test_51_client.py::TestClient::test_response_6 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-OUD8bre9ySgqVFYtG', '--output', '/tmp/tmp8edfi4vw.xml', '/tmp/tmplvlycfdm.xml'] FAILED tests/test_51_client.py::TestClient::test_response_7 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-krumpp5aTRxnPS2vC', '--output', '/tmp/tmp63pgpmm6.xml', '/tmp/tmpydsmtu4j.xml'] FAILED tests/test_51_client.py::TestClient::test_response_8 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Kr1XUVWbL5rZhaTvQ', '--output', '/tmp/tmpym7hvloo.xml', '/tmp/tmpk7nrkp51.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-3j2eUSKdJrWPMjxd5', '--output', '/tmp/tmp5hi9wr4o.xml', '/tmp/tmpue44_q2m.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-K9vx95yPEGgVd9eZ5', '--output', '/tmp/tmp8zfiziyh.xml', '/tmp/tmpzsxf_hiw.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-EG886WBwnv57kZDXk', '--output', '/tmp/tmp7hz3l3s7.xml', '/tmp/tmpzmlappr4.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-vRLSs3wnSWZ66VSIy', '--output', '/tmp/tmps7cbrrne.xml', '/tmp/tmp578khvlk.xml'] FAILED tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_signed_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_post - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-THxfDAEDq2ak2uZJa', '--output', '/tmp/tmpuau1hti8.xml', '/tmp/tmp2_jypkn0.xml'] FAILED tests/test_51_client.py::TestClient::test_do_logout_session_expired - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-XSq2LeV0DgbQt5MxL', '--output', '/tmp/tmp95cxvz65.xml', '/tmp/tmp7ze__871.xml'] FAILED tests/test_51_client.py::TestClient::test_signature_wants - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-sknjBfpMWE2sIcrF8', '--output', '/tmp/tmpr5d390oc.xml', '/tmp/tmpk_lnv1gz.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpwdwwhnur.xml', '/tmp/tmp7my6fvj_.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-uRxiuhEp148NQxlLc', '--output', '/tmp/tmpl1ocqep7.xml', '/tmp/tmp9o3e6yv9.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-BbYNSIY7OnHAUq84D', '--output', '/tmp/tmpvcz1h22z.xml', '/tmp/tmpghr3vc3g.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-J8xZIrWGWb3boKF7T', '--output', '/tmp/tmp1w6szyld.xml', '/tmp/tmpys014czs.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-lCXavUvEyyxEJ4pfc', '--output', '/tmp/tmp59jynyrb.xml', '/tmp/tmpolfus3q2.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wTzmDm07M5ZWpalJx', '--output', '/tmp/tmpx5aq2nch.xml', '/tmp/tmpdjgznd24.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-r9Ybsy13CYVMvsGOl', '--output', '/tmp/tmps8dye2y_.xml', '/tmp/tmp_nc3nmjr.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-n9mm7vwZN7y3e066m', '--output', '/tmp/tmp4e_nb57u.xml', '/tmp/tmp5954o10d.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-AqYaDgQz7QUV1v2wb', '--output', '/tmp/tmpgfc3n4bn.xml', '/tmp/tmpsqgog1b4.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XtKH6pGtbSg8lRh3U', '--output', '/tmp/tmpvljh1yer.xml', '/tmp/tmp2f3nnje3.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-jZsz7QuHHFRdj0VDJ', '--output', '/tmp/tmpgzbspluf.xml', '/tmp/tmply5935n5.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ENcRxW6XfEep6U4B8', '--output', '/tmp/tmpdse1d2gv.xml', '/tmp/tmpxie7gjl2.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ND1a92yGEgPotz2gi', '--output', '/tmp/tmptcefm5fp.xml', '/tmp/tmpdalqbdcj.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-ARcGtmSDz2NKiC2ES', '--output', '/tmp/tmpc_q2nirn.xml', '/tmp/tmpygvx2syj.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-rlvnQGLNkXXUH82yl', '--output', '/tmp/tmpan8vwxrz.xml', '/tmp/tmpeh7m66qi.xml'] FAILED tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-D77HKAt6DdN6mSaOM', '--output', '/tmp/tmpykbg3575.xml', '/tmp/tmprev93vml.xml'] FAILED tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-1lXGm7GEErWXHxBWw', '--output', '/tmp/tmpk3plw_9p.xml', '/tmp/tmp587hxlrp.xml'] FAILED tests/test_70_redirect_signing.py::test - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored - saml2.sigver.SignatureError: Failed to verify signature = 77 failed, 691 passed, 6 skipped, 612 warnings, 11 errors in 179.49s (0:02:59) = error: Bad exit status from /var/tmp/rpm-tmp.A4ms6Q (%check) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.A4ms6Q (%check) Child return code was: 1 EXCEPTION: [Error('Command failed: \n # /usr/bin/systemd-nspawn -q -M 1f5c1ef7910a44899dd69fb53fb1118b -D /var/lib/mock/f42-build-54985672-6531591/root -a -u mockbuild --capability=cap_ipc_lock --bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf --bind=/dev/btrfs-control --bind=/dev/mapper/control --bind=/dev/fuse --bind=/dev/loop-control --bind=/dev/loop0 --bind=/dev/loop1 --bind=/dev/loop2 --bind=/dev/loop3 --bind=/dev/loop4 --bind=/dev/loop5 --bind=/dev/loop6 --bind=/dev/loop7 --bind=/dev/loop8 --bind=/dev/loop9 --bind=/dev/loop10 --bind=/dev/loop11 --console=pipe --setenv=TERM=vt100 --setenv=SHELL=/bin/bash --setenv=HOME=/builddir --setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin \'--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"\' \'--setenv=PS1= \\s-\\v\\$ \' --setenv=LANG=C.UTF-8 --resolv-conf=off bash --login -c \'/usr/bin/rpmbuild -ba --noprep --noclean --target noarch /builddir/build/SPECS/python-pysaml2.spec\'\n', 1)] Traceback (most recent call last): File "/usr/lib/python3.12/site-packages/mockbuild/trace_decorator.py", line 93, in trace result = func(*args, **kw) ^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/mockbuild/util.py", line 612, in do_with_status raise exception.Error("Command failed: \n # %s\n%s" % (cmd_pretty(command, env), output), child.returncode) mockbuild.exception.Error: Command failed: # /usr/bin/systemd-nspawn -q -M 1f5c1ef7910a44899dd69fb53fb1118b -D /var/lib/mock/f42-build-54985672-6531591/root -a -u mockbuild --capability=cap_ipc_lock --bind=/tmp/mock-resolv.r5r3qblf:/etc/resolv.conf --bind=/dev/btrfs-control --bind=/dev/mapper/control --bind=/dev/fuse --bind=/dev/loop-control --bind=/dev/loop0 --bind=/dev/loop1 --bind=/dev/loop2 --bind=/dev/loop3 --bind=/dev/loop4 --bind=/dev/loop5 --bind=/dev/loop6 --bind=/dev/loop7 --bind=/dev/loop8 --bind=/dev/loop9 --bind=/dev/loop10 --bind=/dev/loop11 --console=pipe --setenv=TERM=vt100 --setenv=SHELL=/bin/bash --setenv=HOME=/builddir --setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin '--setenv=PROMPT_COMMAND=printf "\033]0;\007"' '--setenv=PS1= \s-\v\$ ' --setenv=LANG=C.UTF-8 --resolv-conf=off bash --login -c '/usr/bin/rpmbuild -ba --noprep --noclean --target noarch /builddir/build/SPECS/python-pysaml2.spec'