Mock Version: 6.1 Mock Version: 6.1 Mock Version: 6.1 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f43-build-59071901-6570839/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'unshare_net=TrueprintOutput=Falsenspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', '6e5d9c94d402467c98215ec1e880186b', '-D', '/var/lib/mock/f43-build-59071901-6570839/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-5.fc43.src.rpm Child return code was: 0 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -br --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f43-build-59071901-6570839/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'unshare_net=TrueraiseExc=FalseprintOutput=Falsenspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', 'e4c8385a10f1410f8314779ced712158', '-D', '/var/lib/mock/f43-build-59071901-6570839/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -br --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Executing(%mkbuilddir): /bin/sh -e /var/tmp/rpm-tmp.84JdNn Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.ky4uDZ + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + rm -rf pysaml2-7.4.2 + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/pysaml2-7.4.2.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd pysaml2-7.4.2 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + /usr/bin/git init -q + /usr/bin/git config user.name rpm-build + /usr/bin/git config user.email '' + /usr/bin/git config gc.auto 0 + /usr/bin/git add --force . + GIT_COMMITTER_DATE=@1717804800 + GIT_AUTHOR_DATE=@1717804800 + /usr/bin/git commit -q --no-gpg-sign --allow-empty -a --author 'rpm-build ' -m 'python-pysaml2-7.4.2 base' + /usr/bin/git checkout --track -b rpm-build Switched to a new branch 'rpm-build' branch 'rpm-build' set up to track 'master'. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/0001-Remove-utility-from-packaging.patch + /usr/bin/git apply --index --reject - Checking patch pyproject.toml... Applied patch pyproject.toml cleanly. + GIT_COMMITTER_DATE=@1717804800 + GIT_AUTHOR_DATE=@1717804800 + /usr/bin/git commit -q --no-gpg-sign -m 0001-Remove-utility-from-packaging.patch --author 'rpm-build ' + sed -i 's|f"""#!/usr/bin/env python|f"""|' src/saml2/tools/parse_xsd2.py + find src -name '*.py' + read source + head -n1 src/saml2/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/__init__.py src/saml2/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/__init__.py + touch --ref=src/saml2/__init__.py.ts src/saml2/__init__.py + rm src/saml2/__init__.py.ts + read source + head -n1 src/saml2/algsupport.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/argtree.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/assertion.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/assertion.py src/saml2/assertion.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/assertion.py + touch --ref=src/saml2/assertion.py.ts src/saml2/assertion.py + rm src/saml2/assertion.py.ts + read source + head -n1 src/saml2/attribute_converter.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/attribute_converter.py src/saml2/attribute_converter.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/attribute_converter.py + touch --ref=src/saml2/attribute_converter.py.ts src/saml2/attribute_converter.py + rm src/saml2/attribute_converter.py.ts + read source + head -n1 src/saml2/attribute_resolver.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/attribute_resolver.py src/saml2/attribute_resolver.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/attribute_resolver.py + touch --ref=src/saml2/attribute_resolver.py.ts src/saml2/attribute_resolver.py + rm src/saml2/attribute_resolver.py.ts + read source + head -n1 src/saml2/attributemaps/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/adfs_v1x.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/adfs_v20.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/basic.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/saml_uri.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/shibboleth_uri.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/authn.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/authn_context/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/authn_context/ippword.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/ippword.py src/saml2/authn_context/ippword.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/ippword.py + touch --ref=src/saml2/authn_context/ippword.py.ts src/saml2/authn_context/ippword.py + rm src/saml2/authn_context/ippword.py.ts + read source + head -n1 src/saml2/authn_context/mobiletwofactor.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/mobiletwofactor.py src/saml2/authn_context/mobiletwofactor.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/mobiletwofactor.py + touch --ref=src/saml2/authn_context/mobiletwofactor.py.ts src/saml2/authn_context/mobiletwofactor.py + rm src/saml2/authn_context/mobiletwofactor.py.ts + read source + head -n1 src/saml2/authn_context/ppt.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/ppt.py src/saml2/authn_context/ppt.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/ppt.py + touch --ref=src/saml2/authn_context/ppt.py.ts src/saml2/authn_context/ppt.py + rm src/saml2/authn_context/ppt.py.ts + read source + head -n1 src/saml2/authn_context/pword.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/pword.py src/saml2/authn_context/pword.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/pword.py + touch --ref=src/saml2/authn_context/pword.py.ts src/saml2/authn_context/pword.py + rm src/saml2/authn_context/pword.py.ts + read source + head -n1 src/saml2/authn_context/sslcert.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/sslcert.py src/saml2/authn_context/sslcert.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/sslcert.py + touch --ref=src/saml2/authn_context/sslcert.py.ts src/saml2/authn_context/sslcert.py + rm src/saml2/authn_context/sslcert.py.ts + read source + head -n1 src/saml2/authn_context/timesync.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/timesync.py src/saml2/authn_context/timesync.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/timesync.py + touch --ref=src/saml2/authn_context/timesync.py.ts src/saml2/authn_context/timesync.py + rm src/saml2/authn_context/timesync.py.ts + read source + head -n1 src/saml2/cache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/cache.py src/saml2/cache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/cache.py + touch --ref=src/saml2/cache.py.ts src/saml2/cache.py + rm src/saml2/cache.py.ts + read source + head -n1 src/saml2/cert.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/client.py + grep -F /usr/bin/env # !/usr/bin/env python + touch --ref=src/saml2/client.py src/saml2/client.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/client.py + touch --ref=src/saml2/client.py.ts src/saml2/client.py + rm src/saml2/client.py.ts + read source + head -n1 src/saml2/client_base.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/client_base.py src/saml2/client_base.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/client_base.py + touch --ref=src/saml2/client_base.py.ts src/saml2/client_base.py + rm src/saml2/client_base.py.ts + read source + head -n1 src/saml2/config.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/country_codes.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/country_codes.py src/saml2/country_codes.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/country_codes.py + touch --ref=src/saml2/country_codes.py.ts src/saml2/country_codes.py + rm src/saml2/country_codes.py.ts + read source + head -n1 src/saml2/cryptography/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/asymmetric.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/errors.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/pki.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/symmetric.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/schemas/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/templates/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/discovery.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ecp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ecp.py src/saml2/ecp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ecp.py + touch --ref=src/saml2/ecp.py.ts src/saml2/ecp.py + rm src/saml2/ecp.py.ts + read source + head -n1 src/saml2/ecp_client.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ecp_client.py src/saml2/ecp_client.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ecp_client.py + touch --ref=src/saml2/ecp_client.py.ts src/saml2/ecp_client.py + rm src/saml2/ecp_client.py.ts + read source + head -n1 src/saml2/entity.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/at_egov_pvp2.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/edugain.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/incommon.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/refeds.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/swamid.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/eptid.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/extension/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/extension/algsupport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/algsupport.py src/saml2/extension/algsupport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/algsupport.py + touch --ref=src/saml2/extension/algsupport.py.ts src/saml2/extension/algsupport.py + rm src/saml2/extension/algsupport.py.ts + read source + head -n1 src/saml2/extension/dri.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/dri.py src/saml2/extension/dri.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/dri.py + touch --ref=src/saml2/extension/dri.py.ts src/saml2/extension/dri.py + rm src/saml2/extension/dri.py.ts + read source + head -n1 src/saml2/extension/idpdisc.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/idpdisc.py src/saml2/extension/idpdisc.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/idpdisc.py + touch --ref=src/saml2/extension/idpdisc.py.ts src/saml2/extension/idpdisc.py + rm src/saml2/extension/idpdisc.py.ts + read source + head -n1 src/saml2/extension/mdattr.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdattr.py src/saml2/extension/mdattr.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdattr.py + touch --ref=src/saml2/extension/mdattr.py.ts src/saml2/extension/mdattr.py + rm src/saml2/extension/mdattr.py.ts + read source + head -n1 src/saml2/extension/mdrpi.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdrpi.py src/saml2/extension/mdrpi.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdrpi.py + touch --ref=src/saml2/extension/mdrpi.py.ts src/saml2/extension/mdrpi.py + rm src/saml2/extension/mdrpi.py.ts + read source + head -n1 src/saml2/extension/mdui.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdui.py src/saml2/extension/mdui.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdui.py + touch --ref=src/saml2/extension/mdui.py.ts src/saml2/extension/mdui.py + rm src/saml2/extension/mdui.py.ts + read source + head -n1 src/saml2/extension/pefim.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/pefim.py src/saml2/extension/pefim.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/pefim.py + touch --ref=src/saml2/extension/pefim.py.ts src/saml2/extension/pefim.py + rm src/saml2/extension/pefim.py.ts + read source + head -n1 src/saml2/extension/reqinit.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/reqinit.py src/saml2/extension/reqinit.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/reqinit.py + touch --ref=src/saml2/extension/reqinit.py.ts src/saml2/extension/reqinit.py + rm src/saml2/extension/reqinit.py.ts + read source + head -n1 src/saml2/extension/requested_attributes.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/requested_attributes.py src/saml2/extension/requested_attributes.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/requested_attributes.py + touch --ref=src/saml2/extension/requested_attributes.py.ts src/saml2/extension/requested_attributes.py + rm src/saml2/extension/requested_attributes.py.ts + read source + head -n1 src/saml2/extension/shibmd.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/shibmd.py src/saml2/extension/shibmd.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/shibmd.py + touch --ref=src/saml2/extension/shibmd.py.ts src/saml2/extension/shibmd.py + rm src/saml2/extension/shibmd.py.ts + read source + head -n1 src/saml2/extension/sp_type.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/sp_type.py src/saml2/extension/sp_type.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/sp_type.py + touch --ref=src/saml2/extension/sp_type.py.ts src/saml2/extension/sp_type.py + rm src/saml2/extension/sp_type.py.ts + read source + head -n1 src/saml2/filter.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/httpbase.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/httputil.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ident.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/mcache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mcache.py src/saml2/mcache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mcache.py + touch --ref=src/saml2/mcache.py.ts src/saml2/mcache.py + rm src/saml2/mcache.py.ts + read source + head -n1 src/saml2/md.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/md.py src/saml2/md.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/md.py + touch --ref=src/saml2/md.py.ts src/saml2/md.py + rm src/saml2/md.py.ts + read source + head -n1 src/saml2/mdbcache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mdbcache.py src/saml2/mdbcache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mdbcache.py + touch --ref=src/saml2/mdbcache.py.ts src/saml2/mdbcache.py + rm src/saml2/mdbcache.py.ts + read source + head -n1 src/saml2/mdie.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mdie.py src/saml2/mdie.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mdie.py + touch --ref=src/saml2/mdie.py.ts src/saml2/mdie.py + rm src/saml2/mdie.py.ts + read source + head -n1 src/saml2/mdstore.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/metadata.py src/saml2/metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/metadata.py + touch --ref=src/saml2/metadata.py.ts src/saml2/metadata.py + rm src/saml2/metadata.py.ts + read source + head -n1 src/saml2/mongo_store.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/pack.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/population.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/profile/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/profile/ecp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/profile/ecp.py src/saml2/profile/ecp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/profile/ecp.py + touch --ref=src/saml2/profile/ecp.py.ts src/saml2/profile/ecp.py + rm src/saml2/profile/ecp.py.ts + read source + head -n1 src/saml2/profile/paos.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/profile/paos.py src/saml2/profile/paos.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/profile/paos.py + touch --ref=src/saml2/profile/paos.py.ts src/saml2/profile/paos.py + rm src/saml2/profile/paos.py.ts + read source + head -n1 src/saml2/profile/samlec.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/request.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/response.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/response.py src/saml2/response.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/response.py + touch --ref=src/saml2/response.py.ts src/saml2/response.py + rm src/saml2/response.py.ts + read source + head -n1 src/saml2/s2repoze/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/challenge_decider.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/entitlement.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/s2repoze/plugins/entitlement.py src/saml2/s2repoze/plugins/entitlement.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/s2repoze/plugins/entitlement.py + touch --ref=src/saml2/s2repoze/plugins/entitlement.py.ts src/saml2/s2repoze/plugins/entitlement.py + rm src/saml2/s2repoze/plugins/entitlement.py.ts + read source + head -n1 src/saml2/s2repoze/plugins/formswithhidden.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/ini.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/sp.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s_utils.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/s_utils.py src/saml2/s_utils.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/s_utils.py + touch --ref=src/saml2/s_utils.py.ts src/saml2/s_utils.py + rm src/saml2/s_utils.py.ts + read source + head -n1 src/saml2/saml.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/saml.py src/saml2/saml.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/saml.py + touch --ref=src/saml2/saml.py.ts src/saml2/saml.py + rm src/saml2/saml.py.ts + read source + head -n1 src/saml2/samlp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/samlp.py src/saml2/samlp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/samlp.py + touch --ref=src/saml2/samlp.py.ts src/saml2/samlp.py + rm src/saml2/samlp.py.ts + read source + head -n1 src/saml2/schema/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/schema/soap.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/soap.py src/saml2/schema/soap.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/soap.py + touch --ref=src/saml2/schema/soap.py.ts src/saml2/schema/soap.py + rm src/saml2/schema/soap.py.ts + read source + head -n1 src/saml2/schema/soapenv.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/soapenv.py src/saml2/schema/soapenv.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/soapenv.py + touch --ref=src/saml2/schema/soapenv.py.ts src/saml2/schema/soapenv.py + rm src/saml2/schema/soapenv.py.ts + read source + head -n1 src/saml2/schema/wsdl.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/wsdl.py src/saml2/schema/wsdl.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py.ts src/saml2/schema/wsdl.py + rm src/saml2/schema/wsdl.py.ts + read source + head -n1 src/saml2/sdb.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/server.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/server.py src/saml2/server.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/server.py + touch --ref=src/saml2/server.py.ts src/saml2/server.py + rm src/saml2/server.py.ts + read source + head -n1 src/saml2/sigver.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/soap.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/soap.py src/saml2/soap.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/soap.py + touch --ref=src/saml2/soap.py.ts src/saml2/soap.py + rm src/saml2/soap.py.ts + read source + head -n1 src/saml2/time_util.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/time_util.py src/saml2/time_util.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/time_util.py + touch --ref=src/saml2/time_util.py.ts src/saml2/time_util.py + rm src/saml2/time_util.py.ts + read source + head -n1 src/saml2/tools/make_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/make_metadata.py src/saml2/tools/make_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/make_metadata.py + touch --ref=src/saml2/tools/make_metadata.py.ts src/saml2/tools/make_metadata.py + rm src/saml2/tools/make_metadata.py.ts + read source + head -n1 src/saml2/tools/mdexport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdexport.py src/saml2/tools/mdexport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdexport.py + touch --ref=src/saml2/tools/mdexport.py.ts src/saml2/tools/mdexport.py + rm src/saml2/tools/mdexport.py.ts + read source + head -n1 src/saml2/tools/mdexport_test.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdexport_test.py src/saml2/tools/mdexport_test.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdexport_test.py + touch --ref=src/saml2/tools/mdexport_test.py.ts src/saml2/tools/mdexport_test.py + rm src/saml2/tools/mdexport_test.py.ts + read source + head -n1 src/saml2/tools/mdimport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdimport.py src/saml2/tools/mdimport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdimport.py + touch --ref=src/saml2/tools/mdimport.py.ts src/saml2/tools/mdimport.py + rm src/saml2/tools/mdimport.py.ts + read source + head -n1 src/saml2/tools/merge_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/merge_metadata.py src/saml2/tools/merge_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/merge_metadata.py + touch --ref=src/saml2/tools/merge_metadata.py.ts src/saml2/tools/merge_metadata.py + rm src/saml2/tools/merge_metadata.py.ts + read source + head -n1 src/saml2/tools/sync_attrmaps.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/sync_attrmaps.py src/saml2/tools/sync_attrmaps.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/sync_attrmaps.py + touch --ref=src/saml2/tools/sync_attrmaps.py.ts src/saml2/tools/sync_attrmaps.py + rm src/saml2/tools/sync_attrmaps.py.ts + read source + head -n1 src/saml2/tools/verify_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/verify_metadata.py src/saml2/tools/verify_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/verify_metadata.py + touch --ref=src/saml2/tools/verify_metadata.py.ts src/saml2/tools/verify_metadata.py + rm src/saml2/tools/verify_metadata.py.ts + read source + head -n1 src/saml2/tools/parse_xsd2.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/parse_xsd2.py src/saml2/tools/parse_xsd2.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/parse_xsd2.py + touch --ref=src/saml2/tools/parse_xsd2.py.ts src/saml2/tools/parse_xsd2.py + rm src/saml2/tools/parse_xsd2.py.ts + read source + head -n1 src/saml2/userinfo/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/userinfo/ldapinfo.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/validate.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/version.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/virtual_org.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ws/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ws/wsaddr.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wsaddr.py src/saml2/ws/wsaddr.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wsaddr.py + touch --ref=src/saml2/ws/wsaddr.py.ts src/saml2/ws/wsaddr.py + rm src/saml2/ws/wsaddr.py.ts + read source + head -n1 src/saml2/ws/wspol.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wspol.py src/saml2/ws/wspol.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wspol.py + touch --ref=src/saml2/ws/wspol.py.ts src/saml2/ws/wspol.py + rm src/saml2/ws/wspol.py.ts + read source + head -n1 src/saml2/ws/wssec.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wssec.py src/saml2/ws/wssec.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wssec.py + touch --ref=src/saml2/ws/wssec.py.ts src/saml2/ws/wssec.py + rm src/saml2/ws/wssec.py.ts + read source + head -n1 src/saml2/ws/wstrust.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wstrust.py src/saml2/ws/wstrust.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wstrust.py + touch --ref=src/saml2/ws/wstrust.py.ts src/saml2/ws/wstrust.py + rm src/saml2/ws/wstrust.py.ts + read source + head -n1 src/saml2/ws/wsutil.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wsutil.py src/saml2/ws/wsutil.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wsutil.py + touch --ref=src/saml2/ws/wsutil.py.ts src/saml2/ws/wsutil.py + rm src/saml2/ws/wsutil.py.ts + read source + head -n1 src/saml2/xml/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/xml/schema/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/xmldsig/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/xmldsig/__init__.py src/saml2/xmldsig/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/xmldsig/__init__.py + touch --ref=src/saml2/xmldsig/__init__.py.ts src/saml2/xmldsig/__init__.py + rm src/saml2/xmldsig/__init__.py.ts + read source + head -n1 src/saml2/xmlenc/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/xmlenc/__init__.py src/saml2/xmlenc/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/xmlenc/__init__.py + touch --ref=src/saml2/xmlenc/__init__.py.ts src/saml2/xmlenc/__init__.py + rm src/saml2/xmlenc/__init__.py.ts + read source + head -n1 src/saml2test/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/check.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/interaction.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/opfunc.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/status.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/tool.py + grep -F /usr/bin/env + read source + head -n1 src/utility/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/utility/metadata.py + grep -F /usr/bin/env + read source + source=src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py src/saml2/schema/wsdl.py.ts + sed -i '1,3{d;q}' src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py.ts src/saml2/schema/wsdl.py + rm src/saml2/schema/wsdl.py.ts + RPM_EC=0 ++ jobs -p + exit 0 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.tOe9pJ + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + FEDORA=43 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement not satisfied: poetry_core>=1.0.0 Exiting dependency generation pass: build backend + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-buildrequires + rm -rfv '*.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-5.fc43.buildreqs.nosrc.rpm Child return code was: 11 Dynamic buildrequires detected Going to install missing buildrequires. See root.log for details. ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f43-build-59071901-6570839/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'unshare_net=TrueraiseExc=FalseprintOutput=Falsenspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', '9ba58f8a2abf443d926916a945c8b28c', '-D', '/var/lib/mock/f43-build-59071901-6570839/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.yWtsfP + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + FEDORA=43 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 2.1.2) Handling tox-current-env >= 0.0.16 from tox itself Requirement not satisfied: tox-current-env >= 0.0.16 Exiting dependency generation pass: tox itself + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-buildrequires + rm -rfv '*.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-5.fc43.buildreqs.nosrc.rpm Child return code was: 11 Dynamic buildrequires detected Going to install missing buildrequires. See root.log for details. ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f43-build-59071901-6570839/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'unshare_net=TrueraiseExc=FalseprintOutput=Falsenspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', 'bb29fbe98892409d94f3b7b4fb9998cc', '-D', '/var/lib/mock/f43-build-59071901-6570839/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.8p0lEn + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + FEDORA=43 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 2.1.2) Handling tox-current-env >= 0.0.16 from tox itself Requirement satisfied: tox-current-env >= 0.0.16 (installed: tox-current-env 0.0.16) py313: OK (0.01 seconds) congratulations :) (0.09 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.25.0) py313: OK (0.01 seconds) congratulations :) (0.08 seconds) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: cryptography (>=3.1) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: defusedxml Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: pyopenssl Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: python-dateutil Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: pytz Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.3) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: xmlschema (>=1.2.1) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/LICENSE' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-5.fc43.buildreqs.nosrc.rpm Child return code was: 11 Dynamic buildrequires detected Going to install missing buildrequires. See root.log for details. ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f43-build-59071901-6570839/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'unshare_net=TrueraiseExc=FalseprintOutput=Falsenspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', 'bd67ed0e97014616bcd581914273dfd9', '-D', '/var/lib/mock/f43-build-59071901-6570839/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -br --noprep --noclean --target noarch --nodeps /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.rYdzlX + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + FEDORA=43 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 2.1.2) Handling tox-current-env >= 0.0.16 from tox itself Requirement satisfied: tox-current-env >= 0.0.16 (installed: tox-current-env 0.0.16) py313: OK (0.01 seconds) congratulations :) (0.08 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.25.0) py313: OK (0.01 seconds) congratulations :) (0.09 seconds) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: cryptography (>=3.1) (installed: cryptography 44.0.0) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: defusedxml (installed: defusedxml 0.7.1) Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pyopenssl (installed: pyopenssl 25.0.0) Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: python-dateutil (installed: python-dateutil 2.8.2) Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pytz (installed: pytz 2025.2) Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.3) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: xmlschema (>=1.2.1) (installed: xmlschema 3.4.5) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/LICENSE' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-5.fc43.buildreqs.nosrc.rpm Child return code was: 11 Dynamic buildrequires detected Going to install missing buildrequires. See root.log for details. ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -ba --noprep --noclean --target noarch /builddir/build/SPECS/python-pysaml2.spec'], chrootPath='/var/lib/mock/f43-build-59071901-6570839/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=201600uid=1000gid=425user='mockbuild'unshare_net=TrueprintOutput=Falsenspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']) Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11'] Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', 'd3aface613014b93bb845354625ec758', '-D', '/var/lib/mock/f43-build-59071901-6570839/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"', '--setenv=PS1= \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -ba --noprep --noclean --target noarch /builddir/build/SPECS/python-pysaml2.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1717804800 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.sjVokj + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + FEDORA=43 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 2.1.2) Handling tox-current-env >= 0.0.16 from tox itself Requirement satisfied: tox-current-env >= 0.0.16 (installed: tox-current-env 0.0.16) py313: OK (0.01 seconds) congratulations :) (0.08 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.25.0) py313: OK (0.01 seconds) congratulations :) (0.08 seconds) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: cryptography (>=3.1) (installed: cryptography 44.0.0) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: defusedxml (installed: defusedxml 0.7.1) Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pyopenssl (installed: pyopenssl 25.0.0) Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: python-dateutil (installed: python-dateutil 2.8.2) Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pytz (installed: pytz 2025.2) Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.3) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: xmlschema (>=1.2.1) (installed: xmlschema 3.4.5) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/LICENSE' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.7ZDYiN + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_wheel.py /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir Processing /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2 Preparing metadata (pyproject.toml): started Running command Preparing metadata (pyproject.toml) Preparing metadata (pyproject.toml): finished with status 'done' Building wheels for collected packages: pysaml2 Building wheel for pysaml2 (pyproject.toml): started Running command Building wheel for pysaml2 (pyproject.toml) Building wheel for pysaml2 (pyproject.toml): finished with status 'done' Created wheel for pysaml2: filename=pysaml2-7.4.2-py3-none-any.whl size=417772 sha256=b77e8d764b8f08ab23be750f3cb025c493fd61d22a61c3bb01310312e4d2a9d3 Stored in directory: /builddir/.cache/pip/wheels/01/b9/eb/75f72f6a4448fdc07c5ffc8f00ad2896051c69eedccbfbb041 Successfully built pysaml2 + RPM_EC=0 ++ jobs -p + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.pXJfD4 + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + '[' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT '!=' / ']' + rm -rf /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT ++ dirname /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build + mkdir /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 ++ ls /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir/pysaml2-7.4.2-py3-none-any.whl ++ xargs basename --multiple ++ sed -E 's/([^-]+)-([^-]+)-.+\.whl/\1==\2/' + specifier=pysaml2==7.4.2 + '[' -z pysaml2==7.4.2 ']' + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + /usr/bin/python3 -m pip install --root /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --prefix /usr --no-deps --disable-pip-version-check --progress-bar off --verbose --ignore-installed --no-warn-script-location --no-index --no-cache-dir --find-links /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir pysaml2==7.4.2 Using pip 25.0.1 from /usr/lib/python3.13/site-packages/pip (python 3.13) Looking in links: /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir Processing ./pyproject-wheeldir/pysaml2-7.4.2-py3-none-any.whl Installing collected packages: pysaml2 Creating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2 to 755 Successfully installed pysaml2-7.4.2 + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin ']' + '[' -z sP ']' + shebang_flags=-kasP + /usr/bin/python3 -B /usr/lib/rpm/redhat/pathfix.py -pni /usr/bin/python3 -kasP /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2: updating + rm -rfv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/__pycache__ + rm -f /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-ghost-distinfo + site_dirs=() + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages ']' + site_dirs+=("/usr/lib/python3.13/site-packages") + '[' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages '!=' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages ']' + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages ']' + for site_dir in ${site_dirs[@]} + for distinfo in /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT$site_dir/*.dist-info + echo '%ghost /usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info' + sed -i s/pip/rpm/ /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/INSTALLER + PYTHONPATH=/usr/lib/rpm/redhat + /usr/bin/python3 -B /usr/lib/rpm/redhat/pyproject_preprocess_record.py --buildroot /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --record /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-record + rm -fv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD removed '/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD' + rm -fv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/REQUESTED removed '/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/REQUESTED' ++ wc -l /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-ghost-distinfo ++ cut -f1 '-d ' + lines=1 + '[' 1 -ne 1 ']' + RPM_FILES_ESCAPE=4.19 + /usr/bin/python3 /usr/lib/rpm/redhat/pyproject_save_files.py --output-files /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-files --output-modules /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-modules --buildroot /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --sitelib /usr/lib/python3.13/site-packages --sitearch /usr/lib64/python3.13/site-packages --python-version 3.13 --pyproject-record /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-5.fc43.noarch-pyproject-record --prefix /usr saml2 saml2test + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s parse_xsd2 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/parse_xsd2.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s make_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/make_metadata.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s mdexport /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/mdexport.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s merge_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/merge_metadata.py + sed -i /alabaster/d docs/conf.py + export PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/lib/python3.13/site-packages + PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/lib/python3.13/site-packages + sphinx-build-3 docs html Running Sphinx v8.2.3 loading translations [en]... done making output directory... done Converting `source_suffix = '.rst'` to `source_suffix = {'.rst': 'restructuredtext'}`. building [mo]: targets for 0 po files that are out of date writing output... building [html]: targets for 8 source files that are out of date updating environment: [new config] 8 added, 0 changed, 0 removed reading sources... [ 12%] examples/idp reading sources... [ 25%] examples/index reading sources... [ 38%] examples/sp reading sources... [ 50%] howto/config reading sources... [ 62%] howto/index reading sources... [ 75%] index reading sources... [ 88%] install reading sources... [100%] sp_test/internal looking for now-outdated files... none found pickling environment... done checking consistency... done preparing documents... done copying assets... copying static files... Writing evaluated template result to /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/html/_static/basic.css Writing evaluated template result to /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/html/_static/documentation_options.js Writing evaluated template result to /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/html/_static/language_data.js Writing evaluated template result to /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/html/_static/alabaster.css copying static files: done copying extra files... copying extra files: done copying assets: done writing output... [ 12%] examples/idp writing output... [ 25%] examples/index writing output... [ 38%] examples/sp writing output... [ 50%] howto/config writing output... [ 62%] howto/index writing output... [ 75%] index writing output... [ 88%] install writing output... [100%] sp_test/internal generating indices... genindex done writing additional pages... search done dumping search index in English (code: en)... done dumping object inventory... done build succeeded. The HTML pages are in html. + rm -rf html/.doctrees html/.buildinfo + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-ldconfig + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump + /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/check-rpaths + /usr/lib/rpm/redhat/brp-mangle-shebangs *** WARNING: ./usr/lib/python3.13/site-packages/saml2/authn_context/timesync.py is executable but has no shebang, removing executable bit mangling shebang in /usr/lib/python3.13/site-packages/saml2/tools/update_metadata.sh from /bin/sh to #!/usr/bin/sh + /usr/lib/rpm/brp-remove-la-files + /usr/lib/rpm/redhat/brp-python-rpm-in-distinfo + env /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0 -j12 Bytecompiling .py files below /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13 using python3.13 + /usr/lib/rpm/redhat/brp-python-hardlink + /usr/bin/add-determinism --brp -j12 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/adfs_v1x.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/adfs_v20.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/shibboleth_uri.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/basic.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/saml_uri.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/errors.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/pki.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/asymmetric.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/schemas/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/templates/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/edugain.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/at_egov_pvp2.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/incommon.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/refeds.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/swamid.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/symmetric.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/algsupport.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/shibmd.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/idpdisc.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/sp_type.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/dri.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdattr.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/reqinit.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/pefim.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/requested_attributes.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/paos.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/ecp.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdui.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/samlec.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdrpi.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/ini.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/entitlement.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/challenge_decider.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/formswithhidden.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/make_metadata.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdexport.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/make_metadata.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/soap.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/merge_metadata.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdexport_test.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/sp.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/soapenv.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdimport.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/verify_metadata.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/sync_attrmaps.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/sync_attrmaps.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/userinfo/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/userinfo/__pycache__/ldapinfo.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wspol.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wsaddr.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/wsdl.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wssec.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/ppt.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xml/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xml/schema/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wsutil.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/timesync.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/pword.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/sslcert.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/algsupport.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/ippword.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/argtree.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/attribute_resolver.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/authn.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ecp.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/assertion.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/eptid.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/attribute_converter.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/discovery.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xmlenc/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/filter.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdbcache.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ecp_client.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdie.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/client_base.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/parse_xsd2.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/config.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/httputil.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/country_codes.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/httpbase.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ident.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wstrust.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/population.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/pack.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mongo_store.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mcache.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/request.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/version.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/virtual_org.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xmldsig/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/s_utils.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/mobiletwofactor.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/cache.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/cert.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/sdb.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/client.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/validate.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/soap.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/status.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/server.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/metadata.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/time_util.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/entity.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/check.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/tool.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/opfunc.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/check.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/response.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/interaction.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/md.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/saml.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/samlp.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdstore.cpython-313.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/sigver.cpython-313.pyc: rewriting with normalized contents Scanned 49 directories and 434 files, processed 127 inodes, 127 modified (6 replaced + 121 rewritten), 0 unsupported format, 0 errors Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.EHbHJD + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + PATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin + PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages:/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages + PYTHONDONTWRITEBYTECODE=1 + PYTEST_ADDOPTS=' --ignore=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir' + PYTEST_XDIST_AUTO_NUM_WORKERS=12 + /usr/bin/pytest ============================= test session starts ============================== platform linux -- Python 3.13.3, pytest-8.3.5, pluggy-1.5.0 -- /usr/bin/python3 cachedir: .pytest_cache rootdir: /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2 configfile: pyproject.toml testpaths: tests collecting ... collected 785 items tests/test_00_xmldsig.py::TestObject::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestObject::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestMgmtData::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestMgmtData::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKISexp::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKISexp::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKIData::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKIData::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestPGPData::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestPGPData::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestX509IssuerSerial::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestX509IssuerSerial::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestX509Data::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestX509Data::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestTransform::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestTransform::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestTransforms::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestTransforms::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestRetrievalMethod::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestRetrievalMethod::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestRSAKeyValue::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestRSAKeyValue::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestDSAKeyValue::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestDSAKeyValue::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyValue::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyValue::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyName::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyName::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyInfo::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyInfo::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestDigestValue::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestDigestValue::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestDigestMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestDigestMethod::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestReference::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestReference::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestSignatureMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestSignatureMethod::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestCanonicalizationMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestCanonicalizationMethod::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignedInfo::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignedInfo::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignatureValue::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignatureValue::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignature::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignature::testUsingTestData PASSED [ 5%] tests/test_01_xmlenc.py::test_1 PASSED [ 5%] tests/test_01_xmlenc.py::test_2 PASSED [ 6%] tests/test_01_xmlenc.py::test_3 PASSED [ 6%] tests/test_01_xmlenc.py::test_4 PASSED [ 6%] tests/test_01_xmlenc.py::test_5 PASSED [ 6%] tests/test_01_xmlenc.py::test_6 PASSED [ 6%] tests/test_02_saml.py::TestExtensionElement::test_loadd PASSED [ 6%] tests/test_02_saml.py::TestExtensionElement::test_find_children PASSED [ 6%] tests/test_02_saml.py::TestExtensionContainer::test_find_extensions PASSED [ 7%] tests/test_02_saml.py::TestExtensionContainer::test_add_extension_elements PASSED [ 7%] tests/test_02_saml.py::TestExtensionContainer::test_add_extension_attribute PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_dict PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_str PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_multi_dict PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_to_string_nspair PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_set_text_empty PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_set_text_value PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_text_update_same_type PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_text_cannot_change_value_type PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_xs_type_anytype_unchanged_value PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_xs_type_date PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_treat_invalid_types_as_string PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_div PASSED [ 8%] tests/test_02_saml.py::TestNameID::testEmptyExtensionsList PASSED [ 8%] tests/test_02_saml.py::TestNameID::testFormatAttribute PASSED [ 9%] tests/test_02_saml.py::TestNameID::testNameIDText PASSED [ 9%] tests/test_02_saml.py::TestNameID::testSPProvidedID PASSED [ 9%] tests/test_02_saml.py::TestNameID::testEmptyNameIDToAndFromStringMatch PASSED [ 9%] tests/test_02_saml.py::TestNameID::testNameIDToAndFromStringMatch PASSED [ 9%] tests/test_02_saml.py::TestNameID::testExtensionAttributes PASSED [ 9%] tests/test_02_saml.py::TestNameID::testname_id_from_string PASSED [ 9%] tests/test_02_saml.py::TestIssuer::testIssuerToAndFromString PASSED [ 9%] tests/test_02_saml.py::TestIssuer::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestSubjectLocality::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestSubjectLocality::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextClassRef::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextClassRef::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDeclRef::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDeclRef::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDecl::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDecl::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthenticatingAuthority::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthenticatingAuthority::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthnContext::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthnContext::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthnStatement::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthnStatement::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAttributeValue::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAttributeValue::testUsingTestData PASSED [ 12%] tests/test_02_saml.py::TestAttribute::testAccessors PASSED [ 12%] tests/test_02_saml.py::TestAttribute::testUsingTestData PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_str PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_int PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_base64 PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_boolean_true PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_boolean_false PASSED [ 12%] tests/test_02_saml.py::TestAttributeStatement::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestAttributeStatement::testUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmationData::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmationData::testUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testBearerUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testHolderOfKeyUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubject::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestSubject::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestCondition::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestCondition::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestAudience::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestAudience::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestAudienceRestriction::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestAudienceRestriction::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestOneTimeUse::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestOneTimeUse::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestProxyRestriction::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestProxyRestriction::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestConditions::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestConditions::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestAssertionIDRef::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestAssertionIDRef::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestAssertionURIRef::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAssertionURIRef::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAction::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAction::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestEvidence::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestEvidence::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAuthzDecisionStatement::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAuthzDecisionStatement::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAdvice::testAccessors PASSED [ 17%] tests/test_02_saml.py::TestAdvice::testUsingTestData PASSED [ 17%] tests/test_02_saml.py::TestAssertion::testAccessors PASSED [ 17%] tests/test_02_saml.py::TestAssertion::testUsingTestData PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_nameid PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_issuer PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_locality PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_confirmation_data PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_confirmation PASSED [ 18%] tests/test_03_saml2.py::test_create_class_from_xml_string_wrong_class_spec PASSED [ 18%] tests/test_03_saml2.py::test_create_class_from_xml_string_xxe PASSED [ 18%] tests/test_03_saml2.py::test_ee_1 PASSED [ 18%] tests/test_03_saml2.py::test_ee_2 PASSED [ 18%] tests/test_03_saml2.py::test_ee_3 PASSED [ 18%] tests/test_03_saml2.py::test_ee_4 PASSED [ 18%] tests/test_03_saml2.py::test_ee_5 PASSED [ 18%] tests/test_03_saml2.py::test_ee_6 PASSED [ 19%] tests/test_03_saml2.py::test_nameid_with_extension PASSED [ 19%] tests/test_03_saml2.py::test_subject_confirmation_with_extension PASSED [ 19%] tests/test_03_saml2.py::test_to_fro_string_1 PASSED [ 19%] tests/test_03_saml2.py::test_make_vals_str PASSED [ 19%] tests/test_03_saml2.py::test_make_vals_list_of_strs PASSED [ 19%] tests/test_03_saml2.py::test_attribute_element_to_extension_element PASSED [ 19%] tests/test_03_saml2.py::test_ee_7 PASSED [ 20%] tests/test_03_saml2.py::test_ee_xxe PASSED [ 20%] tests/test_03_saml2.py::test_extension_element_loadd PASSED [ 20%] tests/test_03_saml2.py::test_extensions_loadd PASSED [ 20%] tests/test_04_samlp.py::TestStatusDetail::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusMessage::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusCode::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusCode::testUsingTestData PASSED [ 20%] tests/test_04_samlp.py::TestStatus::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestStatus::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestResponse::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestResponse::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestNameIDPolicy::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestNameIDPolicy::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestIDPEntry::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestIDPEntry::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestIDPList::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestIDPList::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestScoping::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestScoping::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestRequestedAuthnContext::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestRequestedAuthnContext::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestAuthnRequest::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestAuthnRequest::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestLogoutRequest::testAccessors PASSED [ 23%] tests/test_04_samlp.py::TestLogoutRequest::testUsingTestData PASSED [ 23%] tests/test_04_samlp.py::TestLogoutResponse::testAccessors PASSED [ 23%] tests/test_04_samlp.py::TestLogoutResponse::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestEndpointType::testAccessors PASSED [ 23%] tests/test_05_md.py::TestEndpointType::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestIndexedEndpointType::testAccessors PASSED [ 23%] tests/test_05_md.py::TestIndexedEndpointType::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestExtensions::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationName::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationName::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganizationDisplayName::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationDisplayName::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganizationURL::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationURL::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganization::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganization::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestContactPerson::testAccessors PASSED [ 25%] tests/test_05_md.py::TestContactPerson::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestAdditionalMetadataLocation::testAccessors PASSED [ 25%] tests/test_05_md.py::TestAdditionalMetadataLocation::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestEncryptionMethod::testAccessors PASSED [ 25%] tests/test_05_md.py::TestEncryptionMethod::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestKeyDescriptor::testAccessors PASSED [ 25%] tests/test_05_md.py::TestKeyDescriptor::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestRoleDescriptor::testAccessors PASSED [ 26%] tests/test_05_md.py::TestRoleDescriptor::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestArtifactResolutionService::testAccessors PASSED [ 26%] tests/test_05_md.py::TestArtifactResolutionService::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestSingleLogout::testAccessors PASSED [ 26%] tests/test_05_md.py::TestSingleLogout::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestManageNameIDService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestManageNameIDService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestNameIDFormat::testAccessors PASSED [ 27%] tests/test_05_md.py::TestNameIDFormat::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestSingleSignOnService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestSingleSignOnService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestNameIDMappingService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestNameIDMappingService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestAssertionIDRequestService::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAssertionIDRequestService::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestAttributeProfile::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAttributeProfile::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testAccessors PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testUsingScope PASSED [ 28%] tests/test_05_md.py::TestAssertionConsumerService::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAssertionConsumerService::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestRequestedAttribute::testAccessors PASSED [ 29%] tests/test_05_md.py::TestRequestedAttribute::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestServiceName::testAccessors PASSED [ 29%] tests/test_05_md.py::TestServiceName::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestServiceDescription::testAccessors PASSED [ 29%] tests/test_05_md.py::TestServiceDescription::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestAttributeConsumingService::testAccessors PASSED [ 29%] tests/test_05_md.py::TestAttributeConsumingService::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestSPSSODescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestSPSSODescriptor::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestEntityDescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestEntityDescriptor::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestEntitiesDescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestEntitiesDescriptor::testUsingTestData PASSED [ 30%] tests/test_06_setarg.py::test_path PASSED [ 30%] tests/test_06_setarg.py::test_set_arg PASSED [ 31%] tests/test_06_setarg.py::test_multi PASSED [ 31%] tests/test_06_setarg.py::test_is_set PASSED [ 31%] tests/test_10_time_util.py::test_f_quotient PASSED [ 31%] tests/test_10_time_util.py::test_modulo PASSED [ 31%] tests/test_10_time_util.py::test_f_quotient_2 PASSED [ 31%] tests/test_10_time_util.py::test_modulo_2 PASSED [ 31%] tests/test_10_time_util.py::test_parse_duration PASSED [ 31%] tests/test_10_time_util.py::test_parse_duration2 PASSED [ 32%] tests/test_10_time_util.py::test_parse_duration_n PASSED [ 32%] tests/test_10_time_util.py::test_add_duration_1 PASSED [ 32%] tests/test_10_time_util.py::test_add_duration_2 PASSED [ 32%] tests/test_10_time_util.py::test_str_to_time PASSED [ 32%] tests/test_10_time_util.py::test_instant PASSED [ 32%] tests/test_10_time_util.py::test_valid PASSED [ 32%] tests/test_10_time_util.py::test_timeout PASSED [ 32%] tests/test_10_time_util.py::test_before PASSED [ 33%] tests/test_10_time_util.py::test_after PASSED [ 33%] tests/test_10_time_util.py::test_not_before PASSED [ 33%] tests/test_10_time_util.py::test_not_on_or_after PASSED [ 33%] tests/test_12_s_utils.py::test_inflate_then_deflate PASSED [ 33%] tests/test_12_s_utils.py::test_status_success PASSED [ 33%] tests/test_12_s_utils.py::test_error_status PASSED [ 33%] tests/test_12_s_utils.py::test_status_from_exception PASSED [ 34%] tests/test_12_s_utils.py::test_status_from_tuple PASSED [ 34%] tests/test_12_s_utils.py::test_status_from_tuple_empty_message PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_sn PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_age PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_onoff PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_base64 PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_statement PASSED [ 34%] tests/test_12_s_utils.py::test_audience PASSED [ 35%] tests/test_12_s_utils.py::test_conditions PASSED [ 35%] tests/test_12_s_utils.py::test_value_1 PASSED [ 35%] tests/test_12_s_utils.py::test_value_2 PASSED [ 35%] tests/test_12_s_utils.py::test_value_3 PASSED [ 35%] tests/test_12_s_utils.py::test_value_4 PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement_0 PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement_multi PASSED [ 36%] tests/test_12_s_utils.py::test_subject PASSED [ 36%] tests/test_12_s_utils.py::test_parse_attribute_map PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_0 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_1 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_2 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_3 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_4 PASSED [ 36%] tests/test_12_s_utils.py::test_nameformat_email PASSED [ 37%] tests/test_12_s_utils.py::test_attribute PASSED [ 37%] tests/test_12_s_utils.py::test_attribute_statement_2 PASSED [ 37%] tests/test_12_s_utils.py::test_subject_confirmation_data PASSED [ 37%] tests/test_12_s_utils.py::test_subject_confirmation PASSED [ 37%] tests/test_12_s_utils.py::test_authn_context_class_ref PASSED [ 37%] tests/test_12_s_utils.py::test_authn_context PASSED [ 37%] tests/test_12_s_utils.py::test_authn_statement PASSED [ 37%] tests/test_12_s_utils.py::test_signature PASSED [ 38%] tests/test_12_s_utils.py::test_complex_factory PASSED [ 38%] tests/test_13_validate.py::test_duration PASSED [ 38%] tests/test_13_validate.py::test_unsigned_short PASSED [ 38%] tests/test_13_validate.py::test_valid_non_negative_integer PASSED [ 38%] tests/test_13_validate.py::test_valid_string PASSED [ 38%] tests/test_13_validate.py::test_valid_anyuri PASSED [ 38%] tests/test_13_validate.py::test_valid_instance PASSED [ 38%] tests/test_13_validate.py::test_valid_anytype PASSED [ 39%] tests/test_13_validate.py::test_valid_address PASSED [ 39%] tests/test_19_attribute_converter.py::test_default PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_setup PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_ava_fro_1 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_ava_fro_2 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_to_attrstat_1 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_to_attrstat_2 PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name_from_unspecified PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name_from_basic PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_and_for PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_unspecified_name_format PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_mixed_attributes_1 PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_only_from_defined PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_only_to_defined PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_no_mapping_defined PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_from_local_nest_eduPersonTargetedID_in_NameID PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_from_local_eduPersonTargetedID_with_qualifiers PASSED [ 41%] tests/test_19_attribute_converter.py::test_noop_attribute_conversion PASSED [ 41%] tests/test_19_attribute_converter.py::TestSchac::test PASSED [ 41%] tests/test_19_attribute_converter.py::TestEIDAS::test PASSED [ 41%] tests/test_20_assertion.py::test_filter_on_attributes_0 PASSED [ 41%] tests/test_20_assertion.py::test_filter_on_attributes_1 PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_2 PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_without_friendly_name PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_required_attribute PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_optional_attribute PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_name_format PASSED [ 42%] tests/test_20_assertion.py::test_lifetime_1 PASSED [ 42%] tests/test_20_assertion.py::test_lifetime_2 PASSED [ 42%] tests/test_20_assertion.py::test_ava_filter_1 PASSED [ 43%] tests/test_20_assertion.py::test_ava_filter_2 PASSED [ 43%] tests/test_20_assertion.py::test_ava_filter_dont_fail PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_0 PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_1 PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_2 PASSED [ 43%] tests/test_20_assertion.py::test_assertion_1 PASSED [ 43%] tests/test_20_assertion.py::test_assertion_2 PASSED [ 43%] tests/test_20_assertion.py::test_filter_values_req_2 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_3 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_4 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_5 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_6 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_0 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_1 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_2 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_4 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_0 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_1 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_2 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_3 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_4 PASSED [ 45%] tests/test_20_assertion.py::test_req_opt PASSED [ 45%] tests/test_20_assertion.py::test_filter_on_wire_representation_1 PASSED [ 45%] tests/test_20_assertion.py::test_filter_on_wire_representation_2 PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_noop_attribute_conv PASSED [ 46%] tests/test_20_assertion.py::test_filter_ava_5 PASSED [ 46%] tests/test_20_assertion.py::test_filter_ava_registration_authority_1 PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_zero_attributes PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_authn_instant PASSED [ 46%] tests/test_20_assertion.py::test_attribute_producer_should_default_to_uri PASSED [ 46%] tests/test_20_assertion.py::test_attribute_consumer_should_default_to_unspecified PASSED [ 47%] tests/test_22_mdie.py::test_construct_contact PASSED [ 47%] tests/test_30_mdstore.py::test_invalid_metadata PASSED [ 47%] tests/test_30_mdstore.py::test_empty_metadata PASSED [ 47%] tests/test_30_mdstore.py::test_swami_1 PASSED [ 47%] tests/test_30_mdstore.py::test_incommon_1 PASSED [ 47%] tests/test_30_mdstore.py::test_ext_2 PASSED [ 47%] tests/test_30_mdstore.py::test_example PASSED [ 47%] tests/test_30_mdstore.py::test_switch_1 PASSED [ 48%] tests/test_30_mdstore.py::test_metadata_file PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_service PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_service_request_timeout PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_single_sign_on_service PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_metadata_freshness_period_not_expired PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_metadata_freshness_period_expired PASSED [ 48%] tests/test_30_mdstore.py::test_load_local_dir PASSED [ 48%] tests/test_30_mdstore.py::test_load_extern_incommon PASSED [ 49%] tests/test_30_mdstore.py::test_load_local PASSED [ 49%] tests/test_30_mdstore.py::test_load_remote_encoding PASSED [ 49%] tests/test_30_mdstore.py::test_load_string PASSED [ 49%] tests/test_30_mdstore.py::test_get_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_unnamed_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_named_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_certs_from_metadata_without_keydescriptor PASSED [ 49%] tests/test_30_mdstore.py::test_metadata_extension_algsupport PASSED [ 50%] tests/test_30_mdstore.py::test_supported_algorithms PASSED [ 50%] tests/test_30_mdstore.py::test_registration_info PASSED [ 50%] tests/test_30_mdstore.py::test_registration_info_no_policy PASSED [ 50%] tests/test_30_mdstore.py::test_subject_id_requirement PASSED [ 50%] tests/test_30_mdstore.py::test_extension PASSED [ 50%] tests/test_30_mdstore.py::test_shibmd_scope_no_regex_no_descriptor_type PASSED [ 50%] tests/test_30_mdstore.py::test_shibmd_scope_no_regex_all_descriptors PASSED [ 50%] tests/test_30_mdstore_old.py::test_swami_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_incommon_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_ext_2 PASSED [ 51%] tests/test_30_mdstore_old.py::test_example PASSED [ 51%] tests/test_30_mdstore_old.py::test_switch_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_metadata_file PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_local_dir PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_external PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_string PASSED [ 52%] tests/test_31_config.py::test_1 PASSED [ 52%] tests/test_31_config.py::test_2 PASSED [ 52%] tests/test_31_config.py::test_minimum PASSED [ 52%] tests/test_31_config.py::test_idp_1 PASSED [ 52%] tests/test_31_config.py::test_idp_2 PASSED [ 52%] tests/test_31_config.py::test_wayf PASSED [ 52%] tests/test_31_config.py::test_conf_syslog PASSED [ 52%] tests/test_31_config.py::test_3 PASSED [ 53%] tests/test_31_config.py::test_sp PASSED [ 53%] tests/test_31_config.py::test_dual PASSED [ 53%] tests/test_31_config.py::test_ecp PASSED [ 53%] tests/test_31_config.py::test_assertion_consumer_service PASSED [ 53%] tests/test_31_config.py::test_crypto_backend PASSED [ 53%] tests/test_31_config.py::test_unset_force_authn PASSED [ 53%] tests/test_31_config.py::test_set_force_authn PASSED [ 54%] tests/test_32_cache.py::TestClass::test_set PASSED [ 54%] tests/test_32_cache.py::TestClass::test_add_ava_info PASSED [ 54%] tests/test_32_cache.py::TestClass::test_from_one_target_source PASSED [ 54%] tests/test_32_cache.py::TestClass::test_entities PASSED [ 54%] tests/test_32_cache.py::TestClass::test_remove_info PASSED [ 54%] tests/test_32_cache.py::TestClass::test_active PASSED [ 54%] tests/test_32_cache.py::TestClass::test_subjects PASSED [ 54%] tests/test_32_cache.py::TestClass::test_second_subject PASSED [ 55%] tests/test_32_cache.py::TestClass::test_receivers PASSED [ 55%] tests/test_32_cache.py::TestClass::test_timeout PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_2 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_transient_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_vo_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_vo_2 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_nameid PASSED [ 56%] tests/test_33_identifier.py::TestIdentifier::test_transient_nameid PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_add_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_extend_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_add_another_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_modify_person PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_set_get_1 PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_set_get_2 PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_remove PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_subjects PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_identity PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_remove_2 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava2 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava3 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava4 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava5 PASSED [ 58%] tests/test_37_entity_categories.py::test_idp_policy_filter PASSED [ 58%] tests/test_37_entity_categories.py::test_entity_category_import_from_path PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_required_attributes_with_no_friendly_name PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_esi_coco PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_anonymous_access SKIPPED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_pseudonymous_access SKIPPED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_personalized_access SKIPPED [ 58%] tests/test_38_metadata_filter.py::test_swamid_sp PASSED [ 59%] tests/test_38_metadata_filter.py::test_swamid_idp PASSED [ 59%] tests/test_39_metadata.py::test_requested_attribute_name_format PASSED [ 59%] tests/test_39_metadata.py::test_signed_metadata_proper_str_bytes_handling FAILED [ 59%] tests/test_39_metadata.py::test_cert_trailing_newlines_ignored PASSED [ 59%] tests/test_39_metadata.py::test_invalid_cert_raises_error PASSED [ 59%] tests/test_40_sigver.py::test_cert_from_instance_1 PASSED [ 59%] tests/test_40_sigver.py::test_cert_from_instance_ssp SKIPPED (pyasn1 is not installed) [ 60%] tests/test_40_sigver.py::TestSecurity::test_verify_1 PASSED [ 60%] tests/test_40_sigver.py::TestSecurity::test_non_verify_1 PASSED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_assertion FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_assertion FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_response FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_response FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_response_2 FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_verify FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_sign_verify_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_sign_verify_assertion_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_exception_sign_verify_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_verify_1 PASSED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_non_verify_1 PASSED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_assertion FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_assertion FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_response FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response_2 FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_assertion_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_exception_sign_verify_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::test_xbox FAILED [ 62%] tests/test_40_sigver.py::test_xbox_non_ascii_ava FAILED [ 63%] tests/test_40_sigver.py::test_okta PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_err PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_err_non_ascii_ava PASSED [ 63%] tests/test_40_sigver.py::test_sha256_signing PASSED [ 63%] tests/test_40_sigver.py::test_sha256_signing_non_ascii_ava PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_output_line_parsing PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_v1_3_x_output_line_parsing PASSED [ 63%] tests/test_40_sigver.py::test_cert_trailing_newlines_ignored PASSED [ 64%] tests/test_40_sigver.py::test_invalid_cert_raises_error PASSED [ 64%] tests/test_40_sigver.py::test_der_certificate_loading PASSED [ 64%] tests/test_41_response.py::TestResponse::test_1 ERROR [ 64%] tests/test_41_response.py::TestResponse::test_2 ERROR [ 64%] tests/test_41_response.py::TestResponse::test_issuer_none ERROR [ 64%] tests/test_41_response.py::TestResponse::test_false_sign ERROR [ 64%] tests/test_41_response.py::TestResponse::test_other_response ERROR [ 64%] tests/test_42_enc.py::test_pre_enc_key_format PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_pregenerated_key PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_generated_key PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_named_key PASSED [ 65%] tests/test_42_enc.py::test_reshuffle_response PASSED [ 65%] tests/test_42_enc.py::test_enc1 PASSED [ 65%] tests/test_42_enc.py::test_enc2 PASSED [ 65%] tests/test_43_soap.py::test_parse_soap_envelope PASSED [ 65%] tests/test_43_soap.py::test_make_soap_envelope PASSED [ 66%] tests/test_43_soap.py::test_parse_soap_enveloped_saml_thingy_xxe PASSED [ 66%] tests/test_43_soap.py::test_class_instances_from_soap_enveloped_saml_thingies_xxe PASSED [ 66%] tests/test_43_soap.py::test_open_soap_envelope_xxe PASSED [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_1 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_signed_1 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_parse_2 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_w_authn ERROR [ 67%] tests/test_44_authnresp.py::TestAuthnResponse::test_unpack_nested_eptid ERROR [ 67%] tests/test_44_authnresp.py::TestAuthnResponse::test_multiple_attribute_statement ERROR [ 67%] tests/test_50_server.py::TestServer1::test_issuer PASSED [ 67%] tests/test_50_server.py::TestServer1::test_assertion PASSED [ 67%] tests/test_50_server.py::TestServer1::test_response PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_faulty_request PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_faulty_request_to_err_status PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_ok_request PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_with_identity PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_without_identity PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_specific_instant PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_failure_response PASSED [ 68%] tests/test_50_server.py::TestServer1::test_authn_response_0 PASSED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response FAILED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response_1 FAILED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response_2 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_signed_response_3 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_1 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_2 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_3 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_4 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_1 PASSED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_2 PASSED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_3 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_4 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_5 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_6 FAILED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_7 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_8 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_9 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_slo_http_post PASSED [ 70%] tests/test_50_server.py::TestServer1::test_slo_soap PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_issuer PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_assertion PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_response PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_faulty_request PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_faulty_request_to_err_status PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_ok_request PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_with_identity PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_without_identity PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_specific_instant PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_failure_response PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_authn_response_0 PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_1 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_2 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_3 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_1 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_2 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_3 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_4 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_1 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_2 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_3 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_4 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_5 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 FAILED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_7 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_8 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_9 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_http_post PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_soap PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_soap_signed PASSED [ 75%] tests/test_50_server.py::TestServer2::test_do_attribute_reponse PASSED [ 75%] tests/test_50_server.py::TestServerLogout::test_1 PASSED [ 75%] tests/test_50_server.py::TestServerLogout::test_2 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query1 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query2 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query_3 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_auth_request_0 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_auth_request_requested_attributes PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_unset_force_authn_by_default PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_not_true_or_1 PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_true PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_1 PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_nameid_policy_allow_create PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_vo PASSED [ 76%] tests/test_51_client.py::TestClient::test_sign_auth_request_0 FAILED [ 76%] tests/test_51_client.py::TestClient::test_logout_response FAILED [ 77%] tests/test_51_client.py::TestClient::test_create_logout_request PASSED [ 77%] tests/test_51_client.py::TestClient::test_response_1 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_2 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_3 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_4 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_5 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_6 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_7 FAILED [ 78%] tests/test_51_client.py::TestClient::test_response_8 FAILED [ 78%] tests/test_51_client.py::TestClient::test_response_no_name_id PASSED [ 78%] tests/test_51_client.py::TestClient::test_init_values PASSED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 FAILED [ 78%] tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect FAILED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_passes_if_needs_signed_requests PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_received_unsigned PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_sigalg_not_matches PASSED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_signed_redirect FAILED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid FAILED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_post FAILED [ 80%] tests/test_51_client.py::TestClient::test_do_logout_redirect_no_cache PASSED [ 80%] tests/test_51_client.py::TestClient::test_do_logout_session_expired FAILED [ 80%] tests/test_51_client.py::TestClient::test_signature_wants FAILED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query1 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query2 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query_3 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_0 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_unset_force_authn PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_set_force_authn PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_nameid_policy_allow_create PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_vo PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_logout_request PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_no_name_id PASSED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status PASSED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status_non_standard_status_code PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_init_values PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_signed_redirect PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post FAILED [ 84%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired FAILED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_authn PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_negotiated_authn PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_attribute_query PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_logout_1 PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_post_sso PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_negotiated_post_sso PASSED [ 84%] tests/test_51_client.py::TestClientNoConfigContext::test_logout_1 PASSED [ 85%] tests/test_51_client.py::test_parse_soap_enveloped_saml_xxe PASSED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response FAILED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 FAILED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_2 PASSED [ 85%] tests/test_60_sp.py::TestSP::test_setup SKIPPED (s2repoze dependencies not installed) [ 85%] tests/test_60_sp.py::TestSP::test_identify SKIPPED (s2repoze dependencies not installed) [ 85%] tests/test_62_vo.py::TestVirtualOrg::test_mta PASSED [ 85%] tests/test_62_vo.py::TestVirtualOrg::test_unknown_subject PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg::test_id PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg::test_id_unknown PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_mta PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_unknown_subject PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_id PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_id_unknown PASSED [ 86%] tests/test_63_ecp.py::test_complete_flow PASSED [ 87%] tests/test_64_artifact.py::test_create_artifact PASSED [ 87%] tests/test_64_artifact.py::test_create_artifact_resolve PASSED [ 87%] tests/test_64_artifact.py::test_artifact_flow PASSED [ 87%] tests/test_65_authn_query.py::test_basic PASSED [ 87%] tests/test_65_authn_query.py::test_flow PASSED [ 87%] tests/test_66_name_id_mapping.py::test_base_request PASSED [ 87%] tests/test_66_name_id_mapping.py::test_request_response PASSED [ 87%] tests/test_67_manage_name_id.py::test_basic PASSED [ 88%] tests/test_67_manage_name_id.py::test_flow PASSED [ 88%] tests/test_68_assertion_id.py::test_basic_flow PASSED [ 88%] tests/test_69_discovery.py::test_verify PASSED [ 88%] tests/test_69_discovery.py::test_construct_0 PASSED [ 88%] tests/test_69_discovery.py::test_construct_1 PASSED [ 88%] tests/test_69_discovery.py::test_construct_deconstruct_request PASSED [ 88%] tests/test_69_discovery.py::test_construct_deconstruct_response PASSED [ 88%] tests/test_70_redirect_signing.py::test FAILED [ 89%] tests/test_71_authn_request.py::test_authn_request_with_acs_by_index PASSED [ 89%] tests/test_72_eptid.py::test_eptid PASSED [ 89%] tests/test_72_eptid.py::test_eptid_shelve PASSED [ 89%] tests/test_75_mongodb.py::test_flow PASSED [ 89%] tests/test_75_mongodb.py::test_eptid_mongo_db PASSED [ 89%] tests/test_76_metadata_in_mdb.py::test_metadata PASSED [ 89%] tests/test_77_authn_context.py::test_passwd PASSED [ 89%] tests/test_77_authn_context.py::test_factory PASSED [ 90%] tests/test_77_authn_context.py::test_authn_decl_in_authn_context PASSED [ 90%] tests/test_77_authn_context.py::test_authn_1 PASSED [ 90%] tests/test_77_authn_context.py::test_authn_2 PASSED [ 90%] tests/test_77_authn_context.py::test_authn_3 PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains FAILED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_expire PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_passphrase PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert FAILED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_sp_type_true PASSED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_sp_type_false PASSED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_entity_attributes PASSED [ 91%] tests/test_88_nsprefix.py::test_nsprefix PASSED [ 91%] tests/test_88_nsprefix.py::test_nsprefix2 PASSED [ 91%] tests/test_89_http_post_relay_state.py::test_relay_state PASSED [ 91%] tests/test_92_aes.py::TestAES::test_aes_defaults PASSED [ 91%] tests/test_92_aes.py::TestAES::test_aes_128_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_128_cfb PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_192_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_192_cfb PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_256_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_256_cfb PASSED [ 92%] tests/test_93_hok.py::TestHolderOfKeyResponse::test_valid_hok_response_is_parsed PASSED [ 92%] tests/test_93_hok.py::TestHolderOfKeyResponse::test_invalid_hok_response_fails_verification PASSED [ 92%] tests/test_94_read_cert.py::test_read_single_cert PASSED [ 93%] tests/test_94_read_cert.py::test_read_cert_chain PASSED [ 93%] tests/test_94_read_cert.py::test_read_cert_chain_with_linebreaks PASSED [ 93%] tests/test_schema_validator.py::test_invalid_saml_metadata_doc[invalid_metadata_file.xml] PASSED [ 93%] tests/test_schema_validator.py::test_invalid_saml_metadata_doc[empty_metadata_file.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[InCommon-metadata.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_2.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_aa.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_all.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_example.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_soap.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re_nren.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_rs.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_sfs_hei.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_esi_and_coco_sp.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_no_friendly_name_sp.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[extended.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_slo_redirect.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_uiinfo.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.aaitest.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_cert.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_example.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1_no_encryption.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_2.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metasp.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[pdp_meta.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[servera.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp_slo_redirect.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[urn-mace-swami.se-swamid-test-1.0-metadata.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[uu.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[vo_metadata.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[attribute_response.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[okta_response.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[simplesamlphp_authnresponse.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml2_response.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_false_signed.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok_invalid.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_signed.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_unsigned.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_partial_doc[encrypted_attribute_statement.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_eidas_saml_response_doc[eidas_response.xml] PASSED [ 98%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_response_with_hmac_should_fail PASSED [ 99%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_hmac_should_fail PASSED [ 99%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored FAILED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_wrapper_should_fail PASSED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_extensions_should_fail PASSED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_assertion_should_fail PASSED [ 99%] tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_assertion_first_sig_should_fail PASSED [ 99%] tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_response_first_sig_should_fail PASSED [100%] ==================================== ERRORS ==================================== ____________________ ERROR at setup of TestResponse.test_1 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=22de0e334b62079762565d5bac556114b70761a09e50b302c0d65bf141473064urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xGR8O8spgKeyyz7wm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpkhhzvdiv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkhhzvdiv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=22de0e334b62079762565d5bac556114b70761a09e50b302c0d65bf141473064urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xGR8O8spgKeyyz7wm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xGR8O8spgKeyyz7wm', '--output', '/tmp/tmpa9bu7hcc.xml', '/tmp/tmpkhhzvdiv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log setup ------------------------------ ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpkhhzvdiv.xml" output= ____________________ ERROR at setup of TestResponse.test_2 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=22de0e334b62079762565d5bac556114b70761a09e50b302c0d65bf141473064urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xGR8O8spgKeyyz7wm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpkhhzvdiv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkhhzvdiv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=22de0e334b62079762565d5bac556114b70761a09e50b302c0d65bf141473064urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xGR8O8spgKeyyz7wm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xGR8O8spgKeyyz7wm', '--output', '/tmp/tmpa9bu7hcc.xml', '/tmp/tmpkhhzvdiv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _______________ ERROR at setup of TestResponse.test_issuer_none ________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=22de0e334b62079762565d5bac556114b70761a09e50b302c0d65bf141473064urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xGR8O8spgKeyyz7wm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpkhhzvdiv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkhhzvdiv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=22de0e334b62079762565d5bac556114b70761a09e50b302c0d65bf141473064urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xGR8O8spgKeyyz7wm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xGR8O8spgKeyyz7wm', '--output', '/tmp/tmpa9bu7hcc.xml', '/tmp/tmpkhhzvdiv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ________________ ERROR at setup of TestResponse.test_false_sign ________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=22de0e334b62079762565d5bac556114b70761a09e50b302c0d65bf141473064urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xGR8O8spgKeyyz7wm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpkhhzvdiv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkhhzvdiv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=22de0e334b62079762565d5bac556114b70761a09e50b302c0d65bf141473064urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xGR8O8spgKeyyz7wm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xGR8O8spgKeyyz7wm', '--output', '/tmp/tmpa9bu7hcc.xml', '/tmp/tmpkhhzvdiv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ______________ ERROR at setup of TestResponse.test_other_response ______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=22de0e334b62079762565d5bac556114b70761a09e50b302c0d65bf141473064urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xGR8O8spgKeyyz7wm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpkhhzvdiv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkhhzvdiv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=22de0e334b62079762565d5bac556114b70761a09e50b302c0d65bf141473064urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xGR8O8spgKeyyz7wm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xGR8O8spgKeyyz7wm', '--output', '/tmp/tmpa9bu7hcc.xml', '/tmp/tmpkhhzvdiv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ______________ ERROR at setup of TestAuthnResponse.test_verify_1 _______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp55yol6m0.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp55yol6m0.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log setup ------------------------------ ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp55yol6m0.xml" output= ___________ ERROR at setup of TestAuthnResponse.test_verify_signed_1 ___________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp55yol6m0.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp55yol6m0.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _______________ ERROR at setup of TestAuthnResponse.test_parse_2 _______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp55yol6m0.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp55yol6m0.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ___________ ERROR at setup of TestAuthnResponse.test_verify_w_authn ____________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp55yol6m0.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp55yol6m0.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _________ ERROR at setup of TestAuthnResponse.test_unpack_nested_eptid _________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp55yol6m0.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp55yol6m0.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ____ ERROR at setup of TestAuthnResponse.test_multiple_attribute_statement _____ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp55yol6m0.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp55yol6m0.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5d76019e1eeaee0a58d63b242a3c9b2001d106bbcd9489ae45de99da5d156e1aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-91I2HyEP3hZY2FR1I' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError =================================== FAILURES =================================== ________________ test_signed_metadata_proper_str_bytes_handling ________________ self = statement = 'MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==Rolands SP' node_name = 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = None def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', ...] extra_args = ['/tmp/tmp1nu81kmx.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1nu81kmx.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_signed_metadata_proper_str_bytes_handling(): sp_conf_2 = sp_conf.copy() sp_conf_2["key_file"] = full_path("test.key") sp_conf_2["cert_file"] = full_path("inc-md-cert.pem") # requires xmlsec binaries per https://pysaml2.readthedocs.io/en/latest/examples/sp.html sp_conf_2["xmlsec_binary"] = sigver.get_xmlsec_binary(["/opt/local/bin"]) cnf = SPConfig().load(sp_conf_2) # This will raise TypeError if string/bytes handling is not correct > sp_metadata = create_metadata_string("", config=cnf, sign=True) tests/test_39_metadata.py:66: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/metadata.py:118: in create_metadata_string eid, xmldoc = sign_entity_descriptor(eid, mid, secc, sign_alg, digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/metadata.py:851: in sign_entity_descriptor xmldoc = secc.sign_statement(f"{edesc}", class_name(edesc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==Rolands SP' node_name = 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = None def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', '--output', '/tmp/tmppmonp1yd.xml', '/tmp/tmp1nu81kmx.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1nu81kmx.xml" output= _______________________ TestSecurity.test_sign_assertion _______________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp2n5m21qc.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp2n5m21qc.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_assertion(self): ass = self._assertion print(ass) > sign_ass = self.sec.sign_assertion(f"{ass}", node_id=ass.id) tests/test_40_sigver.py:186: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1710: in sign_assertion return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpxvx1p66z.xml', '/tmp/tmp2n5m21qc.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp2n5m21qc.xml" output= _______________ TestSecurity.test_multiple_signatures_assertion ________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpcburdyx0.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpcburdyx0.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_assertion(self): ass = self._assertion # basic test with two of the same to_sign = [(ass, ass.id), (ass, ass.id)] > sign_ass = self.sec.multiple_signatures(str(ass), to_sign) tests/test_40_sigver.py:205: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp2uv07cy3.xml', '/tmp/tmpcburdyx0.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpcburdyx0.xml" output= ________________ TestSecurity.test_multiple_signatures_response ________________ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpjhdw9tn9.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpjhdw9tn9.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) # order is important, we can't validate if the signatures are made # in the reverse order to_sign = [(self._assertion, self._assertion.id), (response, response.id)] > s_response = self.sec.multiple_signatures(str(response), to_sign) tests/test_40_sigver.py:233: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmprkzspvz_.xml', '/tmp/tmpjhdw9tn9.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpjhdw9tn9.xml" output= _______________________ TestSecurity.test_sign_response ________________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp400miry2.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp400miry2.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:270: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp9z76gvhq.xml', '/tmp/tmp400miry2.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp400miry2.xml" output= ______________________ TestSecurity.test_sign_response_2 _______________________ self = statement = b'the-isser-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpr8o8oh8i.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpr8o8oh8i.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response_2(self): assertion2 = factory( saml.Assertion, version="2.0", id="id-11122", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11122", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Fox", ""), ("name:givenName", "nameformat", "givenName"): ("Bear", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser-2"), status=success_status_factory(), assertion=assertion2, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(assertion2), assertion2.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:314: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isser-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmp0njnh_dc.xml', '/tmp/tmpr8o8oh8i.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpr8o8oh8i.xml" output= ________________________ TestSecurity.test_sign_verify _________________________ self = statement = b'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmphn_8_xem.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmphn_8_xem.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify(self): response = factory( samlp.Response, assertion=self._assertion, id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:341: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmphj0ogb55.xml', '/tmp/tmphn_8_xem.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmphn_8_xem.xml" output= ____________ TestSecurity.test_sign_verify_with_cert_from_instance _____________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp5w56du0a.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp5w56du0a.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_with_cert_from_instance(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:363: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpgq8szcep.xml', '/tmp/tmp5w56du0a.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp5w56du0a.xml" output= _______ TestSecurity.test_sign_verify_assertion_with_cert_from_instance ________ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpeay3wfvb.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpeay3wfvb.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_assertion_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11100", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Fox", ""), ("name:givenName", "nameformat", "givenName"): ("Bear", ""), } ), ) to_sign = [(class_name(assertion), assertion.id)] > s_assertion = sigver.signed_instance_factory(assertion, self.sec, to_sign) tests/test_40_sigver.py:395: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmpmtpfu36h.xml', '/tmp/tmpeay3wfvb.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpeay3wfvb.xml" output= _______ TestSecurity.test_exception_sign_verify_with_cert_from_instance ________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpu_s_ftm8.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpu_s_ftm8.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_exception_sign_verify_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Foo", ""), ("name:givenName", "nameformat", "givenName"): ("Bar", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:436: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpy5i3xqz5.xml', '/tmp/tmpu_s_ftm8.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpu_s_ftm8.xml" output= _________________ TestSecurityNonAsciiAva.test_sign_assertion __________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpcehy687q.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpcehy687q.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_assertion(self): ass = self._assertion print(ass) > sign_ass = self.sec.sign_assertion(f"{ass}", node_id=ass.id) tests/test_40_sigver.py:491: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1710: in sign_assertion return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp1uu0pv6t.xml', '/tmp/tmpcehy687q.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpcehy687q.xml" output= __________ TestSecurityNonAsciiAva.test_multiple_signatures_assertion __________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmprm99b8fw.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmprm99b8fw.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_assertion(self): ass = self._assertion # basic test with two of the same to_sign = [(ass, ass.id), (ass, ass.id)] > sign_ass = self.sec.multiple_signatures(str(ass), to_sign) tests/test_40_sigver.py:511: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp_ptcy2e_.xml', '/tmp/tmprm99b8fw.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmprm99b8fw.xml" output= __________ TestSecurityNonAsciiAva.test_multiple_signatures_response ___________ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp5cloma52.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp5cloma52.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) # order is important, we can't validate if the signatures are made # in the reverse order to_sign = [(self._assertion, self._assertion.id), (response, response.id)] > s_response = self.sec.multiple_signatures(str(response), to_sign) tests/test_40_sigver.py:539: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpz10u_zy5.xml', '/tmp/tmp5cloma52.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp5cloma52.xml" output= __________________ TestSecurityNonAsciiAva.test_sign_response __________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpcj_r2e_l.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpcj_r2e_l.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:576: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpl5axvod_.xml', '/tmp/tmpcj_r2e_l.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpcj_r2e_l.xml" output= _________________ TestSecurityNonAsciiAva.test_sign_response_2 _________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpdb9wmb2w.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpdb9wmb2w.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response_2(self): assertion2 = factory( saml.Assertion, version="2.0", id="id-11122", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11122", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Räv", ""), ("name:givenName", "nameformat", "givenName"): ("Björn", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion2, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(assertion2), assertion2.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmplucwpygw.xml', '/tmp/tmpdb9wmb2w.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpdb9wmb2w.xml" output= ___________________ TestSecurityNonAsciiAva.test_sign_verify ___________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmporxbxmmv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmporxbxmmv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:648: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp34_ylr84.xml', '/tmp/tmporxbxmmv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmporxbxmmv.xml" output= _______ TestSecurityNonAsciiAva.test_sign_verify_with_cert_from_instance _______ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpawu8cpap.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpawu8cpap.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_with_cert_from_instance(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:670: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp662y8rzd.xml', '/tmp/tmpawu8cpap.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpawu8cpap.xml" output= __ TestSecurityNonAsciiAva.test_sign_verify_assertion_with_cert_from_instance __ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpkmahxdvd.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkmahxdvd.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_assertion_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11100", self.sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Räv", ""), ("name:givenName", "nameformat", "givenName"): ("Björn", ""), } ), ) to_sign = [(class_name(assertion), assertion.id)] > s_assertion = sigver.signed_instance_factory(assertion, self.sec, to_sign) tests/test_40_sigver.py:702: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmpd75gmia2.xml', '/tmp/tmpkmahxdvd.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpkmahxdvd.xml" output= __ TestSecurityNonAsciiAva.test_exception_sign_verify_with_cert_from_instance __ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerF\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpju0yqmpv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpju0yqmpv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_exception_sign_verify_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Föö", ""), ("name:givenName", "nameformat", "givenName"): ("Bär", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:743: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerF\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmp6bjukta9.xml', '/tmp/tmpju0yqmpv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpju0yqmpv.xml" output= __________________________________ test_xbox ___________________________________ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpl1ms3pii.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpl1ms3pii.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_xbox(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="id-11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("", "", "surName"): ("Foo", ""), ("", "", "givenName"): ("Bar", ""), } ), ) > sigass = sec.sign_statement( assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id, ) tests/test_40_sigver.py:843: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpi9vj5buy.xml', '/tmp/tmpl1ms3pii.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpl1ms3pii.xml" output= ___________________________ test_xbox_non_ascii_ava ____________________________ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpiqyzulyx.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpiqyzulyx.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_xbox_non_ascii_ava(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="id-11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("", "", "surName"): ("Föö", ""), ("", "", "givenName"): ("Bär", ""), } ), ) > sigass = sec.sign_statement( assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id, ) tests/test_40_sigver.py:901: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpezatgr15.xml', '/tmp/tmpiqyzulyx.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpiqyzulyx.xml" output= _______________________ TestServer1.test_signed_response _______________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d33a39ddcd4eef8abdec4611f976a3cfae1d52b7b189e5a64e92c1ae363cb5c1urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xZWNvBsgJNSpZYvAS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp1_icmcik.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1_icmcik.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_50_server.py:441: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d33a39ddcd4eef8abdec4611f976a3cfae1d52b7b189e5a64e92c1ae363cb5c1urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-xZWNvBsgJNSpZYvAS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xZWNvBsgJNSpZYvAS', '--output', '/tmp/tmparngu_va.xml', '/tmp/tmp1_icmcik.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1_icmcik.xml" output= ______________________ TestServer1.test_signed_response_1 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-3xx5Qw7LcrxzlVbYz' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmplpno6lz8.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmplpno6lz8.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_50_server.py:464: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-3xx5Qw7LcrxzlVbYz' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-3xx5Qw7LcrxzlVbYz', '--output', '/tmp/tmpet7_cbqa.xml', '/tmp/tmplpno6lz8.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmplpno6lz8.xml" output= ______________________ TestServer1.test_signed_response_2 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6h17byNnGWs2k4uIZ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpwygmi6br.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpwygmi6br.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_2(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, ) tests/test_50_server.py:495: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6h17byNnGWs2k4uIZ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-6h17byNnGWs2k4uIZ', '--output', '/tmp/tmp1cfhcnyr.xml', '/tmp/tmpwygmi6br.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpwygmi6br.xml" output= ______________________ TestServer1.test_signed_response_3 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-AMp8OgbwxrIeobVMP' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmptsn05l3j.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmptsn05l3j.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_3(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=True, ) tests/test_50_server.py:519: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-AMp8OgbwxrIeobVMP' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-AMp8OgbwxrIeobVMP', '--output', '/tmp/tmpvlx80fru.xml', '/tmp/tmptsn05l3j.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmptsn05l3j.xml" output= _________________ TestServer1.test_encrypted_signed_response_1 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjQ3WhcNMzUwNDIyMTM0MjQ3WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAq6Kd83gBPTRlHiW1mKSM8aDz8opAKrN7VG6AAQ2vf4HU2z9EFJIxQgbC\nVh3WLq5sP9JEqPdyxgWUicgXFHJmBgk04uKJJ7onvbF1AkinAmZlYqLP1643lmQh\nLrgNoOm7/lY7cxge2IELCsdlo/7MAlSmDuhFC6hz7f1I+rhuRQhGlU617oPTLZRE\ncmDZ+1K52kntE6mFaVlIuoSifkaXXiO3tS6/gwWtWEcT7vrUCszAlMiKjTaMGWpw\niQUbY5DdkHLVmJZgTrR6X9GyLNDdK0sm8ueR2M12uTsy03UXZd8lkqOM+ojQFY8/\nPvad6jxCAE0PY9AT6TvhSD+EB0wqOQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFf8\nus1jI4/pVLlwixswmMr0Q7cQLblgydJaf5r01vbH+YnQ9psIV/lPsmWCqwgoviMc\nSpqfk7xoWwqWFY3lUJ3WFHcaNBmzfhho66S9Cs7Bs/uCendtfAJb5tQcbr/ADSUA\niphaaYs58TbWLAyaORv6PForpwhQYHMIY0gIZzhUW9dz4UtDG5aTo2KkupFfPdow/i9mh7rIgBAYQQS5+akjMc/I2t7oW3cUII+uaIjy\n3k3rBlgZgK8BpsxaOPyHz1CK2qaDr/n7OKb48Jq+7bRqoZAGyQ1j3Nm9AOqJaU8c\nGjCd+QBnumqNlOKDsXxRH1PBaOQvXphVN984RhScFw30E7tHSNMgCn3nvyk0zgVi\nEWqR2OsLB8iswhSSMf74X8xFWOSE5+Nsiw4lqppeoJc8RGpXoy+oCkgMQLZiGpJ9\nzml7af9577AgBOLt6C45SMY0aek7pitfHgZ2IJt6uQ6chbWMWw4Pw+UCHVY7+OLG\nFOwOcm0wamtyoAVmG4Rs8A==IFN0ExORXH6A7o7a2YgUCNNh/mMv2aTdAl3K1+stSLQ3AYltGUouzINitvd3eGMM\nUj1KrPFjYundYh5IVv3utXuAmljBqAzjAlD77JbwDdwflYaaveTrb594kN/0X0oZ\nNgNFsdN2EMNugSluRfkYkbkLuhf/t149i/w8XcJrPM7uRbzfGH5ua2YPAlwK0lUM\nh9MuFg9H8gJS2FijIQ0AeyqbmZnybYGFTze4Ne0UFo1WJIs5Dqe2jmBufFvzWf9n\nuNiHzS/To635H1byb4/ouLu4ASZ0LGk+spPqJQ4BbB72YX15LKj5R9mQtrMd+7vR\nWxyEMaIE1CEzW6JBBM/DcY4ZiXDwSTaK/WqKzSEFo+nFxY/0NP812dqZsaPC+il8\nK+j4sqXRZwsLd6SF9CVZi4Af4qv53f8fydFM1MjmYn8TIPEraQMlGq8EmydFqmnO\nafy6FWXxAuG2hRwZqx2lZItWIRdE5DyGO++PIwdEQsKTEOIoWs3NvBnZpKXWSEZ/\n/aXoHOHvBiLP0kLFa3MjfhQtr6GEr1hiEhPFM9JVxSLmfM1hq9KVGyDms0IhxiAx\nL8La+pWKrGt1oSJegZhPGg+W9Ty5d7Psde8TQFa6hBDkczMLnj0N17eIhMnOBoBc\ntCHJjNMExPUuD847LkH94BsaSwz7QnkLy7OB7uqOjoA5ON3nBLaENceBuLqFoEr7\nMs3eK9SwCKg34Ge1kJt76c3dMuLBZ9E78n40nwgW1lFM8SZyOVhyzfnGsAlgjCfV\nLFiKmJXavBXQUD/y5V5+GAtFrG30uJz+lJk6zoxpnXLbqjbb4WSxcKhqbzSL/J+6\n0PvPvbchB/aNNbSYKyshfOTRTl9rDCur7SSSOf+BmTsLQLd69y0njjziX7T7XYU7\n2AMtuWwJAz9pce6LUlrml72Yq1jv96sGCXOiKVlGYfjaueTvIQqfoFPYVWQKHyI2\nKhy+qjGF4phg/IhGkPrdv7JJTXtzeDvR4B9JnvF+x81qROITPZa1qWlHSzyHIjaa\ngW+sg0D8e3fwItSkbd/j4xiYerJXOp1ELcaiDDdYI3QCvZWaOHDFijRmVJqcvf/m\n18hV0cDX+u/mER8lAO4EtXMlr8xeM0UIaknPoCYQKv4k/oXwXjUbS8YmBDjROFSF\nxB/Nj4nz7Q/6J/XzHFdVKVRaGoCIzbDjAwmm4KFMhM3ZUwHKZyO+v08kRZgH+d2p\nuDF24dmQDRl3MHKwDjNSnQicH1oM0QaMxiKx1n6XTAyy3HiXOaH7yod8NbKRIp6S\nRG2y3/3M7foo6BVi9SHuNGt+126ypfebRI9Y/ShOkwb/JeIh022YJ/KeOd6Xzu43\ncoWnoLdYt4cCKF/RRtXUbvMvG3n8E48ln+sBnhdsRd6MdmiVzaLwECUUnLTJb6Xp\nygRrhXOdJcmZZq5u1bd8aoyeD9Cdl1QWGuQ9PSL7xc2zjQvYq5WVg5+eca1UnoxT\nc6D7i+ZQLpWTOWX06NUJtzylk6w+9nZ/AWowFnwrBZza1G9QyVO347j6j8NNYvXP\nEBRe/QHaBBWofLKyhu5SUOiZ6uUkwzOcgxQzivMVSmNsgCOo2lHfK6EL5ihK/fRQ\n8j9FYYP/2tMSc7CPCEv/jtS5EfHF1IYUIIeBLk7TJOXGmtCJo6p/7evEU7JNA40+\n6g5PKg3H0N0Sd8kfdEln1t6wRUFvtduk25iYfNYusnl2GRVVNb92RZ6NHbSbtdCL\nLMnieuhl4ETlarEnMzNV3sqVPbuW6yTIzxylSV11M73yfwd8AnUD5qiH/VfpiRU/\n+8d3Pe7/Dzfzkn7YnYR5h6xrN9PbG/1UsT19971N/2I0Wa6m+c8Oh5Gm8rQmP7ro\nKUU6Nd2blUMhHdpUZ5GwN+n8k1rB74AnnAphXoeDegy07joaBR0h4UJxME0te+lh\ngsry5fjmODKJTZS+PWD2Y8JXwG38/3wQymjzMjXdUBMDHnaBhRWoLhDX51wHBT9U\nHDTZnvO9UlaQ0TG4mdhi01PmTFMuBsx8S5toULRE+9fQml0SHiPoSlPEZVLemK3y\nu9/JqAc8saO2dC4kE0v8aV1fgi9u9K+rDEuZ57Bc8+Xx9ZvXIHfZP2m0zoMYcWF9\nKWKpxuXmKlNLcwpp0fsUnY2v0+Fg6GNVudvJc7EX4uzn3cAjBOfyhUSdqVOYdukt\ndpa9SWwE60DYM6OyrbDT22Gk5FgHP3gJquvav9fPeK6bjwbKRI/N/9eK+wHazPGa\nzHD3rMFi7wCfgpNvtsudKEP0PLJ6xhFM3HIR2vIBUu+IQMcS+A0WVyDtSyD65MaL\nREYPaPOogXL6bg1gmst7KEz/CT7Mla1ELdmfwsdMxARsuubdXXCwNMgn7SVHFTQb\n2Buxa39FYA+Gu3KyIvYLGORt/CcnJoY2ciadxn6lA1Gu8l8Nl44OVw==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-noR4NMXAApxcX3rFl' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpgjy9huxc.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpgjy9huxc.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_1(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:547: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjQ3WhcNMzUwNDIyMTM0MjQ3WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAq6Kd83gBPTRlHiW1mKSM8aDz8opAKrN7VG6AAQ2vf4HU2z9EFJIxQgbC\nVh3WLq5sP9JEqPdyxgWUicgXFHJmBgk04uKJJ7onvbF1AkinAmZlYqLP1643lmQh\nLrgNoOm7/lY7cxge2IELCsdlo/7MAlSmDuhFC6hz7f1I+rhuRQhGlU617oPTLZRE\ncmDZ+1K52kntE6mFaVlIuoSifkaXXiO3tS6/gwWtWEcT7vrUCszAlMiKjTaMGWpw\niQUbY5DdkHLVmJZgTrR6X9GyLNDdK0sm8ueR2M12uTsy03UXZd8lkqOM+ojQFY8/\nPvad6jxCAE0PY9AT6TvhSD+EB0wqOQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFf8\nus1jI4/pVLlwixswmMr0Q7cQLblgydJaf5r01vbH+YnQ9psIV/lPsmWCqwgoviMc\nSpqfk7xoWwqWFY3lUJ3WFHcaNBmzfhho66S9Cs7Bs/uCendtfAJb5tQcbr/ADSUA\niphaaYs58TbWLAyaORv6PForpwhQYHMIY0gIZzhUW9dz4UtDG5aTo2KkupFfPdow/i9mh7rIgBAYQQS5+akjMc/I2t7oW3cUII+uaIjy\n3k3rBlgZgK8BpsxaOPyHz1CK2qaDr/n7OKb48Jq+7bRqoZAGyQ1j3Nm9AOqJaU8c\nGjCd+QBnumqNlOKDsXxRH1PBaOQvXphVN984RhScFw30E7tHSNMgCn3nvyk0zgVi\nEWqR2OsLB8iswhSSMf74X8xFWOSE5+Nsiw4lqppeoJc8RGpXoy+oCkgMQLZiGpJ9\nzml7af9577AgBOLt6C45SMY0aek7pitfHgZ2IJt6uQ6chbWMWw4Pw+UCHVY7+OLG\nFOwOcm0wamtyoAVmG4Rs8A==IFN0ExORXH6A7o7a2YgUCNNh/mMv2aTdAl3K1+stSLQ3AYltGUouzINitvd3eGMM\nUj1KrPFjYundYh5IVv3utXuAmljBqAzjAlD77JbwDdwflYaaveTrb594kN/0X0oZ\nNgNFsdN2EMNugSluRfkYkbkLuhf/t149i/w8XcJrPM7uRbzfGH5ua2YPAlwK0lUM\nh9MuFg9H8gJS2FijIQ0AeyqbmZnybYGFTze4Ne0UFo1WJIs5Dqe2jmBufFvzWf9n\nuNiHzS/To635H1byb4/ouLu4ASZ0LGk+spPqJQ4BbB72YX15LKj5R9mQtrMd+7vR\nWxyEMaIE1CEzW6JBBM/DcY4ZiXDwSTaK/WqKzSEFo+nFxY/0NP812dqZsaPC+il8\nK+j4sqXRZwsLd6SF9CVZi4Af4qv53f8fydFM1MjmYn8TIPEraQMlGq8EmydFqmnO\nafy6FWXxAuG2hRwZqx2lZItWIRdE5DyGO++PIwdEQsKTEOIoWs3NvBnZpKXWSEZ/\n/aXoHOHvBiLP0kLFa3MjfhQtr6GEr1hiEhPFM9JVxSLmfM1hq9KVGyDms0IhxiAx\nL8La+pWKrGt1oSJegZhPGg+W9Ty5d7Psde8TQFa6hBDkczMLnj0N17eIhMnOBoBc\ntCHJjNMExPUuD847LkH94BsaSwz7QnkLy7OB7uqOjoA5ON3nBLaENceBuLqFoEr7\nMs3eK9SwCKg34Ge1kJt76c3dMuLBZ9E78n40nwgW1lFM8SZyOVhyzfnGsAlgjCfV\nLFiKmJXavBXQUD/y5V5+GAtFrG30uJz+lJk6zoxpnXLbqjbb4WSxcKhqbzSL/J+6\n0PvPvbchB/aNNbSYKyshfOTRTl9rDCur7SSSOf+BmTsLQLd69y0njjziX7T7XYU7\n2AMtuWwJAz9pce6LUlrml72Yq1jv96sGCXOiKVlGYfjaueTvIQqfoFPYVWQKHyI2\nKhy+qjGF4phg/IhGkPrdv7JJTXtzeDvR4B9JnvF+x81qROITPZa1qWlHSzyHIjaa\ngW+sg0D8e3fwItSkbd/j4xiYerJXOp1ELcaiDDdYI3QCvZWaOHDFijRmVJqcvf/m\n18hV0cDX+u/mER8lAO4EtXMlr8xeM0UIaknPoCYQKv4k/oXwXjUbS8YmBDjROFSF\nxB/Nj4nz7Q/6J/XzHFdVKVRaGoCIzbDjAwmm4KFMhM3ZUwHKZyO+v08kRZgH+d2p\nuDF24dmQDRl3MHKwDjNSnQicH1oM0QaMxiKx1n6XTAyy3HiXOaH7yod8NbKRIp6S\nRG2y3/3M7foo6BVi9SHuNGt+126ypfebRI9Y/ShOkwb/JeIh022YJ/KeOd6Xzu43\ncoWnoLdYt4cCKF/RRtXUbvMvG3n8E48ln+sBnhdsRd6MdmiVzaLwECUUnLTJb6Xp\nygRrhXOdJcmZZq5u1bd8aoyeD9Cdl1QWGuQ9PSL7xc2zjQvYq5WVg5+eca1UnoxT\nc6D7i+ZQLpWTOWX06NUJtzylk6w+9nZ/AWowFnwrBZza1G9QyVO347j6j8NNYvXP\nEBRe/QHaBBWofLKyhu5SUOiZ6uUkwzOcgxQzivMVSmNsgCOo2lHfK6EL5ihK/fRQ\n8j9FYYP/2tMSc7CPCEv/jtS5EfHF1IYUIIeBLk7TJOXGmtCJo6p/7evEU7JNA40+\n6g5PKg3H0N0Sd8kfdEln1t6wRUFvtduk25iYfNYusnl2GRVVNb92RZ6NHbSbtdCL\nLMnieuhl4ETlarEnMzNV3sqVPbuW6yTIzxylSV11M73yfwd8AnUD5qiH/VfpiRU/\n+8d3Pe7/Dzfzkn7YnYR5h6xrN9PbG/1UsT19971N/2I0Wa6m+c8Oh5Gm8rQmP7ro\nKUU6Nd2blUMhHdpUZ5GwN+n8k1rB74AnnAphXoeDegy07joaBR0h4UJxME0te+lh\ngsry5fjmODKJTZS+PWD2Y8JXwG38/3wQymjzMjXdUBMDHnaBhRWoLhDX51wHBT9U\nHDTZnvO9UlaQ0TG4mdhi01PmTFMuBsx8S5toULRE+9fQml0SHiPoSlPEZVLemK3y\nu9/JqAc8saO2dC4kE0v8aV1fgi9u9K+rDEuZ57Bc8+Xx9ZvXIHfZP2m0zoMYcWF9\nKWKpxuXmKlNLcwpp0fsUnY2v0+Fg6GNVudvJc7EX4uzn3cAjBOfyhUSdqVOYdukt\ndpa9SWwE60DYM6OyrbDT22Gk5FgHP3gJquvav9fPeK6bjwbKRI/N/9eK+wHazPGa\nzHD3rMFi7wCfgpNvtsudKEP0PLJ6xhFM3HIR2vIBUu+IQMcS+A0WVyDtSyD65MaL\nREYPaPOogXL6bg1gmst7KEz/CT7Mla1ELdmfwsdMxARsuubdXXCwNMgn7SVHFTQb\n2Buxa39FYA+Gu3KyIvYLGORt/CcnJoY2ciadxn6lA1Gu8l8Nl44OVw==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-noR4NMXAApxcX3rFl' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-noR4NMXAApxcX3rFl', '--output', '/tmp/tmp006x9tuc.xml', '/tmp/tmpgjy9huxc.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpgjy9huxc.xml" output= _________________ TestServer1.test_encrypted_signed_response_2 _________________ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==H+6BnT2EPmrKq7ISMONx+tjK8KTmAaWn2zmbFteFNU/rVa/mIpwO8ne/blaV/FCy\nRWTTXBn+N6caYpIqh+8Ggi4FTEWbkZi6m9gwql/Y/ZBRdemfW9Urf/ffRu4zVvlz\niRnLP3w9tkSg00SYzsYo4tiMOdAfu0MeFkm33AYJhQ0=jetWGlHq2eTHyK7vZ7QFbPf8Et+m5ac58fBqAwNNNmTnI9nn7ZQGpNE5DzUyunOu\n2K3kDOyOk7L2+MHwELn2h5ck2Uss3sG9bkCZXGex+TQH6For+P9I343U+pP0vt4f\nnUtF4rIbe71wPOzJ2BFoZ8j0o/HoJYMEiMgFY71O/5R9puIsITL096+JwkUg/htu\nBagiZOVO4SoQXddhDcTuRHwd4sMAlfXAlL5h29I8KVyQnxDEs13frvmQ0VOLgOwx\nzfgnNBEYkTm2MwrjkL4CeSSlTo76r3cGygRXTBuGh9L2bD9m+T7eZAQL/aDrMCvS\ntYf/bXnFss3xZlXMx9zBHeqNSN543jHU6W4pNbNpGWTsvgyT1FdyDkpC4O0TGMZS\nkYy8ycY0mWgfOiQntnZgF4AhvI+yY1mFSL94iu0UG5cwoA1adDB6C5Ms6BT2KaMq\nt6/TBKAsCe8ZaQ6IJ9YEECTNivil7jzhM/Nlz/1BL/lpQXVq51hcngFqOD/pUlgI\n1Pb3n1MO1UPgxeacCEuv0Va6eACZRi+9bLwGtfAtOzX9vgK5Z8k7NQ3KkOqIa+h8\nuZ3q0zuugA1mkoXbWtseGsX0YbTaUlKpousz52NTFO3ttGbiRS5fY23bLI6t16pg\n4MO4aVhl1LI6vn1JfiL3QJlLEvvpCxb1WUItfvj92NsC1/J5sk2Jr2u0Q9QiDOfm\nDSsNLxPme6rCdhERywjBs+L8+LJqlU5qBtguRrtMSX6MEex7Rt48RlqUS0N0ScKW\nSIY6iU++RC3wFizPtyJ0DO0xQ3gMk3TIzRNlFE/2Tx2Orp67MvbR7cnaxEk7tYcX\nUkV5SkWxukqPc48Y7fNYsYfjX832wUPsapw1ArSy0bsh+ow+GIRStwCrWgHf6B6Q\n29MREHHPNcy18sbLjJ09LtsWwop8yx4m9RshxDoJmb9e+b095p2QgVCIAzpxKFZ6\n9axj9vWr03U08SKhgsPtFJKx17Qi/GnCa7y9y6jkwb3t4BtvlEF1JiBkAlHFNIGF\n0tghhvKxfilBhRELHUOcnTlMIrCuUxBdqX9XPozBR940q0ADqtVdbr80ooiozuhm\nQ/sfaICnX+yV/Fuodu0+1O+8/+c4qU5eW66bBKyCbKPztWOiyMJf/TQQEkWb5wJs\nvLXOqLrTHIVmmalHdNck64zEfDKwtRMv+WaxMs779FiT8YvMVDDscswa3IGwUUjW\nGymqxdVqEk+FR+kIjoLIJYq7Vv2CqIdFNoqMHSaE4ZDVUaPAJO6oOE+SI4sioC60\nbp1Mb+mvGMXhBobguPN5SpoDU7kZJ1s5t3O6eHPn040933DFjzHR12xn3HOWSOVF\n9ojr0YKoFnciIkltq+3VcSEkIeZCjYUroEb6uQ/aQZ3L2jcSeuQtc88hUOTXyhNK\nK5A085LdekXstOrymXUCE2EYmTFdBfEBczctc/oceCxMHQVpKx5jogbqM+A4kK+P\nWcRiwlLpWnW3CY39gooHTSBrai7UVDmg376Ch+bGmJ3XeiPs+BmLrGhY5V25kChX\nIHZXBNvWrzySkcaJvndmPv1mmtx52tiiAt2r/Z1IQAjdU8tOeRq40xCVuO2E6Hfv\nuzwnGWpxHwUrlLTA9MbHKO3KS34ObGO+YFpG5pHWBsrpNkFVWjZ+w/36uweNHJKt\noJvDvj7VfA7uWZWru7N87oOU2xGjLHWIHtlP53FyjN4J2qul9pqjvyCIpn57Juq8\nX2MumyrMdcGKmKpMGVLDsD5WhgGvIThU+d0AjOwHWKIwlv3ok0pE8XQasrG/BDiq\nbKeU90IKLTR9T+MJBmKullvGg00DIKR3/2NLxKKW5OLiZY70kQjEmYUfB0Y4kv8B\nE0xgOfFXVRkdhwmCQz5LReTcaVwpWLiMLD52yOOsIj/6ADbpB8br9FhXCetpjNxs\nKDCIZqzHDrLghojuRB8f6DlLtI2Pi+22fk0uCdbyOb5/x3mOdkP0yxD7yS0u2nV4\nR7zdMHkdOZiNJdRSZx13IjA5onrqK+Nzc6oI2ZI3lZHDPo3GhhmwBqEOtZMEU5lp\n1tFGqYhuL0TqACx2fsoPc+EeagAa9dyCBMHe5o4hGdaQehKeGC6PUG29jpOkubCW\nq3JPUCdn0vcHwVl6mW8omIoIm4W+RBaVtiwuM1jimR7armb/41jLEbT/yqXKOpCa\nYgRG06DRf+ikGKzSiM/UTppQ5VMqeA+elq2naPKbgs4mcGg+FzSan+XJ78QGYIRI\nZO+Gg/AbWwHnsIU7+blDKU0yqoogA5awqP1dWIW4OozKcCuOYyamZfPWejJXNw+m\nDPerCBKBZLSRHdOOK5ht2JZTzkduE4rqD1AMv1gPuJWSLGAcvG0A5j51au7gAPPA\nMowlcsE73Yp4Ez9lFH0nxRVHRcqeeSvaEJVbmD2gXcQAS5rQihzM0oNvp0C9h/oh\nlVshzjUC9IHS8I6+6a1YtplzFC7u0YzvAeoKAssUEhdjsDAmU8PCTfzoyhNdJOJt\nychCJcUwj8QQVkwv2cm5YwxOVNhRY3BOAuoWwaE6cMRHGBta277w1iz7FI6IIwTL\nypVJklHBw91st7t9pvevIqGjnmp3y1+Jbg4P4uKeZZxUBXMHIJ+lghI9f3qQ302K\ns54z1PmJsGwV8vXXLeJCcxXPkNQkSSOdpNIh8gnfRq2hohYODr/U02d6IXzrunZr\nNJwDbsjrYILPbuA6vqcEl7EuGV9u0FHrLc/P0QaZDo5HS+ugt26ENT1nlPUE21d7\n6NpwM6HuZUW+mSytQilWM4vEL6W3TmOp8tRegJbB0ViGI7BMEG+MrUEwqALlyQBw\nvppiStgg4DGajp8BOqG/rypxyRfSavMd9/iyqtRZttUw9HFOCGIJSISgxxZNg0M3\njNfAREUd0vhCF+gX/A6EGW/PVplBCjDvpVtef6vET3qde9xdIN8t2w==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sKN2u5ldx96lAWf0Q' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp1_rkz124.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1_rkz124.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_2(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, ) tests/test_50_server.py:605: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:912: in _response return signed_instance_factory(response, self.sec, sign_class) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==H+6BnT2EPmrKq7ISMONx+tjK8KTmAaWn2zmbFteFNU/rVa/mIpwO8ne/blaV/FCy\nRWTTXBn+N6caYpIqh+8Ggi4FTEWbkZi6m9gwql/Y/ZBRdemfW9Urf/ffRu4zVvlz\niRnLP3w9tkSg00SYzsYo4tiMOdAfu0MeFkm33AYJhQ0=jetWGlHq2eTHyK7vZ7QFbPf8Et+m5ac58fBqAwNNNmTnI9nn7ZQGpNE5DzUyunOu\n2K3kDOyOk7L2+MHwELn2h5ck2Uss3sG9bkCZXGex+TQH6For+P9I343U+pP0vt4f\nnUtF4rIbe71wPOzJ2BFoZ8j0o/HoJYMEiMgFY71O/5R9puIsITL096+JwkUg/htu\nBagiZOVO4SoQXddhDcTuRHwd4sMAlfXAlL5h29I8KVyQnxDEs13frvmQ0VOLgOwx\nzfgnNBEYkTm2MwrjkL4CeSSlTo76r3cGygRXTBuGh9L2bD9m+T7eZAQL/aDrMCvS\ntYf/bXnFss3xZlXMx9zBHeqNSN543jHU6W4pNbNpGWTsvgyT1FdyDkpC4O0TGMZS\nkYy8ycY0mWgfOiQntnZgF4AhvI+yY1mFSL94iu0UG5cwoA1adDB6C5Ms6BT2KaMq\nt6/TBKAsCe8ZaQ6IJ9YEECTNivil7jzhM/Nlz/1BL/lpQXVq51hcngFqOD/pUlgI\n1Pb3n1MO1UPgxeacCEuv0Va6eACZRi+9bLwGtfAtOzX9vgK5Z8k7NQ3KkOqIa+h8\nuZ3q0zuugA1mkoXbWtseGsX0YbTaUlKpousz52NTFO3ttGbiRS5fY23bLI6t16pg\n4MO4aVhl1LI6vn1JfiL3QJlLEvvpCxb1WUItfvj92NsC1/J5sk2Jr2u0Q9QiDOfm\nDSsNLxPme6rCdhERywjBs+L8+LJqlU5qBtguRrtMSX6MEex7Rt48RlqUS0N0ScKW\nSIY6iU++RC3wFizPtyJ0DO0xQ3gMk3TIzRNlFE/2Tx2Orp67MvbR7cnaxEk7tYcX\nUkV5SkWxukqPc48Y7fNYsYfjX832wUPsapw1ArSy0bsh+ow+GIRStwCrWgHf6B6Q\n29MREHHPNcy18sbLjJ09LtsWwop8yx4m9RshxDoJmb9e+b095p2QgVCIAzpxKFZ6\n9axj9vWr03U08SKhgsPtFJKx17Qi/GnCa7y9y6jkwb3t4BtvlEF1JiBkAlHFNIGF\n0tghhvKxfilBhRELHUOcnTlMIrCuUxBdqX9XPozBR940q0ADqtVdbr80ooiozuhm\nQ/sfaICnX+yV/Fuodu0+1O+8/+c4qU5eW66bBKyCbKPztWOiyMJf/TQQEkWb5wJs\nvLXOqLrTHIVmmalHdNck64zEfDKwtRMv+WaxMs779FiT8YvMVDDscswa3IGwUUjW\nGymqxdVqEk+FR+kIjoLIJYq7Vv2CqIdFNoqMHSaE4ZDVUaPAJO6oOE+SI4sioC60\nbp1Mb+mvGMXhBobguPN5SpoDU7kZJ1s5t3O6eHPn040933DFjzHR12xn3HOWSOVF\n9ojr0YKoFnciIkltq+3VcSEkIeZCjYUroEb6uQ/aQZ3L2jcSeuQtc88hUOTXyhNK\nK5A085LdekXstOrymXUCE2EYmTFdBfEBczctc/oceCxMHQVpKx5jogbqM+A4kK+P\nWcRiwlLpWnW3CY39gooHTSBrai7UVDmg376Ch+bGmJ3XeiPs+BmLrGhY5V25kChX\nIHZXBNvWrzySkcaJvndmPv1mmtx52tiiAt2r/Z1IQAjdU8tOeRq40xCVuO2E6Hfv\nuzwnGWpxHwUrlLTA9MbHKO3KS34ObGO+YFpG5pHWBsrpNkFVWjZ+w/36uweNHJKt\noJvDvj7VfA7uWZWru7N87oOU2xGjLHWIHtlP53FyjN4J2qul9pqjvyCIpn57Juq8\nX2MumyrMdcGKmKpMGVLDsD5WhgGvIThU+d0AjOwHWKIwlv3ok0pE8XQasrG/BDiq\nbKeU90IKLTR9T+MJBmKullvGg00DIKR3/2NLxKKW5OLiZY70kQjEmYUfB0Y4kv8B\nE0xgOfFXVRkdhwmCQz5LReTcaVwpWLiMLD52yOOsIj/6ADbpB8br9FhXCetpjNxs\nKDCIZqzHDrLghojuRB8f6DlLtI2Pi+22fk0uCdbyOb5/x3mOdkP0yxD7yS0u2nV4\nR7zdMHkdOZiNJdRSZx13IjA5onrqK+Nzc6oI2ZI3lZHDPo3GhhmwBqEOtZMEU5lp\n1tFGqYhuL0TqACx2fsoPc+EeagAa9dyCBMHe5o4hGdaQehKeGC6PUG29jpOkubCW\nq3JPUCdn0vcHwVl6mW8omIoIm4W+RBaVtiwuM1jimR7armb/41jLEbT/yqXKOpCa\nYgRG06DRf+ikGKzSiM/UTppQ5VMqeA+elq2naPKbgs4mcGg+FzSan+XJ78QGYIRI\nZO+Gg/AbWwHnsIU7+blDKU0yqoogA5awqP1dWIW4OozKcCuOYyamZfPWejJXNw+m\nDPerCBKBZLSRHdOOK5ht2JZTzkduE4rqD1AMv1gPuJWSLGAcvG0A5j51au7gAPPA\nMowlcsE73Yp4Ez9lFH0nxRVHRcqeeSvaEJVbmD2gXcQAS5rQihzM0oNvp0C9h/oh\nlVshzjUC9IHS8I6+6a1YtplzFC7u0YzvAeoKAssUEhdjsDAmU8PCTfzoyhNdJOJt\nychCJcUwj8QQVkwv2cm5YwxOVNhRY3BOAuoWwaE6cMRHGBta277w1iz7FI6IIwTL\nypVJklHBw91st7t9pvevIqGjnmp3y1+Jbg4P4uKeZZxUBXMHIJ+lghI9f3qQ302K\ns54z1PmJsGwV8vXXLeJCcxXPkNQkSSOdpNIh8gnfRq2hohYODr/U02d6IXzrunZr\nNJwDbsjrYILPbuA6vqcEl7EuGV9u0FHrLc/P0QaZDo5HS+ugt26ENT1nlPUE21d7\n6NpwM6HuZUW+mSytQilWM4vEL6W3TmOp8tRegJbB0ViGI7BMEG+MrUEwqALlyQBw\nvppiStgg4DGajp8BOqG/rypxyRfSavMd9/iyqtRZttUw9HFOCGIJSISgxxZNg0M3\njNfAREUd0vhCF+gX/A6EGW/PVplBCjDvpVtef6vET3qde9xdIN8t2w==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sKN2u5ldx96lAWf0Q' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-sKN2u5ldx96lAWf0Q', '--output', '/tmp/tmpsqtmyveb.xml', '/tmp/tmp1_rkz124.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1_rkz124.xml" output= _________________ TestServer1.test_encrypted_signed_response_3 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-mMn3qRSX3ZgPEjyEE' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp003ljyi6.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp003ljyi6.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_3(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=False, encrypt_cert_assertion=cert_str, ) tests/test_50_server.py:650: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-mMn3qRSX3ZgPEjyEE' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-mMn3qRSX3ZgPEjyEE', '--output', '/tmp/tmpjj9nw3p8.xml', '/tmp/tmp003ljyi6.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp003ljyi6.xml" output= _________________ TestServer1.test_encrypted_signed_response_4 _________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjQ4WhcNMzUwNDIyMTM0MjQ4WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAqkEDBm6uTZBLeD5u4oPWqs/9PaB5msEojzn+PlOL2FHMTfewTyjX25zW\n2H+amlkKfMsDFSRtwaS+rl2XZUol1S89rAk/iyZJhBgZlpHzR92nQjteM/KZ6iQ5\nDv8PeYj+Abg5fjAzBiQLHO9k/KmnLVFS3kT1rkBg9n46VbHNHD+TzVqWC92c3EZf\nCDUJmCGXBqlXjQ2JLwrM/f++FCj7ZDcuhmbKIW396LYSaobVGXr8JHMCAngPYAyb\npdyx8WMHES5UOXzQhnhXShvIjU4IhElAuKeUt8AxxO2rvXQa3pMJhKQ24tgvm27G\n3n+jfXlgcdRIf+MqE4HKb+A09VOG5QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJv8\n4yQD/0NoL0iHgKKyDwbXIf0V/AMCqnOf8UBpZKLkharxgK3LlIWkyEUyGpMLrZA7\nzsWaDz6M1VnODFdt7DJ+CHSAdPil8aOxsoHuiR4x8JvTp2yjvzWvG5Nq3jNVwQIB\n0JIuNAxgMVxE0KtBU5RFuMpTEFbFhIZJ15tnnwukWQRC52w/eHCm+a0X3RMJmGQuG/jf36x4zxk+wjV1YrfeM85LUvprftpOFxxrIiiQ\nPinmA7LWkIjt/y6mioI/Jic2DLxMfWyIiaHF0Jd+i4DW9CoX3bOAov1iVMK6X7mM\npej2YRs6z2VrvvwG0c9XsQyVgfJPB1zlwFo8sUlZn5+4DF6GhjgTUd0tvbAMXO/l\nXTkemkdWne+MBq0VjNSzPZbQuBFDShqeuDEDv/CbUqIIVFHJFSyescwZ4RQ3yuu3\n5AiPgKLJ3JNbM/V2MgONMfiDcODBgnp4DZLATZCxEyNHNtleYd/q3QmoX/4w/Lb3\nCC3v/1CwT6KNpc4TgQvPjQ==77MHdLf5amsdY5VGz642ZAbcZ86CkWOo5cGvxM9g4FX/wIdsWGF9ZlAWqIa9RmjP\nOZx56NYE+1CeTfaG4Th4n5JDccLdBLtLaxiL1tXyKGo9IjK4qlCjuv3M76uXjEms\nmo03VnchrXWvZXcF3DwDLroly6aP4ySQNWDc7iZpLqiKMsttT/ykFc9/c16tU6Ud\nlwhZEi0bUP9mF/6kpkTea2C7axu+Dp1qo4rJb4Kua0OWAiWfbm5hpWnEioKSZrM5\nZsAaG4FWslmlVfu9q7NMV9AlPbaGmJ8i+gWmDDyee6tLhFkUbZ3e23ij6t86vpV3\nXO4uDHcQsamsu0two32TJVUjRuAOBmR+CYCWvz1Lv/HOqJap+X+o8H5q4bdqdJ6K\nSpek786jrd/dSOOAKyL9G8ZC0P6Tu5Wb5j6GI6U2Z3a40CYnrgGUuahcXbxVX2Nw\n7VBpXRb4YwTnTxKoy+zRdD4Nkn4HD8w8rYuQ92yBF75pe9NPP2R7l10Km9dKZLKw\nxFaCc/zsBlv2OyQpxIXaIxuj3If73mcQhpcc5WReLJEmUpfMlcfK0pmHiIPs16k7\nvWPqo77fpRmcLbTQYVd6esryIorq5ohLgF+xG8Wy2T8T7zmzz7u0EjDcQOEJ4crO\njyYXUUAt5wSsrRKUT2nxQqyc1j/OTicr3jsy5VHTRsp9iIOXaq0ran02JVsWT+es\nYFX0eB/5wVq/H2HcGVTrmTieHdwgGEsRuF05jeBGVtZA6XiUNcx1V2s6QwXnNqXQ\nZMwgbuDIAzYmyBuzb06WoOuDq8vcKQu7jgJUeAcleLZmbPPQcdn8dqRAWEmQJnNY\nOL1uxK1i4lkfs9rAxXhpr2KD5/JUokFchCTBJcQNizR+kCcORAXHGoamr3tYC5Um\nzN3Qkqi0/GMXQtKW3vNZ0hMZ9DjgfCHwDz+aNMwaYeBA7FVXme1+W9P0eH7/IqEp\np7Kqy8ojHYv3KFOS3blQ4ppaGpCgxuE3P83nQv40Foccf3U8xLE4UXkGsBG5QXJ/\nK/29OswfjruOtlr4iZT8Jz4QGyEGHpyp0oI5IWQ8cNRZIFPnI1rEoXgelpkTUIwf\nBVnHvFAHyK/0AhdIR7TNXYS+BZcMehC0QisAHkfn4Bpi7UCRZXz4m3n4zrn5PNty\nco5PqnGcLIJMUTyVUpbvdE6o03oHlvJ8R6KWpEEhQ3XQm/RLZnHlWoyIOvA9zxN7\nA9pqD3Idav/B9rwIrxEtRWyj85Es7HMLHgV2Kkk28xRl19jAD5pXAJVj/EXKihAL\nTQxsvAPh+7gLTqDA6g9DxpO0wll9FgVjXTec4MtDlLlFbqYO2nkdO2b8hQbGRUkq\niXEU1O/hQcOSPSWDgpl0rK2STiXBUBywvo+SyLJeqeZJ7FYnLomgq2yQHI/c2jJ4\n8O7rh3Iqzl4adwR5Fcyz6wo93Ve970/mCYgkCSA9TO2Ti7cKbaAVafUbpimtebB+\ngDvHBEBDoXTk55e/0FGUOXb2WL454WruWm6fXDwvpixyHtLqdWmnB7URNn8xvcl2\n6xUmamujRvvmq0MHwWdo0+Dt92+IsF9GeRu6POzOsFFUMkb0zFu/MPnF9Gmv73/o\nMyOxwfURRxkR4mzqhsByVzv/X6VGS05DIgej4c8agkujedkEvLzHzbt+qoDFBWXB\nRtW+eNyoVhupIe2FaFdDNzsh3laPR3ANwa/k1Lwk5VDHaUK2dR3t0g7fLikn1Pe0\nsdkbkq0PWr0CMEwwpnI8+UM/KoPafXwt+MzHxLLCo6wK1AJ/qGafv3cEQgpv2HfO\nLM+egywpIJDJSnX3Y+C782hgzDT82Xkvujk7M3YPaHD9yvLTZ3TJI+JO1d0SBJnn\nnDUeOoLVFNlocZ5R1qy/qYdTBADwQ+0YosqPqUd60zsJ7CRFO7Tf+uFj9jWohkG7\ngagVaLlcRCEEHLGHnlCAKvaCJa7lxpJQV4E17f+Sl7H5y/FVfk2IiQDFH1t+kmlr\noNMP4LTlJ7iVzhy4TN1yuVZDjQbEe0jlgxrY8XVqxuaZ5l1WHlq7XDMgojt+tjE3\nvfoTItjLvig3LjyOTzj5TNiZZfxjF7Xhs6tGtm004FdoVxj65T5tZcOHQy+htgjS\nA9RtOR/Emz/vRzsZTKmfXrhUTpAVvVLIM2m0k3UwjEBt4PUJzRzZ+cGKBtxWeSZX\nOx4dvIT9eyaMdYs1WR2XDV9yH6MOkS3Adx2W2uMf4qRRTW6If5UkbsQxHvt8qiIn\nctU4Vl/Yze+qgqrTHETLNEEfElU6B0dS4fGRxBDfWmK5an3IjGuxTTCfSgOditA3\nmcr9U8Y9NHGAxqlGjh35sqjcppN7bgQyCso5eZZK8m+LYTP5b629Vel5kc6qj1pJ\nYiQmL5b9RXa9vOImzYzZtq6duHYgrGWRZ4FWXqb2F12BIXFvL/1ngA==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-WA7zugKd06RKNY16F' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpp7tclcuo.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpp7tclcuo.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_4(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:697: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=58291a536223cf23826ea8f2e368ba87e3a0d77c6b34528daaa9cd31cb743934urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjQ4WhcNMzUwNDIyMTM0MjQ4WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAqkEDBm6uTZBLeD5u4oPWqs/9PaB5msEojzn+PlOL2FHMTfewTyjX25zW\n2H+amlkKfMsDFSRtwaS+rl2XZUol1S89rAk/iyZJhBgZlpHzR92nQjteM/KZ6iQ5\nDv8PeYj+Abg5fjAzBiQLHO9k/KmnLVFS3kT1rkBg9n46VbHNHD+TzVqWC92c3EZf\nCDUJmCGXBqlXjQ2JLwrM/f++FCj7ZDcuhmbKIW396LYSaobVGXr8JHMCAngPYAyb\npdyx8WMHES5UOXzQhnhXShvIjU4IhElAuKeUt8AxxO2rvXQa3pMJhKQ24tgvm27G\n3n+jfXlgcdRIf+MqE4HKb+A09VOG5QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJv8\n4yQD/0NoL0iHgKKyDwbXIf0V/AMCqnOf8UBpZKLkharxgK3LlIWkyEUyGpMLrZA7\nzsWaDz6M1VnODFdt7DJ+CHSAdPil8aOxsoHuiR4x8JvTp2yjvzWvG5Nq3jNVwQIB\n0JIuNAxgMVxE0KtBU5RFuMpTEFbFhIZJ15tnnwukWQRC52w/eHCm+a0X3RMJmGQuG/jf36x4zxk+wjV1YrfeM85LUvprftpOFxxrIiiQ\nPinmA7LWkIjt/y6mioI/Jic2DLxMfWyIiaHF0Jd+i4DW9CoX3bOAov1iVMK6X7mM\npej2YRs6z2VrvvwG0c9XsQyVgfJPB1zlwFo8sUlZn5+4DF6GhjgTUd0tvbAMXO/l\nXTkemkdWne+MBq0VjNSzPZbQuBFDShqeuDEDv/CbUqIIVFHJFSyescwZ4RQ3yuu3\n5AiPgKLJ3JNbM/V2MgONMfiDcODBgnp4DZLATZCxEyNHNtleYd/q3QmoX/4w/Lb3\nCC3v/1CwT6KNpc4TgQvPjQ==77MHdLf5amsdY5VGz642ZAbcZ86CkWOo5cGvxM9g4FX/wIdsWGF9ZlAWqIa9RmjP\nOZx56NYE+1CeTfaG4Th4n5JDccLdBLtLaxiL1tXyKGo9IjK4qlCjuv3M76uXjEms\nmo03VnchrXWvZXcF3DwDLroly6aP4ySQNWDc7iZpLqiKMsttT/ykFc9/c16tU6Ud\nlwhZEi0bUP9mF/6kpkTea2C7axu+Dp1qo4rJb4Kua0OWAiWfbm5hpWnEioKSZrM5\nZsAaG4FWslmlVfu9q7NMV9AlPbaGmJ8i+gWmDDyee6tLhFkUbZ3e23ij6t86vpV3\nXO4uDHcQsamsu0two32TJVUjRuAOBmR+CYCWvz1Lv/HOqJap+X+o8H5q4bdqdJ6K\nSpek786jrd/dSOOAKyL9G8ZC0P6Tu5Wb5j6GI6U2Z3a40CYnrgGUuahcXbxVX2Nw\n7VBpXRb4YwTnTxKoy+zRdD4Nkn4HD8w8rYuQ92yBF75pe9NPP2R7l10Km9dKZLKw\nxFaCc/zsBlv2OyQpxIXaIxuj3If73mcQhpcc5WReLJEmUpfMlcfK0pmHiIPs16k7\nvWPqo77fpRmcLbTQYVd6esryIorq5ohLgF+xG8Wy2T8T7zmzz7u0EjDcQOEJ4crO\njyYXUUAt5wSsrRKUT2nxQqyc1j/OTicr3jsy5VHTRsp9iIOXaq0ran02JVsWT+es\nYFX0eB/5wVq/H2HcGVTrmTieHdwgGEsRuF05jeBGVtZA6XiUNcx1V2s6QwXnNqXQ\nZMwgbuDIAzYmyBuzb06WoOuDq8vcKQu7jgJUeAcleLZmbPPQcdn8dqRAWEmQJnNY\nOL1uxK1i4lkfs9rAxXhpr2KD5/JUokFchCTBJcQNizR+kCcORAXHGoamr3tYC5Um\nzN3Qkqi0/GMXQtKW3vNZ0hMZ9DjgfCHwDz+aNMwaYeBA7FVXme1+W9P0eH7/IqEp\np7Kqy8ojHYv3KFOS3blQ4ppaGpCgxuE3P83nQv40Foccf3U8xLE4UXkGsBG5QXJ/\nK/29OswfjruOtlr4iZT8Jz4QGyEGHpyp0oI5IWQ8cNRZIFPnI1rEoXgelpkTUIwf\nBVnHvFAHyK/0AhdIR7TNXYS+BZcMehC0QisAHkfn4Bpi7UCRZXz4m3n4zrn5PNty\nco5PqnGcLIJMUTyVUpbvdE6o03oHlvJ8R6KWpEEhQ3XQm/RLZnHlWoyIOvA9zxN7\nA9pqD3Idav/B9rwIrxEtRWyj85Es7HMLHgV2Kkk28xRl19jAD5pXAJVj/EXKihAL\nTQxsvAPh+7gLTqDA6g9DxpO0wll9FgVjXTec4MtDlLlFbqYO2nkdO2b8hQbGRUkq\niXEU1O/hQcOSPSWDgpl0rK2STiXBUBywvo+SyLJeqeZJ7FYnLomgq2yQHI/c2jJ4\n8O7rh3Iqzl4adwR5Fcyz6wo93Ve970/mCYgkCSA9TO2Ti7cKbaAVafUbpimtebB+\ngDvHBEBDoXTk55e/0FGUOXb2WL454WruWm6fXDwvpixyHtLqdWmnB7URNn8xvcl2\n6xUmamujRvvmq0MHwWdo0+Dt92+IsF9GeRu6POzOsFFUMkb0zFu/MPnF9Gmv73/o\nMyOxwfURRxkR4mzqhsByVzv/X6VGS05DIgej4c8agkujedkEvLzHzbt+qoDFBWXB\nRtW+eNyoVhupIe2FaFdDNzsh3laPR3ANwa/k1Lwk5VDHaUK2dR3t0g7fLikn1Pe0\nsdkbkq0PWr0CMEwwpnI8+UM/KoPafXwt+MzHxLLCo6wK1AJ/qGafv3cEQgpv2HfO\nLM+egywpIJDJSnX3Y+C782hgzDT82Xkvujk7M3YPaHD9yvLTZ3TJI+JO1d0SBJnn\nnDUeOoLVFNlocZ5R1qy/qYdTBADwQ+0YosqPqUd60zsJ7CRFO7Tf+uFj9jWohkG7\ngagVaLlcRCEEHLGHnlCAKvaCJa7lxpJQV4E17f+Sl7H5y/FVfk2IiQDFH1t+kmlr\noNMP4LTlJ7iVzhy4TN1yuVZDjQbEe0jlgxrY8XVqxuaZ5l1WHlq7XDMgojt+tjE3\nvfoTItjLvig3LjyOTzj5TNiZZfxjF7Xhs6tGtm004FdoVxj65T5tZcOHQy+htgjS\nA9RtOR/Emz/vRzsZTKmfXrhUTpAVvVLIM2m0k3UwjEBt4PUJzRzZ+cGKBtxWeSZX\nOx4dvIT9eyaMdYs1WR2XDV9yH6MOkS3Adx2W2uMf4qRRTW6If5UkbsQxHvt8qiIn\nctU4Vl/Yze+qgqrTHETLNEEfElU6B0dS4fGRxBDfWmK5an3IjGuxTTCfSgOditA3\nmcr9U8Y9NHGAxqlGjh35sqjcppN7bgQyCso5eZZK8m+LYTP5b629Vel5kc6qj1pJ\nYiQmL5b9RXa9vOImzYzZtq6duHYgrGWRZ4FWXqb2F12BIXFvL/1ngA==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-WA7zugKd06RKNY16F' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-WA7zugKd06RKNY16F', '--output', '/tmp/tmp_6_g_1ed.xml', '/tmp/tmpp7tclcuo.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpp7tclcuo.xml" output= ____________________ TestServer1.test_encrypted_response_6 _____________________ self = def test_encrypted_response_6(self): _server = Server("idp_conf_verify_cert") cert_str_advice, cert_key_str_advice = generate_cert() cert_str_assertion, cert_key_str_assertion = generate_cert() > _resp = _server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str_advice, encrypt_cert_assertion=cert_str_assertion, ) tests/test_50_server.py:911: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:832: in create_authn_response args = self.gather_authn_response_args( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = sp_entity_id = 'urn:mace:example.com:saml:roland:sp', name_id_policy = None userid = None kwargs = {'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjUwWhcNMzUwNDIyMTM0MjUwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAsvi8maCVxyWmuTIIn6oBewkjld1a/Hsbex1G9NDfSGU/WJ1gcVzLTKXY\nGK+euhClf1PmAVcMak6Z1/7FwPThU7Boh4mkFpPqJ0p0UsdEzpXIxGKTtwT/H9XQ\nIITR+ZrFyj47LxhbXhhpL3sv9WtWFQsTQa0GC6ovwshoSaxwNHVZd0NqYuI9iARE\nTpLNtdhYhBrvt6rNjYtf7U2yARt83WC0LpT0iGcRJB9fme/7yHJellT1E/Oc7rGR\nUNrL8S2fJECvH0pQVbIYLHCh0cqzXZQgqx1WRzPIFWbqel4NY3rnjxJZ439t5p6m\nApMcLs90qzjTR7gzNY++JajhNxOq1QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAMlP\njLlo2f8248L0k3wAxP8+3Zlg4d0DmTGaR8G16FE+TfQtBTPVFj3o3kuBfEfoVaHv\ne6zIyzyDtph5MIDXacTJLRgxT2v4kOIWQI7xM2AcE5rdXirmOb8b+OwFH3k1rAqQ\n45XCs7JMKNESOWwV0YyRSiP4/9mL8/w6u5MtkL7S\n-----END CERTIFICATE-----\n', 'encrypt_cert_assertion': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjUwWhcNMzUwNDIyMTM0MjUwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA0pnlOvFy4mW1mabwToLiMBf0REEioLhsX6u8C2X2hyIAalY0SavcUzfO\nNjn8UqTkEABqzcvMSOMp8kR6nH6tMaEz0TW1ziod29MDKC+W5Pz5y3ID/lKsVzNf\nZPYqSNZlTVwkOcA3VMGYo4ibjyNJLkrW8QMCog8ut7cEN+D+5NppsrNtt21vyIeP\nEt/kgYk01X3FLOeAvFhP2s8HT0vJ3D6iZ5ejF67/BxCFgqWiF0X8ic4Giwokmaoz\nT6EYqryBzIvlNuU2iT8sAQZJBucIUGKq5R8FJx5Vy8B4DDvvHERYh31CoWkPsoQr\neERYWSxFfXwvuZAZTnvgD9dmasuomQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIUy\nyjWuyveI8veJykWRJcKND+xLJG5C2N+oaGrA6fjlVz6Q9QaYY1C+G+/0ovoiCBQd\nSbDN6E9Hg0bhxujg4fACmPMyEpMaq1+bHm8a/M5WYHd6SJV9O9ElGD/U+u6EeKz2\n+tcRFy6uncoRaDPsXKfgaMGCf7oHlnYnY+JpemoK\n-----END CERTIFICATE-----\n', ...} args = {'best_effort': False, 'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjUwWhcNMzUwNDIyMTM0MjUwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAsvi8maCVxyWmuTIIn6oBewkjld1a/Hsbex1G9NDfSGU/WJ1gcVzLTKXY\nGK+euhClf1PmAVcMak6Z1/7FwPThU7Boh4mkFpPqJ0p0UsdEzpXIxGKTtwT/H9XQ\nIITR+ZrFyj47LxhbXhhpL3sv9WtWFQsTQa0GC6ovwshoSaxwNHVZd0NqYuI9iARE\nTpLNtdhYhBrvt6rNjYtf7U2yARt83WC0LpT0iGcRJB9fme/7yHJellT1E/Oc7rGR\nUNrL8S2fJECvH0pQVbIYLHCh0cqzXZQgqx1WRzPIFWbqel4NY3rnjxJZ439t5p6m\nApMcLs90qzjTR7gzNY++JajhNxOq1QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAMlP\njLlo2f8248L0k3wAxP8+3Zlg4d0DmTGaR8G16FE+TfQtBTPVFj3o3kuBfEfoVaHv\ne6zIyzyDtph5MIDXacTJLRgxT2v4kOIWQI7xM2AcE5rdXirmOb8b+OwFH3k1rAqQ\n45XCs7JMKNESOWwV0YyRSiP4/9mL8/w6u5MtkL7S\n-----END CERTIFICATE-----\n', ...} param_defaults = {'best_effort': False, 'encrypt_assertion': False, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': None, ...} param = 'encrypt_cert_assertion', val_default = None val_kw = '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjUwWhcNMzUwNDIyMTM0MjUwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA0pnlOvFy4mW1mabwToLiMBf0REEioLhsX6u8C2X2hyIAalY0SavcUzfO\nNjn8UqTkEABqzcvMSOMp8kR6nH6tMaEz0TW1ziod29MDKC+W5Pz5y3ID/lKsVzNf\nZPYqSNZlTVwkOcA3VMGYo4ibjyNJLkrW8QMCog8ut7cEN+D+5NppsrNtt21vyIeP\nEt/kgYk01X3FLOeAvFhP2s8HT0vJ3D6iZ5ejF67/BxCFgqWiF0X8ic4Giwokmaoz\nT6EYqryBzIvlNuU2iT8sAQZJBucIUGKq5R8FJx5Vy8B4DDvvHERYh31CoWkPsoQr\neERYWSxFfXwvuZAZTnvgD9dmasuomQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIUy\nyjWuyveI8veJykWRJcKND+xLJG5C2N+oaGrA6fjlVz6Q9QaYY1C+G+/0ovoiCBQd\nSbDN6E9Hg0bhxujg4fACmPMyEpMaq1+bHm8a/M5WYHd6SJV9O9ElGD/U+u6EeKz2\n+tcRFy6uncoRaDPsXKfgaMGCf7oHlnYnY+JpemoK\n-----END CERTIFICATE-----\n' val_config = None, arg = 'encrypted_advice_attributes' def gather_authn_response_args(self, sp_entity_id, name_id_policy, userid, **kwargs): kwargs["policy"] = kwargs.get("release_policy") # collect args and return them args = {} # XXX will be passed to _authn_response param_defaults = { "policy": None, "best_effort": False, "sign_assertion": False, "sign_response": False, "encrypt_assertion": False, "encrypt_assertion_self_contained": True, "encrypted_advice_attributes": False, "encrypt_cert_advice": None, "encrypt_cert_assertion": None, # need to be named sign_alg and digest_alg } for param, val_default in param_defaults.items(): val_kw = kwargs.get(param) val_config = self.config.getattr(param, "idp") args[param] = val_kw if val_kw is not None else val_config if val_config is not None else val_default for arg, attr, eca, pefim in [ ("encrypted_advice_attributes", "verify_encrypt_cert_advice", "encrypt_cert_advice", kwargs["pefim"]), ("encrypt_assertion", "verify_encrypt_cert_assertion", "encrypt_cert_assertion", False), ]: if args[arg] or pefim: _enc_cert = self.config.getattr(attr, "idp") if _enc_cert is not None: if kwargs[eca] is None: raise CertificateError( "No SPCertEncType certificate for encryption " "contained in authentication " "request." ) if not _enc_cert(kwargs[eca]): > raise CertificateError("Invalid certificate for encryption!") E saml2.cert.CertificateError: Invalid certificate for encryption! ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:736: CertificateError _________________ TestServer1NonAsciiAva.test_signed_response __________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b5c19ff84212aae3099855eb413bd6688fef5d2e2a2044494b14abf3261c4580urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-r0LkdeiD3pje4WXEO' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp0dvjbvsl.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp0dvjbvsl.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_50_server.py:1517: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b5c19ff84212aae3099855eb413bd6688fef5d2e2a2044494b14abf3261c4580urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-r0LkdeiD3pje4WXEO' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-r0LkdeiD3pje4WXEO', '--output', '/tmp/tmp0qpg0cqi.xml', '/tmp/tmp0dvjbvsl.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp0dvjbvsl.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_1 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-T5sSMhPQA9cRTwfos' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpv301bc9g.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpv301bc9g.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_50_server.py:1540: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-T5sSMhPQA9cRTwfos' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-T5sSMhPQA9cRTwfos', '--output', '/tmp/tmp432bfjsa.xml', '/tmp/tmpv301bc9g.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpv301bc9g.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_2 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Rs7hPmfYd8sQk4t9s' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpkn0_2uxr.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkn0_2uxr.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_2(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, ) tests/test_50_server.py:1571: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Rs7hPmfYd8sQk4t9s' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-Rs7hPmfYd8sQk4t9s', '--output', '/tmp/tmplbr7vaz3.xml', '/tmp/tmpkn0_2uxr.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpkn0_2uxr.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_3 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-oIYSvBgoN8ZOg2FNb' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp66t3c6rk.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp66t3c6rk.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_3(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=True, ) tests/test_50_server.py:1595: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-oIYSvBgoN8ZOg2FNb' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-oIYSvBgoN8ZOg2FNb', '--output', '/tmp/tmptfjmgzno.xml', '/tmp/tmp66t3c6rk.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp66t3c6rk.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_1 ____________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjUxWhcNMzUwNDIyMTM0MjUxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAjOQSX17xiCzDl21Gt6lJPe9lq4RkRThGGn69NAC3oOS3/nw7k509iKIm\nobJoc1JCt3eHdP2v31AojR7mELlNWbmuGh1wd3qBZ7lTGXi4Lkfwi63QKOVUExBv\ncNPqC8h4xHttOURgy1p0nCeH0yB4OYPpM7l3BzsNmIyKwTN6yU+ppXexiwKMhSk4\ns/Ze9tOf24oIeHJgns3h/TOGN9o1JwY/Rgv48kNQ5v9m+Lx/V+UB7h54ao86cY8P\njLfL2RFfTS6ls4vWI/D9zXKEAxMk73fu9A4S7V3thA53hOQSE8aWhWHbzvJLzSBp\nI534viwaq17Ewz5rgmtWVbHhssmVDQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAKXF\njEhr7LBgTDmUxjwpNQSYa/uw7/7T0JvRw3jk4TJ2ed9OuqvtHJqS/QzzORzeqK7s\n80yjqMW+7/ujvdC3Y+CKSC17ULJyaDzBTUrWsbYo+/HU8gIk3hCyq/Nc6eW58rhu\nlgx5NQmb2aTOBP/p1UARiX4UDO8MFwdVwNiggb8dio5J1rvVyeOsrJWr/J1DZYBBC7d5VNTVlzMdO5dL57BPUfAgVpLOmE3CzoohRxLz\nFCQJ0yXNf+g5aH094jdwQV4kDmyjAaKqWdCnlsWiEmKvbrLGYEMn2zBz8T20vwes\nyfB2gYHaBdXmRXEjWKhUQstKA51+JRkzJfmY3xmgIwVpAPy/ZAItzuoo/DHJMljx\n5iy23X4lRZ91R+p95RqdzoUuCrZoynjTxN0rb7H0U+XMlQdI6nFOvRVs9EBa6OPv\nwGQGLowo65UP8YaTeN0ckKxSWNvxxufhl8c9W8/pCrFVm29HWXH/2pVP3v+2fC9E\nC9gjpkOEOErYEX2s/vmgEQ==nRsxh+N7KW5G+n9r7FshpTxrCmPrc8sgoJEMP31vCu8VXmdvw/+/pB5rvA40Tol+\n66zLIPJ1FzBh4J9pZomUQEqnMsbsEmBA2/njCqbjWPmNgfA0HiPOu/RZj9j/I67m\nxw5A+FFMvtc1j4u86Ih6u75DrYKDUF7R39ZZW4QSjsBVoD9FX7nQMvgnD14dEaJX\nkbVNxp6i2YHleVzvkWCBjQuv8g+QZ4me0iiZEJxdd9zycLOomYelfbkycrRVw6D9\nYaHpL7fcCpmle6G2wDORNytdvHnooH8mL3esYmHzERh2F62KFftjJFEWJk5AHL5v\n1Rt9YxQyywUoEPB3GeEiJOGTAiWtt++2cTVRXOrL4ljGu+LeKy5X4gcJAD53V1Om\ngea12FSpjLRqLVy9bZpEoqmxGiQ7nm7lU7W+1vgKe+coFpwDKl3hH2Q/fsyCDLsD\nma0DbaKvVaCtb+3jbdRZ4SuvM5gxY20QMYEaw55kKTF1gSGNfx7b8cUx62zwwoyK\nezJ0xy+wk7rH8Htv4VHi0ZPaJMWkzJAT+0VZOq/MvpXGT9gHVtJ9QxYZLL3/43X7\nG9YyyuCEsjKI9dRlKC8Q0HNaPjT3zmgO29OjKDUxCH+4D80EZ0DDJeEZVorOMPYI\nsgJ7oq+ENssJV2yKyegUy02xGcqA2jC21t2dyIEHr8aYJ5yKbcH0PwmLQRHEbMgn\nzpybM7K46d/KfXQQ1geBQiX95tqOT5wNTdFgkg77bAeNZR7B84ohvfpFBhiY5YzP\n6ujEHDKGmZ8pflT4qwKTrLemMHV6SMMoUeafYxg/4B0raQ0TnU3mV5sOeikXjtJW\nKQXZQy4h2ba2teNMM4pLWR7MzqCzG2kEX/F9k4ewJ6XnfS4iGsb7JKbwYwW4LaRT\n+QTk7jBue6c2pI6HV0fiEBl3s+BuUENBMKBFT1LuiQv553kqJvt+JGTnE6RJlm5W\nR9EC2ZjyRK4ErcAEeSt8Sungd2uIMSNo84IDMTr63QpB4L5/IcOpq01JSP97Qe3G\nsyqGPHiIztHy5OBRbYXWLSO88WDPEFMRyoJEKbsERpQv38010REWW90HDUJ1BWEZ\nWnq0y2ulkPTKHFh0eWGRskaRUTO7HgOf4SQEsAf8IZvpiuoeN96PM7raV9evluai\nz+h9i/NW2KBekL0t8dKwkOQ1s8K3tOUfLtW0Sl6PGUea8JiAv9bFenxdgvUmfKiC\nrC8X0dO7wZbN/pEaPLzwHfGejWLYNdK4wpXgTTehWDUI9wDXHLswdU/5npJia4gN\nNCaW5XSOvVJ21flY1P+DS5g4ogVyG6j5DC6+yEIrJcZxhG6WGNtIJa0uf0C+Gbny\nJjDqHov9yxg3RkSYYwSRaKr0rRedXdlYpTCRb4vP01qtZSyDjxcmuAk9kowmbjnL\niQCm1OD0WmiIktwa1VCANCC2ggENeDOxySkVkfkG0+TiTu5cBHqqeM8PChzwkJBv\nOj685t+RG4Bnfa4rexzBLZQGp7YqZJe2kBQyc5tusikXsVh2yoci8GhTJNbaSF/b\n3Oy70SzkenGMTZ4srP+NgekOgsnmZ8vuONwZ1Kp8HeFr4EVqTUk81YedGF7jYuaR\n5oZhsc91GdwxXNElqP+vA22/MCjtqPxwHmrMFhbU2NtVs54lRE/MjcGNQWJNk0d5\njEzyaDl84ixsyN+h0v+ySqvApXFVQcFkok1+AcDWiig0L+mLqiLhcVWIlwPqF6N9\nT9EBkrpt2NPvK46x3V98k+CTbJtPg6IbjevVMNn+8AZh/pLt/y64nqUBIKV61S57\nPpYEP6CiFVfWrlhOcr42C8wp851XaOKhtW0UGiJ9Q63LFUmuJTKUAKJzOfTn7o33\nPAgrLQSYRNIJe6An3Vc0pF9xjFh6/8qCdD+6816QMCsrzeQIJO8KCizioQsPaC23\ni6L6F2vZTaS25pX5VGOL6oc5pKNiha64c5WNuJFEuZ3BMw6hHMylPPq6aCFbAwL4\nC7EvoNRJ3h/L5S9U3SgAuXBTND5vMEPEbPlGYc+hS9D/MG+ZSZJJH1noa34ef7bz\nNY4r77fKZYzlPY7Yky70ABKPFG50pno9RtRv+HVlYR8WWra7s4JwWzLoLAQm/OBz\ngoZf7ZtmKFweWyL7+VPVqQfBXdZLbBERBFuSG61ORwTqTDKm7j4r43vUbg74ksW1\ngQ7mGbOvGYqaYCzdCvKYvYZd48h6Q3Nf6jVxGpAWIiMBst+/QtqiQeXNh9B5ztDV\nKrzl277Af0PrMMC00D3PK9vaU91Y6auBmZD811VibqyIaLzkHu+3jTLbFVBIeYHQ\nbXBi8pOAYyiHgWEhiAsbKC/Gz+4sknqxMtB0RFY5eWcT7uA9h9nIdwT5hoEaOJIT\nlHTx5CreREQRbd3cQAAaYs3hsepZ5Elc68YT5LevsjV7egswRV5AwA==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yaFuhLTc3jcvsMO7e' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp9r5hhsgq.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp9r5hhsgq.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_1(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:1623: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjUxWhcNMzUwNDIyMTM0MjUxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAjOQSX17xiCzDl21Gt6lJPe9lq4RkRThGGn69NAC3oOS3/nw7k509iKIm\nobJoc1JCt3eHdP2v31AojR7mELlNWbmuGh1wd3qBZ7lTGXi4Lkfwi63QKOVUExBv\ncNPqC8h4xHttOURgy1p0nCeH0yB4OYPpM7l3BzsNmIyKwTN6yU+ppXexiwKMhSk4\ns/Ze9tOf24oIeHJgns3h/TOGN9o1JwY/Rgv48kNQ5v9m+Lx/V+UB7h54ao86cY8P\njLfL2RFfTS6ls4vWI/D9zXKEAxMk73fu9A4S7V3thA53hOQSE8aWhWHbzvJLzSBp\nI534viwaq17Ewz5rgmtWVbHhssmVDQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAKXF\njEhr7LBgTDmUxjwpNQSYa/uw7/7T0JvRw3jk4TJ2ed9OuqvtHJqS/QzzORzeqK7s\n80yjqMW+7/ujvdC3Y+CKSC17ULJyaDzBTUrWsbYo+/HU8gIk3hCyq/Nc6eW58rhu\nlgx5NQmb2aTOBP/p1UARiX4UDO8MFwdVwNiggb8dio5J1rvVyeOsrJWr/J1DZYBBC7d5VNTVlzMdO5dL57BPUfAgVpLOmE3CzoohRxLz\nFCQJ0yXNf+g5aH094jdwQV4kDmyjAaKqWdCnlsWiEmKvbrLGYEMn2zBz8T20vwes\nyfB2gYHaBdXmRXEjWKhUQstKA51+JRkzJfmY3xmgIwVpAPy/ZAItzuoo/DHJMljx\n5iy23X4lRZ91R+p95RqdzoUuCrZoynjTxN0rb7H0U+XMlQdI6nFOvRVs9EBa6OPv\nwGQGLowo65UP8YaTeN0ckKxSWNvxxufhl8c9W8/pCrFVm29HWXH/2pVP3v+2fC9E\nC9gjpkOEOErYEX2s/vmgEQ==nRsxh+N7KW5G+n9r7FshpTxrCmPrc8sgoJEMP31vCu8VXmdvw/+/pB5rvA40Tol+\n66zLIPJ1FzBh4J9pZomUQEqnMsbsEmBA2/njCqbjWPmNgfA0HiPOu/RZj9j/I67m\nxw5A+FFMvtc1j4u86Ih6u75DrYKDUF7R39ZZW4QSjsBVoD9FX7nQMvgnD14dEaJX\nkbVNxp6i2YHleVzvkWCBjQuv8g+QZ4me0iiZEJxdd9zycLOomYelfbkycrRVw6D9\nYaHpL7fcCpmle6G2wDORNytdvHnooH8mL3esYmHzERh2F62KFftjJFEWJk5AHL5v\n1Rt9YxQyywUoEPB3GeEiJOGTAiWtt++2cTVRXOrL4ljGu+LeKy5X4gcJAD53V1Om\ngea12FSpjLRqLVy9bZpEoqmxGiQ7nm7lU7W+1vgKe+coFpwDKl3hH2Q/fsyCDLsD\nma0DbaKvVaCtb+3jbdRZ4SuvM5gxY20QMYEaw55kKTF1gSGNfx7b8cUx62zwwoyK\nezJ0xy+wk7rH8Htv4VHi0ZPaJMWkzJAT+0VZOq/MvpXGT9gHVtJ9QxYZLL3/43X7\nG9YyyuCEsjKI9dRlKC8Q0HNaPjT3zmgO29OjKDUxCH+4D80EZ0DDJeEZVorOMPYI\nsgJ7oq+ENssJV2yKyegUy02xGcqA2jC21t2dyIEHr8aYJ5yKbcH0PwmLQRHEbMgn\nzpybM7K46d/KfXQQ1geBQiX95tqOT5wNTdFgkg77bAeNZR7B84ohvfpFBhiY5YzP\n6ujEHDKGmZ8pflT4qwKTrLemMHV6SMMoUeafYxg/4B0raQ0TnU3mV5sOeikXjtJW\nKQXZQy4h2ba2teNMM4pLWR7MzqCzG2kEX/F9k4ewJ6XnfS4iGsb7JKbwYwW4LaRT\n+QTk7jBue6c2pI6HV0fiEBl3s+BuUENBMKBFT1LuiQv553kqJvt+JGTnE6RJlm5W\nR9EC2ZjyRK4ErcAEeSt8Sungd2uIMSNo84IDMTr63QpB4L5/IcOpq01JSP97Qe3G\nsyqGPHiIztHy5OBRbYXWLSO88WDPEFMRyoJEKbsERpQv38010REWW90HDUJ1BWEZ\nWnq0y2ulkPTKHFh0eWGRskaRUTO7HgOf4SQEsAf8IZvpiuoeN96PM7raV9evluai\nz+h9i/NW2KBekL0t8dKwkOQ1s8K3tOUfLtW0Sl6PGUea8JiAv9bFenxdgvUmfKiC\nrC8X0dO7wZbN/pEaPLzwHfGejWLYNdK4wpXgTTehWDUI9wDXHLswdU/5npJia4gN\nNCaW5XSOvVJ21flY1P+DS5g4ogVyG6j5DC6+yEIrJcZxhG6WGNtIJa0uf0C+Gbny\nJjDqHov9yxg3RkSYYwSRaKr0rRedXdlYpTCRb4vP01qtZSyDjxcmuAk9kowmbjnL\niQCm1OD0WmiIktwa1VCANCC2ggENeDOxySkVkfkG0+TiTu5cBHqqeM8PChzwkJBv\nOj685t+RG4Bnfa4rexzBLZQGp7YqZJe2kBQyc5tusikXsVh2yoci8GhTJNbaSF/b\n3Oy70SzkenGMTZ4srP+NgekOgsnmZ8vuONwZ1Kp8HeFr4EVqTUk81YedGF7jYuaR\n5oZhsc91GdwxXNElqP+vA22/MCjtqPxwHmrMFhbU2NtVs54lRE/MjcGNQWJNk0d5\njEzyaDl84ixsyN+h0v+ySqvApXFVQcFkok1+AcDWiig0L+mLqiLhcVWIlwPqF6N9\nT9EBkrpt2NPvK46x3V98k+CTbJtPg6IbjevVMNn+8AZh/pLt/y64nqUBIKV61S57\nPpYEP6CiFVfWrlhOcr42C8wp851XaOKhtW0UGiJ9Q63LFUmuJTKUAKJzOfTn7o33\nPAgrLQSYRNIJe6An3Vc0pF9xjFh6/8qCdD+6816QMCsrzeQIJO8KCizioQsPaC23\ni6L6F2vZTaS25pX5VGOL6oc5pKNiha64c5WNuJFEuZ3BMw6hHMylPPq6aCFbAwL4\nC7EvoNRJ3h/L5S9U3SgAuXBTND5vMEPEbPlGYc+hS9D/MG+ZSZJJH1noa34ef7bz\nNY4r77fKZYzlPY7Yky70ABKPFG50pno9RtRv+HVlYR8WWra7s4JwWzLoLAQm/OBz\ngoZf7ZtmKFweWyL7+VPVqQfBXdZLbBERBFuSG61ORwTqTDKm7j4r43vUbg74ksW1\ngQ7mGbOvGYqaYCzdCvKYvYZd48h6Q3Nf6jVxGpAWIiMBst+/QtqiQeXNh9B5ztDV\nKrzl277Af0PrMMC00D3PK9vaU91Y6auBmZD811VibqyIaLzkHu+3jTLbFVBIeYHQ\nbXBi8pOAYyiHgWEhiAsbKC/Gz+4sknqxMtB0RFY5eWcT7uA9h9nIdwT5hoEaOJIT\nlHTx5CreREQRbd3cQAAaYs3hsepZ5Elc68YT5LevsjV7egswRV5AwA==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yaFuhLTc3jcvsMO7e' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yaFuhLTc3jcvsMO7e', '--output', '/tmp/tmphdacifju.xml', '/tmp/tmp9r5hhsgq.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp9r5hhsgq.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_2 ____________ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==jVsYSY6BehW7D9rIWDW+90YswXgafWHgr9yYZ0p+s0FljlugQ7IO1i0LgjbPQE1N\nbKrp0rgmSoAde0HS9L9F2DRshmSGIP7vrcKQxAtGwFyr9B6WKVKGKV3mzksPB65A\n+u7DFh5NBpmB3KM3rz1jNQmyqGGPfAyQhsXvqc/61zg=uCMosysNZs4r4+PFVO2sXXE1EYLZ4eUBN9kOddr3Fi7uQQcYpwelOuOy0GY9mohY\nRFGUufv9UCDGdSmMDPUaMEXuQOw+BV3ZfJe2BKekz+OWollTM1xizgbkGM39mgDD\nB8aFA2arQH/mCOrWUFDCs//Gl2IcvRcP2kGzSFmtsHXr+O8W+mOOMVNwD4CFW3LE\nZzDWRksqhcmyBhtqObIaOUqX2jUGP0uCKwI4J7OY8JFep90EAswPuz6Pdru8bqMd\nvHEFuJRT0Tb5EOK0dte2YbemVfLzCGh4wehrUQgpfXokouZq4vqXCSt0JbUUjFnc\ny7k73hVJBmYQgBK+Jg8oIxRTZKmvYuPApFObTuhghVuupOpysM7Q2BUgMgtrEHvT\nf+DRs0OuuhkC4MABXwoiPiRUgjOKmvhMhgG5os/nVwoo9MnzNwdFk6alV6C/r+lH\nIltXrAN7ekLT8anMgVQYizgCo51S+wq3PjoU3UJzny1UiJ/67E4wvEDpdWgHGNOV\nvT8pK1fwDINyqXTpdMGwyqJ6/hZCTqxVN5MihCC3unCQrvHsFXsdWPrJO7E4/s8S\nJvBvcvcviigxcDdmFt9e2dOYFWDGlaEPn3/8oAEKxQwb3G04kse5WKqWUm4Kydvp\niFSWFqYZgi5j17mJIdkBT8GWlDgE4+2zCMzYJgIstVuIcyDXNjJXx38L3/fNvZ7F\nX/Ac2B76iNQmuGjflXE8KkZ77XP5Nh3ENmntxGC+/5WjDsmmt193oVf9FGy+TI49\nrtdAo5/Nd/RkBF+etbb5lN39CUkhcT2LE+1gHhE8MxH2nGdADVOifQc43oVgeYND\nasAj5zHJWJt10reLexgKYSRuReQYpVpmiEnacgpRm1Xb03B9WNCFZXxwTqh2cli+\nvpiy8Mex8Aj9tvVJhjNpWpYt1u1rPyUNe2cz4PHZh9k7222T75r4AOZS9i6a9Enn\nF2hj4si9TLnC1F6ZcO9SeQtw5xxiCwlVftXS9uoUIdizGAyzwQR3mu2Y/Y0RY9O1\nXdIe4o5cBOtYHnqB230c5/rzOOcQx/Fr92f7mGR7tCx05b3soOAM5HwrvrahrVU9\n0C2y6KTIP9nunQszVeKPJmiWcQRKIxQlWDsLMnZsAvBwDrP0/AfCTOiLi2hCGR2G\nPTwsQFUFPrdN3BU3gkzYawdDob7+syaxqnVvCVajnVinTR9u6xIWnOfdhmWNBnSn\nW7aUuWESKcuAFVHEKJEMlmHGRYjolx3Ll6IZYazwqKDXaSqW6IFHxcyiGV4t8Ldu\n7ifdcs73yf4Z1Z0oebwn+VvXvSKEsCNRZwUuQIRHg7VPzHcH72Z9H9YqUBuawxZ6\n3hItO3rVXela/guLdiz7DB+EX/lNzEusFu4B9cD9epJ3jeoZoR7Gn5SQ2L5jvZ4e\nP80ryeT/Bx6LiYWBXtGMcR81OpHbyA0DgleJBsGdGnpr//c2T3IBAGuHI5nTwgRO\nXdoWDKhLZR+LnQJzwd3cHPQariSMK82kly6LLZ+M9dXACnqoQC8IpNkNe+dv1Afk\nSrJhAHFEUsVSnhcarmzItqPmc1Y7chMkC91MwOEmviMIw/P2r0yGH2b4MujkIWQ3\nmS3K6m0HdZkVr283FOpYxyS4mVHVqqfRtAjDpfvqTveWtWEpiaYoBusgRo+k0kh7\nhucxPkEmbLCyKooD9pmBaeaanhy7prClhb1OpWjQoY9XaGiCfvt4f60eZySLDpox\n4AZ1VFTI8wU8ADNeDI1Fuo5qPxEEvpPi41NGHOaETl5Q0ilMWvECUy714VOcSnrg\nfT0yd5gXcyBuVNZwNbkf4ODhO6PrQGpd6yeUlkqQvPz9aRfjRlKuHtDt1lrx5B4r\nGaXlLC/xIsRX8fEVsqxt2qhky9Zcl1zQ7w/W9QMP9txxGQnv/YvXMmpycgto5yqj\ne2T57rnEQkwMJ2kC1wnYm3ln5afvxhl5HgfKb1q/Eyz2tiBkMjAsUPqbwpgIUg06\nzGhmRpLnC/+JVcJZ9dWIXwxGwudU+JQMs0oI2QaVDbswO8TFFP7bzZO8vw+Mc8VH\neJiA43vG/iJnQ9ltjZgmAV3e9rnewMuYY+u8sRwFuLABJRVER8bJ5xla9OrtCyga\nf97imQBgBpz9dewsHMcO01oDnHBUPUBoZZvp2A+mpH5Q/BYLQwKzuhI3HM1Z+kfA\nJV+myxllg37wpDnSHklZy5bc7l68HiowYy9zSj0UpfvrUufuzSHW9a7sUWZTF9GL\npZytHIYoScxyuX34F1BsQlnBoti465L73kyjpibW9zXV8vRK8tZiH6p5qzAjIiD1\nfEJ0QIJ2DB/GSOV5HSClbr6KxV8/H1uzaLk9xMxt8VO2bT5TtKa+a5GNhIoP1Gqk\naYJSwVKcZPJbQnOo1FW2AZP/4JQxbUELy501+5RBB9z9qtN4IUBQvYvN/qi9IW97\nuwzMlDlD0/iiOmYCyW/b7WIU+t8NsTEPKKBMGZMFY5+fkzMiL0yE7iPevkU/Ru6s\nDQvN2fhtOqsKdBFpDXZJYOAaWtuPRdHzTbvU4hR/YAR52XUNObMBabo3oN0ryH8X\nRnFBK1CVKVHreAxIABN4D3/jakauuBsYnvCuqidAugHkfl48PN8KBPC54WWnAqEY\n198OKpvR38JeCFQ/tQVp5cg0V/PHeCNEGzEiutJ0v8VYy8ZR1FofsXIJxc7hq42J\nxticgjT8NePsXAf8uGkp6N+U7PHsjFiJSD912q19VUQiPSLzxe1nw5LKdnE/W9Kz\nCm5ETjvqeyp85wcOp6DjnuvdG+7nmCYmlHALDaz93nKguSg9UumdD8JBVo0rbozB\nTpGSVNya2HydJotbgZ2Paf2DqdID8ZoeFIGL+esB2SI/DAd69gBxJHpzhBt2ytBP\nJgp+UD0aUP3jjHHNrLbkvMPE1J2TD6m1n/TPAmQmN5M8fObM0ob0ZA==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Dit4m3VsKqStL4QTH' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpvb3q3w2w.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpvb3q3w2w.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_2(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, ) tests/test_50_server.py:1681: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:912: in _response return signed_instance_factory(response, self.sec, sign_class) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==jVsYSY6BehW7D9rIWDW+90YswXgafWHgr9yYZ0p+s0FljlugQ7IO1i0LgjbPQE1N\nbKrp0rgmSoAde0HS9L9F2DRshmSGIP7vrcKQxAtGwFyr9B6WKVKGKV3mzksPB65A\n+u7DFh5NBpmB3KM3rz1jNQmyqGGPfAyQhsXvqc/61zg=uCMosysNZs4r4+PFVO2sXXE1EYLZ4eUBN9kOddr3Fi7uQQcYpwelOuOy0GY9mohY\nRFGUufv9UCDGdSmMDPUaMEXuQOw+BV3ZfJe2BKekz+OWollTM1xizgbkGM39mgDD\nB8aFA2arQH/mCOrWUFDCs//Gl2IcvRcP2kGzSFmtsHXr+O8W+mOOMVNwD4CFW3LE\nZzDWRksqhcmyBhtqObIaOUqX2jUGP0uCKwI4J7OY8JFep90EAswPuz6Pdru8bqMd\nvHEFuJRT0Tb5EOK0dte2YbemVfLzCGh4wehrUQgpfXokouZq4vqXCSt0JbUUjFnc\ny7k73hVJBmYQgBK+Jg8oIxRTZKmvYuPApFObTuhghVuupOpysM7Q2BUgMgtrEHvT\nf+DRs0OuuhkC4MABXwoiPiRUgjOKmvhMhgG5os/nVwoo9MnzNwdFk6alV6C/r+lH\nIltXrAN7ekLT8anMgVQYizgCo51S+wq3PjoU3UJzny1UiJ/67E4wvEDpdWgHGNOV\nvT8pK1fwDINyqXTpdMGwyqJ6/hZCTqxVN5MihCC3unCQrvHsFXsdWPrJO7E4/s8S\nJvBvcvcviigxcDdmFt9e2dOYFWDGlaEPn3/8oAEKxQwb3G04kse5WKqWUm4Kydvp\niFSWFqYZgi5j17mJIdkBT8GWlDgE4+2zCMzYJgIstVuIcyDXNjJXx38L3/fNvZ7F\nX/Ac2B76iNQmuGjflXE8KkZ77XP5Nh3ENmntxGC+/5WjDsmmt193oVf9FGy+TI49\nrtdAo5/Nd/RkBF+etbb5lN39CUkhcT2LE+1gHhE8MxH2nGdADVOifQc43oVgeYND\nasAj5zHJWJt10reLexgKYSRuReQYpVpmiEnacgpRm1Xb03B9WNCFZXxwTqh2cli+\nvpiy8Mex8Aj9tvVJhjNpWpYt1u1rPyUNe2cz4PHZh9k7222T75r4AOZS9i6a9Enn\nF2hj4si9TLnC1F6ZcO9SeQtw5xxiCwlVftXS9uoUIdizGAyzwQR3mu2Y/Y0RY9O1\nXdIe4o5cBOtYHnqB230c5/rzOOcQx/Fr92f7mGR7tCx05b3soOAM5HwrvrahrVU9\n0C2y6KTIP9nunQszVeKPJmiWcQRKIxQlWDsLMnZsAvBwDrP0/AfCTOiLi2hCGR2G\nPTwsQFUFPrdN3BU3gkzYawdDob7+syaxqnVvCVajnVinTR9u6xIWnOfdhmWNBnSn\nW7aUuWESKcuAFVHEKJEMlmHGRYjolx3Ll6IZYazwqKDXaSqW6IFHxcyiGV4t8Ldu\n7ifdcs73yf4Z1Z0oebwn+VvXvSKEsCNRZwUuQIRHg7VPzHcH72Z9H9YqUBuawxZ6\n3hItO3rVXela/guLdiz7DB+EX/lNzEusFu4B9cD9epJ3jeoZoR7Gn5SQ2L5jvZ4e\nP80ryeT/Bx6LiYWBXtGMcR81OpHbyA0DgleJBsGdGnpr//c2T3IBAGuHI5nTwgRO\nXdoWDKhLZR+LnQJzwd3cHPQariSMK82kly6LLZ+M9dXACnqoQC8IpNkNe+dv1Afk\nSrJhAHFEUsVSnhcarmzItqPmc1Y7chMkC91MwOEmviMIw/P2r0yGH2b4MujkIWQ3\nmS3K6m0HdZkVr283FOpYxyS4mVHVqqfRtAjDpfvqTveWtWEpiaYoBusgRo+k0kh7\nhucxPkEmbLCyKooD9pmBaeaanhy7prClhb1OpWjQoY9XaGiCfvt4f60eZySLDpox\n4AZ1VFTI8wU8ADNeDI1Fuo5qPxEEvpPi41NGHOaETl5Q0ilMWvECUy714VOcSnrg\nfT0yd5gXcyBuVNZwNbkf4ODhO6PrQGpd6yeUlkqQvPz9aRfjRlKuHtDt1lrx5B4r\nGaXlLC/xIsRX8fEVsqxt2qhky9Zcl1zQ7w/W9QMP9txxGQnv/YvXMmpycgto5yqj\ne2T57rnEQkwMJ2kC1wnYm3ln5afvxhl5HgfKb1q/Eyz2tiBkMjAsUPqbwpgIUg06\nzGhmRpLnC/+JVcJZ9dWIXwxGwudU+JQMs0oI2QaVDbswO8TFFP7bzZO8vw+Mc8VH\neJiA43vG/iJnQ9ltjZgmAV3e9rnewMuYY+u8sRwFuLABJRVER8bJ5xla9OrtCyga\nf97imQBgBpz9dewsHMcO01oDnHBUPUBoZZvp2A+mpH5Q/BYLQwKzuhI3HM1Z+kfA\nJV+myxllg37wpDnSHklZy5bc7l68HiowYy9zSj0UpfvrUufuzSHW9a7sUWZTF9GL\npZytHIYoScxyuX34F1BsQlnBoti465L73kyjpibW9zXV8vRK8tZiH6p5qzAjIiD1\nfEJ0QIJ2DB/GSOV5HSClbr6KxV8/H1uzaLk9xMxt8VO2bT5TtKa+a5GNhIoP1Gqk\naYJSwVKcZPJbQnOo1FW2AZP/4JQxbUELy501+5RBB9z9qtN4IUBQvYvN/qi9IW97\nuwzMlDlD0/iiOmYCyW/b7WIU+t8NsTEPKKBMGZMFY5+fkzMiL0yE7iPevkU/Ru6s\nDQvN2fhtOqsKdBFpDXZJYOAaWtuPRdHzTbvU4hR/YAR52XUNObMBabo3oN0ryH8X\nRnFBK1CVKVHreAxIABN4D3/jakauuBsYnvCuqidAugHkfl48PN8KBPC54WWnAqEY\n198OKpvR38JeCFQ/tQVp5cg0V/PHeCNEGzEiutJ0v8VYy8ZR1FofsXIJxc7hq42J\nxticgjT8NePsXAf8uGkp6N+U7PHsjFiJSD912q19VUQiPSLzxe1nw5LKdnE/W9Kz\nCm5ETjvqeyp85wcOp6DjnuvdG+7nmCYmlHALDaz93nKguSg9UumdD8JBVo0rbozB\nTpGSVNya2HydJotbgZ2Paf2DqdID8ZoeFIGL+esB2SI/DAd69gBxJHpzhBt2ytBP\nJgp+UD0aUP3jjHHNrLbkvMPE1J2TD6m1n/TPAmQmN5M8fObM0ob0ZA==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Dit4m3VsKqStL4QTH' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-Dit4m3VsKqStL4QTH', '--output', '/tmp/tmpcgdhw2ky.xml', '/tmp/tmpvb3q3w2w.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpvb3q3w2w.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_3 ____________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-YkrRsq58r13ODawcY' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp5ewrywdr.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp5ewrywdr.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_3(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=False, encrypt_cert_assertion=cert_str, ) tests/test_50_server.py:1726: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-YkrRsq58r13ODawcY' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-YkrRsq58r13ODawcY', '--output', '/tmp/tmpv87vi_h8.xml', '/tmp/tmp5ewrywdr.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp5ewrywdr.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_4 ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjUyWhcNMzUwNDIyMTM0MjUyWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA7t1j7u/LdSqla4W9N4wFTJXWckEYbKHbomdCNP0qcOqq2buwOUIfCeBr\ntBrHverDOE7z1ZBZc8+ClgoxqulIk3A1b1HRnBI6FqVEwOhlaqV0gNvnFOua7pd4\n/Ka5AyuhBPJCc/K7+cUs1eSojnmG6qGWFZFjJn8SiMHf/lXk0x72CdIDdrsnED2z\nwtOCcgWpHOyGRV5TRcfVn2AcoOfykY3f2lOw/4oopSqH1dPuL3I90IY65Ng4pZlm\n2WQqlTYvaq/1KFVcuehGPRuKN/ZpxfwA4JtOQ+4fEe1DLcg3ptrTSu+451CVAN8x\nVo2OhN+QbGHqeHLlM2nPJ3oMQL0ROwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBALSF\n4HBZTCGia7HE0w5Ot5H+KWE/OWvTNimTiyiAzi25+3TuKK/gsQZxSOUAHjvTAUBt\nCLokhSMsaSPKd+2lI2ipk92nnLQ6KsZfoo0wzlv11dg9itpDuTjT23i2/lZip1Iz\nytngOR7Aov8FhqdLQk680sEdk9+gJJ+mzivZuigfvtlKP4LiwaWNhyufY8SrSep4nPGI0XD95VbZExmdUsKdBuNQQuEwv9LUe9NNiRTD\n8mY2ROCyKoZSSHHMqsHFkvJOwknz9DluUs752Vj9yiY7XLuOd96YMh7AHSM3Ncyt\nr7ITC5wZANf4oe/xRX7n3Zo1OPvQ0XvhUbO+uKmQse9LYxCiFSk94TQHKdJn7ICN\nG/pgBEzfNzRFXUQmXtdRB0lCZTdpbTOpBPO3WaGJN9rP04y0g2Kc15RiHj1OF3yt\nNRMcBa9vvN7A0eNdtmlqjcCKNosQ6TTiicdjPqcCjqWqdwtaexxRvuoKty+KkH7F\n2op5UlDVajYeqvs9UWL32Q==kYTdXVZNEmiHBa4lEoi+is+kyUayVy0/164zuNKESzOyhhLX46mc8oQenIXMQxRX\nK6jMQgZSkzZ+8HRuHsvSEzH2S4TinM7rwTLSx41lusR815iHPw6b6m9cqIhj6idD\nWw4fZCWsSef82CHhIt2kK6vvodVM21A1ADrCpxbKgMKZj9U7NJYqSG/CjLi7rozg\nD/OhXmN55484b1j3c7SAUKmmQxJI9zefv1F1C2kMF9V7cF7w9h6Pkb4ewSqSHbVF\nN0UPmnTYBE34oYVmD43ixKx1nZ+iaaHgswtWzimJHxVP6SIXh9JNH4Key3lfdx+x\n2kqzj9X7ZcHcbpTu1dcHUUoxxBVXIyHf9XPgWsw9zr3okuEuv5gQAIrdK0Fcu24s\nA6CHwMpB1FObVtrGqXgfpkhsoR13Jr9qZj0FP6QSg09gxrB3w+mK1hHivHIpWJ9D\nRybJVs7Ic+34jju8y/V4yfidpHCMLfYVpCWlFQgFJXvPwpoudpfufnZ7L39/PZhf\nFgwn+FA7FeWusKS+SD/rhHoJfxXGJ5Cb9ONYKU24Hng5aTPSHbmgSHrc42dAiaUo\nVd7PttfqdFtJjKSvXNGY6fpSZRrCcQ2sR6CdhndIPfkAad5NhU7Jce82MBe+HWL7\nchHSLRbKucPkKJLUkL1Bi8VJCBalr7zgmVETULO6d+fnGacQjeLnIpbxMxoRinkj\nCgy3wxEX6AB2KaDiELGhed4slVOLmTBSZZgssVYXyr/0MftZfyTrloZSD8KOJP8V\nWUgkfhfcSfm8c+tRVqCsVikg8LI3SKDpx1MyuLG2T5j4HW9JddYaMCXoRTtw6r0C\nLiB9F6aedI2jxVL4/p1SEuSBFvHWOfpgzQZ/FFch3GOSyvECca97RlAMbpvfkJ3u\nZKN9CIgGZIoUw2ZOwwclhyDwwBgX7xhABDeDP1anVDOev1Ks6FWoVIsuMCgK5lDC\n41c3YuoHD/jigEpsOrKzNRXpOaqiT8ZbP8H2h4dIU+Q9YydYyzuE4FIfh6gkXa8J\nF+0A0ov+CT0nqME0VPZAZhS30LI2FrJ9H9cDfJFmRM6dhOtI80Y0sHFWYyw7r4DK\nf2YHbFLTfGc+xCnRTak0dp9VZbMIB5JuhZanzDh5jcAc0+QiaJvB7Ou7kZtmZuGh\n+Rq3fZvZnVFVcZF/CmCCmR7tJj/8D+YfDFI6wWZFcbONPvi5WITaUEzwmsgiHPlJ\n2Zi4xdOpK0GNc8BmVNEukq/6yUu1Me8gMz1a48ua4kk/ZDBVQ+SO1H1x8fBQmphN\nVTd6TwOpWhuwls+F8hlmfyt1xvWd45J0Hh9i5qNEA5591iHQIBxGo0KhDX9z6t3M\nMe69nolcdDvX/jlieSkdlgjtb6NQuSS+ZNht/UItgLhm99GTHdL6hKhlqc1Gnf/J\nZvSwJ/ZZbRQA0prOdRoukD1KFjAFPUWig+GqFtR7MW9wcTyctOg0qk3Bc7KfSlyf\nH65Pw5JVDitWAeKsuXueN60cJanxrE3jj4DRB4TZk0vwrsY1BBZPhXUGD6nOuPv3\nb1v6+YMZAB0QaPOvIKiBIAdlUELhfvd6e3HEdyS2YZXrhbpglSc0g/WzWYBd86iC\non05DMNTjMS9+d7VXC7ddqDDz6Y2G3SJgXCteQ+D9g8YA8i/tOpnTnwlgGsnGLJu\nT75PwgaTGQYPqe6OViRrtqjTTNsiv36vumPuT5r94MoWUnTjTnXBajcFp7jG6Nu7\nhe+mN6tikDIfOKRvcI7Ftm2gasIXDdCEwU0RlKrFoiM+ONr32cUi/kNrSgUWjYoW\nkCvBIvwzwyBOUzB5mL1yObkco0On7bnZTW7NhxIPf6rzDbMYHLnIAvkmoNrCHzFO\nBcyr3QjOy8X4MZxRMqefpDOSlXgHICtlNBcJb6mXWNNEFp/OgWuPz+KSzPtiXRkS\nify1AnVl3l6rtWepVZY9x5vzwIOxB9n0x91huauJq5MbT+tQk6HGvtxHfo6l/qSd\nSqDNTsA5LNJtPK53bBF2tNEM5QZQ/9oPce9l2YH+Po75d8ADtO/2Lad4MGKr+S6R\nhBks9sUnPZ2uRElxftl0UATLpDBw495bTQ01gnmQn1eSblzbrjXAfOtJBMuZ7E36\nSyWAATu+9GruoUFMwhNGwoUxBoik3ESUyxr6DEBBp1BdfSJLjbDDMD5lU+/IVMFF\nhwPRb/2Cu96AGXnDhdw/lsxaq4hnsFMVIRQOCUZ/iKS58FK7oPxw/fy+/S7f1wsd\nMlM/1YV//GVgnkTTnLQ3RlhvaCv/tDaNLhLbouGEy1DZJeHjPreLiuknyECfGXZe\n0Y7/cz8TFh1vZdQnrseHyyfvYW3yrtIEIWDuqZunyUrkc7yCdOKcWgz9oyD+5xPO\n7SfBDv4fbFKqo9PF1pxRWP1vGJpH+9HMpbuAzNbcnnx/hjgG6iE7jw==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-k6yEbtrYRoTSO76L6' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpr5eveldc.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpr5eveldc.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_4(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:1773: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ce64ca68cdcc8a20d62cf1d52339b488eae1d7673b9abdd5798e810022e749eurn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjUyWhcNMzUwNDIyMTM0MjUyWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA7t1j7u/LdSqla4W9N4wFTJXWckEYbKHbomdCNP0qcOqq2buwOUIfCeBr\ntBrHverDOE7z1ZBZc8+ClgoxqulIk3A1b1HRnBI6FqVEwOhlaqV0gNvnFOua7pd4\n/Ka5AyuhBPJCc/K7+cUs1eSojnmG6qGWFZFjJn8SiMHf/lXk0x72CdIDdrsnED2z\nwtOCcgWpHOyGRV5TRcfVn2AcoOfykY3f2lOw/4oopSqH1dPuL3I90IY65Ng4pZlm\n2WQqlTYvaq/1KFVcuehGPRuKN/ZpxfwA4JtOQ+4fEe1DLcg3ptrTSu+451CVAN8x\nVo2OhN+QbGHqeHLlM2nPJ3oMQL0ROwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBALSF\n4HBZTCGia7HE0w5Ot5H+KWE/OWvTNimTiyiAzi25+3TuKK/gsQZxSOUAHjvTAUBt\nCLokhSMsaSPKd+2lI2ipk92nnLQ6KsZfoo0wzlv11dg9itpDuTjT23i2/lZip1Iz\nytngOR7Aov8FhqdLQk680sEdk9+gJJ+mzivZuigfvtlKP4LiwaWNhyufY8SrSep4nPGI0XD95VbZExmdUsKdBuNQQuEwv9LUe9NNiRTD\n8mY2ROCyKoZSSHHMqsHFkvJOwknz9DluUs752Vj9yiY7XLuOd96YMh7AHSM3Ncyt\nr7ITC5wZANf4oe/xRX7n3Zo1OPvQ0XvhUbO+uKmQse9LYxCiFSk94TQHKdJn7ICN\nG/pgBEzfNzRFXUQmXtdRB0lCZTdpbTOpBPO3WaGJN9rP04y0g2Kc15RiHj1OF3yt\nNRMcBa9vvN7A0eNdtmlqjcCKNosQ6TTiicdjPqcCjqWqdwtaexxRvuoKty+KkH7F\n2op5UlDVajYeqvs9UWL32Q==kYTdXVZNEmiHBa4lEoi+is+kyUayVy0/164zuNKESzOyhhLX46mc8oQenIXMQxRX\nK6jMQgZSkzZ+8HRuHsvSEzH2S4TinM7rwTLSx41lusR815iHPw6b6m9cqIhj6idD\nWw4fZCWsSef82CHhIt2kK6vvodVM21A1ADrCpxbKgMKZj9U7NJYqSG/CjLi7rozg\nD/OhXmN55484b1j3c7SAUKmmQxJI9zefv1F1C2kMF9V7cF7w9h6Pkb4ewSqSHbVF\nN0UPmnTYBE34oYVmD43ixKx1nZ+iaaHgswtWzimJHxVP6SIXh9JNH4Key3lfdx+x\n2kqzj9X7ZcHcbpTu1dcHUUoxxBVXIyHf9XPgWsw9zr3okuEuv5gQAIrdK0Fcu24s\nA6CHwMpB1FObVtrGqXgfpkhsoR13Jr9qZj0FP6QSg09gxrB3w+mK1hHivHIpWJ9D\nRybJVs7Ic+34jju8y/V4yfidpHCMLfYVpCWlFQgFJXvPwpoudpfufnZ7L39/PZhf\nFgwn+FA7FeWusKS+SD/rhHoJfxXGJ5Cb9ONYKU24Hng5aTPSHbmgSHrc42dAiaUo\nVd7PttfqdFtJjKSvXNGY6fpSZRrCcQ2sR6CdhndIPfkAad5NhU7Jce82MBe+HWL7\nchHSLRbKucPkKJLUkL1Bi8VJCBalr7zgmVETULO6d+fnGacQjeLnIpbxMxoRinkj\nCgy3wxEX6AB2KaDiELGhed4slVOLmTBSZZgssVYXyr/0MftZfyTrloZSD8KOJP8V\nWUgkfhfcSfm8c+tRVqCsVikg8LI3SKDpx1MyuLG2T5j4HW9JddYaMCXoRTtw6r0C\nLiB9F6aedI2jxVL4/p1SEuSBFvHWOfpgzQZ/FFch3GOSyvECca97RlAMbpvfkJ3u\nZKN9CIgGZIoUw2ZOwwclhyDwwBgX7xhABDeDP1anVDOev1Ks6FWoVIsuMCgK5lDC\n41c3YuoHD/jigEpsOrKzNRXpOaqiT8ZbP8H2h4dIU+Q9YydYyzuE4FIfh6gkXa8J\nF+0A0ov+CT0nqME0VPZAZhS30LI2FrJ9H9cDfJFmRM6dhOtI80Y0sHFWYyw7r4DK\nf2YHbFLTfGc+xCnRTak0dp9VZbMIB5JuhZanzDh5jcAc0+QiaJvB7Ou7kZtmZuGh\n+Rq3fZvZnVFVcZF/CmCCmR7tJj/8D+YfDFI6wWZFcbONPvi5WITaUEzwmsgiHPlJ\n2Zi4xdOpK0GNc8BmVNEukq/6yUu1Me8gMz1a48ua4kk/ZDBVQ+SO1H1x8fBQmphN\nVTd6TwOpWhuwls+F8hlmfyt1xvWd45J0Hh9i5qNEA5591iHQIBxGo0KhDX9z6t3M\nMe69nolcdDvX/jlieSkdlgjtb6NQuSS+ZNht/UItgLhm99GTHdL6hKhlqc1Gnf/J\nZvSwJ/ZZbRQA0prOdRoukD1KFjAFPUWig+GqFtR7MW9wcTyctOg0qk3Bc7KfSlyf\nH65Pw5JVDitWAeKsuXueN60cJanxrE3jj4DRB4TZk0vwrsY1BBZPhXUGD6nOuPv3\nb1v6+YMZAB0QaPOvIKiBIAdlUELhfvd6e3HEdyS2YZXrhbpglSc0g/WzWYBd86iC\non05DMNTjMS9+d7VXC7ddqDDz6Y2G3SJgXCteQ+D9g8YA8i/tOpnTnwlgGsnGLJu\nT75PwgaTGQYPqe6OViRrtqjTTNsiv36vumPuT5r94MoWUnTjTnXBajcFp7jG6Nu7\nhe+mN6tikDIfOKRvcI7Ftm2gasIXDdCEwU0RlKrFoiM+ONr32cUi/kNrSgUWjYoW\nkCvBIvwzwyBOUzB5mL1yObkco0On7bnZTW7NhxIPf6rzDbMYHLnIAvkmoNrCHzFO\nBcyr3QjOy8X4MZxRMqefpDOSlXgHICtlNBcJb6mXWNNEFp/OgWuPz+KSzPtiXRkS\nify1AnVl3l6rtWepVZY9x5vzwIOxB9n0x91huauJq5MbT+tQk6HGvtxHfo6l/qSd\nSqDNTsA5LNJtPK53bBF2tNEM5QZQ/9oPce9l2YH+Po75d8ADtO/2Lad4MGKr+S6R\nhBks9sUnPZ2uRElxftl0UATLpDBw495bTQ01gnmQn1eSblzbrjXAfOtJBMuZ7E36\nSyWAATu+9GruoUFMwhNGwoUxBoik3ESUyxr6DEBBp1BdfSJLjbDDMD5lU+/IVMFF\nhwPRb/2Cu96AGXnDhdw/lsxaq4hnsFMVIRQOCUZ/iKS58FK7oPxw/fy+/S7f1wsd\nMlM/1YV//GVgnkTTnLQ3RlhvaCv/tDaNLhLbouGEy1DZJeHjPreLiuknyECfGXZe\n0Y7/cz8TFh1vZdQnrseHyyfvYW3yrtIEIWDuqZunyUrkc7yCdOKcWgz9oyD+5xPO\n7SfBDv4fbFKqo9PF1pxRWP1vGJpH+9HMpbuAzNbcnnx/hjgG6iE7jw==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-k6yEbtrYRoTSO76L6' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-k6yEbtrYRoTSO76L6', '--output', '/tmp/tmp0ae19tzn.xml', '/tmp/tmpr5eveldc.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpr5eveldc.xml" output= _______________ TestServer1NonAsciiAva.test_encrypted_response_6 _______________ self = def test_encrypted_response_6(self): _server = Server("idp_conf_verify_cert") cert_str_advice, cert_key_str_advice = generate_cert() cert_str_assertion, cert_key_str_assertion = generate_cert() > _resp = _server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str_advice, encrypt_cert_assertion=cert_str_assertion, ) tests/test_50_server.py:1987: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:832: in create_authn_response args = self.gather_authn_response_args( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = sp_entity_id = 'urn:mace:example.com:saml:roland:sp', name_id_policy = None userid = None kwargs = {'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjU0WhcNMzUwNDIyMTM0MjU0WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAzGPaICmMPrsn33EeWHf44T4Az6KncSj4MEGm5dE1Ecq2ON9E0vP854Za\nXMOmcD34AOQ3NlwIH8RCLlVq1MbTFaADdLS5qfMRhAxN28U9CR4btSBLvT1zvHub\nPnxswCgokEIGcfo3CEDwdyqdDUZkiGCuUFdpcaKRPaT5CCQavBqw5cb3kevjZX1L\ntrR8LVW4XKUwUttmIFH2s0ww2Bj9IzUy4WXsyZpK6WovcpEbpkcvrSwpdzZE6qjg\nQZErygDWKH10GZZ5n/gNy1sXiO2JTxUCHxDSyrAnPFKTRmRLoKdIg1huLivyTkCK\no32i9ORDBh3fFJskOeQOVoY3goRHVwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAEHt\narB0/xQibKgdNZxSsrdmqRIHowNL5nNX0+A8I9vW/GZk41kWBwC2Nn+DUruDzNNO\nfvoCY70R9MtRYlAUr0lK3D1mkl4zYwL8IBkcLiY0Uj/BGL8S81IidWqoBSHHuFFK\nhX0u6z3PVuwx+L5ru4C6eyGoqBFq93edjkN/7oFT\n-----END CERTIFICATE-----\n', 'encrypt_cert_assertion': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjU0WhcNMzUwNDIyMTM0MjU0WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAuo5t9qi/nTk/+FH28wqEBlBBeHzUkPR48TziSOk3+VDZL1pYnewVTJgl\n/2OqYVTL6YBdzZB+iSSnTl9p3C0UjjMoS5VsQky859A1hiuAQT2vDzpCO2NJ2wML\nHRRN26ySPm7FNPkS07aGCXHScz1rauZF/tK4N+54ysG0kIZdR+7YuCWCXigC17ur\nR6QMrWyfPunh2lDmJHJ/0cTBJUOvREn2zBbZbWBwLptW0KkeH1aEq72Bk1DO7qoe\nuEMZr8fMdtFyOKopa2hVWejYFja65EBhbFdErKFgLHHT1GlR09IdkHpNaBlL9FFT\nu+phI2+EOm+T4q2JMsZ32oeZT1GdGQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIt7\nupY4P+/+MT5IIP0BPlv+c2WGbXYdZ+tJWrvwX7GebVfG1HnIpFS5jHhYsF/rbwdV\nMWi/Lqvr3YaVplQ6ldD7FXFO/fytnEUnCz/SYFGrYZ3cZNAFp9kzIKofN68eTv6w\nOa0OpBl+d6i/UpDaDfAHTeL0WrNdkOh3mASHr3gB\n-----END CERTIFICATE-----\n', ...} args = {'best_effort': False, 'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjU0WhcNMzUwNDIyMTM0MjU0WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAzGPaICmMPrsn33EeWHf44T4Az6KncSj4MEGm5dE1Ecq2ON9E0vP854Za\nXMOmcD34AOQ3NlwIH8RCLlVq1MbTFaADdLS5qfMRhAxN28U9CR4btSBLvT1zvHub\nPnxswCgokEIGcfo3CEDwdyqdDUZkiGCuUFdpcaKRPaT5CCQavBqw5cb3kevjZX1L\ntrR8LVW4XKUwUttmIFH2s0ww2Bj9IzUy4WXsyZpK6WovcpEbpkcvrSwpdzZE6qjg\nQZErygDWKH10GZZ5n/gNy1sXiO2JTxUCHxDSyrAnPFKTRmRLoKdIg1huLivyTkCK\no32i9ORDBh3fFJskOeQOVoY3goRHVwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAEHt\narB0/xQibKgdNZxSsrdmqRIHowNL5nNX0+A8I9vW/GZk41kWBwC2Nn+DUruDzNNO\nfvoCY70R9MtRYlAUr0lK3D1mkl4zYwL8IBkcLiY0Uj/BGL8S81IidWqoBSHHuFFK\nhX0u6z3PVuwx+L5ru4C6eyGoqBFq93edjkN/7oFT\n-----END CERTIFICATE-----\n', ...} param_defaults = {'best_effort': False, 'encrypt_assertion': False, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': None, ...} param = 'encrypt_cert_assertion', val_default = None val_kw = '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjU0WhcNMzUwNDIyMTM0MjU0WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAuo5t9qi/nTk/+FH28wqEBlBBeHzUkPR48TziSOk3+VDZL1pYnewVTJgl\n/2OqYVTL6YBdzZB+iSSnTl9p3C0UjjMoS5VsQky859A1hiuAQT2vDzpCO2NJ2wML\nHRRN26ySPm7FNPkS07aGCXHScz1rauZF/tK4N+54ysG0kIZdR+7YuCWCXigC17ur\nR6QMrWyfPunh2lDmJHJ/0cTBJUOvREn2zBbZbWBwLptW0KkeH1aEq72Bk1DO7qoe\nuEMZr8fMdtFyOKopa2hVWejYFja65EBhbFdErKFgLHHT1GlR09IdkHpNaBlL9FFT\nu+phI2+EOm+T4q2JMsZ32oeZT1GdGQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIt7\nupY4P+/+MT5IIP0BPlv+c2WGbXYdZ+tJWrvwX7GebVfG1HnIpFS5jHhYsF/rbwdV\nMWi/Lqvr3YaVplQ6ldD7FXFO/fytnEUnCz/SYFGrYZ3cZNAFp9kzIKofN68eTv6w\nOa0OpBl+d6i/UpDaDfAHTeL0WrNdkOh3mASHr3gB\n-----END CERTIFICATE-----\n' val_config = None, arg = 'encrypted_advice_attributes' def gather_authn_response_args(self, sp_entity_id, name_id_policy, userid, **kwargs): kwargs["policy"] = kwargs.get("release_policy") # collect args and return them args = {} # XXX will be passed to _authn_response param_defaults = { "policy": None, "best_effort": False, "sign_assertion": False, "sign_response": False, "encrypt_assertion": False, "encrypt_assertion_self_contained": True, "encrypted_advice_attributes": False, "encrypt_cert_advice": None, "encrypt_cert_assertion": None, # need to be named sign_alg and digest_alg } for param, val_default in param_defaults.items(): val_kw = kwargs.get(param) val_config = self.config.getattr(param, "idp") args[param] = val_kw if val_kw is not None else val_config if val_config is not None else val_default for arg, attr, eca, pefim in [ ("encrypted_advice_attributes", "verify_encrypt_cert_advice", "encrypt_cert_advice", kwargs["pefim"]), ("encrypt_assertion", "verify_encrypt_cert_assertion", "encrypt_cert_assertion", False), ]: if args[arg] or pefim: _enc_cert = self.config.getattr(attr, "idp") if _enc_cert is not None: if kwargs[eca] is None: raise CertificateError( "No SPCertEncType certificate for encryption " "contained in authentication " "request." ) if not _enc_cert(kwargs[eca]): > raise CertificateError("Invalid certificate for encryption!") E saml2.cert.CertificateError: Invalid certificate for encryption! ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:736: CertificateError _____________________ TestClient.test_sign_auth_request_0 ______________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', ...] extra_args = ['/tmp/tmp37otdhz0.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp37otdhz0.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_auth_request_0(self): > req_id, areq = self.client.create_authn_request("http://www.example.com/sso", sign=True, message_id="id1") tests/test_51_client.py:396: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client_base.py:445: in create_authn_request msg = self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpw9ookn4f.xml', '/tmp/tmp37otdhz0.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp37otdhz0.xml" output= _______________________ TestClient.test_logout_response ________________________ self = def test_logout_response(self): req_id, req = self.server.create_logout_request( "http://localhost:8088/slo", "urn:mace:example.com:saml:roland:sp", name_id=nid, reason="Tired", expire=in_a_while(minutes=15), session_indexes=["_foo"], ) info = self.client.apply_binding(BINDING_HTTP_POST, req, destination="", relay_state="relay2") _dic_info = unpack_form(info["data"], "SAMLRequest") samlreq = _dic_info["SAMLRequest"] > resphttp = self.client.handle_logout_request(samlreq, nid, BINDING_HTTP_POST) tests/test_51_client.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = request = 'PG5zMDpMb2dvdXRSZXF1ZXN0IHhtbG5zOm5zMD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQtYWVhck1UM2F1T0RmcExVV3kiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDI1LTA0LTI0VDEzOjQyOjU1WiIgRGVzdGluYXRpb249Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9zbG8iIFJlYXNvbj0iVGlyZWQiIE5vdE9uT3JBZnRlcj0iMjAyNS0wNC0yNFQxMzo1Nzo1NVoiPjxzYW1sOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+dXJuOm1hY2U6ZXhhbXBsZS5jb206c2FtbDpyb2xhbmQ6aWRwPC9zYW1sOklzc3Vlcj48c2FtbDpOYW1lSUQgTmFtZVF1YWxpZmllcj0iZm9vIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+MTIzNDU2PC9zYW1sOk5hbWVJRD48bnMwOlNlc3Npb25JbmRleD5fZm9vPC9uczA6U2Vzc2lvbkluZGV4PjwvbnMwOkxvZ291dFJlcXVlc3Q+' name_id = binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', sign = True sign_alg = None, digest_alg = None, relay_state = None, sigalg = None signature = None def handle_logout_request( self, request, name_id, binding, sign=None, sign_alg=None, digest_alg=None, relay_state=None, sigalg=None, signature=None, ): """ Deal with a LogoutRequest :param request: The request as text string :param name_id: The id of the current user :param binding: Which binding the message came in over :param sign: Whether the response will be signed or not :param sign_alg: The signing algorithm for the response :param digest_alg: The digest algorithm for the the response :param relay_state: The relay state of the request :param sigalg: The SigAlg query param of the request :param signature: The Signature query param of the request :return: Keyword arguments which can be used to send the response what's returned follow different patterns for different bindings. If the binding is BINDIND_SOAP, what is returned looks like this:: { "data": "url": "", 'headers': [('content-type', 'application/soap+xml')] 'method': "POST } """ logger.debug("logout request: %s", request) _req = self.parse_logout_request( xmlstr=request, binding=binding, relay_state=relay_state, sigalg=sigalg, signature=signature, ) if _req.message.name_id == name_id: try: if self.local_logout(name_id): status = success_status_factory() else: status = status_message_factory("Server error", STATUS_REQUEST_DENIED) except KeyError: status = status_message_factory("Server error", STATUS_REQUEST_DENIED) else: status = status_message_factory("Wrong user", STATUS_UNKNOWN_PRINCIPAL) response_bindings = { BINDING_SOAP: [BINDING_SOAP], BINDING_HTTP_POST: [BINDING_HTTP_POST, BINDING_HTTP_REDIRECT], BINDING_HTTP_REDIRECT: [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST], }.get(binding, []) for response_binding in response_bindings: sign = sign if sign is not None else self.logout_responses_signed sign_redirect = sign and response_binding == BINDING_HTTP_REDIRECT sign_post = sign and not sign_redirect try: response = self.create_logout_response( _req.message, bindings=[response_binding], status=status, sign=sign_post, sign_alg=sign_alg, digest_alg=digest_alg, ) rinfo = self.response_args(_req.message, [response_binding]) return self.apply_binding( rinfo["binding"], response, rinfo["destination"], relay_state, response=True, sign=sign_redirect, sigalg=sign_alg, ) except Exception: continue log_ctx = { "message": "No supported bindings found to create LogoutResponse", "issuer": _req.issuer.text, "response_bindings": response_bindings, } > raise SAMLError(log_ctx) E saml2.SAMLError: {'message': 'No supported bindings found to create LogoutResponse', 'issuer': 'urn:mace:example.com:saml:roland:idp', 'response_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']} ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:733: SAMLError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpnec8p4ad.xml" output= ERROR saml2.mdstore:mdstore.py:1184 Unsupported binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (urn:mace:example.com:saml:roland:idp) ERROR saml2.entity:entity.py:352 Failed to find consumer URL: urn:mace:example.com:saml:roland:idp, ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'], idpsso __________________________ TestClient.test_response_1 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp1960b494ea8beaef66517f9918c56b03455aa639c09c21b42d034f1dc3ac4d8burn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-XpzHlptGf5ow4eFiB' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpihyai__p.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpihyai__p.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_1(self): IDP = "urn:mace:example.com:saml:roland:idp" ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id_policy=nameid_policy, sign_response=True, userid="foba0001@example.com", authn=AUTHN, ) tests/test_51_client.py:469: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp1960b494ea8beaef66517f9918c56b03455aa639c09c21b42d034f1dc3ac4d8burn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-XpzHlptGf5ow4eFiB' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-XpzHlptGf5ow4eFiB', '--output', '/tmp/tmpvef38rv8.xml', '/tmp/tmpihyai__p.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpihyai__p.xml" output= __________________________ TestClient.test_response_2 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3fed9b88c6ca79c2b90737e28304690de4d23905e10ef9f216a0602be006fbedurn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjU2WhcNMzUwNDIyMTM0MjU2WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEArIr49Xa4CFzpgowwy48b1uL8wn9+UuD/d/DGETJBiAYvmhQx+Fub1ExM\niox7KnOLaSxXvRutLnyHEoVqvdKJU5zKxbVlAqSgTDaG8mAY5EaSSYKXQmn7POiB\nesWxoUAV4/skYLdsRoJ4+RPEXVBiwIApC6oej6jWvCowI5Iku+HaTNIeJ8yJGiKz\nHabQ+QquNFzwGTnZT6KZc1KSnmN3oJ49RfwHddk0DiP5uRLejUc+APsgWi7xUFNB\nmVGX3CP69BpVK7yLTbH5nrtdujZp21yreIyAkZQgyQGy5Npu6lCb4+PKaJRqiMTh\nQP6819PtgIYL7SY6griEPlbzUyunbQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAH9Z\nY622Os+Yc5twrcXCIYv0s63OJGrraG/yhCsyfoKO+kFmyTU8+HgGJw+KXUrDens+\nNAsALcZDIJ70P/nC8iXnnTQkrKQwdWsqxvUF8fe/ZwHLB+WuYhovCKGEZa99cC3U\nkQX8oGeSKTQSo4iAsWzhcc5eFLE8tx8Jh8d95eIEH7ae3szKiuYtG2HJNN4Vz9tCqsbxIU2MTEuChQbXqOjOVAvwKcqY0q3D3ZqBTFyP\naVudWU992VG1JacpXXgAEkVf/Auctjxb35ZCNyLmQKqA+xogjgzSMvcn5p2dsqLt\n4vhP9HUCRWhHyfGJLy4Sl0fMwuezT0DyEH5z91bCkZ3LY0iDrQ3WHJ27sX8fwomE\n+AmoRgECWzjLxowPRN/Uc/3jK/KSJyMaK4VXR+jgn6wlArOcErgMMtKA2CGwvTif\nGE5XgUtcluzgmHWA7yLaw4F15PxC3xsUWE+VQCkzmFpKl1lR5GbQ4l6tBvExNF/9\nmQLsxRzcyanXG1F6vCRX7A==10K7yOjMirIm6efTtWcNSpJ/aKVFRZPrTiRyuOcUhM3fOEoElw138pzyb6TgP9Xq\ngRy4YLAN7N7hjjNDtNfa/nec029QIk6WlXq+ww+lfd4V55+UK5ESNlP6kSSDzTf+\nFSiwNfSIaomaa9B9Mu/8n38+XrnICPVOmp1zw2Gdpc5Bb4DwcnxkwnCqT/+L1YEr\n650AKQmO/2WVY9EfchQPD3dnuRq8INcX5xN6md+7mngPO9BsOwS4ly2x5jiIOXFJ\nl8oMh6w9SMbBUDg75yLimhN8uYznMQPs8rU/xmXTXwTcSLM64Anrhw90tSqXhv4H\n7sMqg/87GiTxotB2pDmocRu7RehrRV6kG+g/RHTYqUqSiGDveuFotpv2aNz7PZBE\nNKsgAztfn6yKRCogWWGoN9Wv5o++PVoz3Y7jRaqw+VvEVY1za18MquJ2j386AlFa\nBlwOZd0+j8jj9Bhk+o6NwqNnT5Oy9stzG/HdvYdpHlmdvQvjDGtay643i6eNjmfK\nhCI9W7kRV7zCqJXo21FsGv3J4UWMTmJd1fHJ2mG5ko1R3f7DSbNf91BxJq1eo+v+\nZeVmfr6ogYoC1KLZ/dVbbiyrRp2/66+8dxKV3Ic02izOhinPgVXOzq1jx595RCCC\nYyoa8LdXXrOzi8FigLKdDJI3v+U+uNEBi1adoqmVhdorc7czwlZucY6BUPASOgIQ\nDiduGyTLxJKEREXCoTykBLrXeF3Iyk4pbql1almuVNr0KxXHOj3tfZD3JguEHawh\n7hcEzAQQs647Wp8QhyFOVyS3TxAxP6JU9VGYb2HYkQInadUGIItDXCBgowMYRb3T\nYsAnY1ZMvz7zotOmY6g7IWz7bVPFBs5O+ZQaUMBc9Ji2yaZOzJ7zV4eQlIyJPjKs\nHLS/R/EYK0/WRczJGnHH0VbTXHyrKHAB2KG721MgTwYz12XJr2jbZWYVAYvZKt2v\negLoK3Ug4jyX5omMUPfVfl2b8vX/6dDAkrldUuZWFQIt+7H5osyWwCBtzIwCQcWk\nSp8fVliVTm0Fqk6TylN4shlUTWzQUdLVwFlZDVRkxletptO8z/xq7vmNIqS3Wm2B\n/yUreC8I6b3Bje4iD4B9pJXBmXIweFX04S/mhwL5FpL+gEErGL5LPVWrM9WpYgrx\nzUDYjM2aqy+s2XueQSuhHwu8RJrcKoSCPgGjbrOeqglWd/uQHnJL3p/Bfv0XAqw9\n5QhFczjA8+g3qTBIvt/S7R8zr1kJ0vw2ZhKYSkqEgF6AIx6pPUkg3dDhBA/5R9O9\nqvyDu9Mnec3/K4sNlyC/BEMO4tt7skCSXsZ9p9aaTF9SHN9URpuXLCRq8w87tcBD\nz9GtoEfU/Nhn3xxtrXd+oW3M4Bgv10V7RhojN0htw9/2PfxOdq7Q/z5Byla2h4HK\nvQaSI+n2T+elU9cp9TscQIA3aqG0yBmX472W6XLBN2ppmuFMqIHuHpX85laYqXwI\nRC3Fh/3knmwx3Aoefb0eWwWGgrsyz90C9csYcW3teeIofkYgVBoeEUMq4zdvM0/R\nN3NVAEJzSwu4oFw2xN99HNLVyawldTpaRGwp5Ls5nsHM836j07FWHJkzmvuW8zyu\nAp3K2j0Xh817TbmaitXYiIEiAnIVeW/ApD7fF0eusPGtTNyKXzTTJiPd3tbO1YaF\nCqC0mHzDk5Rm+BtCBifJxxZvQQxoTCC9aeXVRJ0Fh8CJVjVNwqv7kXztv6O4e17z\nomV1UQUoO7XtAPnMM9zaayTenxViV14Kb602+E/Mzs7cp7oJFCtRlD/FpC9jEO8V\nyHaahduy8wA1nP1kDqjALh2rNVE5YeCvCPsnirSIC+b23kYmbYkWHSa6VghvcCrT\n1yGfJ81erUxv4KqP3keL31avOm7lcMPOcHHMgMEb+Wq0FpkZQXAD5MjEdNT5z4UM\nik70yn0gGW3iM99/pMLQ7fyAK8kRvd3D3RxV7VOURQEjc4Z9hQXNM0WR/LwDwhtb\no/I2H3r5grMJhewbByVHNQ/0QATCysLbOjpvfw4TgHaZ5jkvGHWxOYu09tJbCI7y\nHSSx/bfRmiCIbrZZaID0Rzb10KA804Dkv/J9Ji2/YrPLzVOuiQfmHKf/U98BjOOm\nVCWvf/7SGzmupRgC8527iX3C03cXNsq5KlSGR4ZqaxvL1IFzw7QqAG/0/JeEV84Z\ngAboWuNb57h2P0IHHHq9Y3Bz6xDoqlaq/ruPyEEZ05MIAShHDLVwMabgr2UjWMlQ\nFwF3KzPxDyMpVs1WWbLTJXPEyVNlAVKYMXd0VAU8DNubV2/i6/prBTQZWF2kc+OH\neUCCXTO1k84PQC/zb/277nbsD4e/a/XwYsukTvcmdLT4qsyevj5Doa/y7/ulL6H0\nYpop+U7QhQERarCqzWTUIGtA6PL0giABRof1dKe6jFxbt7G0GJcANg==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-R8hcK7cJMeNkE4ADQ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp45scl3uh.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp45scl3uh.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_2(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_51_client.py:549: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3fed9b88c6ca79c2b90737e28304690de4d23905e10ef9f216a0602be006fbedurn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjU2WhcNMzUwNDIyMTM0MjU2WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEArIr49Xa4CFzpgowwy48b1uL8wn9+UuD/d/DGETJBiAYvmhQx+Fub1ExM\niox7KnOLaSxXvRutLnyHEoVqvdKJU5zKxbVlAqSgTDaG8mAY5EaSSYKXQmn7POiB\nesWxoUAV4/skYLdsRoJ4+RPEXVBiwIApC6oej6jWvCowI5Iku+HaTNIeJ8yJGiKz\nHabQ+QquNFzwGTnZT6KZc1KSnmN3oJ49RfwHddk0DiP5uRLejUc+APsgWi7xUFNB\nmVGX3CP69BpVK7yLTbH5nrtdujZp21yreIyAkZQgyQGy5Npu6lCb4+PKaJRqiMTh\nQP6819PtgIYL7SY6griEPlbzUyunbQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAH9Z\nY622Os+Yc5twrcXCIYv0s63OJGrraG/yhCsyfoKO+kFmyTU8+HgGJw+KXUrDens+\nNAsALcZDIJ70P/nC8iXnnTQkrKQwdWsqxvUF8fe/ZwHLB+WuYhovCKGEZa99cC3U\nkQX8oGeSKTQSo4iAsWzhcc5eFLE8tx8Jh8d95eIEH7ae3szKiuYtG2HJNN4Vz9tCqsbxIU2MTEuChQbXqOjOVAvwKcqY0q3D3ZqBTFyP\naVudWU992VG1JacpXXgAEkVf/Auctjxb35ZCNyLmQKqA+xogjgzSMvcn5p2dsqLt\n4vhP9HUCRWhHyfGJLy4Sl0fMwuezT0DyEH5z91bCkZ3LY0iDrQ3WHJ27sX8fwomE\n+AmoRgECWzjLxowPRN/Uc/3jK/KSJyMaK4VXR+jgn6wlArOcErgMMtKA2CGwvTif\nGE5XgUtcluzgmHWA7yLaw4F15PxC3xsUWE+VQCkzmFpKl1lR5GbQ4l6tBvExNF/9\nmQLsxRzcyanXG1F6vCRX7A==10K7yOjMirIm6efTtWcNSpJ/aKVFRZPrTiRyuOcUhM3fOEoElw138pzyb6TgP9Xq\ngRy4YLAN7N7hjjNDtNfa/nec029QIk6WlXq+ww+lfd4V55+UK5ESNlP6kSSDzTf+\nFSiwNfSIaomaa9B9Mu/8n38+XrnICPVOmp1zw2Gdpc5Bb4DwcnxkwnCqT/+L1YEr\n650AKQmO/2WVY9EfchQPD3dnuRq8INcX5xN6md+7mngPO9BsOwS4ly2x5jiIOXFJ\nl8oMh6w9SMbBUDg75yLimhN8uYznMQPs8rU/xmXTXwTcSLM64Anrhw90tSqXhv4H\n7sMqg/87GiTxotB2pDmocRu7RehrRV6kG+g/RHTYqUqSiGDveuFotpv2aNz7PZBE\nNKsgAztfn6yKRCogWWGoN9Wv5o++PVoz3Y7jRaqw+VvEVY1za18MquJ2j386AlFa\nBlwOZd0+j8jj9Bhk+o6NwqNnT5Oy9stzG/HdvYdpHlmdvQvjDGtay643i6eNjmfK\nhCI9W7kRV7zCqJXo21FsGv3J4UWMTmJd1fHJ2mG5ko1R3f7DSbNf91BxJq1eo+v+\nZeVmfr6ogYoC1KLZ/dVbbiyrRp2/66+8dxKV3Ic02izOhinPgVXOzq1jx595RCCC\nYyoa8LdXXrOzi8FigLKdDJI3v+U+uNEBi1adoqmVhdorc7czwlZucY6BUPASOgIQ\nDiduGyTLxJKEREXCoTykBLrXeF3Iyk4pbql1almuVNr0KxXHOj3tfZD3JguEHawh\n7hcEzAQQs647Wp8QhyFOVyS3TxAxP6JU9VGYb2HYkQInadUGIItDXCBgowMYRb3T\nYsAnY1ZMvz7zotOmY6g7IWz7bVPFBs5O+ZQaUMBc9Ji2yaZOzJ7zV4eQlIyJPjKs\nHLS/R/EYK0/WRczJGnHH0VbTXHyrKHAB2KG721MgTwYz12XJr2jbZWYVAYvZKt2v\negLoK3Ug4jyX5omMUPfVfl2b8vX/6dDAkrldUuZWFQIt+7H5osyWwCBtzIwCQcWk\nSp8fVliVTm0Fqk6TylN4shlUTWzQUdLVwFlZDVRkxletptO8z/xq7vmNIqS3Wm2B\n/yUreC8I6b3Bje4iD4B9pJXBmXIweFX04S/mhwL5FpL+gEErGL5LPVWrM9WpYgrx\nzUDYjM2aqy+s2XueQSuhHwu8RJrcKoSCPgGjbrOeqglWd/uQHnJL3p/Bfv0XAqw9\n5QhFczjA8+g3qTBIvt/S7R8zr1kJ0vw2ZhKYSkqEgF6AIx6pPUkg3dDhBA/5R9O9\nqvyDu9Mnec3/K4sNlyC/BEMO4tt7skCSXsZ9p9aaTF9SHN9URpuXLCRq8w87tcBD\nz9GtoEfU/Nhn3xxtrXd+oW3M4Bgv10V7RhojN0htw9/2PfxOdq7Q/z5Byla2h4HK\nvQaSI+n2T+elU9cp9TscQIA3aqG0yBmX472W6XLBN2ppmuFMqIHuHpX85laYqXwI\nRC3Fh/3knmwx3Aoefb0eWwWGgrsyz90C9csYcW3teeIofkYgVBoeEUMq4zdvM0/R\nN3NVAEJzSwu4oFw2xN99HNLVyawldTpaRGwp5Ls5nsHM836j07FWHJkzmvuW8zyu\nAp3K2j0Xh817TbmaitXYiIEiAnIVeW/ApD7fF0eusPGtTNyKXzTTJiPd3tbO1YaF\nCqC0mHzDk5Rm+BtCBifJxxZvQQxoTCC9aeXVRJ0Fh8CJVjVNwqv7kXztv6O4e17z\nomV1UQUoO7XtAPnMM9zaayTenxViV14Kb602+E/Mzs7cp7oJFCtRlD/FpC9jEO8V\nyHaahduy8wA1nP1kDqjALh2rNVE5YeCvCPsnirSIC+b23kYmbYkWHSa6VghvcCrT\n1yGfJ81erUxv4KqP3keL31avOm7lcMPOcHHMgMEb+Wq0FpkZQXAD5MjEdNT5z4UM\nik70yn0gGW3iM99/pMLQ7fyAK8kRvd3D3RxV7VOURQEjc4Z9hQXNM0WR/LwDwhtb\no/I2H3r5grMJhewbByVHNQ/0QATCysLbOjpvfw4TgHaZ5jkvGHWxOYu09tJbCI7y\nHSSx/bfRmiCIbrZZaID0Rzb10KA804Dkv/J9Ji2/YrPLzVOuiQfmHKf/U98BjOOm\nVCWvf/7SGzmupRgC8527iX3C03cXNsq5KlSGR4ZqaxvL1IFzw7QqAG/0/JeEV84Z\ngAboWuNb57h2P0IHHHq9Y3Bz6xDoqlaq/ruPyEEZ05MIAShHDLVwMabgr2UjWMlQ\nFwF3KzPxDyMpVs1WWbLTJXPEyVNlAVKYMXd0VAU8DNubV2/i6/prBTQZWF2kc+OH\neUCCXTO1k84PQC/zb/277nbsD4e/a/XwYsukTvcmdLT4qsyevj5Doa/y7/ulL6H0\nYpop+U7QhQERarCqzWTUIGtA6PL0giABRof1dKe6jFxbt7G0GJcANg==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-R8hcK7cJMeNkE4ADQ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-R8hcK7cJMeNkE4ADQ', '--output', '/tmp/tmpkhhqjf7f.xml', '/tmp/tmp45scl3uh.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp45scl3uh.xml" output= __________________________ TestClient.test_response_3 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=4d3bbb6b96d3efe0e084aca6e7ebb653919ed3412b20eaba89f838b2e1d4a86curn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==qCFdjkNa7jPa1S7hQI+D1PmyMy6ArfWXnJBAcOVz3BE4xQ0jVykMBjM1pNxhkLIQ\ngEnioUSgD5MVXP6MlBRWKJzvRC1Mhk9aA0hTiFDNboJ3g/ScHwV60CrBGe0PiUI9\nlnBfKw7JZWkggm0qsEjJxZVCJX1BcL/v0a2qJ5o4o+E=eE+673Q4bD21MGrq6IaroFQfoBcVpfz6onoi6g0n3TEAoWu5HiqrydPt2UBc5EAf\n/u9y4k6R4nT4qXks6g78bdXm1iuf+wTBIlVQXwXKl6T6DFU7xW0wJM2PWGuuLTKk\ndKb15ggDxD44jxaKOJInF0g748vXgJh49tcBETvYdWz4zQPG11B1Pz39VmCL+8tj\nqudOOzZDz0E8LS3nDFudlujuarocCz1cTVwXkIMvFQQ3SEWyfDbUCEFHGWeH1HUH\nPDgT93xUkWJt2ltVTxz1qJy/DVWtkcyu6ZKN1nPMUtmHzQ2OYU6qXdxFXspnSlab\nXZtLP6NeehYmaK/luJRHxyUNFv4fQzv/lheDTh31pBv48CX5PxKyMUriUWDSrrrn\niKCX1rCkmxYtfHcQOERndkDpNL8rRnjo6SNNRCdHPeKHHU14IIHy0IFu1WOLRu6Z\nGpULQJbXam1gtuUfqquql4BZUK1++DJSIPGwPvLRUItZwjPeFfs/hnN0hhr43w6Q\nla3hG8LHZulueUHDtdsgZLhyse1STX+eDo7AnsWwriWzC4qTSy965c0XOqYbQyYV\nD7jkL2MboRL4j12ZYdxPMs6SLa2tiy1XQyAsLnYNKGaVfrNT/2NlLOFdC7qIQQ6Q\novTF8vp5Pn9chdrIGsumCoTyifBFJY85Y+jpEa92gZwNvlVd/x1c2NFkz4dJYd4U\nlvHXZj6P0mTa9IKTkgsfcy2XDf01CNHojl3AzJnN6N4T5UAaQbkz8a5IZzlg/Eed\nZ0N6JS+l0c5Qs43RLpVI6dRkgDKjWReygcF3AaThNoqp/B6eC5buS+PIU4wtItYm\nNKppcGhx3HhIToq6VOHnxPlUGF2gK/VILN071YRwQ/ZEGCL2FxatDxMgVarKyUYK\nD9JUisbf8AepBVOaSFBT/Eh3c7ciy6iaXVeywe7Wf8vh6tgkXkpCUUQV587gH6uR\n8kKT9In1M2YTFuG1L3p6yydwKnvzeFfuVi9UipTXFdeMcRWXl1z+bGC9Oe0kWiJ/\nNGjilR1RC58OcUL6xuxBLTBOyEpEXWqrqY3WFxcMork0/dR/S/PrPYU9ZnYXUDVC\nQ9YAi6xZJqmal9tf0Ib4/uviPHcfcZSmU2kiLkiqYKWuzFP0nIZNWpo7uVf5m3JQ\nxjqrFMMIsBz8guIo0JBjjDIkJntP47ngu8RKaLpIFjZKzWWke4m/Why+jBLdWHd3\nahh7LoPTs4QhSe6267we0tcishwD9ev+grrcYPMioK/WXQVLGaGyVXG5bbhWyBX5\nUWaIsZwpSvRRct1kTZrqP2nHAjUZMz/paO7OxTZHyMxdgfP8dTFJWNSjicN/m14e\nsFBab9l8Vts/Br5Aa38SE/MTtpuhHb+9uYvo/ADZYRFkXtWLaOPH+8UihE1tJUii\n7dUmnpUp2PjnD/H2Bxiqz1ShZdGW+LHez5IvLVu7ot2pWN8c3avh7/ApWKFz7t4+\n6MdJEfX2RISUoDeSLNIEc34lSW6OHQmobIIBVkY/mdcox89o5SYU7+9ResKoBgDf\nYpJ7XrMp2OrMN8ab2YlMnhjH2MmFcmv+TTBftt6yKO2UX1B/jSQ3dlZUI+RXTd8a\nP0ourRNouXJ0W8dBNLGMbs9i2yKGE522BJwhEIwU2Dulz5bHcAQNufSEPod1cWMd\nq6fjc64XMS4qME5rdpw5kDQAt9SxJS3NQd5gNTwXvacQOamFpOWmX9LQFv8s2jKN\nsBo9c0myAu9G9IAoe9HDevKGRzkfUR8LlpGcu6L6HY8+MXW69dmvGXy5gHFQA7lq\n7BLLhSzn1FAqm6p+9PlihhJs/1xlOYnF/ap/crJx0CJeRjfD01Dlp26qCFIo+zD0\nti5i67K0uKQXn4uoQAKLFLcK1MvC5nm2np4n8/cCOgyrz+eNXHw0tvTYPI6o2wT/\ncvArPh0DpMUe77OwbTFJrbbHumkgsQ1k34w+2wIC8lpdeivznGs01GdydmS3zU9i\nUk9ptX5WMdMbqm6HzTCzZ/fx4VPRB2mCeSlq8eJKvh0SF78n+OzXH7g0bqd804Ok\nJ3ZwOfn8h5nJFsCbZwBApY9ISu5zKmu7UDq/2zrKsUBJKudpakR3aWHO8EmDR0fj\nqyMyL4SAYoJM4TTI5U/7DZ9dxZBLFsnIm5Rqq3VeQda0IFLNoB8s8QxlcTknGW51\nNYI18PcK4vo/EbO1wGNfnAswKyssGpWEswtuo+vXbKVRt2+f54zvO8zw8q3QHP5I\nTqSHp6aucvI2X8kSkYuKpSBCyrhRmWKIxzsBFAyZzP0L1khZiAqCtjbBwQLqyAQg\novArQG1Qjl/brJdgWFyqE6GNuKURMBFp4jE4tZWx3b/8x+hVzY8pwESDPN01cqsa\nNNr23llLxJykcFOFQdyNf+CsedfAP6471ki72GCXMwBQ2gHYI2y30A==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-eCXR0Ca4OmnkXEL4Z' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpglyh8rza.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpglyh8rza.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_3(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:584: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=4d3bbb6b96d3efe0e084aca6e7ebb653919ed3412b20eaba89f838b2e1d4a86curn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==qCFdjkNa7jPa1S7hQI+D1PmyMy6ArfWXnJBAcOVz3BE4xQ0jVykMBjM1pNxhkLIQ\ngEnioUSgD5MVXP6MlBRWKJzvRC1Mhk9aA0hTiFDNboJ3g/ScHwV60CrBGe0PiUI9\nlnBfKw7JZWkggm0qsEjJxZVCJX1BcL/v0a2qJ5o4o+E=eE+673Q4bD21MGrq6IaroFQfoBcVpfz6onoi6g0n3TEAoWu5HiqrydPt2UBc5EAf\n/u9y4k6R4nT4qXks6g78bdXm1iuf+wTBIlVQXwXKl6T6DFU7xW0wJM2PWGuuLTKk\ndKb15ggDxD44jxaKOJInF0g748vXgJh49tcBETvYdWz4zQPG11B1Pz39VmCL+8tj\nqudOOzZDz0E8LS3nDFudlujuarocCz1cTVwXkIMvFQQ3SEWyfDbUCEFHGWeH1HUH\nPDgT93xUkWJt2ltVTxz1qJy/DVWtkcyu6ZKN1nPMUtmHzQ2OYU6qXdxFXspnSlab\nXZtLP6NeehYmaK/luJRHxyUNFv4fQzv/lheDTh31pBv48CX5PxKyMUriUWDSrrrn\niKCX1rCkmxYtfHcQOERndkDpNL8rRnjo6SNNRCdHPeKHHU14IIHy0IFu1WOLRu6Z\nGpULQJbXam1gtuUfqquql4BZUK1++DJSIPGwPvLRUItZwjPeFfs/hnN0hhr43w6Q\nla3hG8LHZulueUHDtdsgZLhyse1STX+eDo7AnsWwriWzC4qTSy965c0XOqYbQyYV\nD7jkL2MboRL4j12ZYdxPMs6SLa2tiy1XQyAsLnYNKGaVfrNT/2NlLOFdC7qIQQ6Q\novTF8vp5Pn9chdrIGsumCoTyifBFJY85Y+jpEa92gZwNvlVd/x1c2NFkz4dJYd4U\nlvHXZj6P0mTa9IKTkgsfcy2XDf01CNHojl3AzJnN6N4T5UAaQbkz8a5IZzlg/Eed\nZ0N6JS+l0c5Qs43RLpVI6dRkgDKjWReygcF3AaThNoqp/B6eC5buS+PIU4wtItYm\nNKppcGhx3HhIToq6VOHnxPlUGF2gK/VILN071YRwQ/ZEGCL2FxatDxMgVarKyUYK\nD9JUisbf8AepBVOaSFBT/Eh3c7ciy6iaXVeywe7Wf8vh6tgkXkpCUUQV587gH6uR\n8kKT9In1M2YTFuG1L3p6yydwKnvzeFfuVi9UipTXFdeMcRWXl1z+bGC9Oe0kWiJ/\nNGjilR1RC58OcUL6xuxBLTBOyEpEXWqrqY3WFxcMork0/dR/S/PrPYU9ZnYXUDVC\nQ9YAi6xZJqmal9tf0Ib4/uviPHcfcZSmU2kiLkiqYKWuzFP0nIZNWpo7uVf5m3JQ\nxjqrFMMIsBz8guIo0JBjjDIkJntP47ngu8RKaLpIFjZKzWWke4m/Why+jBLdWHd3\nahh7LoPTs4QhSe6267we0tcishwD9ev+grrcYPMioK/WXQVLGaGyVXG5bbhWyBX5\nUWaIsZwpSvRRct1kTZrqP2nHAjUZMz/paO7OxTZHyMxdgfP8dTFJWNSjicN/m14e\nsFBab9l8Vts/Br5Aa38SE/MTtpuhHb+9uYvo/ADZYRFkXtWLaOPH+8UihE1tJUii\n7dUmnpUp2PjnD/H2Bxiqz1ShZdGW+LHez5IvLVu7ot2pWN8c3avh7/ApWKFz7t4+\n6MdJEfX2RISUoDeSLNIEc34lSW6OHQmobIIBVkY/mdcox89o5SYU7+9ResKoBgDf\nYpJ7XrMp2OrMN8ab2YlMnhjH2MmFcmv+TTBftt6yKO2UX1B/jSQ3dlZUI+RXTd8a\nP0ourRNouXJ0W8dBNLGMbs9i2yKGE522BJwhEIwU2Dulz5bHcAQNufSEPod1cWMd\nq6fjc64XMS4qME5rdpw5kDQAt9SxJS3NQd5gNTwXvacQOamFpOWmX9LQFv8s2jKN\nsBo9c0myAu9G9IAoe9HDevKGRzkfUR8LlpGcu6L6HY8+MXW69dmvGXy5gHFQA7lq\n7BLLhSzn1FAqm6p+9PlihhJs/1xlOYnF/ap/crJx0CJeRjfD01Dlp26qCFIo+zD0\nti5i67K0uKQXn4uoQAKLFLcK1MvC5nm2np4n8/cCOgyrz+eNXHw0tvTYPI6o2wT/\ncvArPh0DpMUe77OwbTFJrbbHumkgsQ1k34w+2wIC8lpdeivznGs01GdydmS3zU9i\nUk9ptX5WMdMbqm6HzTCzZ/fx4VPRB2mCeSlq8eJKvh0SF78n+OzXH7g0bqd804Ok\nJ3ZwOfn8h5nJFsCbZwBApY9ISu5zKmu7UDq/2zrKsUBJKudpakR3aWHO8EmDR0fj\nqyMyL4SAYoJM4TTI5U/7DZ9dxZBLFsnIm5Rqq3VeQda0IFLNoB8s8QxlcTknGW51\nNYI18PcK4vo/EbO1wGNfnAswKyssGpWEswtuo+vXbKVRt2+f54zvO8zw8q3QHP5I\nTqSHp6aucvI2X8kSkYuKpSBCyrhRmWKIxzsBFAyZzP0L1khZiAqCtjbBwQLqyAQg\novArQG1Qjl/brJdgWFyqE6GNuKURMBFp4jE4tZWx3b/8x+hVzY8pwESDPN01cqsa\nNNr23llLxJykcFOFQdyNf+CsedfAP6471ki72GCXMwBQ2gHYI2y30A==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-eCXR0Ca4OmnkXEL4Z' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-eCXR0Ca4OmnkXEL4Z', '--output', '/tmp/tmpe5aizz_5.xml', '/tmp/tmpglyh8rza.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpglyh8rza.xml" output= __________________________ TestClient.test_response_4 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=72e3573e05c05916b8eafb99535d6af1388ce08cdca5c4d04a0801c2c329741curn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==yaUMq5jdCyWjCxPZOHcOA+kYheYwfobVM3E/2qOJ9viWnYncSZW9CSDdZtK/ABKa\ne0Im83+V38gBWGBuetrURx09hwQ0WVSSeJy8BjbU9rJpDbQ1aGGfINBBl7prriYa\nvwRXRwUr1g7baME2rnXQZhpt8DsGX6dFzldW7F4HyZk=AHGRmHivA9/VxCAo7rKlD1jCEWvKcldYOS9vLxesejdOOeljeGOme/x2WJMOQNlW\nZfp3ZD+WYsuYsEaxL1a/Qbc+ZVi3i6JiBMfmIV0druzKHy5xsHPCHvScbpIMkSWb\nzoKdnOYoS6ffFJ4jQ5gyXfXDmyr62zt36ZNNKKmSlGtcSVLxrxDlXqVd+PPe5Wvo\nfUfI0qA4pyxrz0Ilb33bYm2zEsucl2O+m9NuV+i9VN5/HmGYwhMA47PzIiNZp6Jr\ntL7dekWrhdAGS3v3Vx+pBnPt+NX2A8YXK+YCsSQJykwpVw1GdenicvuSrbRmir1w\nQ/JXpbiVPI7ZoTVhHP6ANm/skV7Do/DZj2eWvID0Jv4EGODe6D1oyRniHzKgvx0o\nDU7BF8Gy8Wte5XylM5jWfCz5x0v9NmKir/CMQawVGo6gGtOf3pERmbChNExz3DTn\nSM8GoxCR/gE2hGKCmltU7W6Af5uBE1m2RHnK3ct/miRbMsxK9sbpswL6WppJQbS5\nvbCJpqmPwRuuVTsN4yf1vRVLC+DS6MRsPmQOGcTS14aGDoO+UX6TaPs9NuR9Gx+l\nHThvY0IQUV0mtJps4KMFZgAYK6a6SeJdp41ou82ZpSNhZgRgY2M6weKxXSxvBuSh\nAw3lmTtRBcrE766bwniN092M6L86LxEWoFsyOFLQBQ2+Yj7Xv2/H+Nb7tRu5mXHY\nExNz1tpCSnu1q/wfI47N7/SRL451RJPL8bnEy0a/ZObZeWDmTzIurfwEy7gp63KV\n8Vh8zYmJB6sWrjgvEX2l0PvD5d1GOEOkZaoEtG0XEz47XGdlaoW2powf+eKAxNim\nOaNeBq4NvxHWPTqbPm1CWK5bGef2Fwvc6y/1aYBhSI/6tf3+R2VrBynzwgboRCzy\nUr/UChVrnDkWUj/B5FPMVzQJn0xYkNtuIGFBXncNnhRgUp2a26PPJiSaxkhVqWeQ\ndBPvCZpV7d/d4iqUvp0asqKfcSyPz+aWzvtRLLvykZNM35TqRQL5d9i6/ZJ1Hsdt\naNXYwMyvHIreB/buHkMsyB9E+x1c55BH7OEzYW+F0/+V9IVg21ohgEOt+UgQi4BB\nFDTkt7aE42nq+MwUuMJt1H0+nzwckxqxOMLheSk8/MStj/jmjcT9W4DVWRTunAdK\nGr/105KoTJ9kEyU6KNyi8zvQ9bYbYMyXeSY/IvNcHiWGP5EvkxDbEJhTbwfEBNU3\nxSYn1mduMwDSSVPTZ39tBYe1kr/G69Y3SMzaunp3lR6gM/68mg8F0DP2ECHpGDU9\nONb3X5y0Ac+OKM/BOjPdkgU6DKmLcy0+XbBgAYlyiig0OmCZTd/tbNcXLcxko9mJ\n0F0x+bJmk+Cau1tZpmE7+eeuVLL8aV8yJpZeMkQjN7IMrFH2dcF5cBOe4NMkdKTp\nXTqqUcBbOK/0FHAq/zGtzZFQoo5tUFDy49M0g2bT8tz0vuVYgmb6zoRciot3D3RK\njOnLo3Brp+X/8c7MfZH5SwN8vMsPbkSQ7kS515Np/EaHfyCJv2ItI1SLE2roCRhl\nFw2eu2q/LKMRuW4tD7qsvbAHKWN9Z3Pl5K85A16qcN+OFE8UYO5caJYx4NzPhQuW\nVtaBzEFdgmwF6miYGwEj7GjaxkK3cS+TlvF7bNbFBxd1Y4RJrdOhu4OUCNF8LvtI\n7YvN84o+IeL79kgiL3ziFMtue6CcY+93E9FyzqNrLuX4G7b9GkT5Wi7rGKayKUHW\niqz0a+fq6SergNbbh1/s0U/HEYhOl16ukgf7CsVbOk7BJrtrFX3aECP/Atc9pC8Z\n9g+4ukUgCfb+ayqoAcoxOUOOy+T+MHqVpMOHg4bIbRcnuxiNY0USKWGE3RKapeO6\ncny6uDfHxjf1ETeaOFX5EMDuf5/wlzQp1y3kSRbNld/ufr/rW66x5Y34JsJX6sYZ\nmSVSLYIiqDF+XfxSZUKf4T+VuhBuu1a/epJ4u7Pt7zvElmRvpej56mY+l8LdVaXH\nC5YNAnsG5IcGxLelU7jTPKYwfbjcjHXm+AE97HncLxOpXv7e6UVPJFd6ISiQxbYf\ni8UVSwtD9lZKE0FIPEn0E8qBZiAVw0jd5G1iA0SuV8+lnimcANgCKitzyZiK+H7C\nlTEULgDfxbrwt5GZAzs3w6BoCgRqA8nn2XsrV/LKksXkbwII8LcqeKWiy0NewRwH\nZKpFhphwUYxVK8Y0CT9j3brtW2zjj0B5gW3WD4SJjSPjExxBZeG4hcXRuwNJlcm8\n5o6b4QGxtgQfMASYqeFiJQR5oB7I1WXOJ0+5y8W1RQOE3C3v+AxkDMUCZNjTTKWL\nEoaMoCQQSdraA1rxaM7lpXXo7sfoMvDcv0nYMd53TDkgjhvDJwJuMjOdBd/xZMbC\nXTzpQT/MTWx3I4qVPAvTWywDHYDTB6gq8RhYwPk23WyYesjcNc9a0A==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-d6sutXvzZzWkNHbcT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmppgz0f6kv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmppgz0f6kv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_4(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:618: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=72e3573e05c05916b8eafb99535d6af1388ce08cdca5c4d04a0801c2c329741curn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==yaUMq5jdCyWjCxPZOHcOA+kYheYwfobVM3E/2qOJ9viWnYncSZW9CSDdZtK/ABKa\ne0Im83+V38gBWGBuetrURx09hwQ0WVSSeJy8BjbU9rJpDbQ1aGGfINBBl7prriYa\nvwRXRwUr1g7baME2rnXQZhpt8DsGX6dFzldW7F4HyZk=AHGRmHivA9/VxCAo7rKlD1jCEWvKcldYOS9vLxesejdOOeljeGOme/x2WJMOQNlW\nZfp3ZD+WYsuYsEaxL1a/Qbc+ZVi3i6JiBMfmIV0druzKHy5xsHPCHvScbpIMkSWb\nzoKdnOYoS6ffFJ4jQ5gyXfXDmyr62zt36ZNNKKmSlGtcSVLxrxDlXqVd+PPe5Wvo\nfUfI0qA4pyxrz0Ilb33bYm2zEsucl2O+m9NuV+i9VN5/HmGYwhMA47PzIiNZp6Jr\ntL7dekWrhdAGS3v3Vx+pBnPt+NX2A8YXK+YCsSQJykwpVw1GdenicvuSrbRmir1w\nQ/JXpbiVPI7ZoTVhHP6ANm/skV7Do/DZj2eWvID0Jv4EGODe6D1oyRniHzKgvx0o\nDU7BF8Gy8Wte5XylM5jWfCz5x0v9NmKir/CMQawVGo6gGtOf3pERmbChNExz3DTn\nSM8GoxCR/gE2hGKCmltU7W6Af5uBE1m2RHnK3ct/miRbMsxK9sbpswL6WppJQbS5\nvbCJpqmPwRuuVTsN4yf1vRVLC+DS6MRsPmQOGcTS14aGDoO+UX6TaPs9NuR9Gx+l\nHThvY0IQUV0mtJps4KMFZgAYK6a6SeJdp41ou82ZpSNhZgRgY2M6weKxXSxvBuSh\nAw3lmTtRBcrE766bwniN092M6L86LxEWoFsyOFLQBQ2+Yj7Xv2/H+Nb7tRu5mXHY\nExNz1tpCSnu1q/wfI47N7/SRL451RJPL8bnEy0a/ZObZeWDmTzIurfwEy7gp63KV\n8Vh8zYmJB6sWrjgvEX2l0PvD5d1GOEOkZaoEtG0XEz47XGdlaoW2powf+eKAxNim\nOaNeBq4NvxHWPTqbPm1CWK5bGef2Fwvc6y/1aYBhSI/6tf3+R2VrBynzwgboRCzy\nUr/UChVrnDkWUj/B5FPMVzQJn0xYkNtuIGFBXncNnhRgUp2a26PPJiSaxkhVqWeQ\ndBPvCZpV7d/d4iqUvp0asqKfcSyPz+aWzvtRLLvykZNM35TqRQL5d9i6/ZJ1Hsdt\naNXYwMyvHIreB/buHkMsyB9E+x1c55BH7OEzYW+F0/+V9IVg21ohgEOt+UgQi4BB\nFDTkt7aE42nq+MwUuMJt1H0+nzwckxqxOMLheSk8/MStj/jmjcT9W4DVWRTunAdK\nGr/105KoTJ9kEyU6KNyi8zvQ9bYbYMyXeSY/IvNcHiWGP5EvkxDbEJhTbwfEBNU3\nxSYn1mduMwDSSVPTZ39tBYe1kr/G69Y3SMzaunp3lR6gM/68mg8F0DP2ECHpGDU9\nONb3X5y0Ac+OKM/BOjPdkgU6DKmLcy0+XbBgAYlyiig0OmCZTd/tbNcXLcxko9mJ\n0F0x+bJmk+Cau1tZpmE7+eeuVLL8aV8yJpZeMkQjN7IMrFH2dcF5cBOe4NMkdKTp\nXTqqUcBbOK/0FHAq/zGtzZFQoo5tUFDy49M0g2bT8tz0vuVYgmb6zoRciot3D3RK\njOnLo3Brp+X/8c7MfZH5SwN8vMsPbkSQ7kS515Np/EaHfyCJv2ItI1SLE2roCRhl\nFw2eu2q/LKMRuW4tD7qsvbAHKWN9Z3Pl5K85A16qcN+OFE8UYO5caJYx4NzPhQuW\nVtaBzEFdgmwF6miYGwEj7GjaxkK3cS+TlvF7bNbFBxd1Y4RJrdOhu4OUCNF8LvtI\n7YvN84o+IeL79kgiL3ziFMtue6CcY+93E9FyzqNrLuX4G7b9GkT5Wi7rGKayKUHW\niqz0a+fq6SergNbbh1/s0U/HEYhOl16ukgf7CsVbOk7BJrtrFX3aECP/Atc9pC8Z\n9g+4ukUgCfb+ayqoAcoxOUOOy+T+MHqVpMOHg4bIbRcnuxiNY0USKWGE3RKapeO6\ncny6uDfHxjf1ETeaOFX5EMDuf5/wlzQp1y3kSRbNld/ufr/rW66x5Y34JsJX6sYZ\nmSVSLYIiqDF+XfxSZUKf4T+VuhBuu1a/epJ4u7Pt7zvElmRvpej56mY+l8LdVaXH\nC5YNAnsG5IcGxLelU7jTPKYwfbjcjHXm+AE97HncLxOpXv7e6UVPJFd6ISiQxbYf\ni8UVSwtD9lZKE0FIPEn0E8qBZiAVw0jd5G1iA0SuV8+lnimcANgCKitzyZiK+H7C\nlTEULgDfxbrwt5GZAzs3w6BoCgRqA8nn2XsrV/LKksXkbwII8LcqeKWiy0NewRwH\nZKpFhphwUYxVK8Y0CT9j3brtW2zjj0B5gW3WD4SJjSPjExxBZeG4hcXRuwNJlcm8\n5o6b4QGxtgQfMASYqeFiJQR5oB7I1WXOJ0+5y8W1RQOE3C3v+AxkDMUCZNjTTKWL\nEoaMoCQQSdraA1rxaM7lpXXo7sfoMvDcv0nYMd53TDkgjhvDJwJuMjOdBd/xZMbC\nXTzpQT/MTWx3I4qVPAvTWywDHYDTB6gq8RhYwPk23WyYesjcNc9a0A==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-d6sutXvzZzWkNHbcT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-d6sutXvzZzWkNHbcT', '--output', '/tmp/tmp6s5z9bul.xml', '/tmp/tmppgz0f6kv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmppgz0f6kv.xml" output= __________________________ TestClient.test_response_5 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=f59245ab24c71e26c6511969b9ccb6f38577da5549c93aa860b29d744b70a708urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==2kzKlKK6qc6yn0JaRohGfi7IFSZlM2w1Y4jYV5hEM0HPi7Kz+N0+Ph731oSW8KN0\n6P7CR8qsVf990F7NYVfpMRQn14TXIWVlLsJLoEeonIudN2nFJNvPABHnd/3aaLEE\n+fcQK2uZQPvKc4OluObR38f3+D+wXKEwWkzoMPzuoNE=VyzUxV4rBgZx+T+kbMVSe1YF3HYgIIUSVoSbBku8YU017dwVeacX1uoIwyCF26Hm\nnJnJ0thuw0sD1sY0mVTth3fKdxGsrltNqiorGyIk2js5oyeTDlLsmMJOXPjUW+dU\nxXolIr42c3FgP3NrjO0qScxtVP1/FpBaqCyOfpzxjW4SlgbI+nQSD3Yfo3naz7H8\nYNZlhOGHajhu+BBkv9WxX6zrYOjxGdPW5PsMU3eOofdpDqLf5LtLeVGLHVNV0obo\n2hIGTl8wdCRkh84oopMbbECm6OFMFecLux0EI69wv5d1cKbF5lij5YDnnAx0gLmL\ngSh5vyUMQcb9nxC+3QyquFIbGCsW0v9bvfk4n4CP87lbkGtb6yWaAJmAIUfBXegz\nQcHDc679rlmEFYf7pEXvJ6ZpVn7hStUID0hKGH8YcgoCRbxDIUJ0+I6QHpL/ooWT\nKQb8wtq5leCZu65RklgBV+rw/8rV0p7WrGUauBxzK90OHb83X7oNzxz73oZJqhLk\nJYR7vLv9w6aMWYtMXYx1lSYpTb+KP1z3vBAVZllzawdgn+LlEEjpEmXRVJaWuQsh\npqq7xE2Tm2ztJ9H1WP4/HD30L9rnrrsmoWiw5xJ23EDgXTzRVEExJSgBaH97uS6f\nvxT1zDchXCRY17x8G/iLRY/9Y8e/rBK0HciLWJLCT+zXkiCCfYmv7vUOqDL5QNZ/\nDeQkQ2EtYktbAVYyeOcLPBK5Cv+Ndn1lIr99J5yHC2lrGuGGvrjlhEZzyO3tASUC\nZ+vJIti9UmzVteYc1EF2uHaruXh6XQ1SWcEBRFKWr13gbhtg/ttgiq+jBU4jfMgy\n2kLbzAZ6ZOH5IkLetogaAP5WVo5h95JHV1u8zKfarXRxhTFfHDL5LI1BKBt2x7Mm\nHlSWnJh1Ek6DmNM5SnPk59nkxD6Q221VdhAfceArhT1boRRreXy1N4PXu1osCPTo\n2vVL/l1L8mGBeoqNtTEMCZP67yz80NuSriLu1tVD3HDdiSmULYrMC7ilJuuK73nZ\nBu7ZZ8MgkMeuYzY0QX2y2ZbRhiCq5iYulHn+5RJ+7pxBYpcFwHi8cBImd6ilVg+j\nIjLMRaJYmzPLw3u5GCiQ6iNzPx7TNe4h2LG0W+OXqHY9DH0A4HsANgZKIiRjFSm/\neaUB7emEH9KQs+RyTAVE80m7SilDXL3/t6ulHSZ0rvwvMU1tJeV5arfUHSDE/a2P\nDbuwtFNfNV336+5odmQlRHFArTUoEBaIKxAQ6WUmexqSa2uftWGms5zNaygF5tGC\n5NzGug37jb+WA5BUeQptBPTuJyk6KwMHGs0z/rucARnW/18Z0ZTqZgQUZkwSyrP+\nCOtAhwPElRIFhd4/vjd5POgT02/1qZBl2fL91AfYWdLdIzmormrO+HJxEdzWdYnH\nfRw1cM/Nwov0Wfl9GV2rdO7KEbFd1quaDQl7A6Ko5bJa3fSoJkBhRfTK2VwCQtiU\nUcPO6l/Ji38nkSHmbH1YLnPqRPh1YtW6cMaTBBjwLtbfKp6E+fEKXN7EKfyxgMRM\nueM05/PjjSIBaokkx+NilrV8EvIxvfRiTj6RO6Y92Zzq7YRSTlj58m3Fgo3bOJvQ\nNPr34lt7VJAGOqJq1TniVaoGnNEhPVsVzViLTHDUfNEJEQHiCVJBOJNZR2/g8nKi\nblx81Pe/FTMTfmk9LQyYpmd6HFUJuvtjQcfWMzP/+U3xapo6BpgHCObAu4JAZ76V\numFJ72tw6Gwv3bM9DegSiks1nZBAQlqFOMPKX2GdB5L8f9YvFFZyuHBtatgbvDsv\nJpog03EdFiYREBB1a0s3OHQ3CIGWWM5qSr2d7gmU5B3HlTfCpe0cVG5mMHzwz9eT\n7Sek3tQmWZmeO+NUdKI1/DBXmzPv8W+BDQ5ABQra0hEDxfsyAp4PrAEv1Z7BwfMv\ne2Fofu6MzwvX6UervLWndLGjnPCLIqkf6C5hWmIT9Zde3tACFMgzK5O8thkQx2+Z\nuejIs0bfBMtAWfDHqMDGcBi96bcSp7aYoPxbrA/at3tUEoVqmm4/x5dTuTG/LMA4\nus1Bk2d8jn3RNYaNAASVL4kkDKrD0N+UucoJ5/tBTj38gJuXdgz/zLJcs9E0HlB+\ncTNTCFb3t/Z6IkWDF46eFcP5cZdhdRY2sKyWevLf9IjXGPuY3cITVCJrmikvSyYH\nz0ec4TzE4IhQc/o5OQq477nBLzKuUys7w2jfHoSi0g0gW29vM6GWalkuBjtZcXpr\nuc7cvKfFX0wRuZXN9PE8LPE7sb21xdbW0nCNMhW8OUUr81a9XGlg4yW7izikG2Tg\nRsNYwdcCNJjew2EFYnMVrMi5Ss0NSz7Ju+FOi9dMX5QJNVTJjzUjQPgKgjUUOqP8\nBKR2iUqEOh79xeMkYEHCaBUvLvSVWwirxXLaQyPBsmIow2/g1G7RQQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-LhBxqjwdWerkpbUps' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp9wstfyv1.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp9wstfyv1.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_5(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:656: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=f59245ab24c71e26c6511969b9ccb6f38577da5549c93aa860b29d744b70a708urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==2kzKlKK6qc6yn0JaRohGfi7IFSZlM2w1Y4jYV5hEM0HPi7Kz+N0+Ph731oSW8KN0\n6P7CR8qsVf990F7NYVfpMRQn14TXIWVlLsJLoEeonIudN2nFJNvPABHnd/3aaLEE\n+fcQK2uZQPvKc4OluObR38f3+D+wXKEwWkzoMPzuoNE=VyzUxV4rBgZx+T+kbMVSe1YF3HYgIIUSVoSbBku8YU017dwVeacX1uoIwyCF26Hm\nnJnJ0thuw0sD1sY0mVTth3fKdxGsrltNqiorGyIk2js5oyeTDlLsmMJOXPjUW+dU\nxXolIr42c3FgP3NrjO0qScxtVP1/FpBaqCyOfpzxjW4SlgbI+nQSD3Yfo3naz7H8\nYNZlhOGHajhu+BBkv9WxX6zrYOjxGdPW5PsMU3eOofdpDqLf5LtLeVGLHVNV0obo\n2hIGTl8wdCRkh84oopMbbECm6OFMFecLux0EI69wv5d1cKbF5lij5YDnnAx0gLmL\ngSh5vyUMQcb9nxC+3QyquFIbGCsW0v9bvfk4n4CP87lbkGtb6yWaAJmAIUfBXegz\nQcHDc679rlmEFYf7pEXvJ6ZpVn7hStUID0hKGH8YcgoCRbxDIUJ0+I6QHpL/ooWT\nKQb8wtq5leCZu65RklgBV+rw/8rV0p7WrGUauBxzK90OHb83X7oNzxz73oZJqhLk\nJYR7vLv9w6aMWYtMXYx1lSYpTb+KP1z3vBAVZllzawdgn+LlEEjpEmXRVJaWuQsh\npqq7xE2Tm2ztJ9H1WP4/HD30L9rnrrsmoWiw5xJ23EDgXTzRVEExJSgBaH97uS6f\nvxT1zDchXCRY17x8G/iLRY/9Y8e/rBK0HciLWJLCT+zXkiCCfYmv7vUOqDL5QNZ/\nDeQkQ2EtYktbAVYyeOcLPBK5Cv+Ndn1lIr99J5yHC2lrGuGGvrjlhEZzyO3tASUC\nZ+vJIti9UmzVteYc1EF2uHaruXh6XQ1SWcEBRFKWr13gbhtg/ttgiq+jBU4jfMgy\n2kLbzAZ6ZOH5IkLetogaAP5WVo5h95JHV1u8zKfarXRxhTFfHDL5LI1BKBt2x7Mm\nHlSWnJh1Ek6DmNM5SnPk59nkxD6Q221VdhAfceArhT1boRRreXy1N4PXu1osCPTo\n2vVL/l1L8mGBeoqNtTEMCZP67yz80NuSriLu1tVD3HDdiSmULYrMC7ilJuuK73nZ\nBu7ZZ8MgkMeuYzY0QX2y2ZbRhiCq5iYulHn+5RJ+7pxBYpcFwHi8cBImd6ilVg+j\nIjLMRaJYmzPLw3u5GCiQ6iNzPx7TNe4h2LG0W+OXqHY9DH0A4HsANgZKIiRjFSm/\neaUB7emEH9KQs+RyTAVE80m7SilDXL3/t6ulHSZ0rvwvMU1tJeV5arfUHSDE/a2P\nDbuwtFNfNV336+5odmQlRHFArTUoEBaIKxAQ6WUmexqSa2uftWGms5zNaygF5tGC\n5NzGug37jb+WA5BUeQptBPTuJyk6KwMHGs0z/rucARnW/18Z0ZTqZgQUZkwSyrP+\nCOtAhwPElRIFhd4/vjd5POgT02/1qZBl2fL91AfYWdLdIzmormrO+HJxEdzWdYnH\nfRw1cM/Nwov0Wfl9GV2rdO7KEbFd1quaDQl7A6Ko5bJa3fSoJkBhRfTK2VwCQtiU\nUcPO6l/Ji38nkSHmbH1YLnPqRPh1YtW6cMaTBBjwLtbfKp6E+fEKXN7EKfyxgMRM\nueM05/PjjSIBaokkx+NilrV8EvIxvfRiTj6RO6Y92Zzq7YRSTlj58m3Fgo3bOJvQ\nNPr34lt7VJAGOqJq1TniVaoGnNEhPVsVzViLTHDUfNEJEQHiCVJBOJNZR2/g8nKi\nblx81Pe/FTMTfmk9LQyYpmd6HFUJuvtjQcfWMzP/+U3xapo6BpgHCObAu4JAZ76V\numFJ72tw6Gwv3bM9DegSiks1nZBAQlqFOMPKX2GdB5L8f9YvFFZyuHBtatgbvDsv\nJpog03EdFiYREBB1a0s3OHQ3CIGWWM5qSr2d7gmU5B3HlTfCpe0cVG5mMHzwz9eT\n7Sek3tQmWZmeO+NUdKI1/DBXmzPv8W+BDQ5ABQra0hEDxfsyAp4PrAEv1Z7BwfMv\ne2Fofu6MzwvX6UervLWndLGjnPCLIqkf6C5hWmIT9Zde3tACFMgzK5O8thkQx2+Z\nuejIs0bfBMtAWfDHqMDGcBi96bcSp7aYoPxbrA/at3tUEoVqmm4/x5dTuTG/LMA4\nus1Bk2d8jn3RNYaNAASVL4kkDKrD0N+UucoJ5/tBTj38gJuXdgz/zLJcs9E0HlB+\ncTNTCFb3t/Z6IkWDF46eFcP5cZdhdRY2sKyWevLf9IjXGPuY3cITVCJrmikvSyYH\nz0ec4TzE4IhQc/o5OQq477nBLzKuUys7w2jfHoSi0g0gW29vM6GWalkuBjtZcXpr\nuc7cvKfFX0wRuZXN9PE8LPE7sb21xdbW0nCNMhW8OUUr81a9XGlg4yW7izikG2Tg\nRsNYwdcCNJjew2EFYnMVrMi5Ss0NSz7Ju+FOi9dMX5QJNVTJjzUjQPgKgjUUOqP8\nBKR2iUqEOh79xeMkYEHCaBUvLvSVWwirxXLaQyPBsmIow2/g1G7RQQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-LhBxqjwdWerkpbUps' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-LhBxqjwdWerkpbUps', '--output', '/tmp/tmpp370cta1.xml', '/tmp/tmp9wstfyv1.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp9wstfyv1.xml" output= __________________________ TestClient.test_response_6 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=10ac0888687cb3e5f7bdee2ca90c9b5ae0ec3a01fce31dd792b3c31828504cb9urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjU3WhcNMzUwNDIyMTM0MjU3WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAxwVUThCwgMkJOuUvWrXiFrT4QigIzhC/6H7W3h+NfGIc3pR3guG240YF\n9Rg4rP+5h9uuPtGWyCQ6RGFG8KHGy2ls+oVToMo8Pb13flJwLzrHB/DKbjG7a3I3\nQoW4t8EYe/TFRpXvRK76OHEtIxGVMUpkUAmckiIqlSAelSuj2A/GkWLh8NymlpzI\n3HGH2R+5WnGKd6X64vSoBH7+IWlggry1GmahnQ+5nVATXf8PC13bzWMZ4OkwDcpA\nnp3X1e30lp803AIl3CMxizZtd82xIGw5DCCCyV0YCoN58F4nNBvjIMJIY6Y+lORu\nFrDMNiHMhT48xscGkdTG8ZzS6RHUVQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAK6p\nMVoYXfBWdOOPA00ucgHhEfbeP5jOch4gqyQPQMTBc6wpNLqR3q3CJKzKLMzvEL67\nrMr0cmVb1s8+J44h+bbJb+ErUqSWsmWzcFlMbPLJErbjN190ZSEGECvE2G/cNvi+\nKX3hP736X6M0/5th2mdGWprSgsWCd/1j4BoJMYj4b11tTxk0s7MdXKxOjv7kkBDQKlHxops9XYKPQHB0vagudQ47n7WxyhmGwmJ7qnXD\nftbJe3mAyCz3JXFXGVwocDkZ1D7MUYievazNoiZEzcIhejWNwuAsG0p4TPFdx+Ln\ng6QejGljNF0TDPhWsEm2aYLoZxdhdVnui8NnUy8ctRNrrQAGoLDA8w6ktkbk/PyL\nKGW9EVILSceY/Kd+2uUrCvTwyH7Ctq+gDqwRUluQP307JBuBnDPdYIl5vBNULbsu\nF2PJwIQ/StkMeERR3Gia2kuUqsxNYFjK84uj+uAzqlehsgCVRyqlxnRP5Q5ntnyJ\nrT8zJddorVi92/6RX/SOEA==WF0ncfDO19KMgWc+z6BxLBwl37JnSPAN9yKbziIyycYqFzokndJfMMYYsEcVqPQW\n1VxUI+C/juDOTlOPjAc/fhA2zEEa5Huw5SfJv+9RSPPxWiuavXFMxAHt1oguDGz8\nbPvwqgU7NiyeT+rcppsRQZvp/zql0NbIwV4ccmdplBzD7qsI5Gfp89qaSDc2dhRL\nEARrTD2BZ5VhiCJXIWVnwZqzWJaOpTiPyzpVz7ypzkoc/D7Y6zWcB9UyWpu0f1cV\nJqzTzoEGX8BEElmiVKT0YnDLYFQ5mic3E9N6jtMORTEd8t6P6jlp5bFj01KBV++7\nvUXHupczvLrf0KsF/PLj41Lw0S+g72qCJLmjoC8FFcTEZzFIj7fRiAAKwsvJ8EsE\nQePJe2a3chKXRhMNm4OFmnDerlGRbx+sNdMHk5h8h32vuhLDthC4XOtO5cczMAdS\nPngwVS9AD84DxPfHfVgDxbuXo0hqn8pl12GSFXoAFLinKOT6nEFoLtGTcweHLbqj\nQYr/8CdRWHZzbw8ayozxAgG2F9dv3bkQYZt3w7F3QTuqXMSg69kkD6STtob5bQUR\nvLdQw5+BRD/TiUI/fnIAlecbbGEE+nhDZVnRRfFDrMi4VUmr7xs90zRdTYXEEFhh\ngYIyWEV9+p5WLq+uW+Z0vDHFfK809kqsSORpGImGzrcWqH8jk+w96w51cZrR98tO\n121z0l34zqQTgrEWMQIiqU7B8+7QBUdCyl3WY8YojzJFXnEJI7vx/+Vl/43yEjPW\n9IdstA6dq8Rma2pNxsyqG9f8/t3pR/2Ne+X4bCLyfU3wmbJHUmlRV5IuvoXgxQvo\nenF/jgKE5DJSXwFtS+Sz1dmRbi6bPGmKLWOcLIUlrka5pJWHhKqctRgJIGPWS8OH\nHKcrRBL7g31Pj57YQQwSB3puJ83H61Gg6XXjHvg1FkaQVuO5c5g2505Umc7WBBmT\nwQ9ScLDGxH7ExLLeT+lhdTvUPOjHVg3ZzwbHRLuB43zXehPUwOhWoopqCrbRZOZl\nWOFl2+dczNuJQJTtXhKw9tQunHXff4z5M9w7iIWH+2l/71REkiG95jZPp9oEsklr\nFIsPM5HgojmivlJBj/Oa0U4uSQb86FgMqh60JXXttQvCXa5ngK7kU44ukspHB8Eb\nrmoB7J6V02qjKMd94ihK/50W4XPm5j4T480hxOOqsM0ow1lD1kR1b1OtzHTM4Ntn\nFvTa3z7MK7mW6SCiGYPq8qTThUQNZd6DfvmEP2r59KsFZ1sFEaPHmMEFyfBWd4xc\ntrfKASqlTCkPtJRHni031d766a3W33aTCJCHX7F8MwD5X3IC+ZaLNbp6WFx7fkKX\n6r4dhlDnr2/+p0wV2dNmgQRfDnisELBNO98KtvjVonM6RrrW7G5bjESg0vHsH2UL\nMYPw2oKwcCyTa11KEawI3fjDviXwe6oCJH04grZAk35J8UadAsnX/pcPGxLhC38m\nGnuX8fenNO3eW7rksPbVefO+ZePaVMAJ2mScmZbibYP2AfgZi208zjswInEXvB7g\ngP8dLJ5XASZcffRa9MC5zNXmjzQSnr+P9TNc4IMfETjzHA2olpmEB60i3hFrHXRk\nlCa58hYh68YgeXH9lrwPk1O+6n+bsfv8ollpsCAWy6MgpHHAeE5Y5B026cUi5mL3\nYq2zExwDpyr/6vtpGa1BNwN80uFIzrEs4puw1hl+CfiCPOlOW83smDLbh3TwYP5g\nZhWGH3ht1DkXbOUjmiw0edhhuFE1/8YaI6C6CiFUJwTCd8IadIBPl4+e4xVVvHhI\npCpS4bZdj70ZUt6RH+cIf9VbRnmtOyTGJFpAMxgFZ9fxNxMViqHUHTA8ouUiPg1K\nDNsBbIRpdn1lBhj43RmDkWJUnRx9S4jJnC8T9PjEaOVkRuZ6HBtpAq0LiVJMcaA8\n3a6ySXgsOv1EEWn1iXIu+cEczl3BLkoM1FTe6R/anS8O6SyoPtJH0cCArsgpKllz\nzPzEFU9oEjWsv9Emo3GzKoviFsvej9ZeIarLG0kQeHJD/b0hd2p5Am9Rkh6GsAu5\nsYXUSFHoPZddidE1RoJQKII25MvPFSJpQKgAhwKGQNFrJBZkwEZovtf0cUQF9WNq\nhB4cvl2EE4U8kYPL2aWkKeFmj6Bz/ekpm+PPXIDVJmaoS4O02otqSYxI3Bz8JPJS\nRqvWNvcULae8liFl1sUxIVwCnVgw9a+nnck03VUkh/6dg8doarM42vx0jHooLLIc\nsmjmTgl3APe+gVVqCZjs8bFX/ZBT1urcfUKhhTVcXxvgAnZYU71xc5Ksp0vagGFc\nrtP8bS0fk2oihfiSd7QuZChOZWf3aGAWLlJ5YvfR68bc8u2PgTR+/LpndOLVC62+\nQiVBq02sVnz9wn/OKv/MnYr+L4DM07fzC6G11XJqBH/I5s0SxCrDYQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-axUJXYddHPcj49z2a' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpurjkwmko.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpurjkwmko.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_6(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_assertion_str, cert_key_assertion_str = generate_cert() cert_assertion = {"cert": cert_assertion_str, "key": cert_key_assertion_str} cert_advice_str, cert_key_advice_str = generate_cert() cert_advice = {"cert": cert_advice_str, "key": cert_key_advice_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_assertion_str, encrypt_cert_advice=cert_advice_str, ) tests/test_51_client.py:699: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=10ac0888687cb3e5f7bdee2ca90c9b5ae0ec3a01fce31dd792b3c31828504cb9urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MjU3WhcNMzUwNDIyMTM0MjU3WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAxwVUThCwgMkJOuUvWrXiFrT4QigIzhC/6H7W3h+NfGIc3pR3guG240YF\n9Rg4rP+5h9uuPtGWyCQ6RGFG8KHGy2ls+oVToMo8Pb13flJwLzrHB/DKbjG7a3I3\nQoW4t8EYe/TFRpXvRK76OHEtIxGVMUpkUAmckiIqlSAelSuj2A/GkWLh8NymlpzI\n3HGH2R+5WnGKd6X64vSoBH7+IWlggry1GmahnQ+5nVATXf8PC13bzWMZ4OkwDcpA\nnp3X1e30lp803AIl3CMxizZtd82xIGw5DCCCyV0YCoN58F4nNBvjIMJIY6Y+lORu\nFrDMNiHMhT48xscGkdTG8ZzS6RHUVQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAK6p\nMVoYXfBWdOOPA00ucgHhEfbeP5jOch4gqyQPQMTBc6wpNLqR3q3CJKzKLMzvEL67\nrMr0cmVb1s8+J44h+bbJb+ErUqSWsmWzcFlMbPLJErbjN190ZSEGECvE2G/cNvi+\nKX3hP736X6M0/5th2mdGWprSgsWCd/1j4BoJMYj4b11tTxk0s7MdXKxOjv7kkBDQKlHxops9XYKPQHB0vagudQ47n7WxyhmGwmJ7qnXD\nftbJe3mAyCz3JXFXGVwocDkZ1D7MUYievazNoiZEzcIhejWNwuAsG0p4TPFdx+Ln\ng6QejGljNF0TDPhWsEm2aYLoZxdhdVnui8NnUy8ctRNrrQAGoLDA8w6ktkbk/PyL\nKGW9EVILSceY/Kd+2uUrCvTwyH7Ctq+gDqwRUluQP307JBuBnDPdYIl5vBNULbsu\nF2PJwIQ/StkMeERR3Gia2kuUqsxNYFjK84uj+uAzqlehsgCVRyqlxnRP5Q5ntnyJ\nrT8zJddorVi92/6RX/SOEA==WF0ncfDO19KMgWc+z6BxLBwl37JnSPAN9yKbziIyycYqFzokndJfMMYYsEcVqPQW\n1VxUI+C/juDOTlOPjAc/fhA2zEEa5Huw5SfJv+9RSPPxWiuavXFMxAHt1oguDGz8\nbPvwqgU7NiyeT+rcppsRQZvp/zql0NbIwV4ccmdplBzD7qsI5Gfp89qaSDc2dhRL\nEARrTD2BZ5VhiCJXIWVnwZqzWJaOpTiPyzpVz7ypzkoc/D7Y6zWcB9UyWpu0f1cV\nJqzTzoEGX8BEElmiVKT0YnDLYFQ5mic3E9N6jtMORTEd8t6P6jlp5bFj01KBV++7\nvUXHupczvLrf0KsF/PLj41Lw0S+g72qCJLmjoC8FFcTEZzFIj7fRiAAKwsvJ8EsE\nQePJe2a3chKXRhMNm4OFmnDerlGRbx+sNdMHk5h8h32vuhLDthC4XOtO5cczMAdS\nPngwVS9AD84DxPfHfVgDxbuXo0hqn8pl12GSFXoAFLinKOT6nEFoLtGTcweHLbqj\nQYr/8CdRWHZzbw8ayozxAgG2F9dv3bkQYZt3w7F3QTuqXMSg69kkD6STtob5bQUR\nvLdQw5+BRD/TiUI/fnIAlecbbGEE+nhDZVnRRfFDrMi4VUmr7xs90zRdTYXEEFhh\ngYIyWEV9+p5WLq+uW+Z0vDHFfK809kqsSORpGImGzrcWqH8jk+w96w51cZrR98tO\n121z0l34zqQTgrEWMQIiqU7B8+7QBUdCyl3WY8YojzJFXnEJI7vx/+Vl/43yEjPW\n9IdstA6dq8Rma2pNxsyqG9f8/t3pR/2Ne+X4bCLyfU3wmbJHUmlRV5IuvoXgxQvo\nenF/jgKE5DJSXwFtS+Sz1dmRbi6bPGmKLWOcLIUlrka5pJWHhKqctRgJIGPWS8OH\nHKcrRBL7g31Pj57YQQwSB3puJ83H61Gg6XXjHvg1FkaQVuO5c5g2505Umc7WBBmT\nwQ9ScLDGxH7ExLLeT+lhdTvUPOjHVg3ZzwbHRLuB43zXehPUwOhWoopqCrbRZOZl\nWOFl2+dczNuJQJTtXhKw9tQunHXff4z5M9w7iIWH+2l/71REkiG95jZPp9oEsklr\nFIsPM5HgojmivlJBj/Oa0U4uSQb86FgMqh60JXXttQvCXa5ngK7kU44ukspHB8Eb\nrmoB7J6V02qjKMd94ihK/50W4XPm5j4T480hxOOqsM0ow1lD1kR1b1OtzHTM4Ntn\nFvTa3z7MK7mW6SCiGYPq8qTThUQNZd6DfvmEP2r59KsFZ1sFEaPHmMEFyfBWd4xc\ntrfKASqlTCkPtJRHni031d766a3W33aTCJCHX7F8MwD5X3IC+ZaLNbp6WFx7fkKX\n6r4dhlDnr2/+p0wV2dNmgQRfDnisELBNO98KtvjVonM6RrrW7G5bjESg0vHsH2UL\nMYPw2oKwcCyTa11KEawI3fjDviXwe6oCJH04grZAk35J8UadAsnX/pcPGxLhC38m\nGnuX8fenNO3eW7rksPbVefO+ZePaVMAJ2mScmZbibYP2AfgZi208zjswInEXvB7g\ngP8dLJ5XASZcffRa9MC5zNXmjzQSnr+P9TNc4IMfETjzHA2olpmEB60i3hFrHXRk\nlCa58hYh68YgeXH9lrwPk1O+6n+bsfv8ollpsCAWy6MgpHHAeE5Y5B026cUi5mL3\nYq2zExwDpyr/6vtpGa1BNwN80uFIzrEs4puw1hl+CfiCPOlOW83smDLbh3TwYP5g\nZhWGH3ht1DkXbOUjmiw0edhhuFE1/8YaI6C6CiFUJwTCd8IadIBPl4+e4xVVvHhI\npCpS4bZdj70ZUt6RH+cIf9VbRnmtOyTGJFpAMxgFZ9fxNxMViqHUHTA8ouUiPg1K\nDNsBbIRpdn1lBhj43RmDkWJUnRx9S4jJnC8T9PjEaOVkRuZ6HBtpAq0LiVJMcaA8\n3a6ySXgsOv1EEWn1iXIu+cEczl3BLkoM1FTe6R/anS8O6SyoPtJH0cCArsgpKllz\nzPzEFU9oEjWsv9Emo3GzKoviFsvej9ZeIarLG0kQeHJD/b0hd2p5Am9Rkh6GsAu5\nsYXUSFHoPZddidE1RoJQKII25MvPFSJpQKgAhwKGQNFrJBZkwEZovtf0cUQF9WNq\nhB4cvl2EE4U8kYPL2aWkKeFmj6Bz/ekpm+PPXIDVJmaoS4O02otqSYxI3Bz8JPJS\nRqvWNvcULae8liFl1sUxIVwCnVgw9a+nnck03VUkh/6dg8doarM42vx0jHooLLIc\nsmjmTgl3APe+gVVqCZjs8bFX/ZBT1urcfUKhhTVcXxvgAnZYU71xc5Ksp0vagGFc\nrtP8bS0fk2oihfiSd7QuZChOZWf3aGAWLlJ5YvfR68bc8u2PgTR+/LpndOLVC62+\nQiVBq02sVnz9wn/OKv/MnYr+L4DM07fzC6G11XJqBH/I5s0SxCrDYQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-axUJXYddHPcj49z2a' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-axUJXYddHPcj49z2a', '--output', '/tmp/tmp8zlgor2p.xml', '/tmp/tmpurjkwmko.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpurjkwmko.xml" output= __________________________ TestClient.test_response_7 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=15f58ff2931d4a3e29b8dbe9937146e5b970871b083612f12fed82d58443186eurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-oMAASob8I94rC7jTW' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpceo3ndx8.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpceo3ndx8.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_7(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypted_advice_attributes=True, ) tests/test_51_client.py:738: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=15f58ff2931d4a3e29b8dbe9937146e5b970871b083612f12fed82d58443186eurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-oMAASob8I94rC7jTW' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-oMAASob8I94rC7jTW', '--output', '/tmp/tmpsln3rp5o.xml', '/tmp/tmpceo3ndx8.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpceo3ndx8.xml" output= __________________________ TestClient.test_response_8 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=cedfa584330372775c36b4bb0785d5a6e123698c4d7dcdab39d023da0ddb4714urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-vorViEYF2CMv6cBBF' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpxxndlmik.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpxxndlmik.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_8(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:776: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=cedfa584330372775c36b4bb0785d5a6e123698c4d7dcdab39d023da0ddb4714urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-vorViEYF2CMv6cBBF' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-vorViEYF2CMv6cBBF', '--output', '/tmp/tmpfy5xx86n.xml', '/tmp/tmpxxndlmik.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpxxndlmik.xml" output= _________________ TestClient.test_sign_then_encrypt_assertion __________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-3tNzZrlA6OOLmU4n3' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpxc5to1j2.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpxc5to1j2.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion(self): # Begin with the IdPs side _sec = self.server.sec assertion = s_utils.assertion_factory( subject=factory(saml.Subject, text="_aaa", name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)), attribute_statement=do_attribute_statement( { ("", "", "sn"): ("Jeter", ""), ("", "", "givenName"): ("Derek", ""), } ), issuer=self.server._issuer(), ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id ) tests/test_51_client.py:906: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-3tNzZrlA6OOLmU4n3' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-3tNzZrlA6OOLmU4n3', '--output', '/tmp/tmpob5s3kar.xml', '/tmp/tmpxc5to1j2.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpxc5to1j2.xml" output= _________________ TestClient.test_sign_then_encrypt_assertion2 _________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-rPR4yFFSCcpQ6o5W1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmppxmu3i0n.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmppxmu3i0n.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Derek", "sn": "Jeter"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=self.client.sec.key_file, node_id=assertion.id ) tests/test_51_client.py:979: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-rPR4yFFSCcpQ6o5W1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-rPR4yFFSCcpQ6o5W1', '--output', '/tmp/tmppcfy9hwi.xml', '/tmp/tmppxmu3i0n.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmppxmu3i0n.xml" output= _____________ TestClient.test_sign_then_encrypt_assertion_advice_1 _____________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-MzEHz2b67yc7DVCFi' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpggtb9tq4.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpggtb9tq4.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_1(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Derek", "sn": "Jeter"}) subject_confirmation_specs = { "recipient": "http://lingon.catalogix.se:8087/", "in_response_to": "_012345", "subject_confirmation_method": saml.SCM_BEARER, } name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), name_id=name_id, authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"}) a_assertion = a_asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion.signature = sigver.pre_signature_part(a_assertion.id, _sec.my_cert, 1) assertion.advice = Advice() assertion.advice.encrypted_assertion = [] assertion.advice.encrypted_assertion.append(EncryptedAssertion()) assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion.append(assertion) > response = _sec.sign_statement( f"{response}", class_name(a_assertion), key_file=self.client.sec.key_file, node_id=a_assertion.id ) tests/test_51_client.py:1081: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-MzEHz2b67yc7DVCFi' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-MzEHz2b67yc7DVCFi', '--output', '/tmp/tmphjugqdlb.xml', '/tmp/tmpggtb9tq4.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpggtb9tq4.xml" output= _____________ TestClient.test_sign_then_encrypt_assertion_advice_2 _____________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-DRrZsRLGXFbChAOKJ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmproj15izj.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmproj15izj.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser_1 = Assertion({"givenName": "Derek"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) assertion_1 = asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) asser_2 = Assertion({"sn": "Jeter"}) assertion_2 = asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_1 = Assertion({"uid": "test01"}) a_assertion_1 = a_asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_2 = Assertion({"email": "test.testsson@test.se"}) a_assertion_2 = a_asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_3 = Assertion({"street": "street"}) a_assertion_3 = a_asser_3.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_4 = Assertion({"title": "title"}) a_assertion_4 = a_asser_4.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion_1.signature = sigver.pre_signature_part(a_assertion_1.id, _sec.my_cert, 1) a_assertion_2.signature = sigver.pre_signature_part(a_assertion_2.id, _sec.my_cert, 1) a_assertion_3.signature = sigver.pre_signature_part(a_assertion_3.id, _sec.my_cert, 1) a_assertion_4.signature = sigver.pre_signature_part(a_assertion_4.id, _sec.my_cert, 1) assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1) assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion = assertion_1 response.assertion.advice = Advice() response.assertion.advice.encrypted_assertion = [] response.assertion.advice.encrypted_assertion.append(EncryptedAssertion()) response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1) advice_tag = response.assertion.advice._to_element_tree().tag assertion_tag = a_assertion_1._to_element_tree().tag response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion( assertion_tag, advice_tag ) > response = _sec.sign_statement( f"{response}", class_name(a_assertion_1), key_file=self.server.sec.key_file, node_id=a_assertion_1.id ) tests/test_51_client.py:1242: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-DRrZsRLGXFbChAOKJ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-DRrZsRLGXFbChAOKJ', '--output', '/tmp/tmpo1o5wwgk.xml', '/tmp/tmproj15izj.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmproj15izj.xml" output= ______________ TestClient.test_signed_with_default_algo_redirect _______________ self = def test_signed_with_default_algo_redirect(self): # Revert configuration change to disallow unsinged responses self.client.want_response_signed = True reqid, req = self.client.create_authn_request("http://localhost:8088/sso", message_id="id1") msg_str = str(req) > info = self.client.apply_binding( BINDING_HTTP_REDIRECT, msg_str, destination="", relay_state="relay2", sign=True, ) tests/test_51_client.py:1389: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=tZRvb9owEMa%2FiuX3cf4AG7UIUrauGlLXocL2Yu9MfMBpiZ35LhX99lMCtFVFEZs25ZXPd%2Fk9z%2FnsiaNEFy1v3T38aoFY7OrKkXaU5LINTntDSNqZGkhzqRfFl1udqUQ3wbMvfSWfCrJcbpkbHceA1pCCNvjGKGhjMnUVwY7BEXpHx5IufB5iiCAweifF7DqXaFMpvkPo%2FpLLTCVSzIhamDli4ziXWZKNomQYZcNlOtDDTI%2BufkhxDcToDPdVB4mVL0219cR6nIzHMZGXYn6w9AGdRbc5L221TyL9ebmcR%2FOvi6UUxVHuR%2B%2BorSEsIDxgCd%2Fub5%2FB6DbeqdKwqfwGd4qgk%2FA%2B7vkPaCHcmRr28NqUoGFn6qYCVfq6b5kOvjLOamrkdNIH%2BiYEceNDbfi87C6CNlr3qRocIz%2FK6QWsSfwCNZ10Y%2FPp6US7daYPEwS2YA64ahne3BDPHj1anaqBeqdSNVSpGl1lA5X2Xyb7vEt8GebQRY%2FO2oBS3AQEZ6vHPQxsO4dA3t1h%2BbPLlQKpk4YBbC7XpiKQIr5Act8qi6Gn9puRhbU%2BAfhb%2BStDWP6hAQ7tP9K%2FKH0DtlivsUKzv37%2Fx8gJ0Okjid%2Bcr%2Fj1JMavX7Tpbw%3D%3D&RelayState=relay2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm __________________ TestClient.test_do_logout_signed_redirect ___________________ self = def test_do_logout_signed_redirect(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT ) tests/test_51_client.py:1527: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVJLS8NAEP4ry97bxG2icUgCkSIE%2BsBaFLwtycYubHbizgTqv5fEHoRCD54Ghu85TO4phg1%2B4sgH8zUaYnHunSfwFBdyDB5QkyXwujcE3MBrtd2AWsYwBGRs0MkLgXTvbjM0kQls0UtRrwtp28U2y06V2%2Br3%2BpzaJ3WopHgzgSz6QqplLEVNNJraE2vPhVSxShdxslDJ8W4FiYL08UOKtSG2XvPMOjEPEEUOG%2B1OSAxZnGUROZTiYDRNkKMNppVih7z3%2B1B1bMKV9MMsXeZTKZhDBPGModd8u%2BK0se2im6FgPFv%2BluXE6HVjwJx1PzizbLCf7wUBnfYt0JBHf6wuvjvdm3otpvEyamc7OyXtEOU%2FsnDQnqzxLMs7tUrS%2B4vjr0mZR1ePUP4A&RelayState=id-M88hAlMaWIx5iB2RA%7C1745502179%7Cc29dc9f8f315183bd312acfcf5d265b37c87d7c3&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm ______________ TestClient.test_do_logout_signed_redirect_invalid _______________ self = def test_do_logout_signed_redirect_invalid(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT, ) tests/test_51_client.py:1565: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVLNasJAEH6VZe%2BaGGOrgwYEW0hrlapI6W1JxrrtZifdmYDt05ekHgqCh54Ghu93mKnnGJb0Ro1s8LNBFnWqnGfwHM90EzyQYcvgTYUMUsB2%2FrSEpB9DHUioIKfPBDaVu84wzBjEktcqX8y0LXsTj4%2Fl3WSb7j%2B%2BX%2FYPzbtWewxsyc900o%2B1ypkbzD2L8TLTSZyMenHaS9LdYAhpAqPJq1YLZLHeSMc6itQQRY4K447EAuN4PI7YkVYbNNxCdjZgqdWKZO3XYX4QDBfSt510Nm1LQRciqHsKlZHrFduNLXuHDgroxcqXzlpGZQoEPJmqdtgvqOruBYGc8SVwPY3%2BWJ19V6bCfKHa8dwYZw%2B2TXog0v%2FIIsF4tuhFZ4NkmI5uzo6%2FJtk0uniE7Ac%3D&RelayState=id-9neKdE9S4VkzXVJuj%7C1745502179%7C73163142a10e21449aa04a934afb3b543ddb32b3&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm ________________________ TestClient.test_do_logout_post ________________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-llAN6iFVcdEagpG7X' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmppx_too4r.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmppx_too4r.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_post(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:1609: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-llAN6iFVcdEagpG7X' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-llAN6iFVcdEagpG7X', '--output', '/tmp/tmpo4yl3kkr.xml', '/tmp/tmppx_too4r.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmppx_too4r.xml" output= __________________ TestClient.test_do_logout_session_expired ___________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-UMaBixNnJUDYvz3vT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmpze26uxct.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpze26uxct.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_session_expired(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": a_while_ago(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:1661: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-UMaBixNnJUDYvz3vT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-UMaBixNnJUDYvz3vT', '--output', '/tmp/tmpupu2waog.xml', '/tmp/tmpze26uxct.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpze26uxct.xml" output= _______________________ TestClient.test_signature_wants ________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp1960b494ea8beaef66517f9918c56b03455aa639c09c21b42d034f1dc3ac4d8burn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ko3Aw8zUfK2P01w5j' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpcjqy2v2p.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpcjqy2v2p.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signature_wants(self): ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) kwargs = { "identity": ava, "in_response_to": "id1", "destination": "http://lingon.catalogix.se:8087/", "sp_entity_id": "urn:mace:example.com:saml:roland:sp", "name_id_policy": nameid_policy, "userid": "foba0001@example.com", "authn": AUTHN, } outstanding = {"id1": "http://foo.example.com/service"} def create_authn_response(**kwargs): return b64encode(str(self.server.create_authn_response(**kwargs)).encode()) def parse_authn_response(response): self.client.parse_authn_request_response(response, BINDING_HTTP_POST, outstanding) def set_client_want(response, assertion, either): self.client.want_response_signed = response self.client.want_assertions_signed = assertion self.client.want_assertions_or_response_signed = either # Response is signed but assertion is not. kwargs["sign_response"] = True kwargs["sign_assertion"] = False > response = create_authn_response(**kwargs) tests/test_51_client.py:1706: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/test_51_client.py:1693: in create_authn_response return b64encode(str(self.server.create_authn_response(**kwargs)).encode()) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp1960b494ea8beaef66517f9918c56b03455aa639c09c21b42d034f1dc3ac4d8burn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ko3Aw8zUfK2P01w5j' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-ko3Aw8zUfK2P01w5j', '--output', '/tmp/tmpyxhw02uz.xml', '/tmp/tmpcjqy2v2p.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpcjqy2v2p.xml" output= ________________ TestClientNonAsciiAva.test_sign_auth_request_0 ________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', ...] extra_args = ['/tmp/tmp2l6vm_l8.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp2l6vm_l8.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_auth_request_0(self): > req_id, areq = self.client.create_authn_request("http://www.example.com/sso", sign=True, message_id="id1") tests/test_51_client.py:2023: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client_base.py:445: in create_authn_request msg = self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpc04yb44p.xml', '/tmp/tmp2l6vm_l8.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp2l6vm_l8.xml" output= ____________________ TestClientNonAsciiAva.test_response_1 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp1960b494ea8beaef66517f9918c56b03455aa639c09c21b42d034f1dc3ac4d8burn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepci\xc3\xb3nDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6BEiOjWpGMYZYHM1A' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpz50ts0tw.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpz50ts0tw.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_1(self): IDP = "urn:mace:example.com:saml:roland:idp" ava = {"givenName": ["Dave"], "sn": ["Concepción"], "mail": ["Dave@cnr.mlb.com"], "title": ["#13"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id_policy=nameid_policy, sign_response=True, userid="foba0001@example.com", authn=AUTHN, ) tests/test_51_client.py:2066: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp1960b494ea8beaef66517f9918c56b03455aa639c09c21b42d034f1dc3ac4d8burn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepci\xc3\xb3nDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6BEiOjWpGMYZYHM1A' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-6BEiOjWpGMYZYHM1A', '--output', '/tmp/tmpfe4kh3af.xml', '/tmp/tmpz50ts0tw.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpz50ts0tw.xml" output= ____________________ TestClientNonAsciiAva.test_response_2 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=f648b0314c9c72e35519c1092fe2674dd61a361ebdb77ce8aaf2931b0192ac22urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MzAxWhcNMzUwNDIyMTM0MzAxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwTuUvLnuUP+Y2x+y2Tgu8pZ01rLBxx1wKMohitTVsvSRzJmg1F5+hl5W\nmb38xHwOdjFVDkSpYoYDI6vodI/DEdgGPe5u0g75XfM8ZDNXfq5GYSNtfKx3nd+F\n0zwrajwTSvVnLU/pP5ffF6qybE4ews3qooOnRZSZ/qhhKei4k61O4szIO98BQYTS\nsEnPleFvR1UOuRzxXP6hfFSLW+ww7IJ7BA3ao4EQJZk4PC1n/ZLre23R0xotiL5v\ncX2cSp4i8881slNMvWh1cMWrTHaswhTcZypllB367uH7f0n6fHehH/cjbEBO3eiJ\nGYKvnfXj93lWuvUUHZ4o5JnU6hXzvwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIt9\nqAv5H4F0Fl+Kuy+qDLQ6E97sQ4+Qz3vfKN4yR036yC8MHE/Hx7i/AqIdVgBnCb7Z\nTT+pyK8IH2N6k8yByUj4NdeAIibGVaLnIQ7wDYwtXh6TyNFA1Kt8cRUKN4zNXvT/\nWli4/Wuz2ZkpZ/v9DquYqsndYdG2jjVqG2wusJ9BOFL36//UecLU/ipDGYROSnm8iRW8oyql1X4Sdp79u1YhZ0JlXjv5B1VvfVw8MKed\nkui9Qip94Nz0W4AyZdYucOg2BpA97Xwjt0MbK0rT2rfA79IozUg9Cnd7lUVk2spz\ngr4cBOSTjzeec6gQAxs9NgHfZpK7NUGtZ3LTmRiabpAwH3WxHev1sLEWneivRpDf\nsfSE7ws7sWnDnb6bwQibkxJyMfT0Dl7bMcpN4Ft1Y8VMy1wnzZHHX4MEoJJQqeS8\nRCGzakEDeD8OIGa4y0JsCaFfCItNhkyxbxb0H34d/ZTV6RIIbQVJUANPfoX9+A60\n1ozkTrvEMgRLP0BamkBaOQ==K8WC8uWIRVnfQKh8BNZlxyOf7kKTYLs3u3AR+zGjdZq489Pf02VSdoxNTiLnol11\n06y4v3/9o8d9oThg8SZb+P5hgLSgQiQKmsUWVGDCoQiJLjz0AZNrzxmfgEZlW0D8\njAcUBDvk4Gxb2jxWyEE7whc/PmqZBbxbqU9c9jcIT4lcw44wFDgpzQe5cDR04/23\n25RFP/tYUDucJHLv/iAucBYbHGQSOPlscerH7/4W8aPN33GWjSgnrJMiinn1vS/Z\ni+LuWPXvVEuPQXUnwAyDVkJeJYBp06MX+3P+graGWOz2nEhoaYbkpMlkzT/6zt30\nV+uPk0oi4VcIIFWsMs25q2U9AoXGE9BmxAn7fv92lJ3468J3E6Cn5LHp2Kt0kbFf\nezZL031UrfuWE40nqe6Lprkj95rbFh9+2G/8t3fGvjrZU4a7/8hMn2rC1O6YGPFz\nTyWxd4sA6N8x4xLTv0KNvYO6nUmBO48ywqaXb1HhrezhJ2nurMR8nuqaWtfopSfm\nXlIFTP2O1XCRuqHjj+7/TMfYVyCwFUBmpj6SctBIzCm4zUPELh6ygKt1mWOrsbVe\nZ36/YFf0C3p6JmIEN2WXlhs1qUIxXv9VwkH1eCUFUnJCaEN2zxkg9R2f7dxCYHpr\nMOz8mF4h+st9vgb375AkVVcNmW/fH0LmGoQZiCVrRVM9dTiwf7xi3EMcoNtxJJmE\nAhldM1mgWLzY0pNxIXz9x0HwDGMOCyDZaCo0ybU60hFoMyv++cGy69A1CaxfzL1p\nj4CIxeZ0+zeHSfMQEjNOyPbgFNYHWwDzszJXkrMW8QBHRCffSPsz4HNYab7SIo4h\nqyyLZsMzPg+jGSkBnienLke5j8+nR/5dl1VW8HqrdWTeHQm+iGQta1gm+LqPH8Bq\nyQnIaScR/LZQPuEZOU+Ddar9VjnaRH02G8/EhFaNEuwKUAc78fJs5SVWormf8o1K\n7xsTOh280ULr/3SybI7y3GZiSDNDBvvXCnFRVhcdbfIZQqT7U/68wwu/Ddlve1ey\nXSgYXc2lqBv0ZgHTgfJuqH6DD11Vbvyqwebc9VeCTG/eCFmljBq94VPjcAHVPPiQ\nCyv9oI9l9Psw98BV2WAm/WY6edZLqNfIRwcC2e5pmGYIomAPI9YNIFy14kpHer3m\n/lPk5x8wchzAcp+KNgVv5JYfyNzcAuZmcic1we/wyh8aWZuVN2y9FHuvLsP8Clbb\nFow5bKfjRZbILQHuCk/OSwP74VMmQA6+Dd2wlL30J2hyDygainr71o7MPfCLKOI9\n0dlzSXMpXCL4LlpXacBahay4NzREuym+KBuCq2cSQMM3U5KPl96g1SVgH4RILrbH\nOC3UNDqyAwc6yMU3mF011+bUwBfCX3/1KFi7q9+yHxuSejUbau7zBIKVa1gPPyQe\nGboUPnoS/YUKatG9E3IXbKey5nrD12Spy+g+5zsclJTaX7nZZb4kekVMyJwJNISF\nAAXvH2g5MxFvCXzpd1jPP0iYfqXMNImDt4uWbOY5fuwsgBr2vwCmvVTyob+LmMFZ\nIX+VNSosQz9RV2N0EGh5fgjIm3id9H4naMARdyYCEjt/PPSTLjOIa6pVx4+qP0Hm\nB3EKwPKBDZRamTkcqPd1lrXzqREPWbzmi94rFgwDg5zggXCsMixyNg/jBJhvuStG\nZwtsQ7gvBfLHoA4CkR+hfc8bxvmVWGFg+Nf9LFKIC++kDB8rk1hGR9/cFibPfWWh\nuJ2nEJjgJb83+ikmlTfSMFLPcbGjGCdQyIonvbIDw6WpoDlBDGmgQi4d9k+mDZZx\n0/yehlzw0FPE6Z9WJufiboVPYXVPppdnfg5epq36dtWNeAfd4uVrBzZvenVhR82d\nlfecST9yyVPPGaSi5vZqc9ErCwoJVeZwp862+0PKLkq8YmRyl6yq1D1Vb+Z8pLM4\nD4JUrxDgmuPWJksfqdzrg9mqD7dOAQM+44zqe5kKL8y4DSYGWTv2lIksGP4dODql\nouzjWfSyMNvhpZ2jRgqv++Ny7kal9ZRdhk/hFbiESamPV7m/Q2x0vhtAhq9i9Y+B\nvDg84WJDqyy+yUKReFSJ9aCjhMOANqiO2OJjw2a8zYM0Di3SnWHmmddoAVsxMtOx\n8iZeu9ed+lTASIF03ckjrrBM5mz0OU6B+Alo89yFMm1UzhmaeIzRhSV/BrrupkPS\nrYrKl5R2cyQFpt+ABgaM7fyRLsXLWH2qQY/vmrTfRTUBxHm26f4VWaepuWI0kSXH\nRC8Cdw9LoZTn0zbCKtGkU8J2tubMM9xwSTsTbnNpZNi3fcthVSgeblPcLBRXxrrg\nJ0VMacR4Fej8EmvhHRBi8fjRqIiepiCpUoTihYyZXBoPLMLFV5r5PmjSJgow+m75\nFlpdyTfb02qhx9tAVHz2zy5TzAFFD75LZHGFu7kIBdszS5xBnhSUHw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-9qGkQqVMIfmgh4VP7' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpaco0ml_3.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpaco0ml_3.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_2(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_51_client.py:2146: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=f648b0314c9c72e35519c1092fe2674dd61a361ebdb77ce8aaf2931b0192ac22urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MzAxWhcNMzUwNDIyMTM0MzAxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwTuUvLnuUP+Y2x+y2Tgu8pZ01rLBxx1wKMohitTVsvSRzJmg1F5+hl5W\nmb38xHwOdjFVDkSpYoYDI6vodI/DEdgGPe5u0g75XfM8ZDNXfq5GYSNtfKx3nd+F\n0zwrajwTSvVnLU/pP5ffF6qybE4ews3qooOnRZSZ/qhhKei4k61O4szIO98BQYTS\nsEnPleFvR1UOuRzxXP6hfFSLW+ww7IJ7BA3ao4EQJZk4PC1n/ZLre23R0xotiL5v\ncX2cSp4i8881slNMvWh1cMWrTHaswhTcZypllB367uH7f0n6fHehH/cjbEBO3eiJ\nGYKvnfXj93lWuvUUHZ4o5JnU6hXzvwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIt9\nqAv5H4F0Fl+Kuy+qDLQ6E97sQ4+Qz3vfKN4yR036yC8MHE/Hx7i/AqIdVgBnCb7Z\nTT+pyK8IH2N6k8yByUj4NdeAIibGVaLnIQ7wDYwtXh6TyNFA1Kt8cRUKN4zNXvT/\nWli4/Wuz2ZkpZ/v9DquYqsndYdG2jjVqG2wusJ9BOFL36//UecLU/ipDGYROSnm8iRW8oyql1X4Sdp79u1YhZ0JlXjv5B1VvfVw8MKed\nkui9Qip94Nz0W4AyZdYucOg2BpA97Xwjt0MbK0rT2rfA79IozUg9Cnd7lUVk2spz\ngr4cBOSTjzeec6gQAxs9NgHfZpK7NUGtZ3LTmRiabpAwH3WxHev1sLEWneivRpDf\nsfSE7ws7sWnDnb6bwQibkxJyMfT0Dl7bMcpN4Ft1Y8VMy1wnzZHHX4MEoJJQqeS8\nRCGzakEDeD8OIGa4y0JsCaFfCItNhkyxbxb0H34d/ZTV6RIIbQVJUANPfoX9+A60\n1ozkTrvEMgRLP0BamkBaOQ==K8WC8uWIRVnfQKh8BNZlxyOf7kKTYLs3u3AR+zGjdZq489Pf02VSdoxNTiLnol11\n06y4v3/9o8d9oThg8SZb+P5hgLSgQiQKmsUWVGDCoQiJLjz0AZNrzxmfgEZlW0D8\njAcUBDvk4Gxb2jxWyEE7whc/PmqZBbxbqU9c9jcIT4lcw44wFDgpzQe5cDR04/23\n25RFP/tYUDucJHLv/iAucBYbHGQSOPlscerH7/4W8aPN33GWjSgnrJMiinn1vS/Z\ni+LuWPXvVEuPQXUnwAyDVkJeJYBp06MX+3P+graGWOz2nEhoaYbkpMlkzT/6zt30\nV+uPk0oi4VcIIFWsMs25q2U9AoXGE9BmxAn7fv92lJ3468J3E6Cn5LHp2Kt0kbFf\nezZL031UrfuWE40nqe6Lprkj95rbFh9+2G/8t3fGvjrZU4a7/8hMn2rC1O6YGPFz\nTyWxd4sA6N8x4xLTv0KNvYO6nUmBO48ywqaXb1HhrezhJ2nurMR8nuqaWtfopSfm\nXlIFTP2O1XCRuqHjj+7/TMfYVyCwFUBmpj6SctBIzCm4zUPELh6ygKt1mWOrsbVe\nZ36/YFf0C3p6JmIEN2WXlhs1qUIxXv9VwkH1eCUFUnJCaEN2zxkg9R2f7dxCYHpr\nMOz8mF4h+st9vgb375AkVVcNmW/fH0LmGoQZiCVrRVM9dTiwf7xi3EMcoNtxJJmE\nAhldM1mgWLzY0pNxIXz9x0HwDGMOCyDZaCo0ybU60hFoMyv++cGy69A1CaxfzL1p\nj4CIxeZ0+zeHSfMQEjNOyPbgFNYHWwDzszJXkrMW8QBHRCffSPsz4HNYab7SIo4h\nqyyLZsMzPg+jGSkBnienLke5j8+nR/5dl1VW8HqrdWTeHQm+iGQta1gm+LqPH8Bq\nyQnIaScR/LZQPuEZOU+Ddar9VjnaRH02G8/EhFaNEuwKUAc78fJs5SVWormf8o1K\n7xsTOh280ULr/3SybI7y3GZiSDNDBvvXCnFRVhcdbfIZQqT7U/68wwu/Ddlve1ey\nXSgYXc2lqBv0ZgHTgfJuqH6DD11Vbvyqwebc9VeCTG/eCFmljBq94VPjcAHVPPiQ\nCyv9oI9l9Psw98BV2WAm/WY6edZLqNfIRwcC2e5pmGYIomAPI9YNIFy14kpHer3m\n/lPk5x8wchzAcp+KNgVv5JYfyNzcAuZmcic1we/wyh8aWZuVN2y9FHuvLsP8Clbb\nFow5bKfjRZbILQHuCk/OSwP74VMmQA6+Dd2wlL30J2hyDygainr71o7MPfCLKOI9\n0dlzSXMpXCL4LlpXacBahay4NzREuym+KBuCq2cSQMM3U5KPl96g1SVgH4RILrbH\nOC3UNDqyAwc6yMU3mF011+bUwBfCX3/1KFi7q9+yHxuSejUbau7zBIKVa1gPPyQe\nGboUPnoS/YUKatG9E3IXbKey5nrD12Spy+g+5zsclJTaX7nZZb4kekVMyJwJNISF\nAAXvH2g5MxFvCXzpd1jPP0iYfqXMNImDt4uWbOY5fuwsgBr2vwCmvVTyob+LmMFZ\nIX+VNSosQz9RV2N0EGh5fgjIm3id9H4naMARdyYCEjt/PPSTLjOIa6pVx4+qP0Hm\nB3EKwPKBDZRamTkcqPd1lrXzqREPWbzmi94rFgwDg5zggXCsMixyNg/jBJhvuStG\nZwtsQ7gvBfLHoA4CkR+hfc8bxvmVWGFg+Nf9LFKIC++kDB8rk1hGR9/cFibPfWWh\nuJ2nEJjgJb83+ikmlTfSMFLPcbGjGCdQyIonvbIDw6WpoDlBDGmgQi4d9k+mDZZx\n0/yehlzw0FPE6Z9WJufiboVPYXVPppdnfg5epq36dtWNeAfd4uVrBzZvenVhR82d\nlfecST9yyVPPGaSi5vZqc9ErCwoJVeZwp862+0PKLkq8YmRyl6yq1D1Vb+Z8pLM4\nD4JUrxDgmuPWJksfqdzrg9mqD7dOAQM+44zqe5kKL8y4DSYGWTv2lIksGP4dODql\nouzjWfSyMNvhpZ2jRgqv++Ny7kal9ZRdhk/hFbiESamPV7m/Q2x0vhtAhq9i9Y+B\nvDg84WJDqyy+yUKReFSJ9aCjhMOANqiO2OJjw2a8zYM0Di3SnWHmmddoAVsxMtOx\n8iZeu9ed+lTASIF03ckjrrBM5mz0OU6B+Alo89yFMm1UzhmaeIzRhSV/BrrupkPS\nrYrKl5R2cyQFpt+ABgaM7fyRLsXLWH2qQY/vmrTfRTUBxHm26f4VWaepuWI0kSXH\nRC8Cdw9LoZTn0zbCKtGkU8J2tubMM9xwSTsTbnNpZNi3fcthVSgeblPcLBRXxrrg\nJ0VMacR4Fej8EmvhHRBi8fjRqIiepiCpUoTihYyZXBoPLMLFV5r5PmjSJgow+m75\nFlpdyTfb02qhx9tAVHz2zy5TzAFFD75LZHGFu7kIBdszS5xBnhSUHw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-9qGkQqVMIfmgh4VP7' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-9qGkQqVMIfmgh4VP7', '--output', '/tmp/tmp1isjnbhe.xml', '/tmp/tmpaco0ml_3.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpaco0ml_3.xml" output= ____________________ TestClientNonAsciiAva.test_response_3 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=f9e6a788faae6e845c8ba8adc8c5ce90ad799bbcf8a9c8ea964d27924a24166curn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==IEA3U6zs/4yzmFG3cMowlNwPYWsZDRWAjP3Hd0RvI0ORCpGO9mT6Oyisag0AGgFJ\nkBFGZ9s8BYeLAS2/NGmPN8voQRvB1Qn7m9uUFbdTLhveuzBYTEfLfYDK/jBAZ2BA\nw+jT4nsDixUguNUXAXLcFiXuVo9U6HScP0uZy0a5FpE=4/ZCB0WNw2P9vTd5BGbfFrYaFSBdASoHKQ79ZXIDfJ/FjOcPvWrC8Md4OXTRTXr5\nMq80IFjGKV7hpR0IWUDQNSw1UJ3onCNs6kzfnitX4rWfLf/2iBNnYkvEip4pUwkn\nz2zHG22/gCckCNwFTzhShhwAKG1vty87ZUPFNlVlk3fidAFgLDW+uQn3lR4jmmf6\nu1lqQPkEq3UEUnqj6Vookl3i9LhkQqT3bK7B1gEQyvtk2Pv6gj6fkL6uVM8lRAqy\nNAEY8GI2e/roclkt1wj9f8EEza8Bvz0D23zoOQPGMH4jMoVruGwoV/nsHSWBU30a\ntGpFAZi8F6B/HDuxTI53ZmwBDmstR40jZGJQVwch/ifliteiGmrGgR5Hp5uOJPi3\nVU0w0K1YfiMyviFH9psLC1DWGLbp0AmT2OXzu5pi0ozhOzQG6GZa88ewKUH3Gf9y\nqq2EfwZIoBjPmS4CBByKFhXZan5icCqVH6/PSwW2/F3K1R5b6WUBmiajYY3OYRTF\nGDUZr9SnPFqIZkFXyJSENYIZXDEUlrKhJF2pJMMHqStsyQiR9LO5bFp6BK+V6mNI\nl7AH9q5QDXCUlXORwrLkk5XVJuBVCaONK4jRCR9rcDBDqFgHPCDG1ixTQb2IbtwM\n3mlU/BtXt9+DB3li7MztrgOtWrY4RO9k96WVilzdYyS8e8PT+esZ3wysq6mEuZnT\n1iuNFH6s9lyYtzZ8KiU0fxw8FPpwHPrrBXkE5b8ZnsWYe0RzkX0/rVaN6E71x45z\nbgwfciPEqpcKhBnR+E2ydLlYJyz0kdS1Cg1FNYqQJrGcFtAfAbJyFspxOOlM9LkW\nOH4DswZvGWqoE+l2kZry4R/IXxzXYzObdK7pp7a/HpoFCLK8a7ko69t7vIPCFN/0\nBz6S6Iy2uPkBljA367v6zF0epO9ZbEF4H8ArGxOrxZ2A2A3sqdoRLye4l4TTmTcU\nBnhaOb0eqYixaJjm8AkiiNvtYpQVFS6rizohu4bZB20L1ZmtZvRmAxKOf7XDhuyT\nrnwONx3t8iqzokmkEbCIGLD9m0cGEwK71zYqWoOKV6qBE/OgMPxHp7bYoSNS1ShO\nDerXdLc0m3eGSXXBWQHR020PjUxlfh3T7hrGq99ibpq3bfjbjFzNHEEjXb4QHRmw\nNbHcpxsP5YCcOvBWYOXK2zyoN2QeDBcvnI7GeAGOVED+QQfVgtcYnAAuA8g5sO5/\nqd/J9+mSzyCFUIuSWJ0Dl8c40hDeZe4kSi453S+QSkHf0BqWb/uZrTYla2J2zK33\n2ItfoFj6Mso7DOCBg4oLJm6bFnd4rKU/52DPI/gzjHzq91VrHoZI8Hrm0mMa2l1W\n4zQgjPpDC+xnfpf8C30hCPUXijEhWW/WR2h60WQ0rtZXSRkATOu4+9hfpGFO1wqi\nTjjZhSzocIJTgFg98Akzy2/AXKiXt1Qt1CW6BP6Oh4X1eYg1COdjTnfhm4RA2uc2\noaGtPQp6igLlzFEjW0L3tCUoe4qcCIzRoLqf9MzQQtZ/ToyIl+I870Esvz9A7e8p\ndVc3blC7lHqEj4IzVX/53hkugjJIEMK1v2qBf9XXFxp/wT3TEFDoIH6BhpeLftw4\nd/KbRFzTHk5ZHYVcoYQjryRO6Hc5EMmtu8FNbVR2kNDuoHIlooUJ7uqkfgw27P8t\nzcP07xOVdAf6fgb2nNiTidwFqNqN+UTwY+ivEPV7CwYnlV+FSzLAQh+WIKyNb9KW\njfDdy9BQDnvIYcKPk9flThCaQr34MBFRWixyVAbPJI3XgAo/iZTBRWIYw8fo1lv5\n3t+zroFCh+JVAAHvLzyR9xAx5RpdjWvQr8aUu2SiGetlOKny3RNh2zhwfacESx7R\nluTuQCjADDmQOb4cT21+qcCySoGcBC1QiO4HUckyzruVe6Ykm0fJ8L1PTcFM8iKZ\nDAC2PaTp0Ke4qcNyNE8hvrxSBUZQx7Y3pbh3yT5+ORNrvVfwYNcjTnKlABNXRHXv\nQjnbKEE3HgHLyhyUQtO0mHEgeCJ8tfIM8E6eYn57hnhPkExqjC+Kl6Hm2gsR3j07\nUwMx/GAasbJ66N13XooJdTmTZ2hhZ/Uh2po2gdjErs069J8ktes3d9LRAb93dj4E\nlqVQFt/f7nmXZWdjCo0r3dCmCQOZlomse1QZwVpUIhV29bGyGPQwoDBArGX1/DVK\nWGjW5+FnDoYozxsvVE6O65VBXmluO0GB80nDC+mDHGLFKyti/UztIwdM/eCfMlBp\nUGPdJxy4TXGSEyJ3kTF3M7NFBkSuxhKXoohU2azwHfAnNif7zbQFsmXGKLUOXW43\nhhfRvpm+HtjyK6y+iAYwSjl9z20eBGx+eftdnH9JBDbp6SGUkKpR/CaEml1NAhkP\nrZwvH/MVk36pCwPrDP9xruSfo4bggb1uXYfX/5TE0a1RHo4qcJMEPg==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-G3p8LE06ecKUVx4oB' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpruabnubr.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpruabnubr.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_3(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:2181: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=f9e6a788faae6e845c8ba8adc8c5ce90ad799bbcf8a9c8ea964d27924a24166curn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==IEA3U6zs/4yzmFG3cMowlNwPYWsZDRWAjP3Hd0RvI0ORCpGO9mT6Oyisag0AGgFJ\nkBFGZ9s8BYeLAS2/NGmPN8voQRvB1Qn7m9uUFbdTLhveuzBYTEfLfYDK/jBAZ2BA\nw+jT4nsDixUguNUXAXLcFiXuVo9U6HScP0uZy0a5FpE=4/ZCB0WNw2P9vTd5BGbfFrYaFSBdASoHKQ79ZXIDfJ/FjOcPvWrC8Md4OXTRTXr5\nMq80IFjGKV7hpR0IWUDQNSw1UJ3onCNs6kzfnitX4rWfLf/2iBNnYkvEip4pUwkn\nz2zHG22/gCckCNwFTzhShhwAKG1vty87ZUPFNlVlk3fidAFgLDW+uQn3lR4jmmf6\nu1lqQPkEq3UEUnqj6Vookl3i9LhkQqT3bK7B1gEQyvtk2Pv6gj6fkL6uVM8lRAqy\nNAEY8GI2e/roclkt1wj9f8EEza8Bvz0D23zoOQPGMH4jMoVruGwoV/nsHSWBU30a\ntGpFAZi8F6B/HDuxTI53ZmwBDmstR40jZGJQVwch/ifliteiGmrGgR5Hp5uOJPi3\nVU0w0K1YfiMyviFH9psLC1DWGLbp0AmT2OXzu5pi0ozhOzQG6GZa88ewKUH3Gf9y\nqq2EfwZIoBjPmS4CBByKFhXZan5icCqVH6/PSwW2/F3K1R5b6WUBmiajYY3OYRTF\nGDUZr9SnPFqIZkFXyJSENYIZXDEUlrKhJF2pJMMHqStsyQiR9LO5bFp6BK+V6mNI\nl7AH9q5QDXCUlXORwrLkk5XVJuBVCaONK4jRCR9rcDBDqFgHPCDG1ixTQb2IbtwM\n3mlU/BtXt9+DB3li7MztrgOtWrY4RO9k96WVilzdYyS8e8PT+esZ3wysq6mEuZnT\n1iuNFH6s9lyYtzZ8KiU0fxw8FPpwHPrrBXkE5b8ZnsWYe0RzkX0/rVaN6E71x45z\nbgwfciPEqpcKhBnR+E2ydLlYJyz0kdS1Cg1FNYqQJrGcFtAfAbJyFspxOOlM9LkW\nOH4DswZvGWqoE+l2kZry4R/IXxzXYzObdK7pp7a/HpoFCLK8a7ko69t7vIPCFN/0\nBz6S6Iy2uPkBljA367v6zF0epO9ZbEF4H8ArGxOrxZ2A2A3sqdoRLye4l4TTmTcU\nBnhaOb0eqYixaJjm8AkiiNvtYpQVFS6rizohu4bZB20L1ZmtZvRmAxKOf7XDhuyT\nrnwONx3t8iqzokmkEbCIGLD9m0cGEwK71zYqWoOKV6qBE/OgMPxHp7bYoSNS1ShO\nDerXdLc0m3eGSXXBWQHR020PjUxlfh3T7hrGq99ibpq3bfjbjFzNHEEjXb4QHRmw\nNbHcpxsP5YCcOvBWYOXK2zyoN2QeDBcvnI7GeAGOVED+QQfVgtcYnAAuA8g5sO5/\nqd/J9+mSzyCFUIuSWJ0Dl8c40hDeZe4kSi453S+QSkHf0BqWb/uZrTYla2J2zK33\n2ItfoFj6Mso7DOCBg4oLJm6bFnd4rKU/52DPI/gzjHzq91VrHoZI8Hrm0mMa2l1W\n4zQgjPpDC+xnfpf8C30hCPUXijEhWW/WR2h60WQ0rtZXSRkATOu4+9hfpGFO1wqi\nTjjZhSzocIJTgFg98Akzy2/AXKiXt1Qt1CW6BP6Oh4X1eYg1COdjTnfhm4RA2uc2\noaGtPQp6igLlzFEjW0L3tCUoe4qcCIzRoLqf9MzQQtZ/ToyIl+I870Esvz9A7e8p\ndVc3blC7lHqEj4IzVX/53hkugjJIEMK1v2qBf9XXFxp/wT3TEFDoIH6BhpeLftw4\nd/KbRFzTHk5ZHYVcoYQjryRO6Hc5EMmtu8FNbVR2kNDuoHIlooUJ7uqkfgw27P8t\nzcP07xOVdAf6fgb2nNiTidwFqNqN+UTwY+ivEPV7CwYnlV+FSzLAQh+WIKyNb9KW\njfDdy9BQDnvIYcKPk9flThCaQr34MBFRWixyVAbPJI3XgAo/iZTBRWIYw8fo1lv5\n3t+zroFCh+JVAAHvLzyR9xAx5RpdjWvQr8aUu2SiGetlOKny3RNh2zhwfacESx7R\nluTuQCjADDmQOb4cT21+qcCySoGcBC1QiO4HUckyzruVe6Ykm0fJ8L1PTcFM8iKZ\nDAC2PaTp0Ke4qcNyNE8hvrxSBUZQx7Y3pbh3yT5+ORNrvVfwYNcjTnKlABNXRHXv\nQjnbKEE3HgHLyhyUQtO0mHEgeCJ8tfIM8E6eYn57hnhPkExqjC+Kl6Hm2gsR3j07\nUwMx/GAasbJ66N13XooJdTmTZ2hhZ/Uh2po2gdjErs069J8ktes3d9LRAb93dj4E\nlqVQFt/f7nmXZWdjCo0r3dCmCQOZlomse1QZwVpUIhV29bGyGPQwoDBArGX1/DVK\nWGjW5+FnDoYozxsvVE6O65VBXmluO0GB80nDC+mDHGLFKyti/UztIwdM/eCfMlBp\nUGPdJxy4TXGSEyJ3kTF3M7NFBkSuxhKXoohU2azwHfAnNif7zbQFsmXGKLUOXW43\nhhfRvpm+HtjyK6y+iAYwSjl9z20eBGx+eftdnH9JBDbp6SGUkKpR/CaEml1NAhkP\nrZwvH/MVk36pCwPrDP9xruSfo4bggb1uXYfX/5TE0a1RHo4qcJMEPg==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-G3p8LE06ecKUVx4oB' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-G3p8LE06ecKUVx4oB', '--output', '/tmp/tmp6smjobii.xml', '/tmp/tmpruabnubr.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpruabnubr.xml" output= ____________________ TestClientNonAsciiAva.test_response_4 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=248d65ad55b5b56c64351003d42001b26dfcc36edef592f83b360ede0248db53urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==qTi/dSkidNBtumhCvV+Qk1WyUm+WE3S4N8q6otfGLi+3XqcGIAi1nSjpa5l+P3Q6\nR+rTU8YoqZk2yNhxq1G9IVvqO8d08VxuL8EjHInqmGBQCJrCoLFFuOcohekTIpiG\nA69He/1I/GjVFA/I2IC+RyexgHQHZrdoAPoaU2JyRKA=BKomU8SOIaJyXbixvGOeUcJCSciWEwzjmi+vetlM+17s4y0enbuv/1Cj9blXIJK4\nHYUrx1v1TpUcHw5TkANbdYMVOvuOeqkCj54B+ecSBmXUgVgTF0uJL+EKoeP3nHga\nqiiDZPrCvlY2mSGHJ7hcv1daPduZf0du2crWDFON5roZ+/XMElgsaeDKn3dnezdS\nPL9lbmm73ze/k2LLEqe0J/z1UhEfnrBMCdLxXxGUhokovWOrU9L8Ff+jdWH8fddG\n+rQYiQhn7/z3GeABtnPgmwB3xX3czqZ0+9K1i/W7ngL3vo8GJzhOCFLFYjkxFXYT\nnLo6TwuutgmRQun/rP2V9N+tFHSCYFDalQY4kBxCga5UhS3wO69eiq9l2+XoASXL\nWWgZQQbOOKoLvGaSxoTa5qfKZFUkl5S2IwPxtcfc/MY5na7pJu9RKFlfMOfWKChZ\nGubCzGJB7HZTfGXAMjY/Der7IxgNjqpA2NfoktszXYYNl1a37JfNzZPoQovsBFWe\nF9umOF46ajXAjwkgYJqkGCMbLs/1uhMEwU7qVzyJGR5tI4i1dJeZqkWLL+4EUerq\na//hmR30sP4lV2Qxt7ne+p999uAEwQMM9UtCataGkGsbiP5HDhtGn17Deluzms1N\naaC9hFdaqfTO4OKzPNGnwJZKOCCj6ZYgryDjFlFirkwgn3JD1cXUVPItnIxNlu/1\nFOQpdRaNqx4cYo8hfQHrFE/5SqceLtCO3zlDtVdtalfRjbhlHO8O7Tg/Rp4htPMI\nYIxtCFU6osCytpjaNAqjo5Xt3WZM/TOXnUwL+zLzdRAoRAWNGM5xsIOFreB+ZWsi\ncj9aHfM9hImJAAFGGohIwbMmSJB9frbQmJE6NzQek30Iyt0kBAywU38sSnRLubw7\nV5ImHNwE7JQKYMmeOOcw1Nu059SCYRhn0R4kFTXGHqxJHS2S8o6m2o1qJ37nvNtD\n31+EIeyzeukAww4/gnOI2YJTneAgmIjeYVe2pWPFyGBkUYfqcBimmItzPbw3E/n6\nA1FjJ7zRKbLmXDDnVRbSosS8uy6kokqdXyNHnOgSXLW1Gbt89qXHY5NYlDosOmv7\nZkzh5Gu2Kt5vXR71w9e/rbg8Dkenb/28G5zPIg2pG++bYOx/7FNTl5HJ3WQEqdHP\nFwg6NVRa2rBH1EvdkPZbPzkTR2dY2QLPSY4BKsMuF8unQfFqvO5XBQ6Wasveb/OA\n6cQ7/WfPaEDAr0zkAHAAiRZJBgtD06P2zbFHxONfypYP5o9IEc59NkrLf5Nh+mVR\nXHgw7ilf/HEatK0v4bA+o1oC002lQHe186+GMX6LXhcGurVj+qBcHXkaBVJLzwwO\nf7p15Ap204dbDV/d0HdoeyMF9fXn1vWEfcVD8BMl/jQoSgkFZ4FTAt3Nyx8PO4MC\ngQ8fVR3rkBr1SljsnNamfof/WX+rwzgrxYZoywz5dxeLFzWaR1pZLjrFYiCcZdEz\nhbg0XGFxWKkqKctxhvxjym3GvLTzvidYLlI/XHMWkbvzAoH95oYdGSuAZ805Mal/\nixUdAP6j91cKPmNYOllZauRhWFf4NSJrfou7hNga1zfFoNHGxTAeBLdb6wk3+iN2\ncjNIDWMAXQyDsq1Kw4CNFWIwk4RgpYgCLLoySSrPsoot6W3EsPJWVgsU3nGRsBWE\nG66rsWz0Y2+NzXFCW3HfTaGMRC+ObldAMU3mT/tDLUIp1jSEL70kDTSYMlbS8IxR\nvDV2ic8i0Hr2sf2Eh/Y5Zn3Jdqku+RvA6EbF1pnOtDUoycmgoz/fbbAKGCj530t8\ndJKQ34haHIpL/xMgDZn3arYwyw/UJu4vXxgOYq9I2GEMwbG9+6NlAVF6hz7MUIxs\nm3xEpKT9zkdZYkmHovp4S/nsDDHAKbyi0GyxWDpg5aSaegB8YF00ARAfuainCO3F\nfHnpyotcu7hPQd/vvfTJ5fYQ6OIp1rTPOa8Xn+JmYrzzkcX6ZCxa6i8jPeMjt30L\n2iedAonJlnNL5v8DjuduIxA5QS6NDILq8He4+3AX9Mi+G5IzBxkZrxSp0PocrnAc\nBf484/nPpXypb5LYwx98rXjKZLBqe4V46GaKHBodTCJQBRO38JEEqEajq2JISXSE\nNIH7xUaLNigKwOnNZIMvPwrtVeppgDI3jKn9glF0KexaLfkzWQvDpVlNRUklgDrT\nKnd1K/nLsr+tqrK4Tpa1/lUDZSv/hfrSRjqU+HqDmWXT/tWj5uzklECIiWOM231k\nf+Kq63wK7HbhMsmvFbpTNEgFoosjrZas5nzP0dQI2TPQ0tIZw+JZ1anoINaZA0BF\nVyQ1fOP1NU/+1q3WpJGZAmJiA7mBdhDMVZr1QfQTofjLA3TG4O6hSTHWnSlPGXY4\n7vlX8MukLcyNn4G0ojo+dK7DXEHY6I2xq/smTEyFrODwbkR8B7y6RA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sdj7g13QNoEYaC4Ks' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpu5ku_4s6.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpu5ku_4s6.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_4(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:2215: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=248d65ad55b5b56c64351003d42001b26dfcc36edef592f83b360ede0248db53urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==qTi/dSkidNBtumhCvV+Qk1WyUm+WE3S4N8q6otfGLi+3XqcGIAi1nSjpa5l+P3Q6\nR+rTU8YoqZk2yNhxq1G9IVvqO8d08VxuL8EjHInqmGBQCJrCoLFFuOcohekTIpiG\nA69He/1I/GjVFA/I2IC+RyexgHQHZrdoAPoaU2JyRKA=BKomU8SOIaJyXbixvGOeUcJCSciWEwzjmi+vetlM+17s4y0enbuv/1Cj9blXIJK4\nHYUrx1v1TpUcHw5TkANbdYMVOvuOeqkCj54B+ecSBmXUgVgTF0uJL+EKoeP3nHga\nqiiDZPrCvlY2mSGHJ7hcv1daPduZf0du2crWDFON5roZ+/XMElgsaeDKn3dnezdS\nPL9lbmm73ze/k2LLEqe0J/z1UhEfnrBMCdLxXxGUhokovWOrU9L8Ff+jdWH8fddG\n+rQYiQhn7/z3GeABtnPgmwB3xX3czqZ0+9K1i/W7ngL3vo8GJzhOCFLFYjkxFXYT\nnLo6TwuutgmRQun/rP2V9N+tFHSCYFDalQY4kBxCga5UhS3wO69eiq9l2+XoASXL\nWWgZQQbOOKoLvGaSxoTa5qfKZFUkl5S2IwPxtcfc/MY5na7pJu9RKFlfMOfWKChZ\nGubCzGJB7HZTfGXAMjY/Der7IxgNjqpA2NfoktszXYYNl1a37JfNzZPoQovsBFWe\nF9umOF46ajXAjwkgYJqkGCMbLs/1uhMEwU7qVzyJGR5tI4i1dJeZqkWLL+4EUerq\na//hmR30sP4lV2Qxt7ne+p999uAEwQMM9UtCataGkGsbiP5HDhtGn17Deluzms1N\naaC9hFdaqfTO4OKzPNGnwJZKOCCj6ZYgryDjFlFirkwgn3JD1cXUVPItnIxNlu/1\nFOQpdRaNqx4cYo8hfQHrFE/5SqceLtCO3zlDtVdtalfRjbhlHO8O7Tg/Rp4htPMI\nYIxtCFU6osCytpjaNAqjo5Xt3WZM/TOXnUwL+zLzdRAoRAWNGM5xsIOFreB+ZWsi\ncj9aHfM9hImJAAFGGohIwbMmSJB9frbQmJE6NzQek30Iyt0kBAywU38sSnRLubw7\nV5ImHNwE7JQKYMmeOOcw1Nu059SCYRhn0R4kFTXGHqxJHS2S8o6m2o1qJ37nvNtD\n31+EIeyzeukAww4/gnOI2YJTneAgmIjeYVe2pWPFyGBkUYfqcBimmItzPbw3E/n6\nA1FjJ7zRKbLmXDDnVRbSosS8uy6kokqdXyNHnOgSXLW1Gbt89qXHY5NYlDosOmv7\nZkzh5Gu2Kt5vXR71w9e/rbg8Dkenb/28G5zPIg2pG++bYOx/7FNTl5HJ3WQEqdHP\nFwg6NVRa2rBH1EvdkPZbPzkTR2dY2QLPSY4BKsMuF8unQfFqvO5XBQ6Wasveb/OA\n6cQ7/WfPaEDAr0zkAHAAiRZJBgtD06P2zbFHxONfypYP5o9IEc59NkrLf5Nh+mVR\nXHgw7ilf/HEatK0v4bA+o1oC002lQHe186+GMX6LXhcGurVj+qBcHXkaBVJLzwwO\nf7p15Ap204dbDV/d0HdoeyMF9fXn1vWEfcVD8BMl/jQoSgkFZ4FTAt3Nyx8PO4MC\ngQ8fVR3rkBr1SljsnNamfof/WX+rwzgrxYZoywz5dxeLFzWaR1pZLjrFYiCcZdEz\nhbg0XGFxWKkqKctxhvxjym3GvLTzvidYLlI/XHMWkbvzAoH95oYdGSuAZ805Mal/\nixUdAP6j91cKPmNYOllZauRhWFf4NSJrfou7hNga1zfFoNHGxTAeBLdb6wk3+iN2\ncjNIDWMAXQyDsq1Kw4CNFWIwk4RgpYgCLLoySSrPsoot6W3EsPJWVgsU3nGRsBWE\nG66rsWz0Y2+NzXFCW3HfTaGMRC+ObldAMU3mT/tDLUIp1jSEL70kDTSYMlbS8IxR\nvDV2ic8i0Hr2sf2Eh/Y5Zn3Jdqku+RvA6EbF1pnOtDUoycmgoz/fbbAKGCj530t8\ndJKQ34haHIpL/xMgDZn3arYwyw/UJu4vXxgOYq9I2GEMwbG9+6NlAVF6hz7MUIxs\nm3xEpKT9zkdZYkmHovp4S/nsDDHAKbyi0GyxWDpg5aSaegB8YF00ARAfuainCO3F\nfHnpyotcu7hPQd/vvfTJ5fYQ6OIp1rTPOa8Xn+JmYrzzkcX6ZCxa6i8jPeMjt30L\n2iedAonJlnNL5v8DjuduIxA5QS6NDILq8He4+3AX9Mi+G5IzBxkZrxSp0PocrnAc\nBf484/nPpXypb5LYwx98rXjKZLBqe4V46GaKHBodTCJQBRO38JEEqEajq2JISXSE\nNIH7xUaLNigKwOnNZIMvPwrtVeppgDI3jKn9glF0KexaLfkzWQvDpVlNRUklgDrT\nKnd1K/nLsr+tqrK4Tpa1/lUDZSv/hfrSRjqU+HqDmWXT/tWj5uzklECIiWOM231k\nf+Kq63wK7HbhMsmvFbpTNEgFoosjrZas5nzP0dQI2TPQ0tIZw+JZ1anoINaZA0BF\nVyQ1fOP1NU/+1q3WpJGZAmJiA7mBdhDMVZr1QfQTofjLA3TG4O6hSTHWnSlPGXY4\n7vlX8MukLcyNn4G0ojo+dK7DXEHY6I2xq/smTEyFrODwbkR8B7y6RA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sdj7g13QNoEYaC4Ks' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sdj7g13QNoEYaC4Ks', '--output', '/tmp/tmpyf0a1mhv.xml', '/tmp/tmpu5ku_4s6.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpu5ku_4s6.xml" output= ____________________ TestClientNonAsciiAva.test_response_5 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=af2a03461d11e8e1bfba96bc7d6c8a9140d923b8b04216dfc265d9489152db9eurn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==f9FpV4GpISw94ncfRhjweaJYOHR0qB13zFetwSklSM7frQsNmr0NRKE7/mJP+p8t\nsE9dIXC0+pjMAOjTIb+RJ32kODa/JolQQWyz1KvkyOZeZH/iXcgs1Hlv+evD138/\nDPeOUljIYMXNKXHougOlpAhEY8iP542O/OuijY95JsA=3mNJaskt4IMek2eZKEd0YARn5lMciVHDUWuJsVOlzrshiKugI4urbEJ4zR8aE/5/\njt3zBDxvdYPvWtwohLBcrwhniLdS7R2qcZNeo4H73lp/DZsX9JJHG7opEs+mW1Ef\nIaCLfqJmfUTkBxR8+SWgWrh8m8ad+j8u+0haZbmS0PRi5t4AEqOk5dlUR3IjJjKk\n5Srl3eeiDiq3HlRkiGGWMAE/5ft0sXVOXmZXR8pU2/gYJNQ20U9IkwCXoqIkX69l\nuf37vFo+HzpOInuVmNU9ppfOTNz6um+0PmTVjf/r5q5E6zN64DNtury6g3Qv3aEk\nYidzRl0LfiwLbN9XjWhy+OBwlo5ytAFRI9ymjo5Ll13BXTwcRjwQnkJYZElhBTkO\nSwRyhfnW44085owRosCCQnartijQB+ut/VKsImP5Mj/Wx1uHJLo1myadUCMnnDVj\nTT+gvwJtdNDiAx3suNpnLtDdnKyYMMx/XHvoMf2h2TjxvKcP1blXTHFwoFvaG+cR\n6YkQFBPS/Vh1tFDsCVD/n9su72Xp4v3JMRZALrSW4Zts8/XxPK6jRuocDWX/OK3l\ngu/j1Tsf+gHfWNLNUhOZp7NxkuMHQcuXe3qoQJtOJtIw6K9aKVKy2CVOIwOODPp8\n5yWX5bvQLXX4MsS6hh+Y+mrpYDcHj95+vhRWy0SzsFIj/zarsNIrikyE3pWjzh65\nwTCOgURTkDfS2wrc/mQIi7pOyAOJOY3LZT/db5grLCmxlZRDW75GhuDGbplXVhzF\nqnfuTQ0jVF2IjZTElRvZ+yVbuZ9dWUkGsgXzXUo/pvkSzNKRBYPgg/MpVbXjO5JD\nqmfbZJ7j9wDaO0aS53ZJK3eTN7b7zaXRgeNCGbq33+xTuBPzNlIc6Hi+0+7LEfMY\nF0Q/JGA5h4YhSC+nbT6XtF7sa++mDjYFLCwq8hJ1eEwP700D/Y69rGZVi4WcGeUD\n3+o757niiNReXhwdc8MBrXxcxX4kXYrNbx05M4CcKX+TOSWXHmfJ/cVnfNl4gKDR\nxlhhxH5gEPw1slZGfqkegpTRl+JVqNv+8sDKdR6LaISrPTNO6gVMbjS2AV1yfJDB\ndXqOvnzIKh0A8AyoHO2STW8iKgtK+ntZ7YHl6BL1f5cGctjvX7gmJW0ddKNz/Ruc\nZxcdfqyVk+TAGH8sgMaVOMlOA71OKJrzjPeK6e7QkQpg/i/a5E697kk9n6ahv87Y\nmTeH4yVWaCr8sh+EgL7MnRSCS5Kr2hlVsJ4GdBx8lF/h6N+xE7czD4oDtG1zzslk\nYiVangvj6w71B8fXuajoHb6mdvSZPyfUtZuk/4rgF+naxCZEeL+NAFBici8o0Sjt\nfKriX2/rP8PycR6IQwlLAkWSDmMtjRR+WJcCtKJe/EEdFCxbTXEziWaS28wzeiWI\nV0ZXFFHRpaE+fpxoalo9d+L18eueeEw/1zSMw6Y3QmAy7QrdJpt2anVKKefxfbxE\nXZG3v9oBefOm2t7zKPmmEUXASfrSNtVRjWrbSa4U4luMqJewCg2XdPhq8cWk/v0W\nHNei9OBCijrDmzblG0mBGF7/ya/VKQl/xSHLxETrlBgyzCmmVRdGUlHyc83Jax0z\nuCedIxJmUOx+ToBnTq6Iuw3cpwzIAlIkct3a8cuJOd4kWiIpGosnH2ssvrpCwBR9\n2wcUeIBrcW9QMpW358Z6PZN3CMvcdvpXiXKBJDxL7ThaysUBQYx8a1macyXmI4cu\nOwC9SM/IhAzcuwRUuJNoo+AjjrhbLe4RJSIYS93/FRY3d0DeZ2CMa5DkMpH7jtPZ\n7kWlcc7cd4oVSgyQtPiL7tVep+QGXnXYmjrdyMfHyu68r/7Z3BSHxZNmi1Rs9t/H\ncZYHVyQjpeK/gcROvMs3yaTZwpDokDJYUisZMXvjbnMNFIBpOuajTwAOYIxwwnzj\nFPn29Kfxu5bKnGDo46lYnbb49WlFeU6o0IyRq1Z0/B/I1jBM8cMS9l3Xoqqca1iC\nkzr6PEwz9hU+PO32U5RR4oAO7DMjO9vzqYIlMIH8oX/CTljv9D9UAMIaqxmDgVgk\ntckQDqOoGL9sMv2x6+J4OMcwZ29wXoKJLA8/0Zq+An0grwIo9X3keXEBR22NwewF\nGJuiMJuiZoKf4GlbYoM0KQlNPFRAofdo2plTfRj7nzWSIARpuKA4l3mGVn7mFSdA\nnnK/JduivOihlCFw8CzUqdzegtmWf4Mz5RoLzfmEFBSfbAYNGzpMxidqV/WfZ9/J\n05rcSFrAIQHTbHLtiQua/CJPzyiwBpwU3GZYCsJczxjgOjHdmP5LCFmGJLpTvgcJ\n4OQIiGb9dGTjGJBqFTvn9Zy9ZA/o+06vMGIwvQtoPrd6akLOhi2jugi3D9lmQHyV\npGlDE283MQon20cuW/3htd6dA/2y2L14v4GCsi1UtopEzxDxz6s5+w==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-TcxBveQHb26LwCBJJ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpg3qd8iko.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpg3qd8iko.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_5(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:2253: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=af2a03461d11e8e1bfba96bc7d6c8a9140d923b8b04216dfc265d9489152db9eurn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==f9FpV4GpISw94ncfRhjweaJYOHR0qB13zFetwSklSM7frQsNmr0NRKE7/mJP+p8t\nsE9dIXC0+pjMAOjTIb+RJ32kODa/JolQQWyz1KvkyOZeZH/iXcgs1Hlv+evD138/\nDPeOUljIYMXNKXHougOlpAhEY8iP542O/OuijY95JsA=3mNJaskt4IMek2eZKEd0YARn5lMciVHDUWuJsVOlzrshiKugI4urbEJ4zR8aE/5/\njt3zBDxvdYPvWtwohLBcrwhniLdS7R2qcZNeo4H73lp/DZsX9JJHG7opEs+mW1Ef\nIaCLfqJmfUTkBxR8+SWgWrh8m8ad+j8u+0haZbmS0PRi5t4AEqOk5dlUR3IjJjKk\n5Srl3eeiDiq3HlRkiGGWMAE/5ft0sXVOXmZXR8pU2/gYJNQ20U9IkwCXoqIkX69l\nuf37vFo+HzpOInuVmNU9ppfOTNz6um+0PmTVjf/r5q5E6zN64DNtury6g3Qv3aEk\nYidzRl0LfiwLbN9XjWhy+OBwlo5ytAFRI9ymjo5Ll13BXTwcRjwQnkJYZElhBTkO\nSwRyhfnW44085owRosCCQnartijQB+ut/VKsImP5Mj/Wx1uHJLo1myadUCMnnDVj\nTT+gvwJtdNDiAx3suNpnLtDdnKyYMMx/XHvoMf2h2TjxvKcP1blXTHFwoFvaG+cR\n6YkQFBPS/Vh1tFDsCVD/n9su72Xp4v3JMRZALrSW4Zts8/XxPK6jRuocDWX/OK3l\ngu/j1Tsf+gHfWNLNUhOZp7NxkuMHQcuXe3qoQJtOJtIw6K9aKVKy2CVOIwOODPp8\n5yWX5bvQLXX4MsS6hh+Y+mrpYDcHj95+vhRWy0SzsFIj/zarsNIrikyE3pWjzh65\nwTCOgURTkDfS2wrc/mQIi7pOyAOJOY3LZT/db5grLCmxlZRDW75GhuDGbplXVhzF\nqnfuTQ0jVF2IjZTElRvZ+yVbuZ9dWUkGsgXzXUo/pvkSzNKRBYPgg/MpVbXjO5JD\nqmfbZJ7j9wDaO0aS53ZJK3eTN7b7zaXRgeNCGbq33+xTuBPzNlIc6Hi+0+7LEfMY\nF0Q/JGA5h4YhSC+nbT6XtF7sa++mDjYFLCwq8hJ1eEwP700D/Y69rGZVi4WcGeUD\n3+o757niiNReXhwdc8MBrXxcxX4kXYrNbx05M4CcKX+TOSWXHmfJ/cVnfNl4gKDR\nxlhhxH5gEPw1slZGfqkegpTRl+JVqNv+8sDKdR6LaISrPTNO6gVMbjS2AV1yfJDB\ndXqOvnzIKh0A8AyoHO2STW8iKgtK+ntZ7YHl6BL1f5cGctjvX7gmJW0ddKNz/Ruc\nZxcdfqyVk+TAGH8sgMaVOMlOA71OKJrzjPeK6e7QkQpg/i/a5E697kk9n6ahv87Y\nmTeH4yVWaCr8sh+EgL7MnRSCS5Kr2hlVsJ4GdBx8lF/h6N+xE7czD4oDtG1zzslk\nYiVangvj6w71B8fXuajoHb6mdvSZPyfUtZuk/4rgF+naxCZEeL+NAFBici8o0Sjt\nfKriX2/rP8PycR6IQwlLAkWSDmMtjRR+WJcCtKJe/EEdFCxbTXEziWaS28wzeiWI\nV0ZXFFHRpaE+fpxoalo9d+L18eueeEw/1zSMw6Y3QmAy7QrdJpt2anVKKefxfbxE\nXZG3v9oBefOm2t7zKPmmEUXASfrSNtVRjWrbSa4U4luMqJewCg2XdPhq8cWk/v0W\nHNei9OBCijrDmzblG0mBGF7/ya/VKQl/xSHLxETrlBgyzCmmVRdGUlHyc83Jax0z\nuCedIxJmUOx+ToBnTq6Iuw3cpwzIAlIkct3a8cuJOd4kWiIpGosnH2ssvrpCwBR9\n2wcUeIBrcW9QMpW358Z6PZN3CMvcdvpXiXKBJDxL7ThaysUBQYx8a1macyXmI4cu\nOwC9SM/IhAzcuwRUuJNoo+AjjrhbLe4RJSIYS93/FRY3d0DeZ2CMa5DkMpH7jtPZ\n7kWlcc7cd4oVSgyQtPiL7tVep+QGXnXYmjrdyMfHyu68r/7Z3BSHxZNmi1Rs9t/H\ncZYHVyQjpeK/gcROvMs3yaTZwpDokDJYUisZMXvjbnMNFIBpOuajTwAOYIxwwnzj\nFPn29Kfxu5bKnGDo46lYnbb49WlFeU6o0IyRq1Z0/B/I1jBM8cMS9l3Xoqqca1iC\nkzr6PEwz9hU+PO32U5RR4oAO7DMjO9vzqYIlMIH8oX/CTljv9D9UAMIaqxmDgVgk\ntckQDqOoGL9sMv2x6+J4OMcwZ29wXoKJLA8/0Zq+An0grwIo9X3keXEBR22NwewF\nGJuiMJuiZoKf4GlbYoM0KQlNPFRAofdo2plTfRj7nzWSIARpuKA4l3mGVn7mFSdA\nnnK/JduivOihlCFw8CzUqdzegtmWf4Mz5RoLzfmEFBSfbAYNGzpMxidqV/WfZ9/J\n05rcSFrAIQHTbHLtiQua/CJPzyiwBpwU3GZYCsJczxjgOjHdmP5LCFmGJLpTvgcJ\n4OQIiGb9dGTjGJBqFTvn9Zy9ZA/o+06vMGIwvQtoPrd6akLOhi2jugi3D9lmQHyV\npGlDE283MQon20cuW/3htd6dA/2y2L14v4GCsi1UtopEzxDxz6s5+w==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-TcxBveQHb26LwCBJJ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-TcxBveQHb26LwCBJJ', '--output', '/tmp/tmpv5pfl9mv.xml', '/tmp/tmpg3qd8iko.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpg3qd8iko.xml" output= ____________________ TestClientNonAsciiAva.test_response_6 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=0c125af5f66266f056ec2ee1d6a59f63bb89562da16ee8c02adc857bebc6e4a8urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MzAzWhcNMzUwNDIyMTM0MzAzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAtaQMA2VAgBW3376ZoPuYg6mxmGRxRu5yu3y28rr0c42/S0OuNbQ8gfzb\nJ2k1Qirz7hFqHhHtn48Zcqcu/6l61YfDGCTQVGCP020wBwRdHOH1Dop0hq2FD7Pu\nhXgaE3Geo04zagWCiObAYsa4Yk+FJCLWoFyO4F9eRB5b8q2jpYdKMByAeEWl6mz6\nLDXpk2YjWE6B18jC2xTBhQ51ee2je7Khix9Vui/Vb9V1x8vUUy2z6eFL9JxeRsRk\nRgEppC+6bfOpbAJUH6FQPjQI9clOvZu3z+HhtwvUTZ1tLrF+Js2mpfmfgN2MWuZ+\nFFY3EuelaC1eWcFRs3jVLaQ8fYGWmQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAISL\nQzhXs1FsyTiPd+EKVfvQKY7ea9qaJ4lPSJlT4MyxtkM7FtRGjOzvlIlczjpuzCZl\nhAA1wHjno3uc20PRSrRQstcXYdeDtDz7lSqcZb0xCMqHP1oysoOIxARaNIFXoq1h\n4rCKxJ2u+drJlCCGLgiNusIFbRzpT38IU4O2EvteK1m25jOsXw3DXru5z/PQNVnmZMv6gDj4r8g7mumyy2vOPb3DNR7qn+RnJA9wqCRK\n8NxSRRvaFMas+FLrOa6AkZE955LMTph/GPU0OKtGjbtL+hULPFrcwQ8gFa6w9IQM\n1JpMR4TYdRA0Q1tgUYSexxlp4AKH0jiVe1/34CD2cLLzMakFl0rGls3IoJH1IvcQ\nl9fCKAktEh5XEBqxKIrswL59FKqDkE0UiGvXV3cmPTa4B1GbTzEL94XxV6xH7b4Z\nXqxn2b8Zs5+zLqCLXoUuEJb2gDEdw06x5dlLkNFm8qNDzSQMwyTZxgTlkRVhk3/i\n7yMwQV6AMcfb5T9IItuHGQ==q1YlM/5BJholZ1HM1Y8XRP7DwR0Cwq2DYBVYTPjvQHmDzf3S1KfYknDcV3LBY3Tc\njCMbkKFlHO4rVs5ZtnHHCygZ/jTrImz/kCCwUpKFxNnwJQ8mfXh5PSC82KzRFk7A\nKSRjSRKQCWyUI5qIUqmqbGw5mLW1Zn66PhaHvQLOi4jjja1FS0h0b9GXg0omUHBa\nFT0yl5AH3P3f5lrO1+p6q5csdEEZH5yK7OOdZ5u9UmNvkgg4j3oXXyvKGzIMHar9\n7598h3Y3zrbI1/HHO+nAwiNAy7l36+m3T5bszhGHcHA/xPtTHCbVeYwKFoFiniR6\nhhV9P9jPw3r8nO6A/Sl7tBzH1P85uNulz65KwndU1R8xdUhlu7Dn9DutY6MRUS7y\nWrLrB24BPgQzyHVt0FVGl2ri8dXWEVw2cTT0DnGtogZXgmVBvoN9vCALi+7i47p3\nNE6LEecq/Anaa8MHEfQ+8uBXHb/4zs21N5NCaMeHLycHVeVQatiG2+9Fs6VV1P/R\nqCqZIk8/x2Iughy/29AbKApreIs6l/WqY5kKtPKEcH9aiQpnYOk7IT9lbz8An9uF\nK4SJNB1JQzSOnWpeVD/mk5JDTlIvosW1NzO9qUUrTXm/JP3W2OCFfVx8ZxRd168l\n+ves8/cuZLg96KSZRCcvCP3EfhmcPG0oMpjtDP/174mnMVUKM8NlXmY8xuVNyVFf\nqyrTbkYniliQgwJasd8sTSTjEVgVJF+HKVy08eXZ1/Ki3sNgpUrRGYhKuu+E+r6B\nPxdo2t4mi+o5ZuwavGpDPttzEMg0Kv7d5Tp+gi5Iu69OIbvljPoN+jHca+MF9DGS\nZSO9My5L1RLmSFOrZk1UCRN+kBTMa9JZpbU+MXmHxHcly1vo5kyl5ahkOv+IlSGi\nqlgA0aJx9+WOU0fo736Vq1X7wj844VwGOdprJnnT+DoI5iiwt3D/kcoi16QBITHU\nB8DFbfQBB2yrSdl8LO3hgilDerR9mY/nnqdYGAB1cMiRM2GviWJWufnQsj2wEkBq\nLnHTbluutVC2peFIQ6Q1uBOhUCF7WAybjSbLNX8e1oqpovl6ryoVUjhgW9Dt4f91\nu4Jc87byuCG0h4qhVhL35Ad/MuJlNsWEo6qUUydeunvCl3vz57ZqA8bNYI3P4Eux\nk30+9ZCnTbMhlDfAxNTsdZYvyaA2e4BhjRwglNU5pPvW0BfNEeLH9YtOJIr/KpvM\niJCN9YSsU1X++kNt7cjMBUGP58x5i/NZTQ1GxkkXMgVYon+9METItVrXHoZbJ7Xk\n7IXxX+Z0QKkYEdHAOloop6VptEXmC6NfYLS0buzYlh67hGolke68GwI3sIDtmqs0\nEmb/7LGPfTya4r5t26c7UE6NZ0DcJNgJFcqB7j4cHLLYIHvj3iYeATC9Cg5Oms07\nAN//88MfEfpOiol6ZkkAR8LuPXHqo33tk5Mn4wY0i5w3sxBvYx/Yn8X9mCn0h1X8\n3CY04i2sN3KAlBrfYG0wdB68X7ua04+8jSOfoLlfERpsVlL8+gZyrhR1Mi/GErPV\n/8pFwWTzA8M7PDhiuqg9yiB+u7XwIiOuFjTBYeSihePQ4XEjj6XdJg13sf0tXdDa\nreLR9TWSoPL2STqPyUvkPKS7k7ZJTv821+y85zruxDbjTkzvxHYO7SASG61V1ZM6\ncBLt0eyeRkg6VUuJu6qxA2CDWg2C+JY6VGuXKs+yubumtPRPLG7tWVr3X9JnUy8u\nIAtBh+vZgbODgc98uSWsEEjxPJZf6yTw0KhYi/uWyN6JCjzpZfr0SNdArLTq7Y1P\nfEiwdZeaS4CiufBF8B0GTWYtsIHMJh1yGplFeBz6tQ6EPVNCl+7CoDKoUTtGWo02\nPwdiyNPegGEnJ8ecitas/E9w1IUAkQ1B9LCa9tKQYbPpRgeIupa2ipUrEphgqXNt\n70Dz2mF2qfjOIeNBzCrnmo1jcphZn7y7utHF/CB1ODiZ11VMETJa3GMvpiJpI/+T\nrP2xnxTmHSl5DtT5wZ7L9hnDk11XCHhRHAkOoTnLpSgDUC1BD6V6hfRQs/QVBzVE\nclrqqufk9Mwr/czFQJ3iKJ+gtmBDO/SCghc49gnvUqk8yC4ceuvPvp8c/7GT7fZR\nabn/6yf9sU/46efenvESx/3iksuuN1zxNn8evieFkAof9I1Y8tvEXxoSEJCiJJEi\nMxm78nuq0ggFEBmUCXzsJHlmrnJAlaxgE2NdTGfQG2ZojTYye7+f6SMoJKbgmozt\nZxYpgRuVIoLB2eYiPbnJR6m0CEfslxdpINg3dnRrSG7yzoSy+3SI4Jw8CJRIj8tU\ngmy7hcs4IJPMINP9H4Acfm/VJI8hhw/E1Z7+rrSDzEcHZ4Eji5N5pAA4y+ytubVF\nAgKK5XRKozkefUSDtnAFaAjVvfgT01hTQqVLIziPZxR8PMFp5wME/A==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-5c7kc0av1m9usdomb' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpl70slm94.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpl70slm94.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_6(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_assertion_str, cert_key_assertion_str = generate_cert() cert_assertion = {"cert": cert_assertion_str, "key": cert_key_assertion_str} cert_advice_str, cert_key_advice_str = generate_cert() cert_advice = {"cert": cert_advice_str, "key": cert_key_advice_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_assertion_str, encrypt_cert_advice=cert_advice_str, ) tests/test_51_client.py:2296: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=0c125af5f66266f056ec2ee1d6a59f63bb89562da16ee8c02adc857bebc6e4a8urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNDI0MTM0MzAzWhcNMzUwNDIyMTM0MzAzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAtaQMA2VAgBW3376ZoPuYg6mxmGRxRu5yu3y28rr0c42/S0OuNbQ8gfzb\nJ2k1Qirz7hFqHhHtn48Zcqcu/6l61YfDGCTQVGCP020wBwRdHOH1Dop0hq2FD7Pu\nhXgaE3Geo04zagWCiObAYsa4Yk+FJCLWoFyO4F9eRB5b8q2jpYdKMByAeEWl6mz6\nLDXpk2YjWE6B18jC2xTBhQ51ee2je7Khix9Vui/Vb9V1x8vUUy2z6eFL9JxeRsRk\nRgEppC+6bfOpbAJUH6FQPjQI9clOvZu3z+HhtwvUTZ1tLrF+Js2mpfmfgN2MWuZ+\nFFY3EuelaC1eWcFRs3jVLaQ8fYGWmQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAISL\nQzhXs1FsyTiPd+EKVfvQKY7ea9qaJ4lPSJlT4MyxtkM7FtRGjOzvlIlczjpuzCZl\nhAA1wHjno3uc20PRSrRQstcXYdeDtDz7lSqcZb0xCMqHP1oysoOIxARaNIFXoq1h\n4rCKxJ2u+drJlCCGLgiNusIFbRzpT38IU4O2EvteK1m25jOsXw3DXru5z/PQNVnmZMv6gDj4r8g7mumyy2vOPb3DNR7qn+RnJA9wqCRK\n8NxSRRvaFMas+FLrOa6AkZE955LMTph/GPU0OKtGjbtL+hULPFrcwQ8gFa6w9IQM\n1JpMR4TYdRA0Q1tgUYSexxlp4AKH0jiVe1/34CD2cLLzMakFl0rGls3IoJH1IvcQ\nl9fCKAktEh5XEBqxKIrswL59FKqDkE0UiGvXV3cmPTa4B1GbTzEL94XxV6xH7b4Z\nXqxn2b8Zs5+zLqCLXoUuEJb2gDEdw06x5dlLkNFm8qNDzSQMwyTZxgTlkRVhk3/i\n7yMwQV6AMcfb5T9IItuHGQ==q1YlM/5BJholZ1HM1Y8XRP7DwR0Cwq2DYBVYTPjvQHmDzf3S1KfYknDcV3LBY3Tc\njCMbkKFlHO4rVs5ZtnHHCygZ/jTrImz/kCCwUpKFxNnwJQ8mfXh5PSC82KzRFk7A\nKSRjSRKQCWyUI5qIUqmqbGw5mLW1Zn66PhaHvQLOi4jjja1FS0h0b9GXg0omUHBa\nFT0yl5AH3P3f5lrO1+p6q5csdEEZH5yK7OOdZ5u9UmNvkgg4j3oXXyvKGzIMHar9\n7598h3Y3zrbI1/HHO+nAwiNAy7l36+m3T5bszhGHcHA/xPtTHCbVeYwKFoFiniR6\nhhV9P9jPw3r8nO6A/Sl7tBzH1P85uNulz65KwndU1R8xdUhlu7Dn9DutY6MRUS7y\nWrLrB24BPgQzyHVt0FVGl2ri8dXWEVw2cTT0DnGtogZXgmVBvoN9vCALi+7i47p3\nNE6LEecq/Anaa8MHEfQ+8uBXHb/4zs21N5NCaMeHLycHVeVQatiG2+9Fs6VV1P/R\nqCqZIk8/x2Iughy/29AbKApreIs6l/WqY5kKtPKEcH9aiQpnYOk7IT9lbz8An9uF\nK4SJNB1JQzSOnWpeVD/mk5JDTlIvosW1NzO9qUUrTXm/JP3W2OCFfVx8ZxRd168l\n+ves8/cuZLg96KSZRCcvCP3EfhmcPG0oMpjtDP/174mnMVUKM8NlXmY8xuVNyVFf\nqyrTbkYniliQgwJasd8sTSTjEVgVJF+HKVy08eXZ1/Ki3sNgpUrRGYhKuu+E+r6B\nPxdo2t4mi+o5ZuwavGpDPttzEMg0Kv7d5Tp+gi5Iu69OIbvljPoN+jHca+MF9DGS\nZSO9My5L1RLmSFOrZk1UCRN+kBTMa9JZpbU+MXmHxHcly1vo5kyl5ahkOv+IlSGi\nqlgA0aJx9+WOU0fo736Vq1X7wj844VwGOdprJnnT+DoI5iiwt3D/kcoi16QBITHU\nB8DFbfQBB2yrSdl8LO3hgilDerR9mY/nnqdYGAB1cMiRM2GviWJWufnQsj2wEkBq\nLnHTbluutVC2peFIQ6Q1uBOhUCF7WAybjSbLNX8e1oqpovl6ryoVUjhgW9Dt4f91\nu4Jc87byuCG0h4qhVhL35Ad/MuJlNsWEo6qUUydeunvCl3vz57ZqA8bNYI3P4Eux\nk30+9ZCnTbMhlDfAxNTsdZYvyaA2e4BhjRwglNU5pPvW0BfNEeLH9YtOJIr/KpvM\niJCN9YSsU1X++kNt7cjMBUGP58x5i/NZTQ1GxkkXMgVYon+9METItVrXHoZbJ7Xk\n7IXxX+Z0QKkYEdHAOloop6VptEXmC6NfYLS0buzYlh67hGolke68GwI3sIDtmqs0\nEmb/7LGPfTya4r5t26c7UE6NZ0DcJNgJFcqB7j4cHLLYIHvj3iYeATC9Cg5Oms07\nAN//88MfEfpOiol6ZkkAR8LuPXHqo33tk5Mn4wY0i5w3sxBvYx/Yn8X9mCn0h1X8\n3CY04i2sN3KAlBrfYG0wdB68X7ua04+8jSOfoLlfERpsVlL8+gZyrhR1Mi/GErPV\n/8pFwWTzA8M7PDhiuqg9yiB+u7XwIiOuFjTBYeSihePQ4XEjj6XdJg13sf0tXdDa\nreLR9TWSoPL2STqPyUvkPKS7k7ZJTv821+y85zruxDbjTkzvxHYO7SASG61V1ZM6\ncBLt0eyeRkg6VUuJu6qxA2CDWg2C+JY6VGuXKs+yubumtPRPLG7tWVr3X9JnUy8u\nIAtBh+vZgbODgc98uSWsEEjxPJZf6yTw0KhYi/uWyN6JCjzpZfr0SNdArLTq7Y1P\nfEiwdZeaS4CiufBF8B0GTWYtsIHMJh1yGplFeBz6tQ6EPVNCl+7CoDKoUTtGWo02\nPwdiyNPegGEnJ8ecitas/E9w1IUAkQ1B9LCa9tKQYbPpRgeIupa2ipUrEphgqXNt\n70Dz2mF2qfjOIeNBzCrnmo1jcphZn7y7utHF/CB1ODiZ11VMETJa3GMvpiJpI/+T\nrP2xnxTmHSl5DtT5wZ7L9hnDk11XCHhRHAkOoTnLpSgDUC1BD6V6hfRQs/QVBzVE\nclrqqufk9Mwr/czFQJ3iKJ+gtmBDO/SCghc49gnvUqk8yC4ceuvPvp8c/7GT7fZR\nabn/6yf9sU/46efenvESx/3iksuuN1zxNn8evieFkAof9I1Y8tvEXxoSEJCiJJEi\nMxm78nuq0ggFEBmUCXzsJHlmrnJAlaxgE2NdTGfQG2ZojTYye7+f6SMoJKbgmozt\nZxYpgRuVIoLB2eYiPbnJR6m0CEfslxdpINg3dnRrSG7yzoSy+3SI4Jw8CJRIj8tU\ngmy7hcs4IJPMINP9H4Acfm/VJI8hhw/E1Z7+rrSDzEcHZ4Eji5N5pAA4y+ytubVF\nAgKK5XRKozkefUSDtnAFaAjVvfgT01hTQqVLIziPZxR8PMFp5wME/A==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-5c7kc0av1m9usdomb' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-5c7kc0av1m9usdomb', '--output', '/tmp/tmpkdtmu4la.xml', '/tmp/tmpl70slm94.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpl70slm94.xml" output= ____________________ TestClientNonAsciiAva.test_response_7 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=0c0d0e9ee5fb2e98b88ad423cc8126d03b1dfeb7fc1d731228b9918c0efccd61urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-NC8iilRF5dITdMgpL' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp5l9er5vv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp5l9er5vv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_7(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypted_advice_attributes=True, ) tests/test_51_client.py:2335: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=0c0d0e9ee5fb2e98b88ad423cc8126d03b1dfeb7fc1d731228b9918c0efccd61urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-NC8iilRF5dITdMgpL' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-NC8iilRF5dITdMgpL', '--output', '/tmp/tmpfisxyf8b.xml', '/tmp/tmp5l9er5vv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp5l9er5vv.xml" output= ____________________ TestClientNonAsciiAva.test_response_8 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=c1e29225c3e5928cbb49b4c0cef001d42fbbce9a995c36302e366b6c26654b55urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-y3paDVxnJD9o7hygw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp_njyjstg.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp_njyjstg.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_8(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:2373: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=c1e29225c3e5928cbb49b4c0cef001d42fbbce9a995c36302e366b6c26654b55urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-y3paDVxnJD9o7hygw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-y3paDVxnJD9o7hygw', '--output', '/tmp/tmphg0u0c9r.xml', '/tmp/tmp_njyjstg.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp_njyjstg.xml" output= ____________ TestClientNonAsciiAva.test_sign_then_encrypt_assertion ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-5fNNG8VuwOmt9RUgo' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpzt8ab24w.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpzt8ab24w.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion(self): # Begin with the IdPs side _sec = self.server.sec assertion = s_utils.assertion_factory( subject=factory(saml.Subject, text="_aaa", name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)), attribute_statement=do_attribute_statement( { ("", "", "sn"): ("Jeter", ""), ("", "", "givenName"): ("Derek", ""), } ), issuer=self.server._issuer(), ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id ) tests/test_51_client.py:2557: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-5fNNG8VuwOmt9RUgo' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-5fNNG8VuwOmt9RUgo', '--output', '/tmp/tmp7bvrhayw.xml', '/tmp/tmpzt8ab24w.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpzt8ab24w.xml" output= ___________ TestClientNonAsciiAva.test_sign_then_encrypt_assertion2 ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Fuhc5phnmB6yF1w7g' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpvy0wk7dl.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpvy0wk7dl.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Dave", "sn": "Concepción"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=self.client.sec.key_file, node_id=assertion.id ) tests/test_51_client.py:2628: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Fuhc5phnmB6yF1w7g' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Fuhc5phnmB6yF1w7g', '--output', '/tmp/tmpgh2448lx.xml', '/tmp/tmpvy0wk7dl.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpvy0wk7dl.xml" output= _______ TestClientNonAsciiAva.test_sign_then_encrypt_assertion_advice_1 ________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ORPxuPKAtFs19hJoG' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpqww01a09.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpqww01a09.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_1(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Dave", "sn": "Concepción"}) subject_confirmation_specs = { "recipient": "http://lingon.catalogix.se:8087/", "in_response_to": "_012345", "subject_confirmation_method": saml.SCM_BEARER, } name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), name_id=name_id, authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"}) a_assertion = a_asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion.signature = sigver.pre_signature_part(a_assertion.id, _sec.my_cert, 1) assertion.advice = Advice() assertion.advice.encrypted_assertion = [] assertion.advice.encrypted_assertion.append(EncryptedAssertion()) assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion.append(assertion) > response = _sec.sign_statement( f"{response}", class_name(a_assertion), key_file=self.client.sec.key_file, node_id=a_assertion.id ) tests/test_51_client.py:2730: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ORPxuPKAtFs19hJoG' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ORPxuPKAtFs19hJoG', '--output', '/tmp/tmpk4qbo02y.xml', '/tmp/tmpqww01a09.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpqww01a09.xml" output= _______ TestClientNonAsciiAva.test_sign_then_encrypt_assertion_advice_2 ________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDave' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-UrD1vQ29Q1isGaWWk' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpk5dbakjq.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpk5dbakjq.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_2(self): # Begin with the IdPs side _sec = self.server.sec asser_1 = Assertion({"givenName": "Dave"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) assertion_1 = asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) asser_2 = Assertion({"sn": "Concepción"}) assertion_2 = asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_1 = Assertion({"uid": "test01"}) a_assertion_1 = a_asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_2 = Assertion({"email": "test.testsson@test.se"}) a_assertion_2 = a_asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_3 = Assertion({"street": "street"}) a_assertion_3 = a_asser_3.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_4 = Assertion({"title": "title"}) a_assertion_4 = a_asser_4.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion_1.signature = sigver.pre_signature_part(a_assertion_1.id, _sec.my_cert, 1) a_assertion_2.signature = sigver.pre_signature_part(a_assertion_2.id, _sec.my_cert, 1) a_assertion_3.signature = sigver.pre_signature_part(a_assertion_3.id, _sec.my_cert, 1) a_assertion_4.signature = sigver.pre_signature_part(a_assertion_4.id, _sec.my_cert, 1) assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1) assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion = assertion_1 response.assertion.advice = Advice() response.assertion.advice.encrypted_assertion = [] response.assertion.advice.encrypted_assertion.append(EncryptedAssertion()) response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1) advice_tag = response.assertion.advice._to_element_tree().tag assertion_tag = a_assertion_1._to_element_tree().tag response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion( assertion_tag, advice_tag ) > response = _sec.sign_statement( f"{response}", class_name(a_assertion_1), key_file=self.server.sec.key_file, node_id=a_assertion_1.id ) tests/test_51_client.py:2890: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDave' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-UrD1vQ29Q1isGaWWk' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-UrD1vQ29Q1isGaWWk', '--output', '/tmp/tmpob47xz1v.xml', '/tmp/tmpk5dbakjq.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpk5dbakjq.xml" output= _____________ TestClientNonAsciiAva.test_do_logout_signed_redirect _____________ self = def test_do_logout_signed_redirect(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT ) tests/test_51_client.py:3066: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVJLa8JAEP4ry941a9Q2DDEgSIvgA6300NuajHXpZifdmRT770tSDwXBQ08Dw%2FccJg9sYEXv1MoeP1tkUZfaB4bAZqbbGIAsO4Zga2SQEl7m6xWkQwNNJKGSvL4S2Nb%2BPsMyYxRHQavlYqZdNTjanfmosufHL3PEdTtutHrFyI7CTKdDo9WSucVlYLFBZjo16XRgJoN0chiNYTIGM33TaoEsLljpWWeRBpLEU2n9mVggM1mWsCet9mi5gxxcxEqrDck2bOP8JBhvpLNeusi7UtCHiOqJYm3lfsVu46rBqYcCBnHyrYuOUdsSAS%2B2bjwOS6r7e0Ekb0MF3OTJH6ur78bWuFyobuxa693JdUlPRPofWSTawA6D6GKUjifTh6vjr0mRJzePUPwA&RelayState=id-baQ0kd8G7v0beMu3p%7C1745502185%7Ca88f9b2d6ecbd37edcdf1024a902b4b3aae3b40c&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm __________________ TestClientNonAsciiAva.test_do_logout_post ___________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-BgZ0CXHAGOvKAtDU3' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmp_dnnac5x.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp_dnnac5x.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_post(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:3102: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-BgZ0CXHAGOvKAtDU3' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-BgZ0CXHAGOvKAtDU3', '--output', '/tmp/tmpqfn7wvny.xml', '/tmp/tmp_dnnac5x.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp_dnnac5x.xml" output= _____________ TestClientNonAsciiAva.test_do_logout_session_expired _____________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-db6YPVnTcePMx128b' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmpgh2_naet.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpgh2_naet.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_session_expired(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": a_while_ago(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:3127: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-db6YPVnTcePMx128b' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-db6YPVnTcePMx128b', '--output', '/tmp/tmprv6mhegb.xml', '/tmp/tmpgh2_naet.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpgh2_naet.xml" output= ___________________ TestSignedResponse.test_signed_response ____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=0a3a00f0f49f7393627d22119f5cfe35a62d342621267297a75261a48caebe03urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-fs6q6Ty907H10GjWG' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpqqae20j4.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpqqae20j4.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): print(ds.DefaultSignature().get_digest_alg()) name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_52_default_sign_alg.py:70: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=0a3a00f0f49f7393627d22119f5cfe35a62d342621267297a75261a48caebe03urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-fs6q6Ty907H10GjWG' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-fs6q6Ty907H10GjWG', '--output', '/tmp/tmpjetuzjd8.xml', '/tmp/tmpqqae20j4.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- http://www.w3.org/2000/09/xmldsig#sha1 ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpqqae20j4.xml" output= __________________ TestSignedResponse.test_signed_response_1 ___________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=87babe5bb81a85dcbe09e4558c3f6d043c3003032311a9122b04e9d77a6c122aurn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-oR3aoV2LfYMUAtXic' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp3_8_yfv9.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp3_8_yfv9.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_52_default_sign_alg.py:87: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=87babe5bb81a85dcbe09e4558c3f6d043c3003032311a9122b04e9d77a6c122aurn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-oR3aoV2LfYMUAtXic' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-oR3aoV2LfYMUAtXic', '--output', '/tmp/tmpha4blyyx.xml', '/tmp/tmp3_8_yfv9.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp3_8_yfv9.xml" output= _____________________________________ test _____________________________________ def test(): with closing(Server(config_file=dotname("idp_all_conf"))) as idp: conf = SPConfig() conf.load_file(dotname("servera_conf")) sp = Saml2Client(conf) srvs = sp.metadata.single_sign_on_service(idp.config.entityid, BINDING_HTTP_REDIRECT) destination = srvs[0]["location"] req_id, req = sp.create_authn_request(destination, id="id1") > info = http_redirect_message( req, destination, relay_state="RS", typ="SAMLRequest", sigalg=SIG_RSA_SHA1, sign=True, backend=sp.sec.sec_backend, ) tests/test_70_redirect_signing.py:33: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=pZNRb9MwFIX%2FSuT3JiHrILLaSF0nRFGBqk152NvFuWsN8XXwvRkZv35Klok%2BQDSJV%2Ftcn8%2FHxwviVK9aOdMef7bIEnWuJtbE6VK1gbQHtqwJHLIWow%2BrT1udxalughdvfK3GAQZXT08AMwaxnlS0uV0qW83ym9Xb67D93R4%2FHrPsewcq%2BoqBraelyuJURRvmFjfEAiRLlaXZ9Sydz7J5%2BeZKz690mt%2Bp6BZZLIEMU2eRRidJ7Q3UZ8%2Bi8zTPE2afBKxsQCMq2o3kN5YqS6dp6G%2FPItYfynI32305lCpavVxk7Ylbh%2BGA4cEaPO63fwgsnTzFBgRqf7JdzNizvEsG%2FwdbYfgMDp%2FNHRjU2IFraoyNd0OYOvgaqNLcqGIxLAxphOi9Dw5kGrtfsdXsfpBqJLHyqIpXeC2SC6ti0bdjLAZWQ03WngQ7idbeNRAs96ljB0ZeKC9V6xqY93hfTPbCaNPrkPUOmH%2F5UPVPhEawKgMQNz7IyPXXw%2F%2Fft7QOD49kSv8DadIq%2BWci497lXyqeAA%3D%3D&RelayState=RS&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm ______________ TestGenerateCertificates.test_validate_cert_chains ______________ self = def test_validate_cert_chains(self): cert_info_ca = { "cn": "qwerty", "country_code": "qw", "state": "qwerty", "city": "qwerty", "organization": "qwerty", "organization_unit": "qwerty", } cert_intermediate_1_info = { "cn": "intermediate_1", "country_code": "as", "state": "asdfgh", "city": "asdfgh", "organization": "asdfgh", "organization_unit": "asdfg", } cert_intermediate_2_info = { "cn": "intermediate_2", "country_code": "as", "state": "asdfgh", "city": "asdfgh", "organization": "asdfgh", "organization_unit": "asdfg", } cert_client_cert_info = { "cn": "intermediate_1", "country_code": "as", "state": "asdfgh", "city": "asdfgh", "organization": "asdfgh", "organization_unit": "asdfg", } osw = OpenSSLWrapper() ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca, request=False) req_cert_str, intermediate_1_key_str = osw.create_certificate(cert_intermediate_1_info, request=True) intermediate_cert_1_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str) req_cert_str, intermediate_2_key_str = osw.create_certificate(cert_intermediate_2_info, request=True) intermediate_cert_2_str = osw.create_cert_signed_certificate( intermediate_cert_1_str, intermediate_1_key_str, req_cert_str ) req_cert_str, client_key_str = osw.create_certificate(cert_client_cert_info, request=True) client_cert_str = osw.create_cert_signed_certificate( intermediate_cert_2_str, intermediate_2_key_str, req_cert_str ) cert_chain = [intermediate_cert_2_str, intermediate_cert_1_str, ca_cert_str] valid, mess = osw.verify_chain(cert_chain, client_cert_str) > self.assertTrue(valid) E AssertionError: False is not true tests/test_81_certificates.py:131: AssertionError ____________ TestGenerateCertificates.test_validate_with_root_cert _____________ self = def test_validate_with_root_cert(self): cert_info_ca = { "cn": "qwerty", "country_code": "qw", "state": "qwerty", "city": "qwerty", "organization": "qwerty", "organization_unit": "qwerty", } cert_info = { "cn": "asdfgh", "country_code": "as", "state": "asdfgh", "city": "asdfgh", "organization": "asdfgh", "organization_unit": "asdfg", } osw = OpenSSLWrapper() ca_cert, ca_key = osw.create_certificate( cert_info_ca, request=False, write_to_file=True, cert_dir=f"{os.path.dirname(os.path.abspath(__file__))}/pki", ) req_cert_str, req_key_str = osw.create_certificate(cert_info, request=True) ca_cert_str = osw.read_str_from_file(ca_cert) ca_key_str = osw.read_str_from_file(ca_key) cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str) valid, mess = osw.verify(ca_cert_str, cert_str) > self.assertTrue(valid) E AssertionError: False is not true tests/test_81_certificates.py:50: AssertionError _ TestAuthnResponse.test_signed_assertion_with_random_embedded_cert_should_be_ignored _ self = mock_validate_on_or_after = @patch("saml2.response.validate_on_or_after", return_value=True) def test_signed_assertion_with_random_embedded_cert_should_be_ignored(self, mock_validate_on_or_after): """ if the embedded cert is not ignored then verification will fail """ conf = config_factory("sp", dotname("server_conf")) ar = authn_response(conf, return_addrs="https://51.15.251.81.xip.io/acs/post") ar.issue_instant_ok = Mock(return_value=True) with open(SIGNED_ASSERTION_RANDOM_EMBEDDED_CERT) as fp: xml_response = fp.read() ar.outstanding_queries = {"id-abc": "http://localhost:8088/sso"} ar.timeslack = 10000 # .loads does not check the assertion, only the response signature # use .verify to verify the contents of the response assert ar.loads(xml_response, decode=False) > assert ar.verify() tests/test_xmlsec1_key_data.py:78: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:1026: in verify if self.parse_assertion(keys): ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:918: in parse_assertion if not self._assertion(assertion, False): ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:791: in _assertion self.sec.check_signature(assertion, class_name(assertion), self.xmlstr) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1538: in check_signature return self._check_signature( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = decoded_xml = '\n\n urn:mace:example.com:saml:roland:idp\n \n \n \n \n urn:mace:example.com:saml:roland:idp\n \n \n \n \n \n \n \n \n Mo4ZheAEDvdPQwWvT5SOYZZ2IBELwtmBpdsn+Th+IvsanychWQ6JHYKTI8hl+3DigbqQwdsqet8n9sfdvr+D+Q7XozjVaFPdzUGC9d96Mn/vrc+JIP/ESoDjDUQEsoSBhUFlrbu7tPJDJehPgd/maIwd/GqEHWXFlm1ZWVCmaH8=\n \n \n MIIFLDCCBBSgAwIBAgISA3UxXAgBWRS1D74GOLiAjky6MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTAxMTcyMDIxNTNaFw0yMTA0MTcyMDIxNTNaMB4xHDAaBgNVBAMTEzUxLjE1LjI1MS44MS54aXAuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkjSN9vZDOwE1m7g1vyiwBsKBKNItyy05BcHUkM8fabBcsavugT8uE4wYz5aeZrnKb5dbDLHaZe6Dl5GHgRO8s7REwSJ/BHT3/eMaEakLwIGE5/6QSWuBjOawPfmYarW5IqoITjSt/o/jxu3haouqbr7XYf1WOuZmc6iwGnEgm0+cVB4CA0VGnnLYfsjp9iMt3pFI8a8ipdwp5lfzZU+j8JMVEn6SZhNjjTAjcakBQmZv4Q5/yU6yqfGjG47DO62xB/PPbDy78hDorER2v8UkoDTGV4aZrZaNltHBUxNohIiQnkhuakMmbf0NhA2ExBJw6KTCCxfYkyUX3CgYzaAnxAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHD7gcF0sNITPqhwcUlFyOBrkxRFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEzUxLjE1LjI1MS44MS54aXAuaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXcSOcqvAAAEAwBGMEQCIFhvPWYY+2VO55bHO1Sa9zJQk7B1kvCi7sfDCxAYp7mEAiBTKx6XD0GkfNGhji0LGuelvfD7gZOUSzURlJW1ahYcgQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdxI5yq4AAAQDAEgwRgIhAONNwcNZ66IxsWcUNDS0B9KV8Kk4VS9b/wUFNBHAQl3SAiEAxO5GwgaK3glL/6L/J7qpiedJBAs3h5406MWC0v4uYZ8wDQYJKoZIhvcNAQELBQADggEBAAZgbgfOb4+uI9kMGF4fMiompHeUFDXGyIND6y4FsfWHJG4Fn3aG+VQN/UtHeO8UusjS13/2yw3O+PeNTstBl+q6Ssega8zTYx2j3h3RFqM9JR8SWa83B0UTgyaxX3PTmfegV4/RZxC7KQ8pqjcLwKJSTgZF6W40Jo16tKVoi0VQY/2Gre6E9D1tPVw//mDGJST/5IcbFvtr79uft76IA+T674qNgAriBKxWncSbGzE42w2QsYsGMHHJn3vKbNl7alll9eJBqvdi1Q7ay86oI7NDQ0PPwjnB0/i4BOO0qQBcBSUIPPEChcrooEqN9PwM20aoyIjje0rtDGSxnEQRrg0=\n MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==\n \n \n \n \n attack-name-id\n \n \n \n \n \n \n urn:mace:example.com:saml:roland:sp\n \n \n \n \n urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified\n \n \n \n\n' item = node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' origdoc = '\n\n urn:mace:example.com:saml:roland:idp\n \n \n \n \n urn:mace:example.com:saml:roland:idp\n \n \n \n \n \n \n Mo4ZheAEDvdPQwWvT5SOYZZ2IBELwtmBpdsn+Th+IvsanychWQ6JHYKTI8hl+3DigbqQwdsqet8n9sfdvr+D+Q7XozjVaFPdzUGC9d96Mn/vrc+JIP/ESoDjDUQEsoSBhUFlrbu7tPJDJehPgd/maIwd/GqEHWXFlm1ZWVCmaH8=\n \n \n MIIFLDCCBBSgAwIBAgISA3UxXAgBWRS1D74GOLiAjky6MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTAxMTcyMDIxNTNaFw0yMTA0MTcyMDIxNTNaMB4xHDAaBgNVBAMTEzUxLjE1LjI1MS44MS54aXAuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkjSN9vZDOwE1m7g1vyiwBsKBKNItyy05BcHUkM8fabBcsavugT8uE4wYz5aeZrnKb5dbDLHaZe6Dl5GHgRO8s7REwSJ/BHT3/eMaEakLwIGE5/6QSWuBjOawPfmYarW5IqoITjSt/o/jxu3haouqbr7XYf1WOuZmc6iwGnEgm0+cVB4CA0VGnnLYfsjp9iMt3pFI8a8ipdwp5lfzZU+j8JMVEn6SZhNjjTAjcakBQmZv4Q5/yU6yqfGjG47DO62xB/PPbDy78hDorER2v8UkoDTGV4aZrZaNltHBUxNohIiQnkhuakMmbf0NhA2ExBJw6KTCCxfYkyUX3CgYzaAnxAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHD7gcF0sNITPqhwcUlFyOBrkxRFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEzUxLjE1LjI1MS44MS54aXAuaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXcSOcqvAAAEAwBGMEQCIFhvPWYY+2VO55bHO1Sa9zJQk7B1kvCi7sfDCxAYp7mEAiBTKx6XD0GkfNGhji0LGuelvfD7gZOUSzURlJW1ahYcgQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdxI5yq4AAAQDAEgwRgIhAONNwcNZ66IxsWcUNDS0B9KV8Kk4VS9b/wUFNBHAQl3SAiEAxO5GwgaK3glL/6L/J7qpiedJBAs3h5406MWC0v4uYZ8wDQYJKoZIhvcNAQELBQADggEBAAZgbgfOb4+uI9kMGF4fMiompHeUFDXGyIND6y4FsfWHJG4Fn3aG+VQN/UtHeO8UusjS13/2yw3O+PeNTstBl+q6Ssega8zTYx2j3h3RFqM9JR8SWa83B0UTgyaxX3PTmfegV4/RZxC7KQ8pqjcLwKJSTgZF6W40Jo16tKVoi0VQY/2Gre6E9D1tPVw//mDGJST/5IcbFvtr79uft76IA+T674qNgAriBKxWncSbGzE42w2QsYsGMHHJn3vKbNl7alll9eJBqvdi1Q7ay86oI7NDQ0PPwjnB0/i4BOO0qQBcBSUIPPEChcrooEqN9PwM20aoyIjje0rtDGSxnEQRrg0=\n MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==\n \n \n \n \n attack-name-id\n \n \n \n \n \n \n urn:mace:example.com:saml:roland:sp\n \n \n \n \n urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified\n \n \n \n\n' must = False, only_valid_cert = False, issuer = None def _check_signature( self, decoded_xml, item, node_name=NODE_NAME, origdoc=None, must=False, only_valid_cert=False, issuer=None ): try: _issuer = item.issuer.text.strip() except AttributeError: _issuer = None if _issuer is None: try: _issuer = issuer.text.strip() except AttributeError: _issuer = None # More trust in certs from metadata then certs in the XML document if self.metadata: try: _certs = self.metadata.certs(_issuer, "any", "signing") except KeyError: _certs = [] certs = [] for cert_name, cert in _certs: if isinstance(cert, str): content = pem_format(cert) tmp = make_temp(content, suffix=".pem", decode=False, delete_tmpfiles=self.delete_tmpfiles) certs.append(tmp) else: certs.append(cert) else: certs = [] if not certs and not self.only_use_keys_in_metadata: logger.debug("==== Certs from instance ====") certs = [ make_temp(content=pem_format(cert), suffix=".pem", decode=False, delete_tmpfiles=self.delete_tmpfiles) for cert in cert_from_instance(item) ] else: logger.debug("==== Certs from metadata ==== %s: %s ====", _issuer, certs) if not certs: raise MissingKey(_issuer) try: validate_doc_with_schema(str(item)) except XMLSchemaError as e: error_context = { "message": "Signature verification failed. Invalid document format.", "reason": str(e), "ID": item.id, "issuer": _issuer, "type": node_name, "document": decoded_xml, } raise SignatureError(error_context) from e # saml-core section "5.4 XML Signature Profile" defines constrains on the # xmldsig-core facilities. It explicitly dictates that enveloped signatures # are the only signatures allowed. This means that: # * Assertion/RequestType/ResponseType elements must have an ID attribute # * signatures must have a single Reference element # * the Reference element must have a URI attribute # * the URI attribute contains an anchor # * the anchor points to the enclosing element's ID attribute signed_info = item.signature.signed_info references = signed_info.reference signatures_must_have_a_single_reference_element = len(references) == 1 the_Reference_element_must_have_a_URI_attribute = signatures_must_have_a_single_reference_element and hasattr( references[0], "uri" ) the_URI_attribute_contains_an_anchor = ( the_Reference_element_must_have_a_URI_attribute and references[0].uri.startswith("#") and len(references[0].uri) > 1 ) the_anchor_points_to_the_enclosing_element_ID_attribute = ( the_URI_attribute_contains_an_anchor and references[0].uri == f"#{item.id}" ) # SAML implementations SHOULD use Exclusive Canonicalization, # with or without comments canonicalization_method_is_c14n = signed_info.canonicalization_method.algorithm in ALLOWED_CANONICALIZATIONS # Signatures in SAML messages SHOULD NOT contain transforms other than the # - enveloped signature transform # (with the identifier http://www.w3.org/2000/09/xmldsig#enveloped-signature) # - or the exclusive canonicalization transforms # (with the identifier http://www.w3.org/2001/10/xml-exc-c14n# # or http://www.w3.org/2001/10/xml-exc-c14n#WithComments). transform_algos = [transform.algorithm for transform in references[0].transforms.transform] tranform_algos_valid = ALLOWED_TRANSFORMS.intersection(transform_algos) transform_algos_n = len(transform_algos) tranform_algos_valid_n = len(tranform_algos_valid) the_number_of_transforms_is_one_or_two = ( signatures_must_have_a_single_reference_element and 1 <= transform_algos_n <= 2 ) all_transform_algs_are_allowed = ( the_number_of_transforms_is_one_or_two and transform_algos_n == tranform_algos_valid_n ) the_enveloped_signature_transform_is_defined = ( the_number_of_transforms_is_one_or_two and TRANSFORM_ENVELOPED in transform_algos ) # The element is not defined for use with SAML signatures, # and SHOULD NOT be present. # Since it can be used in service of an attacker by carrying unsigned data, # verifiers SHOULD reject signatures that contain a element. object_element_is_not_present = not item.signature.object validators = { "signatures must have a single reference element": (signatures_must_have_a_single_reference_element), "the Reference element must have a URI attribute": (the_Reference_element_must_have_a_URI_attribute), "the URI attribute contains an anchor": (the_URI_attribute_contains_an_anchor), "the anchor points to the enclosing element ID attribute": ( the_anchor_points_to_the_enclosing_element_ID_attribute ), "canonicalization method is c14n": canonicalization_method_is_c14n, "the number of transforms is one or two": (the_number_of_transforms_is_one_or_two), "all transform algs are allowed": all_transform_algs_are_allowed, "the enveloped signature transform is defined": (the_enveloped_signature_transform_is_defined), "object element is not present": object_element_is_not_present, } if not all(validators.values()): error_context = { "message": "Signature failed to meet constraints on xmldsig", "validators": validators, "item ID": item.id, "reference URI": item.signature.signed_info.reference[0].uri, "issuer": _issuer, "node name": node_name, "xml document": decoded_xml, } raise SignatureError(error_context) verified = False last_pem_file = None for pem_fd in certs: try: last_pem_file = pem_fd.name if self.verify_signature( decoded_xml, pem_fd.name, node_name=node_name, node_id=item.id, ): verified = True break except XmlsecError as exc: logger.error("check_sig: %s", str(exc)) except Exception as exc: logger.error("check_sig: %s", str(exc)) raise if verified or only_valid_cert: if not self.cert_handler.verify_cert(last_pem_file): raise CertificateError("Invalid certificate!") else: > raise SignatureError("Failed to verify signature") E saml2.sigver.SignatureError: Failed to verify signature ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1525: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLEvpSignatureVerify:file=evp_signatures.c:line=449:obj=rsa-sha1:subj=EVP_VerifyFinal_ex:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformVerifyNodeContent:file=transforms.c:line=1544:obj=rsa-sha1:subj=xmlSecTransformVerify:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=367:obj=unknown:subj=xmlSecTransformVerifyNodeContent:error=1:xmlsec library function failed: Error: signature failed ERROR SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 Error: failed to verify file "/tmp/tmpjvleu12q.xml" output= ERROR saml2.sigver:sigver.py:1516 check_sig: ['/usr/bin/xmlsec1', '--verify', '--enabled-reference-uris', 'empty,same-doc', '--enabled-key-data', 'raw-x509-cert', '--pubkey-cert-pem', '/tmp/tmp9c698fce.pem', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'the-assertion-id', '--output', '/tmp/tmp4om04_n4.xml', '/tmp/tmpjvleu12q.xml'] ERROR saml2.response:response.py:793 correctly_signed_response: Failed to verify signature =============================== warnings summary =============================== tests/test_10_time_util.py: 2 warnings tests/test_20_assertion.py: 6 warnings tests/test_32_cache.py: 5 warnings tests/test_34_population.py: 4 warnings tests/test_41_response.py: 4 warnings tests/test_42_enc.py: 6 warnings tests/test_44_authnresp.py: 4 warnings tests/test_50_server.py: 152 warnings tests/test_51_client.py: 145 warnings tests/test_52_default_sign_alg.py: 6 warnings tests/test_62_vo.py: 2 warnings tests/test_63_ecp.py: 5 warnings tests/test_64_artifact.py: 4 warnings tests/test_65_authn_query.py: 7 warnings tests/test_66_name_id_mapping.py: 2 warnings tests/test_67_manage_name_id.py: 3 warnings tests/test_68_assertion_id.py: 4 warnings tests/test_89_http_post_relay_state.py: 2 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/time_util.py:177: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). return datetime.utcnow() + delta tests/test_50_server.py: 7 warnings tests/test_51_client.py: 27 warnings tests/test_63_ecp.py: 3 warnings tests/test_64_artifact.py: 2 warnings tests/test_65_authn_query.py: 5 warnings tests/test_66_name_id_mapping.py: 2 warnings tests/test_67_manage_name_id.py: 3 warnings tests/test_68_assertion_id.py: 2 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/time_util.py:187: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). return datetime.utcnow() - delta tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 10 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:141: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. cert = crypto.X509Req() tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 10 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:161: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. tmp_cert = crypto.dump_certificate_request(crypto.FILETYPE_PEM, cert) tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 10 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:246: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. req_cert = crypto.load_certificate_request(crypto.FILETYPE_PEM, request_cert_str) tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 10 warnings /usr/lib/python3.13/site-packages/OpenSSL/crypto.py:2434: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. x509req = X509Req.__new__(X509Req) tests/test_50_server.py: 4 warnings tests/test_81_certificates.py: 11 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:281: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). now = pytz.UTC.localize(datetime.datetime.utcnow()) tests/test_92_aes.py: 35 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/symmetric.py:124: DeprecationWarning: AESCipher type is deprecated. It will be removed in the next version. Use saml2.cryptography.symmetric.Default or saml2.cryptography.symmetric.Fernet instead. _warn(_deprecation_msg, DeprecationWarning) -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html =========================== short test summary info ============================ SKIPPED [1] tests/test_37_entity_categories.py:296: Temporarily disabled SKIPPED [1] tests/test_37_entity_categories.py:325: Temporarily disabled SKIPPED [1] tests/test_37_entity_categories.py:358: Temporarily disabled SKIPPED [1] tests/test_40_sigver.py:101: pyasn1 is not installed SKIPPED [1] tests/test_60_sp.py:59: s2repoze dependencies not installed SKIPPED [1] tests/test_60_sp.py:62: s2repoze dependencies not installed ERROR tests/test_41_response.py::TestResponse::test_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xGR8O8spgKeyyz7wm', '--output', '/tmp/tmpa9bu7hcc.xml', '/tmp/tmpkhhzvdiv.xml'] ERROR tests/test_41_response.py::TestResponse::test_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xGR8O8spgKeyyz7wm', '--output', '/tmp/tmpa9bu7hcc.xml', '/tmp/tmpkhhzvdiv.xml'] ERROR tests/test_41_response.py::TestResponse::test_issuer_none - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xGR8O8spgKeyyz7wm', '--output', '/tmp/tmpa9bu7hcc.xml', '/tmp/tmpkhhzvdiv.xml'] ERROR tests/test_41_response.py::TestResponse::test_false_sign - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xGR8O8spgKeyyz7wm', '--output', '/tmp/tmpa9bu7hcc.xml', '/tmp/tmpkhhzvdiv.xml'] ERROR tests/test_41_response.py::TestResponse::test_other_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xGR8O8spgKeyyz7wm', '--output', '/tmp/tmpa9bu7hcc.xml', '/tmp/tmpkhhzvdiv.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_signed_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_parse_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_w_authn - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_unpack_nested_eptid - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_multiple_attribute_statement - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-91I2HyEP3hZY2FR1I', '--output', '/tmp/tmpmoojttqp.xml', '/tmp/tmp55yol6m0.xml'] FAILED tests/test_39_metadata.py::test_signed_metadata_proper_str_bytes_handling - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', '--output', '/tmp/tmppmonp1yd.xml', '/tmp/tmp1nu81kmx.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpxvx1p66z.xml', '/tmp/tmp2n5m21qc.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp2uv07cy3.xml', '/tmp/tmpcburdyx0.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmprkzspvz_.xml', '/tmp/tmpjhdw9tn9.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp9z76gvhq.xml', '/tmp/tmp400miry2.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmp0njnh_dc.xml', '/tmp/tmpr8o8oh8i.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmphj0ogb55.xml', '/tmp/tmphn_8_xem.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpgq8szcep.xml', '/tmp/tmp5w56du0a.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify_assertion_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmpmtpfu36h.xml', '/tmp/tmpeay3wfvb.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_exception_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpy5i3xqz5.xml', '/tmp/tmpu_s_ftm8.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp1uu0pv6t.xml', '/tmp/tmpcehy687q.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp_ptcy2e_.xml', '/tmp/tmprm99b8fw.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpz10u_zy5.xml', '/tmp/tmp5cloma52.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpl5axvod_.xml', '/tmp/tmpcj_r2e_l.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmplucwpygw.xml', '/tmp/tmpdb9wmb2w.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp34_ylr84.xml', '/tmp/tmporxbxmmv.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp662y8rzd.xml', '/tmp/tmpawu8cpap.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_assertion_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmpd75gmia2.xml', '/tmp/tmpkmahxdvd.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_exception_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmp6bjukta9.xml', '/tmp/tmpju0yqmpv.xml'] FAILED tests/test_40_sigver.py::test_xbox - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpi9vj5buy.xml', '/tmp/tmpl1ms3pii.xml'] FAILED tests/test_40_sigver.py::test_xbox_non_ascii_ava - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpezatgr15.xml', '/tmp/tmpiqyzulyx.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xZWNvBsgJNSpZYvAS', '--output', '/tmp/tmparngu_va.xml', '/tmp/tmp1_icmcik.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-3xx5Qw7LcrxzlVbYz', '--output', '/tmp/tmpet7_cbqa.xml', '/tmp/tmplpno6lz8.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-6h17byNnGWs2k4uIZ', '--output', '/tmp/tmp1cfhcnyr.xml', '/tmp/tmpwygmi6br.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-AMp8OgbwxrIeobVMP', '--output', '/tmp/tmpvlx80fru.xml', '/tmp/tmptsn05l3j.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-noR4NMXAApxcX3rFl', '--output', '/tmp/tmp006x9tuc.xml', '/tmp/tmpgjy9huxc.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-sKN2u5ldx96lAWf0Q', '--output', '/tmp/tmpsqtmyveb.xml', '/tmp/tmp1_rkz124.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-mMn3qRSX3ZgPEjyEE', '--output', '/tmp/tmpjj9nw3p8.xml', '/tmp/tmp003ljyi6.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-WA7zugKd06RKNY16F', '--output', '/tmp/tmp_6_g_1ed.xml', '/tmp/tmpp7tclcuo.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_response_6 - saml2.cert.CertificateError: Invalid certificate for encryption! FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-r0LkdeiD3pje4WXEO', '--output', '/tmp/tmp0qpg0cqi.xml', '/tmp/tmp0dvjbvsl.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-T5sSMhPQA9cRTwfos', '--output', '/tmp/tmp432bfjsa.xml', '/tmp/tmpv301bc9g.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-Rs7hPmfYd8sQk4t9s', '--output', '/tmp/tmplbr7vaz3.xml', '/tmp/tmpkn0_2uxr.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-oIYSvBgoN8ZOg2FNb', '--output', '/tmp/tmptfjmgzno.xml', '/tmp/tmp66t3c6rk.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yaFuhLTc3jcvsMO7e', '--output', '/tmp/tmphdacifju.xml', '/tmp/tmp9r5hhsgq.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-Dit4m3VsKqStL4QTH', '--output', '/tmp/tmpcgdhw2ky.xml', '/tmp/tmpvb3q3w2w.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-YkrRsq58r13ODawcY', '--output', '/tmp/tmpv87vi_h8.xml', '/tmp/tmp5ewrywdr.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-k6yEbtrYRoTSO76L6', '--output', '/tmp/tmp0ae19tzn.xml', '/tmp/tmpr5eveldc.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 - saml2.cert.CertificateError: Invalid certificate for encryption! FAILED tests/test_51_client.py::TestClient::test_sign_auth_request_0 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpw9ookn4f.xml', '/tmp/tmp37otdhz0.xml'] FAILED tests/test_51_client.py::TestClient::test_logout_response - saml2.SAMLError: {'message': 'No supported bindings found to create LogoutResponse', 'issuer': 'urn:mace:example.com:saml:roland:idp', 'response_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']} FAILED tests/test_51_client.py::TestClient::test_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-XpzHlptGf5ow4eFiB', '--output', '/tmp/tmpvef38rv8.xml', '/tmp/tmpihyai__p.xml'] FAILED tests/test_51_client.py::TestClient::test_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-R8hcK7cJMeNkE4ADQ', '--output', '/tmp/tmpkhhqjf7f.xml', '/tmp/tmp45scl3uh.xml'] FAILED tests/test_51_client.py::TestClient::test_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-eCXR0Ca4OmnkXEL4Z', '--output', '/tmp/tmpe5aizz_5.xml', '/tmp/tmpglyh8rza.xml'] FAILED tests/test_51_client.py::TestClient::test_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-d6sutXvzZzWkNHbcT', '--output', '/tmp/tmp6s5z9bul.xml', '/tmp/tmppgz0f6kv.xml'] FAILED tests/test_51_client.py::TestClient::test_response_5 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-LhBxqjwdWerkpbUps', '--output', '/tmp/tmpp370cta1.xml', '/tmp/tmp9wstfyv1.xml'] FAILED tests/test_51_client.py::TestClient::test_response_6 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-axUJXYddHPcj49z2a', '--output', '/tmp/tmp8zlgor2p.xml', '/tmp/tmpurjkwmko.xml'] FAILED tests/test_51_client.py::TestClient::test_response_7 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-oMAASob8I94rC7jTW', '--output', '/tmp/tmpsln3rp5o.xml', '/tmp/tmpceo3ndx8.xml'] FAILED tests/test_51_client.py::TestClient::test_response_8 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-vorViEYF2CMv6cBBF', '--output', '/tmp/tmpfy5xx86n.xml', '/tmp/tmpxxndlmik.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-3tNzZrlA6OOLmU4n3', '--output', '/tmp/tmpob5s3kar.xml', '/tmp/tmpxc5to1j2.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-rPR4yFFSCcpQ6o5W1', '--output', '/tmp/tmppcfy9hwi.xml', '/tmp/tmppxmu3i0n.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-MzEHz2b67yc7DVCFi', '--output', '/tmp/tmphjugqdlb.xml', '/tmp/tmpggtb9tq4.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-DRrZsRLGXFbChAOKJ', '--output', '/tmp/tmpo1o5wwgk.xml', '/tmp/tmproj15izj.xml'] FAILED tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_signed_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_post - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-llAN6iFVcdEagpG7X', '--output', '/tmp/tmpo4yl3kkr.xml', '/tmp/tmppx_too4r.xml'] FAILED tests/test_51_client.py::TestClient::test_do_logout_session_expired - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-UMaBixNnJUDYvz3vT', '--output', '/tmp/tmpupu2waog.xml', '/tmp/tmpze26uxct.xml'] FAILED tests/test_51_client.py::TestClient::test_signature_wants - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-ko3Aw8zUfK2P01w5j', '--output', '/tmp/tmpyxhw02uz.xml', '/tmp/tmpcjqy2v2p.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpc04yb44p.xml', '/tmp/tmp2l6vm_l8.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-6BEiOjWpGMYZYHM1A', '--output', '/tmp/tmpfe4kh3af.xml', '/tmp/tmpz50ts0tw.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-9qGkQqVMIfmgh4VP7', '--output', '/tmp/tmp1isjnbhe.xml', '/tmp/tmpaco0ml_3.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-G3p8LE06ecKUVx4oB', '--output', '/tmp/tmp6smjobii.xml', '/tmp/tmpruabnubr.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sdj7g13QNoEYaC4Ks', '--output', '/tmp/tmpyf0a1mhv.xml', '/tmp/tmpu5ku_4s6.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-TcxBveQHb26LwCBJJ', '--output', '/tmp/tmpv5pfl9mv.xml', '/tmp/tmpg3qd8iko.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-5c7kc0av1m9usdomb', '--output', '/tmp/tmpkdtmu4la.xml', '/tmp/tmpl70slm94.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-NC8iilRF5dITdMgpL', '--output', '/tmp/tmpfisxyf8b.xml', '/tmp/tmp5l9er5vv.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-y3paDVxnJD9o7hygw', '--output', '/tmp/tmphg0u0c9r.xml', '/tmp/tmp_njyjstg.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-5fNNG8VuwOmt9RUgo', '--output', '/tmp/tmp7bvrhayw.xml', '/tmp/tmpzt8ab24w.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Fuhc5phnmB6yF1w7g', '--output', '/tmp/tmpgh2448lx.xml', '/tmp/tmpvy0wk7dl.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ORPxuPKAtFs19hJoG', '--output', '/tmp/tmpk4qbo02y.xml', '/tmp/tmpqww01a09.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-UrD1vQ29Q1isGaWWk', '--output', '/tmp/tmpob47xz1v.xml', '/tmp/tmpk5dbakjq.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-BgZ0CXHAGOvKAtDU3', '--output', '/tmp/tmpqfn7wvny.xml', '/tmp/tmp_dnnac5x.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-db6YPVnTcePMx128b', '--output', '/tmp/tmprv6mhegb.xml', '/tmp/tmpgh2_naet.xml'] FAILED tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-fs6q6Ty907H10GjWG', '--output', '/tmp/tmpjetuzjd8.xml', '/tmp/tmpqqae20j4.xml'] FAILED tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-oR3aoV2LfYMUAtXic', '--output', '/tmp/tmpha4blyyx.xml', '/tmp/tmp3_8_yfv9.xml'] FAILED tests/test_70_redirect_signing.py::test - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains - AssertionError: False is not true FAILED tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert - AssertionError: False is not true FAILED tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored - saml2.sigver.SignatureError: Failed to verify signature = 81 failed, 687 passed, 6 skipped, 616 warnings, 11 errors in 184.99s (0:03:04) = error: Bad exit status from /var/tmp/rpm-tmp.EHbHJD (%check) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.EHbHJD (%check) Child return code was: 1 EXCEPTION: [Error('Command failed: \n # /usr/bin/systemd-nspawn -q -M d3aface613014b93bb845354625ec758 -D /var/lib/mock/f43-build-59071901-6570839/root -a -u mockbuild --capability=cap_ipc_lock --bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf --bind=/dev/btrfs-control --bind=/dev/mapper/control --bind=/dev/fuse --bind=/dev/loop-control --bind=/dev/loop0 --bind=/dev/loop1 --bind=/dev/loop2 --bind=/dev/loop3 --bind=/dev/loop4 --bind=/dev/loop5 --bind=/dev/loop6 --bind=/dev/loop7 --bind=/dev/loop8 --bind=/dev/loop9 --bind=/dev/loop10 --bind=/dev/loop11 --console=pipe --setenv=TERM=vt100 --setenv=SHELL=/bin/bash --setenv=HOME=/builddir --setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin \'--setenv=PROMPT_COMMAND=printf "\\033]0;\\007"\' \'--setenv=PS1= \\s-\\v\\$ \' --setenv=LANG=C.UTF-8 --resolv-conf=off bash --login -c \'/usr/bin/rpmbuild -ba --noprep --noclean --target noarch /builddir/build/SPECS/python-pysaml2.spec\'\n', 1)] Traceback (most recent call last): File "/usr/lib/python3.13/site-packages/mockbuild/trace_decorator.py", line 93, in trace result = func(*args, **kw) File "/usr/lib/python3.13/site-packages/mockbuild/util.py", line 610, in do_with_status raise exception.Error("Command failed: \n # %s\n%s" % (cmd_pretty(command, env), output), child.returncode) mockbuild.exception.Error: Command failed: # /usr/bin/systemd-nspawn -q -M d3aface613014b93bb845354625ec758 -D /var/lib/mock/f43-build-59071901-6570839/root -a -u mockbuild --capability=cap_ipc_lock --bind=/tmp/mock-resolv.c9ywpfkj:/etc/resolv.conf --bind=/dev/btrfs-control --bind=/dev/mapper/control --bind=/dev/fuse --bind=/dev/loop-control --bind=/dev/loop0 --bind=/dev/loop1 --bind=/dev/loop2 --bind=/dev/loop3 --bind=/dev/loop4 --bind=/dev/loop5 --bind=/dev/loop6 --bind=/dev/loop7 --bind=/dev/loop8 --bind=/dev/loop9 --bind=/dev/loop10 --bind=/dev/loop11 --console=pipe --setenv=TERM=vt100 --setenv=SHELL=/bin/bash --setenv=HOME=/builddir --setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin '--setenv=PROMPT_COMMAND=printf "\033]0;\007"' '--setenv=PS1= \s-\v\$ ' --setenv=LANG=C.UTF-8 --resolv-conf=off bash --login -c '/usr/bin/rpmbuild -ba --noprep --noclean --target noarch /builddir/build/SPECS/python-pysaml2.spec'