Warning: Permanently added '54.162.109.108' (ED25519) to the list of known hosts. Running (timeout=18000): unbuffer mock --spec /var/lib/copr-rpmbuild/workspace/workdir-19to3j68/python-pysaml2/python-pysaml2.spec --sources /var/lib/copr-rpmbuild/workspace/workdir-19to3j68/python-pysaml2 --resultdir /var/lib/copr-rpmbuild/results --uniqueext 1753483085.760719 -r /var/lib/copr-rpmbuild/results/configs/child.cfg INFO: mock.py version 6.3 starting (python version = 3.13.3, NVR = mock-6.3-1.fc42), args: /usr/libexec/mock/mock --spec /var/lib/copr-rpmbuild/workspace/workdir-19to3j68/python-pysaml2/python-pysaml2.spec --sources /var/lib/copr-rpmbuild/workspace/workdir-19to3j68/python-pysaml2 --resultdir /var/lib/copr-rpmbuild/results --uniqueext 1753483085.760719 -r /var/lib/copr-rpmbuild/results/configs/child.cfg Start(bootstrap): init plugins INFO: tmpfs initialized INFO: selinux enabled INFO: chroot_scan: initialized INFO: compress_logs: initialized Finish(bootstrap): init plugins Start: init plugins INFO: tmpfs initialized INFO: selinux enabled INFO: chroot_scan: initialized INFO: compress_logs: initialized Finish: init plugins INFO: Signal handler active Start: run INFO: Start(/var/lib/copr-rpmbuild/workspace/workdir-19to3j68/python-pysaml2/python-pysaml2.spec) Config(fedora-42-x86_64) Start: clean chroot Finish: clean chroot Mock Version: 6.3 INFO: Mock Version: 6.3 Start(bootstrap): chroot init INFO: mounting tmpfs at /var/lib/mock/fedora-42-x86_64-bootstrap-1753483085.760719/root. INFO: calling preinit hooks INFO: enabled root cache INFO: enabled package manager cache Start(bootstrap): cleaning package manager metadata Finish(bootstrap): cleaning package manager metadata INFO: Guessed host environment type: unknown INFO: Using container image: registry.fedoraproject.org/fedora:42 INFO: Pulling image: registry.fedoraproject.org/fedora:42 INFO: Tagging container image as mock-bootstrap-25687a99-31a7-4eac-9f25-163561876246 INFO: Checking that 9c596f80de9a6f8d4ec7c83505751a92752d1b22552ecd316d0f7e5c7ec867bd image matches host's architecture INFO: Copy content of container 9c596f80de9a6f8d4ec7c83505751a92752d1b22552ecd316d0f7e5c7ec867bd to /var/lib/mock/fedora-42-x86_64-bootstrap-1753483085.760719/root INFO: mounting 9c596f80de9a6f8d4ec7c83505751a92752d1b22552ecd316d0f7e5c7ec867bd with podman image mount INFO: image 9c596f80de9a6f8d4ec7c83505751a92752d1b22552ecd316d0f7e5c7ec867bd as /var/lib/containers/storage/overlay/6ffca48721dfdcf296880ccc6b40fb13e216c33b783c64caf0e24ad0f85ea269/merged INFO: umounting image 9c596f80de9a6f8d4ec7c83505751a92752d1b22552ecd316d0f7e5c7ec867bd (/var/lib/containers/storage/overlay/6ffca48721dfdcf296880ccc6b40fb13e216c33b783c64caf0e24ad0f85ea269/merged) with podman image umount INFO: Removing image mock-bootstrap-25687a99-31a7-4eac-9f25-163561876246 INFO: Package manager dnf5 detected and used (fallback) INFO: Not updating bootstrap chroot, bootstrap_image_ready=True Start(bootstrap): creating root cache Finish(bootstrap): creating root cache Finish(bootstrap): chroot init Start: chroot init INFO: mounting tmpfs at /var/lib/mock/fedora-42-x86_64-1753483085.760719/root. INFO: calling preinit hooks INFO: enabled root cache INFO: enabled package manager cache Start: cleaning package manager metadata Finish: cleaning package manager metadata INFO: enabled HW Info plugin INFO: Package manager dnf5 detected and used (direct choice) INFO: Buildroot is handled by package management downloaded with a bootstrap image: rpm-4.20.1-1.fc42.x86_64 rpm-sequoia-1.7.0-5.fc42.x86_64 dnf5-5.2.13.1-1.fc42.x86_64 dnf5-plugins-5.2.13.1-1.fc42.x86_64 Start: installing minimal buildroot with dnf5 Updating and loading repositories: updates 100% | 171.0 KiB/s | 28.7 KiB | 00m00s fedora 100% | 514.4 KiB/s | 29.3 KiB | 00m00s Copr repository 100% | 102.5 KiB/s | 1.5 KiB | 00m00s Copr repository 100% | 113.9 MiB/s | 4.3 MiB | 00m00s Repositories loaded. Package Arch Version Repository Size Installing group/module packages: bash x86_64 5.2.37-1.fc42 fedora 8.2 MiB bzip2 x86_64 1.0.8-20.fc42 fedora 99.3 KiB coreutils x86_64 9.6-5.fc42 updates 5.4 MiB cpio x86_64 2.15-4.fc42 fedora 1.1 MiB diffutils x86_64 3.12-1.fc42 updates 1.6 MiB fedora-release-common noarch 42-28 updates 20.2 KiB findutils x86_64 1:4.10.0-5.fc42 fedora 1.9 MiB gawk x86_64 5.3.1-1.fc42 fedora 1.7 MiB glibc-minimal-langpack x86_64 2.41-8.fc42 updates 0.0 B grep x86_64 3.11-10.fc42 fedora 1.0 MiB gzip x86_64 1.13-3.fc42 fedora 392.9 KiB info x86_64 7.2-3.fc42 fedora 357.9 KiB patch x86_64 2.8-1.fc42 updates 222.8 KiB redhat-rpm-config noarch 342-4.fc42 updates 185.5 KiB rpm-build x86_64 5.99.90-6.fc42 copr_base 281.6 KiB sed x86_64 4.9-4.fc42 fedora 857.3 KiB shadow-utils x86_64 2:4.17.4-1.fc42 fedora 4.0 MiB tar x86_64 2:1.35-5.fc42 fedora 3.0 MiB unzip x86_64 6.0-66.fc42 fedora 390.3 KiB util-linux x86_64 2.41.1-12.fc42 copr_base 3.5 MiB which x86_64 2.23-2.fc42 updates 83.5 KiB xz x86_64 1:5.8.1-2.fc42 updates 1.3 MiB Installing dependencies: add-determinism x86_64 0.6.0-1.fc42 fedora 2.5 MiB alternatives x86_64 1.33-1.fc42 updates 62.2 KiB ansible-srpm-macros noarch 1-17.1.fc42 fedora 35.7 KiB audit-libs x86_64 4.1.0-3.fc42 copr_base 378.8 KiB basesystem noarch 11-22.fc42 fedora 0.0 B binutils x86_64 2.44-5.fc42 updates 25.8 MiB build-reproducibility-srpm-macros noarch 0.6.0-1.fc42 fedora 735.0 B bzip2-libs x86_64 1.0.8-20.fc42 fedora 84.6 KiB ca-certificates noarch 2024.2.69_v8.0.401-6.fc42 updates 2.6 MiB coreutils-common x86_64 9.6-5.fc42 updates 11.1 MiB crypto-policies noarch 20250707-1.gitad370a8.fc42 updates 142.9 KiB curl x86_64 8.11.1-5.fc42 updates 450.7 KiB cyrus-sasl-lib x86_64 2.1.28-30.fc42 fedora 2.3 MiB debugedit x86_64 5.1-7.fc42 updates 192.7 KiB dwz x86_64 0.16-1.fc42 updates 287.1 KiB ed x86_64 1.21-2.fc42 fedora 146.5 KiB efi-srpm-macros noarch 6-3.fc42 updates 40.1 KiB elfutils x86_64 0.193-2.fc42 updates 2.9 MiB elfutils-debuginfod-client x86_64 0.193-2.fc42 updates 83.9 KiB elfutils-default-yama-scope noarch 0.193-2.fc42 updates 1.8 KiB elfutils-libelf x86_64 0.193-2.fc42 updates 1.2 MiB elfutils-libs x86_64 0.193-2.fc42 updates 683.4 KiB fedora-gpg-keys noarch 42-1 fedora 128.2 KiB fedora-release noarch 42-28 updates 0.0 B fedora-release-identity-basic noarch 42-28 updates 646.0 B fedora-repos noarch 42-1 fedora 4.9 KiB file x86_64 5.46-6.fc42 copr_base 100.2 KiB file-libs x86_64 5.46-6.fc42 copr_base 11.9 MiB filesystem x86_64 3.18-42.fc42 updates 112.0 B filesystem-srpm-macros noarch 3.18-42.fc42 updates 38.2 KiB fonts-srpm-macros noarch 1:2.0.5-22.fc42 updates 55.8 KiB forge-srpm-macros noarch 0.4.0-2.fc42 fedora 38.9 KiB fpc-srpm-macros noarch 1.3-14.fc42 fedora 144.0 B gdb-minimal x86_64 16.3-1.fc42 updates 13.2 MiB gdbm-libs x86_64 1:1.23-9.fc42 fedora 129.9 KiB ghc-srpm-macros noarch 1.9.2-2.fc42 fedora 779.0 B glibc x86_64 2.41-8.fc42 updates 6.6 MiB glibc-common x86_64 2.41-8.fc42 updates 1.0 MiB glibc-gconv-extra x86_64 2.41-8.fc42 updates 7.2 MiB gmp x86_64 1:6.3.0-4.fc42 fedora 811.3 KiB gnat-srpm-macros noarch 6-7.fc42 fedora 1.0 KiB gnupg2 x86_64 2.4.7-2.fc42 fedora 9.8 MiB gnutls x86_64 3.8.10-1.fc42 updates 3.8 MiB go-srpm-macros noarch 3.7.0-1.fc42 updates 61.6 KiB ima-evm-utils-libs x86_64 1.6.2-4.fc42 fedora 60.7 KiB jansson x86_64 2.14-2.fc42 fedora 93.1 KiB json-c x86_64 0.18-2.fc42 fedora 86.7 KiB kernel-srpm-macros noarch 1.0-25.fc42 fedora 1.9 KiB keyutils-libs x86_64 1.6.3-5.fc42 fedora 58.3 KiB krb5-libs x86_64 1.21.3-6.fc42 updates 2.3 MiB libacl x86_64 2.3.2-3.fc42 fedora 38.3 KiB libarchive x86_64 3.7.7-4.fc42 fedora 930.6 KiB libassuan x86_64 2.5.7-3.fc42 fedora 167.8 KiB libattr x86_64 2.5.2-5.fc42 fedora 27.1 KiB libblkid x86_64 2.41.1-12.fc42 copr_base 262.4 KiB libbrotli x86_64 1.1.0-8.fc42 copr_base 833.3 KiB libcap x86_64 2.73-2.fc42 fedora 207.1 KiB libcap-ng x86_64 0.8.5-6.fc42 copr_base 68.9 KiB libcom_err x86_64 1.47.2-3.fc42 fedora 67.1 KiB libcurl x86_64 8.11.1-5.fc42 updates 834.0 KiB libeconf x86_64 0.7.6-2.fc42 updates 64.6 KiB libevent x86_64 2.1.12-15.fc42 fedora 903.1 KiB libfdisk x86_64 2.41.1-12.fc42 copr_base 380.4 KiB libffi x86_64 3.4.6-5.fc42 fedora 82.3 KiB libfsverity x86_64 1.6-2.fc42 fedora 32.5 KiB libgcc x86_64 15.1.1-2.fc42 updates 266.6 KiB libgcrypt x86_64 1.11.0-5.fc42 fedora 1.6 MiB libgomp x86_64 15.1.1-2.fc42 updates 539.1 KiB libgpg-error x86_64 1.51-2.fc42 fedora 894.1 KiB libidn2 x86_64 2.3.8-1.fc42 fedora 556.5 KiB libksba x86_64 1.6.7-3.fc42 fedora 402.5 KiB liblastlog2 x86_64 2.41.1-12.fc42 copr_base 33.9 KiB libmount x86_64 2.41.1-12.fc42 copr_base 372.7 KiB libnghttp2 x86_64 1.64.0-3.fc42 fedora 170.4 KiB libpkgconf x86_64 2.3.0-2.fc42 fedora 78.1 KiB libpsl x86_64 0.21.5-5.fc42 fedora 76.4 KiB libselinux x86_64 3.8-3.fc42 copr_base 193.1 KiB libsemanage x86_64 3.8.1-3.fc42 copr_base 304.4 KiB libsepol x86_64 3.8-1.fc42 fedora 826.0 KiB libsmartcols x86_64 2.41.1-12.fc42 copr_base 180.5 KiB libssh x86_64 0.11.2-1.fc42 updates 566.7 KiB libssh-config noarch 0.11.2-1.fc42 updates 277.0 B libstdc++ x86_64 15.1.1-2.fc42 updates 2.8 MiB libtasn1 x86_64 4.20.0-1.fc42 fedora 176.3 KiB libtool-ltdl x86_64 2.5.4-4.fc42 fedora 70.1 KiB libunistring x86_64 1.1-9.fc42 fedora 1.7 MiB libusb1 x86_64 1.0.28-2.fc42 fedora 171.0 KiB libuuid x86_64 2.41.1-12.fc42 copr_base 37.4 KiB libverto x86_64 0.3.2-10.fc42 fedora 25.4 KiB libxcrypt x86_64 4.4.38-7.fc42 updates 284.5 KiB libxml2 x86_64 2.12.10-3.fc42 copr_base 1.7 MiB libzstd x86_64 1.5.7-1.fc42 fedora 807.8 KiB lua-libs x86_64 5.4.8-1.fc42 updates 280.8 KiB lua-srpm-macros noarch 1-15.fc42 fedora 1.3 KiB lz4-libs x86_64 1.10.0-2.fc42 fedora 157.4 KiB mpfr x86_64 4.2.2-1.fc42 fedora 828.8 KiB ncurses-base noarch 6.5-5.20250125.fc42 fedora 326.8 KiB ncurses-libs x86_64 6.5-5.20250125.fc42 fedora 946.3 KiB nettle x86_64 3.10.1-1.fc42 fedora 790.5 KiB npth x86_64 1.8-2.fc42 fedora 49.6 KiB ocaml-srpm-macros noarch 10-4.fc42 fedora 1.9 KiB openblas-srpm-macros noarch 2-19.fc42 fedora 112.0 B openldap x86_64 2.6.9-3.fc42 fedora 655.1 KiB openssl-libs x86_64 1:3.2.4-4.fc42 updates 7.8 MiB p11-kit x86_64 0.25.5-5.fc42 fedora 2.2 MiB p11-kit-trust x86_64 0.25.5-5.fc42 fedora 395.5 KiB package-notes-srpm-macros noarch 0.5-13.fc42 fedora 1.6 KiB pam-libs x86_64 1.7.0-6.fc42 updates 126.7 KiB pcre2 x86_64 10.45-1.fc42 fedora 697.7 KiB pcre2-syntax noarch 10.45-1.fc42 fedora 273.9 KiB perl-srpm-macros noarch 1-57.fc42 fedora 861.0 B pkgconf x86_64 2.3.0-2.fc42 fedora 88.5 KiB pkgconf-m4 noarch 2.3.0-2.fc42 fedora 14.4 KiB pkgconf-pkg-config x86_64 2.3.0-2.fc42 fedora 989.0 B popt x86_64 1.19-8.fc42 fedora 132.8 KiB publicsuffix-list-dafsa noarch 20250616-1.fc42 updates 69.1 KiB pyproject-srpm-macros noarch 1.18.3-1.fc42 updates 1.9 KiB python-srpm-macros noarch 3.13-4.fc42 fedora 51.0 KiB qt5-srpm-macros noarch 5.15.17-1.fc42 updates 500.0 B qt6-srpm-macros noarch 6.9.1-1.fc42 updates 464.0 B readline x86_64 8.2-13.fc42 fedora 485.0 KiB rpm x86_64 5.99.90-6.fc42 copr_base 3.1 MiB rpm-build-libs x86_64 5.99.90-6.fc42 copr_base 264.4 KiB rpm-libs x86_64 5.99.90-6.fc42 copr_base 929.8 KiB rpm-sequoia x86_64 1.7.0-5.fc42 fedora 2.4 MiB rpm-sign-libs x86_64 5.99.90-6.fc42 copr_base 39.7 KiB rust-srpm-macros noarch 26.3-4.fc42 fedora 4.8 KiB setup noarch 2.15.0-13.fc42 fedora 720.9 KiB sqlite-libs x86_64 3.47.2-2.fc42 fedora 1.5 MiB systemd-libs x86_64 257.7-1.fc42 updates 2.2 MiB systemd-standalone-sysusers x86_64 257.7-1.fc42 updates 277.3 KiB tpm2-tss x86_64 4.1.3-6.fc42 fedora 1.6 MiB tree-sitter-srpm-macros noarch 0.1.0-8.fc42 fedora 6.5 KiB util-linux-core x86_64 2.41.1-12.fc42 copr_base 1.5 MiB xxhash-libs x86_64 0.8.3-2.fc42 fedora 90.2 KiB xz-libs x86_64 1:5.8.1-2.fc42 updates 217.8 KiB zig-srpm-macros noarch 1-4.fc42 fedora 1.1 KiB zip x86_64 3.0-43.fc42 fedora 698.5 KiB zlib-ng-compat x86_64 2.2.4-3.fc42 fedora 137.6 KiB zstd x86_64 1.5.7-1.fc42 fedora 1.7 MiB Installing groups: Buildsystem building group Transaction Summary: Installing: 162 packages Total size of inbound packages is 59 MiB. Need to download 0 B. After this operation, 197 MiB extra will be used (install 197 MiB, remove 0 B). [ 1/162] tar-2:1.35-5.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 2/162] bzip2-0:1.0.8-20.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 3/162] unzip-0:6.0-66.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 4/162] cpio-0:2.15-4.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 5/162] bash-0:5.2.37-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 6/162] grep-0:3.11-10.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 7/162] sed-0:4.9-4.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 8/162] shadow-utils-2:4.17.4-1.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 9/162] findutils-1:4.10.0-5.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 10/162] gzip-0:1.13-3.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 11/162] info-0:7.2-3.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 12/162] redhat-rpm-config-0:342-4.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 13/162] rpm-build-0:5.99.90-6.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 14/162] which-0:2.23-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 15/162] coreutils-0:9.6-5.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 16/162] patch-0:2.8-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 17/162] util-linux-0:2.41.1-12.fc42.x 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 18/162] diffutils-0:3.12-1.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 19/162] fedora-release-common-0:42-28 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 20/162] gawk-0:5.3.1-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 21/162] glibc-minimal-langpack-0:2.41 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 22/162] xz-1:5.8.1-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 23/162] libacl-0:2.3.2-3.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 24/162] bzip2-libs-0:1.0.8-20.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 25/162] ncurses-libs-0:6.5-5.20250125 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 26/162] pcre2-0:10.45-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 27/162] setup-0:2.15.0-13.fc42.noarch 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 28/162] ansible-srpm-macros-0:1-17.1. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 29/162] build-reproducibility-srpm-ma 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 30/162] forge-srpm-macros-0:0.4.0-2.f 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 31/162] fpc-srpm-macros-0:1.3-14.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 32/162] ghc-srpm-macros-0:1.9.2-2.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 33/162] gnat-srpm-macros-0:6-7.fc42.n 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 34/162] kernel-srpm-macros-0:1.0-25.f 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 35/162] lua-srpm-macros-0:1-15.fc42.n 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 36/162] ocaml-srpm-macros-0:10-4.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 37/162] openblas-srpm-macros-0:2-19.f 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 38/162] package-notes-srpm-macros-0:0 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 39/162] perl-srpm-macros-0:1-57.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 40/162] python-srpm-macros-0:3.13-4.f 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 41/162] tree-sitter-srpm-macros-0:0.1 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 42/162] zig-srpm-macros-0:1-4.fc42.no 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 43/162] zip-0:3.0-43.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 44/162] libarchive-0:3.7.7-4.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 45/162] popt-0:1.19-8.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 46/162] readline-0:8.2-13.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 47/162] zstd-0:1.5.7-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 48/162] rpm-0:5.99.90-6.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 49/162] coreutils-common-0:9.6-5.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 50/162] gmp-1:6.3.0-4.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 51/162] libattr-0:2.5.2-5.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 52/162] libcap-0:2.73-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 53/162] ed-0:1.21-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 54/162] zlib-ng-compat-0:2.2.4-3.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 55/162] libblkid-0:2.41.1-12.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 56/162] libfdisk-0:2.41.1-12.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 57/162] liblastlog2-0:2.41.1-12.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 58/162] libmount-0:2.41.1-12.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 59/162] libsmartcols-0:2.41.1-12.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 60/162] libuuid-0:2.41.1-12.fc42.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 61/162] util-linux-core-0:2.41.1-12.f 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 62/162] fedora-repos-0:42-1.noarch 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 63/162] mpfr-0:4.2.2-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 64/162] glibc-common-0:2.41-8.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 65/162] xz-libs-1:5.8.1-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 66/162] ncurses-base-0:6.5-5.20250125 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 67/162] pcre2-syntax-0:10.45-1.fc42.n 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 68/162] add-determinism-0:0.6.0-1.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 69/162] libzstd-0:1.5.7-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 70/162] lz4-libs-0:1.10.0-2.fc42.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 71/162] sqlite-libs-0:3.47.2-2.fc42.x 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 72/162] fedora-gpg-keys-0:42-1.noarch 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 73/162] rpm-libs-0:5.99.90-6.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 74/162] glibc-0:2.41-8.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 75/162] rpm-sequoia-0:1.7.0-5.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 76/162] rpm-build-libs-0:5.99.90-6.fc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 77/162] glibc-gconv-extra-0:2.41-8.fc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 78/162] basesystem-0:11-22.fc42.noarc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 79/162] rpm-sign-libs-0:5.99.90-6.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 80/162] gnupg2-0:2.4.7-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 81/162] ima-evm-utils-libs-0:1.6.2-4. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 82/162] libfsverity-0:1.6-2.fc42.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 83/162] libassuan-0:2.5.7-3.fc42.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 84/162] libgcrypt-0:1.11.0-5.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 85/162] libgpg-error-0:1.51-2.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 86/162] libksba-0:1.6.7-3.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 87/162] npth-0:1.8-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 88/162] openldap-0:2.6.9-3.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 89/162] tpm2-tss-0:4.1.3-6.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 90/162] cyrus-sasl-lib-0:2.1.28-30.fc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 91/162] libevent-0:2.1.12-15.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 92/162] libtool-ltdl-0:2.5.4-4.fc42.x 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 93/162] json-c-0:0.18-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 94/162] libusb1-0:1.0.28-2.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 95/162] gdbm-libs-1:1.23-9.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 96/162] filesystem-0:3.18-42.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 97/162] libgcc-0:15.1.1-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 98/162] libselinux-0:3.8-3.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 99/162] libsepol-0:3.8-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [100/162] libxcrypt-0:4.4.38-7.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [101/162] systemd-libs-0:257.7-1.fc42.x 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [102/162] audit-libs-0:4.1.0-3.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [103/162] pam-libs-0:1.7.0-6.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [104/162] libcap-ng-0:0.8.5-6.fc42.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [105/162] libstdc++-0:15.1.1-2.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [106/162] lua-libs-0:5.4.8-1.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [107/162] elfutils-libelf-0:0.193-2.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [108/162] elfutils-libs-0:0.193-2.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [109/162] elfutils-0:0.193-2.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [110/162] elfutils-debuginfod-client-0: 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [111/162] file-libs-0:5.46-6.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [112/162] file-0:5.46-6.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [113/162] libgomp-0:15.1.1-2.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [114/162] binutils-0:2.44-5.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [115/162] jansson-0:2.14-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [116/162] debugedit-0:5.1-7.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [117/162] pkgconf-pkg-config-0:2.3.0-2. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [118/162] pkgconf-0:2.3.0-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [119/162] pkgconf-m4-0:2.3.0-2.fc42.noa 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [120/162] libpkgconf-0:2.3.0-2.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [121/162] curl-0:8.11.1-5.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [122/162] openssl-libs-1:3.2.4-4.fc42.x 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [123/162] libeconf-0:0.7.6-2.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [124/162] libsemanage-0:3.8.1-3.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [125/162] libxml2-0:2.12.10-3.fc42.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [126/162] gnutls-0:3.8.10-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [127/162] libidn2-0:2.3.8-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [128/162] libtasn1-0:4.20.0-1.fc42.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [129/162] libunistring-0:1.1-9.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [130/162] nettle-0:3.10.1-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [131/162] p11-kit-0:0.25.5-5.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [132/162] libffi-0:3.4.6-5.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [133/162] dwz-0:0.16-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [134/162] efi-srpm-macros-0:6-3.fc42.no 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [135/162] filesystem-srpm-macros-0:3.18 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [136/162] fonts-srpm-macros-1:2.0.5-22. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [137/162] go-srpm-macros-0:3.7.0-1.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [138/162] pyproject-srpm-macros-0:1.18. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [139/162] qt5-srpm-macros-0:5.15.17-1.f 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [140/162] qt6-srpm-macros-0:6.9.1-1.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [141/162] rust-srpm-macros-0:26.3-4.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [142/162] ca-certificates-0:2024.2.69_v 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [143/162] crypto-policies-0:20250707-1. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [144/162] p11-kit-trust-0:0.25.5-5.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [145/162] elfutils-default-yama-scope-0 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [146/162] alternatives-0:1.33-1.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [147/162] systemd-standalone-sysusers-0 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [148/162] gdb-minimal-0:16.3-1.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [149/162] xxhash-libs-0:0.8.3-2.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [150/162] fedora-release-0:42-28.noarch 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [151/162] fedora-release-identity-basic 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [152/162] libcurl-0:8.11.1-5.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [153/162] libnghttp2-0:1.64.0-3.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [154/162] libpsl-0:0.21.5-5.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [155/162] publicsuffix-list-dafsa-0:202 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [156/162] krb5-libs-0:1.21.3-6.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [157/162] keyutils-libs-0:1.6.3-5.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [158/162] libcom_err-0:1.47.2-3.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [159/162] libverto-0:0.3.2-10.fc42.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [160/162] libssh-0:0.11.2-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [161/162] libssh-config-0:0.11.2-1.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [162/162] libbrotli-0:1.1.0-8.fc42.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [162/162] Total 100% | 0.0 B/s | 0.0 B | 00m00s Running transaction Importing OpenPGP key 0x105EF944: UserID : "Fedora (42) " Fingerprint: B0F4950458F69E1150C6C5EDC8AC4916105EF944 From : file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-42-primary The key was successfully imported. [ 1/164] Verify package files 100% | 805.0 B/s | 162.0 B | 00m00s >>> Running pre-transaction scriptlet: filesystem-0:3.18-42.fc42.x86_64 >>> Finished pre-transaction scriptlet: filesystem-0:3.18-42.fc42.x86_64 >>> [RPM] /var/lib/mock/fedora-42-x86_64-1753483085.760719/root/var/cache/dnf/co [ 2/164] Prepare transaction 100% | 4.1 KiB/s | 162.0 B | 00m00s [ 3/164] Installing libgcc-0:15.1.1-2. 100% | 262.0 MiB/s | 268.3 KiB | 00m00s [ 4/164] Installing libssh-config-0:0. 100% | 0.0 B/s | 816.0 B | 00m00s [ 5/164] Installing publicsuffix-list- 100% | 0.0 B/s | 69.8 KiB | 00m00s [ 6/164] Installing fedora-release-ide 100% | 0.0 B/s | 904.0 B | 00m00s [ 7/164] Installing fedora-gpg-keys-0: 100% | 42.7 MiB/s | 174.8 KiB | 00m00s [ 8/164] Installing fedora-repos-0:42- 100% | 0.0 B/s | 5.7 KiB | 00m00s [ 9/164] Installing fedora-release-com 100% | 23.9 MiB/s | 24.5 KiB | 00m00s [ 10/164] Installing fedora-release-0:4 100% | 11.0 KiB/s | 124.0 B | 00m00s >>> Running sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch >>> Finished sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch >>> Scriptlet output: >>> Creating group 'adm' with GID 4. >>> Creating group 'audio' with GID 63. >>> Creating group 'bin' with GID 1. >>> Creating group 'cdrom' with GID 11. >>> Creating group 'clock' with GID 103. >>> Creating group 'daemon' with GID 2. >>> Creating group 'dialout' with GID 18. >>> Creating group 'disk' with GID 6. >>> Creating group 'floppy' with GID 19. >>> Creating group 'ftp' with GID 50. >>> Creating group 'games' with GID 20. >>> Creating group 'input' with GID 104. >>> Creating group 'kmem' with GID 9. >>> Creating group 'kvm' with GID 36. >>> Creating group 'lock' with GID 54. >>> Creating group 'lp' with GID 7. >>> Creating group 'mail' with GID 12. >>> Creating group 'man' with GID 15. >>> Creating group 'mem' with GID 8. >>> Creating group 'nobody' with GID 65534. >>> Creating group 'render' with GID 105. >>> Creating group 'root' with GID 0. >>> Creating group 'sgx' with GID 106. >>> Creating group 'sys' with GID 3. >>> Creating group 'tape' with GID 33. >>> Creating group 'tty' with GID 5. >>> Creating group 'users' with GID 100. >>> Creating group 'utmp' with GID 22. >>> Creating group 'video' with GID 39. >>> Creating group 'wheel' with GID 10. >>> >>> Running sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch >>> Finished sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch >>> Scriptlet output: >>> Creating user 'adm' (adm) with UID 3 and GID 4. >>> Creating user 'bin' (bin) with UID 1 and GID 1. >>> Creating user 'daemon' (daemon) with UID 2 and GID 2. >>> Creating user 'ftp' (FTP User) with UID 14 and GID 50. >>> Creating user 'games' (games) with UID 12 and GID 20. >>> Creating user 'halt' (halt) with UID 7 and GID 0. >>> Creating user 'lp' (lp) with UID 4 and GID 7. >>> Creating user 'mail' (mail) with UID 8 and GID 12. >>> Creating user 'nobody' (Kernel Overflow User) with UID 65534 and GID 65534. >>> Creating user 'operator' (operator) with UID 11 and GID 0. >>> Creating user 'root' (Super User) with UID 0 and GID 0. >>> Creating user 'shutdown' (shutdown) with UID 6 and GID 0. >>> Creating user 'sync' (sync) with UID 5 and GID 0. >>> [ 11/164] Installing setup-0:2.15.0-13. 100% | 50.7 MiB/s | 726.7 KiB | 00m00s >>> [RPM] /etc/hosts created as /etc/hosts.rpmnew [ 12/164] Installing filesystem-0:3.18- 100% | 2.7 MiB/s | 212.5 KiB | 00m00s [ 13/164] Installing basesystem-0:11-22 100% | 0.0 B/s | 124.0 B | 00m00s [ 14/164] Installing rust-srpm-macros-0 100% | 0.0 B/s | 5.6 KiB | 00m00s [ 15/164] Installing qt6-srpm-macros-0: 100% | 0.0 B/s | 740.0 B | 00m00s [ 16/164] Installing qt5-srpm-macros-0: 100% | 0.0 B/s | 776.0 B | 00m00s [ 17/164] Installing pkgconf-m4-0:2.3.0 100% | 0.0 B/s | 14.8 KiB | 00m00s [ 18/164] Installing pcre2-syntax-0:10. 100% | 269.9 MiB/s | 276.4 KiB | 00m00s [ 19/164] Installing ncurses-base-0:6.5 100% | 86.0 MiB/s | 352.2 KiB | 00m00s [ 20/164] Installing glibc-minimal-lang 100% | 0.0 B/s | 124.0 B | 00m00s [ 21/164] Installing ncurses-libs-0:6.5 100% | 232.6 MiB/s | 952.8 KiB | 00m00s [ 22/164] Installing glibc-0:2.41-8.fc4 100% | 195.4 MiB/s | 6.6 MiB | 00m00s [ 23/164] Installing bash-0:5.2.37-1.fc 100% | 263.5 MiB/s | 8.2 MiB | 00m00s [ 24/164] Installing glibc-common-0:2.4 100% | 60.0 MiB/s | 1.0 MiB | 00m00s [ 25/164] Installing glibc-gconv-extra- 100% | 261.0 MiB/s | 7.3 MiB | 00m00s [ 26/164] Installing zlib-ng-compat-0:2 100% | 135.2 MiB/s | 138.4 KiB | 00m00s [ 27/164] Installing bzip2-libs-0:1.0.8 100% | 83.7 MiB/s | 85.7 KiB | 00m00s [ 28/164] Installing libstdc++-0:15.1.1 100% | 405.2 MiB/s | 2.8 MiB | 00m00s [ 29/164] Installing xz-libs-1:5.8.1-2. 100% | 213.8 MiB/s | 218.9 KiB | 00m00s [ 30/164] Installing gmp-1:6.3.0-4.fc42 100% | 397.2 MiB/s | 813.5 KiB | 00m00s [ 31/164] Installing libuuid-0:2.41.1-1 100% | 0.0 B/s | 38.5 KiB | 00m00s [ 32/164] Installing popt-0:1.19-8.fc42 100% | 68.1 MiB/s | 139.4 KiB | 00m00s [ 33/164] Installing readline-0:8.2-13. 100% | 475.7 MiB/s | 487.1 KiB | 00m00s [ 34/164] Installing libblkid-0:2.41.1- 100% | 257.3 MiB/s | 263.5 KiB | 00m00s [ 35/164] Installing libzstd-0:1.5.7-1. 100% | 395.1 MiB/s | 809.1 KiB | 00m00s [ 36/164] Installing elfutils-libelf-0: 100% | 388.8 MiB/s | 1.2 MiB | 00m00s [ 37/164] Installing libgpg-error-0:1.5 100% | 58.6 MiB/s | 900.0 KiB | 00m00s [ 38/164] Installing libxcrypt-0:4.4.38 100% | 280.4 MiB/s | 287.2 KiB | 00m00s [ 39/164] Installing sqlite-libs-0:3.47 100% | 150.4 MiB/s | 1.5 MiB | 00m00s [ 40/164] Installing crypto-policies-0: 100% | 41.0 MiB/s | 167.8 KiB | 00m00s [ 41/164] Installing libattr-0:2.5.2-5. 100% | 0.0 B/s | 28.1 KiB | 00m00s [ 42/164] Installing libacl-0:2.3.2-3.f 100% | 0.0 B/s | 39.2 KiB | 00m00s [ 43/164] Installing libtasn1-0:4.20.0- 100% | 173.9 MiB/s | 178.1 KiB | 00m00s [ 44/164] Installing libunistring-0:1.1 100% | 345.3 MiB/s | 1.7 MiB | 00m00s [ 45/164] Installing libidn2-0:2.3.8-1. 100% | 183.2 MiB/s | 562.7 KiB | 00m00s [ 46/164] Installing dwz-0:0.16-1.fc42. 100% | 21.7 MiB/s | 288.5 KiB | 00m00s [ 47/164] Installing mpfr-0:4.2.2-1.fc4 100% | 270.3 MiB/s | 830.4 KiB | 00m00s [ 48/164] Installing gawk-0:5.3.1-1.fc4 100% | 99.7 MiB/s | 1.7 MiB | 00m00s [ 49/164] Installing unzip-0:6.0-66.fc4 100% | 29.6 MiB/s | 393.8 KiB | 00m00s [ 50/164] Installing file-libs-0:5.46-6 100% | 697.5 MiB/s | 11.9 MiB | 00m00s [ 51/164] Installing file-0:5.46-6.fc42 100% | 8.3 MiB/s | 101.7 KiB | 00m00s [ 52/164] Installing pcre2-0:10.45-1.fc 100% | 341.4 MiB/s | 699.1 KiB | 00m00s [ 53/164] Installing grep-0:3.11-10.fc4 100% | 62.7 MiB/s | 1.0 MiB | 00m00s [ 54/164] Installing xz-1:5.8.1-2.fc42. 100% | 78.3 MiB/s | 1.3 MiB | 00m00s [ 55/164] Installing libsmartcols-0:2.4 100% | 177.4 MiB/s | 181.6 KiB | 00m00s [ 56/164] Installing lz4-libs-0:1.10.0- 100% | 154.7 MiB/s | 158.5 KiB | 00m00s [ 57/164] Installing json-c-0:0.18-2.fc 100% | 85.9 MiB/s | 88.0 KiB | 00m00s [ 58/164] Installing libsepol-0:3.8-1.f 100% | 403.8 MiB/s | 827.0 KiB | 00m00s [ 59/164] Installing libselinux-0:3.8-3 100% | 189.8 MiB/s | 194.3 KiB | 00m00s [ 60/164] Installing sed-0:4.9-4.fc42.x 100% | 56.3 MiB/s | 865.5 KiB | 00m00s [ 61/164] Installing findutils-1:4.10.0 100% | 110.2 MiB/s | 1.9 MiB | 00m00s [ 62/164] Installing libmount-0:2.41.1- 100% | 365.0 MiB/s | 373.8 KiB | 00m00s [ 63/164] Installing libcap-ng-0:0.8.5- 100% | 69.1 MiB/s | 70.8 KiB | 00m00s [ 64/164] Installing audit-libs-0:4.1.0 100% | 186.3 MiB/s | 381.5 KiB | 00m00s [ 65/164] Installing lua-libs-0:5.4.8-1 100% | 275.4 MiB/s | 282.0 KiB | 00m00s [ 66/164] Installing libeconf-0:0.7.6-2 100% | 64.7 MiB/s | 66.2 KiB | 00m00s [ 67/164] Installing pam-libs-0:1.7.0-6 100% | 126.1 MiB/s | 129.1 KiB | 00m00s [ 68/164] Installing libcap-0:2.73-2.fc 100% | 15.9 MiB/s | 212.1 KiB | 00m00s [ 69/164] Installing systemd-libs-0:257 100% | 372.0 MiB/s | 2.2 MiB | 00m00s [ 70/164] Installing libffi-0:3.4.6-5.f 100% | 81.7 MiB/s | 83.7 KiB | 00m00s [ 71/164] Installing p11-kit-0:0.25.5-5 100% | 115.0 MiB/s | 2.2 MiB | 00m00s [ 72/164] Installing alternatives-0:1.3 100% | 5.2 MiB/s | 63.8 KiB | 00m00s [ 73/164] Installing p11-kit-trust-0:0. 100% | 19.4 MiB/s | 397.2 KiB | 00m00s [ 74/164] Installing util-linux-core-0: 100% | 82.2 MiB/s | 1.5 MiB | 00m00s [ 75/164] Installing libusb1-0:1.0.28-2 100% | 168.7 MiB/s | 172.7 KiB | 00m00s [ 76/164] Installing systemd-standalone 100% | 20.9 MiB/s | 277.8 KiB | 00m00s [ 77/164] Installing libsemanage-0:3.8. 100% | 149.5 MiB/s | 306.2 KiB | 00m00s [ 78/164] Installing shadow-utils-2:4.1 100% | 139.4 MiB/s | 4.0 MiB | 00m00s [ 79/164] Installing tar-2:1.35-5.fc42. 100% | 155.9 MiB/s | 3.0 MiB | 00m00s [ 80/164] Installing zstd-0:1.5.7-1.fc4 100% | 114.0 MiB/s | 1.7 MiB | 00m00s [ 81/164] Installing zip-0:3.0-43.fc42. 100% | 49.0 MiB/s | 702.4 KiB | 00m00s [ 82/164] Installing libpsl-0:0.21.5-5. 100% | 75.7 MiB/s | 77.5 KiB | 00m00s [ 83/164] Installing liblastlog2-0:2.41 100% | 5.8 MiB/s | 35.6 KiB | 00m00s [ 84/164] Installing libassuan-0:2.5.7- 100% | 165.6 MiB/s | 169.6 KiB | 00m00s [ 85/164] Installing libgcrypt-0:1.11.0 100% | 313.9 MiB/s | 1.6 MiB | 00m00s [ 86/164] Installing libksba-0:1.6.7-3. 100% | 395.6 MiB/s | 405.1 KiB | 00m00s [ 87/164] Installing libfdisk-0:2.41.1- 100% | 372.5 MiB/s | 381.4 KiB | 00m00s [ 88/164] Installing nettle-0:3.10.1-1. 100% | 387.5 MiB/s | 793.6 KiB | 00m00s [ 89/164] Installing gnutls-0:3.8.10-1. 100% | 383.9 MiB/s | 3.8 MiB | 00m00s [ 90/164] Installing libxml2-0:2.12.10- 100% | 94.7 MiB/s | 1.7 MiB | 00m00s [ 91/164] Installing bzip2-0:1.0.8-20.f 100% | 7.8 MiB/s | 103.8 KiB | 00m00s [ 92/164] Installing add-determinism-0: 100% | 129.8 MiB/s | 2.5 MiB | 00m00s [ 93/164] Installing build-reproducibil 100% | 0.0 B/s | 1.0 KiB | 00m00s [ 94/164] Installing ed-0:1.21-2.fc42.x 100% | 11.2 MiB/s | 148.8 KiB | 00m00s [ 95/164] Installing patch-0:2.8-1.fc42 100% | 16.9 MiB/s | 224.3 KiB | 00m00s [ 96/164] Installing filesystem-srpm-ma 100% | 0.0 B/s | 38.9 KiB | 00m00s [ 97/164] Installing elfutils-default-y 100% | 408.6 KiB/s | 2.0 KiB | 00m00s [ 98/164] Installing elfutils-libs-0:0. 100% | 223.1 MiB/s | 685.2 KiB | 00m00s [ 99/164] Installing cpio-0:2.15-4.fc42 100% | 61.1 MiB/s | 1.1 MiB | 00m00s [100/164] Installing diffutils-0:3.12-1 100% | 91.8 MiB/s | 1.6 MiB | 00m00s [101/164] Installing npth-0:1.8-2.fc42. 100% | 49.5 MiB/s | 50.7 KiB | 00m00s [102/164] Installing libtool-ltdl-0:2.5 100% | 69.6 MiB/s | 71.2 KiB | 00m00s [103/164] Installing gdbm-libs-1:1.23-9 100% | 128.5 MiB/s | 131.6 KiB | 00m00s [104/164] Installing cyrus-sasl-lib-0:2 100% | 128.0 MiB/s | 2.3 MiB | 00m00s [105/164] Installing libgomp-0:15.1.1-2 100% | 263.9 MiB/s | 540.5 KiB | 00m00s [106/164] Installing jansson-0:2.14-2.f 100% | 92.2 MiB/s | 94.4 KiB | 00m00s [107/164] Installing libpkgconf-0:2.3.0 100% | 0.0 B/s | 79.2 KiB | 00m00s [108/164] Installing pkgconf-0:2.3.0-2. 100% | 6.8 MiB/s | 91.0 KiB | 00m00s [109/164] Installing pkgconf-pkg-config 100% | 147.8 KiB/s | 1.8 KiB | 00m00s [110/164] Installing xxhash-libs-0:0.8. 100% | 89.4 MiB/s | 91.6 KiB | 00m00s [111/164] Installing libnghttp2-0:1.64. 100% | 167.5 MiB/s | 171.5 KiB | 00m00s [112/164] Installing keyutils-libs-0:1. 100% | 58.3 MiB/s | 59.7 KiB | 00m00s [113/164] Installing libcom_err-0:1.47. 100% | 66.6 MiB/s | 68.2 KiB | 00m00s [114/164] Installing libverto-0:0.3.2-1 100% | 26.6 MiB/s | 27.2 KiB | 00m00s [115/164] Installing libbrotli-0:1.1.0- 100% | 272.0 MiB/s | 835.6 KiB | 00m00s [116/164] Installing coreutils-common-0 100% | 398.3 MiB/s | 11.2 MiB | 00m00s [117/164] Installing openssl-libs-1:3.2 100% | 391.0 MiB/s | 7.8 MiB | 00m00s [118/164] Installing coreutils-0:9.6-5. 100% | 160.2 MiB/s | 5.4 MiB | 00m00s [119/164] Installing ca-certificates-0: 100% | 1.9 MiB/s | 2.4 MiB | 00m01s [120/164] Installing libarchive-0:3.7.7 100% | 227.7 MiB/s | 932.6 KiB | 00m00s [121/164] Installing krb5-libs-0:1.21.3 100% | 109.1 MiB/s | 2.3 MiB | 00m00s >>> Running sysusers scriptlet: tpm2-tss-0:4.1.3-6.fc42.x86_64 >>> Finished sysusers scriptlet: tpm2-tss-0:4.1.3-6.fc42.x86_64 >>> Scriptlet output: >>> Creating group 'tss' with GID 59. >>> Creating user 'tss' (Account used for TPM access) with UID 59 and GID 59. >>> [122/164] Installing tpm2-tss-0:4.1.3-6 100% | 261.3 MiB/s | 1.6 MiB | 00m00s [123/164] Installing ima-evm-utils-libs 100% | 60.5 MiB/s | 62.0 KiB | 00m00s [124/164] Installing libssh-0:0.11.2-1. 100% | 277.7 MiB/s | 568.8 KiB | 00m00s [125/164] Installing gzip-0:1.13-3.fc42 100% | 24.3 MiB/s | 398.4 KiB | 00m00s [126/164] Installing rpm-sequoia-0:1.7. 100% | 344.9 MiB/s | 2.4 MiB | 00m00s [127/164] Installing rpm-libs-0:5.99.90 100% | 303.2 MiB/s | 931.3 KiB | 00m00s [128/164] Installing libfsverity-0:1.6- 100% | 0.0 B/s | 33.5 KiB | 00m00s [129/164] Installing libevent-0:2.1.12- 100% | 295.2 MiB/s | 906.9 KiB | 00m00s [130/164] Installing openldap-0:2.6.9-3 100% | 214.5 MiB/s | 658.9 KiB | 00m00s [131/164] Installing libcurl-0:8.11.1-5 100% | 271.9 MiB/s | 835.1 KiB | 00m00s [132/164] Installing elfutils-debuginfo 100% | 6.0 MiB/s | 86.2 KiB | 00m00s [133/164] Installing elfutils-0:0.193-2 100% | 146.1 MiB/s | 2.9 MiB | 00m00s [134/164] Installing binutils-0:2.44-5. 100% | 315.1 MiB/s | 25.8 MiB | 00m00s [135/164] Installing gdb-minimal-0:16.3 100% | 281.9 MiB/s | 13.2 MiB | 00m00s [136/164] Installing debugedit-0:5.1-7. 100% | 14.7 MiB/s | 195.4 KiB | 00m00s [137/164] Installing curl-0:8.11.1-5.fc 100% | 20.1 MiB/s | 453.1 KiB | 00m00s [138/164] Installing rpm-0:5.99.90-6.fc 100% | 78.4 MiB/s | 2.5 MiB | 00m00s [139/164] Installing lua-srpm-macros-0: 100% | 0.0 B/s | 1.9 KiB | 00m00s [140/164] Installing tree-sitter-srpm-m 100% | 0.0 B/s | 7.4 KiB | 00m00s [141/164] Installing zig-srpm-macros-0: 100% | 0.0 B/s | 1.7 KiB | 00m00s [142/164] Installing efi-srpm-macros-0: 100% | 40.2 MiB/s | 41.1 KiB | 00m00s [143/164] Installing gnupg2-0:2.4.7-2.f 100% | 228.0 MiB/s | 9.8 MiB | 00m00s [144/164] Installing rpm-sign-libs-0:5. 100% | 39.6 MiB/s | 40.5 KiB | 00m00s [145/164] Installing rpm-build-libs-0:5 100% | 259.0 MiB/s | 265.2 KiB | 00m00s [146/164] Installing perl-srpm-macros-0 100% | 0.0 B/s | 1.1 KiB | 00m00s [147/164] Installing package-notes-srpm 100% | 0.0 B/s | 2.0 KiB | 00m00s [148/164] Installing openblas-srpm-macr 100% | 0.0 B/s | 392.0 B | 00m00s [149/164] Installing ocaml-srpm-macros- 100% | 0.0 B/s | 2.2 KiB | 00m00s [150/164] Installing kernel-srpm-macros 100% | 0.0 B/s | 2.3 KiB | 00m00s [151/164] Installing gnat-srpm-macros-0 100% | 0.0 B/s | 1.3 KiB | 00m00s [152/164] Installing ghc-srpm-macros-0: 100% | 0.0 B/s | 1.0 KiB | 00m00s [153/164] Installing fpc-srpm-macros-0: 100% | 0.0 B/s | 420.0 B | 00m00s [154/164] Installing ansible-srpm-macro 100% | 0.0 B/s | 36.2 KiB | 00m00s [155/164] Installing forge-srpm-macros- 100% | 0.0 B/s | 40.3 KiB | 00m00s [156/164] Installing python-srpm-macros 100% | 0.0 B/s | 52.2 KiB | 00m00s [157/164] Installing fonts-srpm-macros- 100% | 55.7 MiB/s | 57.0 KiB | 00m00s [158/164] Installing go-srpm-macros-0:3 100% | 61.3 MiB/s | 62.7 KiB | 00m00s [159/164] Installing redhat-rpm-config- 100% | 93.9 MiB/s | 192.2 KiB | 00m00s [160/164] Installing rpm-build-0:5.99.9 100% | 18.9 MiB/s | 290.5 KiB | 00m00s [161/164] Installing pyproject-srpm-mac 100% | 0.0 B/s | 2.5 KiB | 00m00s [162/164] Installing which-0:2.23-2.fc4 100% | 6.4 MiB/s | 85.7 KiB | 00m00s [163/164] Installing util-linux-0:2.41. 100% | 104.9 MiB/s | 3.6 MiB | 00m00s [164/164] Installing info-0:7.2-3.fc42. 100% | 217.1 KiB/s | 358.3 KiB | 00m02s Warning: skipped OpenPGP checks for 21 packages from repository: copr_base Complete! Finish: installing minimal buildroot with dnf5 Start: creating root cache Finish: creating root cache Finish: chroot init INFO: Installed packages: INFO: add-determinism-0.6.0-1.fc42.x86_64 alternatives-1.33-1.fc42.x86_64 ansible-srpm-macros-1-17.1.fc42.noarch audit-libs-4.1.0-3.fc42.x86_64 basesystem-11-22.fc42.noarch bash-5.2.37-1.fc42.x86_64 binutils-2.44-5.fc42.x86_64 build-reproducibility-srpm-macros-0.6.0-1.fc42.noarch bzip2-1.0.8-20.fc42.x86_64 bzip2-libs-1.0.8-20.fc42.x86_64 ca-certificates-2024.2.69_v8.0.401-6.fc42.noarch coreutils-9.6-5.fc42.x86_64 coreutils-common-9.6-5.fc42.x86_64 cpio-2.15-4.fc42.x86_64 crypto-policies-20250707-1.gitad370a8.fc42.noarch curl-8.11.1-5.fc42.x86_64 cyrus-sasl-lib-2.1.28-30.fc42.x86_64 debugedit-5.1-7.fc42.x86_64 diffutils-3.12-1.fc42.x86_64 dwz-0.16-1.fc42.x86_64 ed-1.21-2.fc42.x86_64 efi-srpm-macros-6-3.fc42.noarch elfutils-0.193-2.fc42.x86_64 elfutils-debuginfod-client-0.193-2.fc42.x86_64 elfutils-default-yama-scope-0.193-2.fc42.noarch elfutils-libelf-0.193-2.fc42.x86_64 elfutils-libs-0.193-2.fc42.x86_64 fedora-gpg-keys-42-1.noarch fedora-release-42-28.noarch fedora-release-common-42-28.noarch fedora-release-identity-basic-42-28.noarch fedora-repos-42-1.noarch file-5.46-6.fc42.x86_64 file-libs-5.46-6.fc42.x86_64 filesystem-3.18-42.fc42.x86_64 filesystem-srpm-macros-3.18-42.fc42.noarch findutils-4.10.0-5.fc42.x86_64 fonts-srpm-macros-2.0.5-22.fc42.noarch forge-srpm-macros-0.4.0-2.fc42.noarch fpc-srpm-macros-1.3-14.fc42.noarch gawk-5.3.1-1.fc42.x86_64 gdb-minimal-16.3-1.fc42.x86_64 gdbm-libs-1.23-9.fc42.x86_64 ghc-srpm-macros-1.9.2-2.fc42.noarch glibc-2.41-8.fc42.x86_64 glibc-common-2.41-8.fc42.x86_64 glibc-gconv-extra-2.41-8.fc42.x86_64 glibc-minimal-langpack-2.41-8.fc42.x86_64 gmp-6.3.0-4.fc42.x86_64 gnat-srpm-macros-6-7.fc42.noarch gnupg2-2.4.7-2.fc42.x86_64 gnutls-3.8.10-1.fc42.x86_64 go-srpm-macros-3.7.0-1.fc42.noarch gpg-pubkey-105ef944-65ca83d1 grep-3.11-10.fc42.x86_64 gzip-1.13-3.fc42.x86_64 ima-evm-utils-libs-1.6.2-4.fc42.x86_64 info-7.2-3.fc42.x86_64 jansson-2.14-2.fc42.x86_64 json-c-0.18-2.fc42.x86_64 kernel-srpm-macros-1.0-25.fc42.noarch keyutils-libs-1.6.3-5.fc42.x86_64 krb5-libs-1.21.3-6.fc42.x86_64 libacl-2.3.2-3.fc42.x86_64 libarchive-3.7.7-4.fc42.x86_64 libassuan-2.5.7-3.fc42.x86_64 libattr-2.5.2-5.fc42.x86_64 libblkid-2.41.1-12.fc42.x86_64 libbrotli-1.1.0-8.fc42.x86_64 libcap-2.73-2.fc42.x86_64 libcap-ng-0.8.5-6.fc42.x86_64 libcom_err-1.47.2-3.fc42.x86_64 libcurl-8.11.1-5.fc42.x86_64 libeconf-0.7.6-2.fc42.x86_64 libevent-2.1.12-15.fc42.x86_64 libfdisk-2.41.1-12.fc42.x86_64 libffi-3.4.6-5.fc42.x86_64 libfsverity-1.6-2.fc42.x86_64 libgcc-15.1.1-2.fc42.x86_64 libgcrypt-1.11.0-5.fc42.x86_64 libgomp-15.1.1-2.fc42.x86_64 libgpg-error-1.51-2.fc42.x86_64 libidn2-2.3.8-1.fc42.x86_64 libksba-1.6.7-3.fc42.x86_64 liblastlog2-2.41.1-12.fc42.x86_64 libmount-2.41.1-12.fc42.x86_64 libnghttp2-1.64.0-3.fc42.x86_64 libpkgconf-2.3.0-2.fc42.x86_64 libpsl-0.21.5-5.fc42.x86_64 libselinux-3.8-3.fc42.x86_64 libsemanage-3.8.1-3.fc42.x86_64 libsepol-3.8-1.fc42.x86_64 libsmartcols-2.41.1-12.fc42.x86_64 libssh-0.11.2-1.fc42.x86_64 libssh-config-0.11.2-1.fc42.noarch libstdc++-15.1.1-2.fc42.x86_64 libtasn1-4.20.0-1.fc42.x86_64 libtool-ltdl-2.5.4-4.fc42.x86_64 libunistring-1.1-9.fc42.x86_64 libusb1-1.0.28-2.fc42.x86_64 libuuid-2.41.1-12.fc42.x86_64 libverto-0.3.2-10.fc42.x86_64 libxcrypt-4.4.38-7.fc42.x86_64 libxml2-2.12.10-3.fc42.x86_64 libzstd-1.5.7-1.fc42.x86_64 lua-libs-5.4.8-1.fc42.x86_64 lua-srpm-macros-1-15.fc42.noarch lz4-libs-1.10.0-2.fc42.x86_64 mpfr-4.2.2-1.fc42.x86_64 ncurses-base-6.5-5.20250125.fc42.noarch ncurses-libs-6.5-5.20250125.fc42.x86_64 nettle-3.10.1-1.fc42.x86_64 npth-1.8-2.fc42.x86_64 ocaml-srpm-macros-10-4.fc42.noarch openblas-srpm-macros-2-19.fc42.noarch openldap-2.6.9-3.fc42.x86_64 openssl-libs-3.2.4-4.fc42.x86_64 p11-kit-0.25.5-5.fc42.x86_64 p11-kit-trust-0.25.5-5.fc42.x86_64 package-notes-srpm-macros-0.5-13.fc42.noarch pam-libs-1.7.0-6.fc42.x86_64 patch-2.8-1.fc42.x86_64 pcre2-10.45-1.fc42.x86_64 pcre2-syntax-10.45-1.fc42.noarch perl-srpm-macros-1-57.fc42.noarch pkgconf-2.3.0-2.fc42.x86_64 pkgconf-m4-2.3.0-2.fc42.noarch pkgconf-pkg-config-2.3.0-2.fc42.x86_64 popt-1.19-8.fc42.x86_64 publicsuffix-list-dafsa-20250616-1.fc42.noarch pyproject-srpm-macros-1.18.3-1.fc42.noarch python-srpm-macros-3.13-4.fc42.noarch qt5-srpm-macros-5.15.17-1.fc42.noarch qt6-srpm-macros-6.9.1-1.fc42.noarch readline-8.2-13.fc42.x86_64 redhat-rpm-config-342-4.fc42.noarch rpm-5.99.90-6.fc42.x86_64 rpm-build-5.99.90-6.fc42.x86_64 rpm-build-libs-5.99.90-6.fc42.x86_64 rpm-libs-5.99.90-6.fc42.x86_64 rpm-sequoia-1.7.0-5.fc42.x86_64 rpm-sign-libs-5.99.90-6.fc42.x86_64 rust-srpm-macros-26.3-4.fc42.noarch sed-4.9-4.fc42.x86_64 setup-2.15.0-13.fc42.noarch shadow-utils-4.17.4-1.fc42.x86_64 sqlite-libs-3.47.2-2.fc42.x86_64 systemd-libs-257.7-1.fc42.x86_64 systemd-standalone-sysusers-257.7-1.fc42.x86_64 tar-1.35-5.fc42.x86_64 tpm2-tss-4.1.3-6.fc42.x86_64 tree-sitter-srpm-macros-0.1.0-8.fc42.noarch unzip-6.0-66.fc42.x86_64 util-linux-2.41.1-12.fc42.x86_64 util-linux-core-2.41.1-12.fc42.x86_64 which-2.23-2.fc42.x86_64 xxhash-libs-0.8.3-2.fc42.x86_64 xz-5.8.1-2.fc42.x86_64 xz-libs-5.8.1-2.fc42.x86_64 zig-srpm-macros-1-4.fc42.noarch zip-3.0-43.fc42.x86_64 zlib-ng-compat-2.2.4-3.fc42.x86_64 zstd-1.5.7-1.fc42.x86_64 Start: buildsrpm Start: rpmbuild -bs Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1753401600 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-9.fc42.src.rpm Finish: rpmbuild -bs INFO: chroot_scan: 1 files copied to /var/lib/copr-rpmbuild/results/chroot_scan INFO: /var/lib/mock/fedora-42-x86_64-1753483085.760719/root/var/log/dnf5.log INFO: chroot_scan: creating tarball /var/lib/copr-rpmbuild/results/chroot_scan.tar.gz /bin/tar: Removing leading `/' from member names Finish: buildsrpm INFO: Done(/var/lib/copr-rpmbuild/workspace/workdir-19to3j68/python-pysaml2/python-pysaml2.spec) Config(child) 0 minutes 11 seconds INFO: Results and/or logs in: /var/lib/copr-rpmbuild/results INFO: Cleaning up build root ('cleanup_on_success=True') Start: clean chroot INFO: unmounting tmpfs. Finish: clean chroot INFO: Start(/var/lib/copr-rpmbuild/results/python-pysaml2-7.4.2-9.fc42.src.rpm) Config(fedora-42-x86_64) Start(bootstrap): chroot init INFO: mounting tmpfs at /var/lib/mock/fedora-42-x86_64-bootstrap-1753483085.760719/root. INFO: reusing tmpfs at /var/lib/mock/fedora-42-x86_64-bootstrap-1753483085.760719/root. INFO: calling preinit hooks INFO: enabled root cache INFO: enabled package manager cache Start(bootstrap): cleaning package manager metadata Finish(bootstrap): cleaning package manager metadata Finish(bootstrap): chroot init Start: chroot init INFO: mounting tmpfs at /var/lib/mock/fedora-42-x86_64-1753483085.760719/root. INFO: calling preinit hooks INFO: enabled root cache Start: unpacking root cache Finish: unpacking root cache INFO: enabled package manager cache Start: cleaning package manager metadata Finish: cleaning package manager metadata INFO: enabled HW Info plugin INFO: Buildroot is handled by package management downloaded with a bootstrap image: rpm-4.20.1-1.fc42.x86_64 rpm-sequoia-1.7.0-5.fc42.x86_64 dnf5-5.2.13.1-1.fc42.x86_64 dnf5-plugins-5.2.13.1-1.fc42.x86_64 Finish: chroot init Start: build phase for python-pysaml2-7.4.2-9.fc42.src.rpm Start: build setup for python-pysaml2-7.4.2-9.fc42.src.rpm Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1753401600 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-9.fc42.src.rpm Updating and loading repositories: updates 100% | 463.3 KiB/s | 28.7 KiB | 00m00s fedora 100% | 276.6 KiB/s | 29.3 KiB | 00m00s Copr repository 100% | 128.1 KiB/s | 1.5 KiB | 00m00s Repositories loaded. Package Arch Version Repository Size Installing: git-core x86_64 2.50.1-1.fc42 updates 23.5 MiB pyproject-rpm-macros noarch 1.18.3-1.fc42 updates 114.5 KiB python3-devel x86_64 3.13.5-1.fc42 updates 1.8 MiB python3-pymongo x86_64 4.13.1-2.fc42 copr_base 6.1 MiB python3-pytest noarch 8.3.5-5.fc42 copr_base 21.0 MiB python3-responses noarch 0.25.7-2.fc42 copr_base 291.6 KiB python3-sphinx noarch 1:8.1.3-2.fc42 fedora 11.1 MiB xmlsec1 x86_64 1:1.2.41-2.fc42 fedora 547.1 KiB xmlsec1-openssl x86_64 1:1.2.41-2.fc42 fedora 277.0 KiB Installing dependencies: expat x86_64 2.7.1-1.fc42 fedora 290.2 KiB less x86_64 679-1.fc42 updates 406.1 KiB libb2 x86_64 0.98.1-13.fc42 fedora 46.1 KiB libcbor x86_64 0.11.0-3.fc42 fedora 77.8 KiB libedit x86_64 3.1-55.20250104cvs.fc42 fedora 244.1 KiB libfido2 x86_64 1.15.0-3.fc42 fedora 242.1 KiB libxslt x86_64 1.1.43-1.fc42 fedora 456.1 KiB libyaml x86_64 0.2.5-16.fc42 fedora 134.7 KiB mpdecimal x86_64 4.0.1-1.fc42 updates 217.2 KiB openssh x86_64 9.9p1-11.fc42 updates 1.4 MiB openssh-clients x86_64 9.9p1-11.fc42 updates 2.7 MiB python-pip-wheel noarch 25.1.1-13.fc42 copr_base 1.2 MiB python-rpm-macros noarch 3.13-4.fc42 fedora 22.1 KiB python3 x86_64 3.13.5-1.fc42 updates 28.7 KiB python3-babel noarch 2.17.0-3.fc42 copr_base 30.2 MiB python3-bson x86_64 4.13.1-2.fc42 copr_base 697.2 KiB python3-charset-normalizer noarch 3.4.2-1.fc42 copr_base 330.1 KiB python3-dns noarch 2.7.0-5.fc42 copr_base 2.9 MiB python3-docutils noarch 0.21.2-2.fc42 fedora 4.9 MiB python3-idna noarch 3.10-2.fc42 fedora 628.0 KiB python3-imagesize noarch 1.4.1-12.fc42 copr_base 35.4 KiB python3-iniconfig noarch 1.1.1-27.fc42 copr_base 20.7 KiB python3-jinja2 noarch 3.1.6-4.fc42 copr_base 2.9 MiB python3-libs x86_64 3.13.5-1.fc42 updates 40.0 MiB python3-markupsafe x86_64 3.0.2-2.fc42 fedora 55.8 KiB python3-packaging noarch 25.0-3.fc42 copr_base 563.3 KiB python3-pluggy noarch 1.6.0-2.fc42 copr_base 190.7 KiB python3-pygments noarch 2.19.1-3.fc42 copr_base 10.8 MiB python3-pyyaml x86_64 6.0.2-2.fc42 fedora 781.0 KiB python3-requests noarch 2.32.4-2.fc42 copr_base 474.1 KiB python3-rpm-generators noarch 14-12.fc42 fedora 81.7 KiB python3-rpm-macros noarch 3.13-4.fc42 fedora 6.4 KiB python3-snowballstemmer noarch 2.2.0-15.fc42 fedora 1.7 MiB python3-sphinx-theme-alabaster noarch 0.7.16-7.fc42 copr_base 41.9 KiB python3-urllib3 noarch 2.4.0-4.fc42 copr_base 1.0 MiB tzdata noarch 2025b-1.fc42 fedora 1.6 MiB Transaction Summary: Installing: 45 packages Total size of inbound packages is 37 MiB. Need to download 23 MiB. After this operation, 172 MiB extra will be used (install 172 MiB, remove 0 B). [ 1/45] pyproject-rpm-macros-0:1.18.3-1 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 2/45] python3-devel-0:3.13.5-1.fc42.x 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 3/45] expat-0:2.7.1-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 4/45] python3-libs-0:3.13.5-1.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 5/45] libxslt-0:1.1.43-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 6/45] libb2-0:0.98.1-13.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 7/45] tzdata-0:2025b-1.fc42.noarch 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 8/45] python3-pytest-0:8.3.5-5.fc42.n 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 9/45] python3-0:3.13.5-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [10/45] python3-iniconfig-0:1.1.1-27.fc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [11/45] python3-packaging-0:25.0-3.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [12/45] python3-pluggy-0:1.6.0-2.fc42.n 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [13/45] mpdecimal-0:4.0.1-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [14/45] python-pip-wheel-0:25.1.1-13.fc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [15/45] python-rpm-macros-0:3.13-4.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [16/45] python3-rpm-macros-0:3.13-4.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [17/45] python3-rpm-generators-0:14-12. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [18/45] python3-responses-0:0.25.7-2.fc 100% | 5.3 MiB/s | 70.0 KiB | 00m00s [19/45] python3-sphinx-1:8.1.3-2.fc42.n 100% | 181.5 MiB/s | 2.7 MiB | 00m00s [20/45] git-core-0:2.50.1-1.fc42.x86_64 100% | 148.2 MiB/s | 5.0 MiB | 00m00s [21/45] xmlsec1-1:1.2.41-2.fc42.x86_64 100% | 26.4 MiB/s | 188.9 KiB | 00m00s [22/45] xmlsec1-openssl-1:1.2.41-2.fc42 100% | 18.3 MiB/s | 93.7 KiB | 00m00s [23/45] python3-pymongo-0:4.13.1-2.fc42 100% | 18.2 MiB/s | 780.8 KiB | 00m00s [24/45] python3-snowballstemmer-0:2.2.0 100% | 84.2 MiB/s | 258.7 KiB | 00m00s [25/45] python3-requests-0:2.32.4-2.fc4 100% | 48.8 MiB/s | 150.0 KiB | 00m00s [26/45] python3-bson-0:4.13.1-2.fc42.x8 100% | 13.5 MiB/s | 179.2 KiB | 00m00s [27/45] python3-pyyaml-0:6.0.2-2.fc42.x 100% | 37.5 MiB/s | 230.4 KiB | 00m00s [28/45] libyaml-0:0.2.5-16.fc42.x86_64 100% | 7.4 MiB/s | 60.7 KiB | 00m00s [29/45] python3-urllib3-0:2.4.0-4.fc42. 100% | 64.9 MiB/s | 266.0 KiB | 00m00s [30/45] python3-charset-normalizer-0:3. 100% | 25.7 MiB/s | 105.2 KiB | 00m00s [31/45] python3-idna-0:3.10-2.fc42.noar 100% | 57.3 MiB/s | 117.3 KiB | 00m00s [32/45] python3-imagesize-0:1.4.1-12.fc 100% | 4.4 MiB/s | 22.5 KiB | 00m00s [33/45] python3-docutils-0:0.21.2-2.fc4 100% | 108.9 MiB/s | 1.1 MiB | 00m00s [34/45] python3-babel-0:2.17.0-3.fc42.n 100% | 337.0 MiB/s | 6.7 MiB | 00m00s [35/45] python3-jinja2-0:3.1.6-4.fc42.n 100% | 35.7 MiB/s | 475.4 KiB | 00m00s [36/45] python3-pygments-0:2.19.1-3.fc4 100% | 150.6 MiB/s | 2.4 MiB | 00m00s [37/45] python3-sphinx-theme-alabaster- 100% | 3.4 MiB/s | 24.7 KiB | 00m00s [38/45] less-0:679-1.fc42.x86_64 100% | 31.8 MiB/s | 195.3 KiB | 00m00s [39/45] openssh-0:9.9p1-11.fc42.x86_64 100% | 86.3 MiB/s | 353.6 KiB | 00m00s [40/45] libedit-0:3.1-55.20250104cvs.fc 100% | 25.7 MiB/s | 105.3 KiB | 00m00s [41/45] openssh-clients-0:9.9p1-11.fc42 100% | 124.8 MiB/s | 767.0 KiB | 00m00s [42/45] libcbor-0:0.11.0-3.fc42.x86_64 100% | 16.2 MiB/s | 33.3 KiB | 00m00s [43/45] libfido2-0:1.15.0-3.fc42.x86_64 100% | 32.0 MiB/s | 98.4 KiB | 00m00s [44/45] python3-markupsafe-0:3.0.2-2.fc 100% | 9.8 MiB/s | 30.1 KiB | 00m00s [45/45] python3-dns-0:2.7.0-5.fc42.noar 100% | 135.9 MiB/s | 556.6 KiB | 00m00s -------------------------------------------------------------------------------- [45/45] Total 100% | 68.4 MiB/s | 23.0 MiB | 00m00s Running transaction [ 1/47] Verify package files 100% | 371.0 B/s | 45.0 B | 00m00s [ 2/47] Prepare transaction 100% | 918.0 B/s | 45.0 B | 00m00s [ 3/47] Installing python-rpm-macros-0: 100% | 22.3 MiB/s | 22.8 KiB | 00m00s [ 4/47] Installing python3-rpm-macros-0 100% | 0.0 B/s | 6.7 KiB | 00m00s [ 5/47] Installing libxslt-0:1.1.43-1.f 100% | 29.9 MiB/s | 459.2 KiB | 00m00s [ 6/47] Installing expat-0:2.7.1-1.fc42 100% | 22.0 MiB/s | 292.3 KiB | 00m00s [ 7/47] Installing xmlsec1-1:1.2.41-2.f 100% | 38.3 MiB/s | 549.2 KiB | 00m00s [ 8/47] Installing pyproject-rpm-macros 100% | 113.7 MiB/s | 116.5 KiB | 00m00s [ 9/47] Installing libcbor-0:0.11.0-3.f 100% | 77.3 MiB/s | 79.2 KiB | 00m00s [10/47] Installing libfido2-0:1.15.0-3. 100% | 237.9 MiB/s | 243.6 KiB | 00m00s [11/47] Installing libedit-0:3.1-55.202 100% | 240.0 MiB/s | 245.8 KiB | 00m00s [12/47] Installing openssh-0:9.9p1-11.f 100% | 92.1 MiB/s | 1.4 MiB | 00m00s [13/47] Installing openssh-clients-0:9. 100% | 112.7 MiB/s | 2.7 MiB | 00m00s [14/47] Installing less-0:679-1.fc42.x8 100% | 28.6 MiB/s | 409.4 KiB | 00m00s [15/47] Installing python-pip-wheel-0:2 100% | 622.5 MiB/s | 1.2 MiB | 00m00s [16/47] Installing mpdecimal-0:4.0.1-1. 100% | 213.7 MiB/s | 218.8 KiB | 00m00s [17/47] Installing libyaml-0:0.2.5-16.f 100% | 33.2 MiB/s | 136.0 KiB | 00m00s [18/47] Installing tzdata-0:2025b-1.fc4 100% | 65.2 MiB/s | 1.9 MiB | 00m00s [19/47] Installing libb2-0:0.98.1-13.fc 100% | 9.2 MiB/s | 47.2 KiB | 00m00s [20/47] Installing python3-libs-0:3.13. 100% | 345.1 MiB/s | 40.4 MiB | 00m00s [21/47] Installing python3-0:3.13.5-1.f 100% | 2.3 MiB/s | 30.5 KiB | 00m00s [22/47] Installing python3-packaging-0: 100% | 187.4 MiB/s | 575.6 KiB | 00m00s [23/47] Installing python3-idna-0:3.10- 100% | 309.7 MiB/s | 634.3 KiB | 00m00s [24/47] Installing python3-urllib3-0:2. 100% | 255.3 MiB/s | 1.0 MiB | 00m00s [25/47] Installing python3-rpm-generato 100% | 0.0 B/s | 82.9 KiB | 00m00s [26/47] Installing python3-bson-0:4.13. 100% | 231.5 MiB/s | 711.3 KiB | 00m00s [27/47] Installing python3-snowballstem 100% | 344.3 MiB/s | 1.7 MiB | 00m00s [28/47] Installing python3-pyyaml-0:6.0 100% | 258.7 MiB/s | 794.8 KiB | 00m00s [29/47] Installing python3-charset-norm 100% | 23.7 MiB/s | 340.0 KiB | 00m00s [30/47] Installing python3-requests-0:2 100% | 237.4 MiB/s | 486.1 KiB | 00m00s [31/47] Installing python3-iniconfig-0: 100% | 23.3 MiB/s | 23.9 KiB | 00m00s [32/47] Installing python3-pluggy-0:1.6 100% | 64.2 MiB/s | 197.2 KiB | 00m00s [33/47] Installing python3-babel-0:2.17 100% | 353.6 MiB/s | 30.4 MiB | 00m00s [34/47] Installing python3-docutils-0:0 100% | 161.0 MiB/s | 5.0 MiB | 00m00s [35/47] Installing python3-imagesize-0: 100% | 18.8 MiB/s | 38.5 KiB | 00m00s [36/47] Installing python3-pygments-0:2 100% | 234.8 MiB/s | 11.0 MiB | 00m00s [37/47] Installing python3-sphinx-theme 100% | 45.3 MiB/s | 46.4 KiB | 00m00s [38/47] Installing python3-markupsafe-0 100% | 58.5 MiB/s | 59.9 KiB | 00m00s [39/47] Installing python3-jinja2-0:3.1 100% | 364.3 MiB/s | 2.9 MiB | 00m00s [40/47] Installing python3-dns-0:2.7.0- 100% | 250.3 MiB/s | 3.0 MiB | 00m00s [41/47] Installing python3-pymongo-0:4. 100% | 360.7 MiB/s | 6.1 MiB | 00m00s [42/47] Installing python3-sphinx-1:8.1 100% | 198.7 MiB/s | 11.3 MiB | 00m00s [43/47] Installing python3-pytest-0:8.3 100% | 365.7 MiB/s | 21.2 MiB | 00m00s [44/47] Installing python3-responses-0: 100% | 144.5 MiB/s | 296.0 KiB | 00m00s [45/47] Installing python3-devel-0:3.13 100% | 91.3 MiB/s | 1.8 MiB | 00m00s [46/47] Installing git-core-0:2.50.1-1. 100% | 379.6 MiB/s | 23.5 MiB | 00m00s [47/47] Installing xmlsec1-openssl-1:1. 100% | 9.7 MiB/s | 278.0 KiB | 00m00s Warning: skipped OpenPGP checks for 17 packages from repository: copr_base Complete! Finish: build setup for python-pysaml2-7.4.2-9.fc42.src.rpm Start: rpmbuild python-pysaml2-7.4.2-9.fc42.src.rpm Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1753401600 Executing(%mkbuilddir): /bin/sh -e /var/tmp/rpm-tmp.78VbCW Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.c6MFNw + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + rm -rf pysaml2-7.4.2 + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/pysaml2-7.4.2.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd pysaml2-7.4.2 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + /usr/bin/git init -q + /usr/bin/git config user.name rpm-build + /usr/bin/git config user.email '' + /usr/bin/git config gc.auto 0 + /usr/bin/git add --force . + GIT_COMMITTER_DATE=@1753401600 + GIT_AUTHOR_DATE=@1753401600 + /usr/bin/git commit -q --no-gpg-sign --allow-empty -a --author 'rpm-build ' -m 'python-pysaml2-7.4.2 base' + /usr/bin/git checkout --track -b rpm-build Switched to a new branch 'rpm-build' branch 'rpm-build' set up to track 'master'. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/0001-Remove-utility-from-packaging.patch + /usr/bin/git apply --index --reject - Checking patch pyproject.toml... Applied patch pyproject.toml cleanly. + GIT_COMMITTER_DATE=@1753401600 + GIT_AUTHOR_DATE=@1753401600 + /usr/bin/git commit -q --no-gpg-sign -m 0001-Remove-utility-from-packaging.patch --author 'rpm-build ' + sed -i 's|f"""#!/usr/bin/env python|f"""|' src/saml2/tools/parse_xsd2.py + find src -name '*.py' + read source + head -n1 src/utility/metadata.py + grep -F /usr/bin/env + read source + head -n1 src/utility/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/tool.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/status.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/opfunc.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/interaction.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/check.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/xmlenc/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/xmlenc/__init__.py src/saml2/xmlenc/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/xmlenc/__init__.py + touch --ref=src/saml2/xmlenc/__init__.py.ts src/saml2/xmlenc/__init__.py + rm src/saml2/xmlenc/__init__.py.ts + read source + head -n1 src/saml2/xmldsig/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/xmldsig/__init__.py src/saml2/xmldsig/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/xmldsig/__init__.py + touch --ref=src/saml2/xmldsig/__init__.py.ts src/saml2/xmldsig/__init__.py + rm src/saml2/xmldsig/__init__.py.ts + read source + head -n1 src/saml2/xml/schema/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/xml/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ws/wsutil.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wsutil.py src/saml2/ws/wsutil.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wsutil.py + touch --ref=src/saml2/ws/wsutil.py.ts src/saml2/ws/wsutil.py + rm src/saml2/ws/wsutil.py.ts + read source + head -n1 src/saml2/ws/wstrust.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wstrust.py src/saml2/ws/wstrust.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wstrust.py + touch --ref=src/saml2/ws/wstrust.py.ts src/saml2/ws/wstrust.py + rm src/saml2/ws/wstrust.py.ts + read source + head -n1 src/saml2/ws/wssec.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wssec.py src/saml2/ws/wssec.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wssec.py + touch --ref=src/saml2/ws/wssec.py.ts src/saml2/ws/wssec.py + rm src/saml2/ws/wssec.py.ts + read source + head -n1 src/saml2/ws/wspol.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wspol.py src/saml2/ws/wspol.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wspol.py + touch --ref=src/saml2/ws/wspol.py.ts src/saml2/ws/wspol.py + rm src/saml2/ws/wspol.py.ts + read source + head -n1 src/saml2/ws/wsaddr.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wsaddr.py src/saml2/ws/wsaddr.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wsaddr.py + touch --ref=src/saml2/ws/wsaddr.py.ts src/saml2/ws/wsaddr.py + rm src/saml2/ws/wsaddr.py.ts + read source + head -n1 src/saml2/ws/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/virtual_org.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/version.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/validate.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/userinfo/ldapinfo.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/userinfo/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/tools/parse_xsd2.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/parse_xsd2.py src/saml2/tools/parse_xsd2.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/parse_xsd2.py + touch --ref=src/saml2/tools/parse_xsd2.py.ts src/saml2/tools/parse_xsd2.py + rm src/saml2/tools/parse_xsd2.py.ts + read source + head -n1 src/saml2/tools/verify_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/verify_metadata.py src/saml2/tools/verify_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/verify_metadata.py + touch --ref=src/saml2/tools/verify_metadata.py.ts src/saml2/tools/verify_metadata.py + rm src/saml2/tools/verify_metadata.py.ts + read source + head -n1 src/saml2/tools/sync_attrmaps.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/sync_attrmaps.py src/saml2/tools/sync_attrmaps.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/sync_attrmaps.py + touch --ref=src/saml2/tools/sync_attrmaps.py.ts src/saml2/tools/sync_attrmaps.py + rm src/saml2/tools/sync_attrmaps.py.ts + read source + head -n1 src/saml2/tools/merge_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/merge_metadata.py src/saml2/tools/merge_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/merge_metadata.py + touch --ref=src/saml2/tools/merge_metadata.py.ts src/saml2/tools/merge_metadata.py + rm src/saml2/tools/merge_metadata.py.ts + read source + head -n1 src/saml2/tools/mdimport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdimport.py src/saml2/tools/mdimport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdimport.py + touch --ref=src/saml2/tools/mdimport.py.ts src/saml2/tools/mdimport.py + rm src/saml2/tools/mdimport.py.ts + read source + head -n1 src/saml2/tools/mdexport_test.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdexport_test.py src/saml2/tools/mdexport_test.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdexport_test.py + touch --ref=src/saml2/tools/mdexport_test.py.ts src/saml2/tools/mdexport_test.py + rm src/saml2/tools/mdexport_test.py.ts + read source + head -n1 src/saml2/tools/mdexport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdexport.py src/saml2/tools/mdexport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdexport.py + touch --ref=src/saml2/tools/mdexport.py.ts src/saml2/tools/mdexport.py + rm src/saml2/tools/mdexport.py.ts + read source + head -n1 src/saml2/tools/make_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/make_metadata.py src/saml2/tools/make_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/make_metadata.py + touch --ref=src/saml2/tools/make_metadata.py.ts src/saml2/tools/make_metadata.py + rm src/saml2/tools/make_metadata.py.ts + read source + head -n1 src/saml2/time_util.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/time_util.py src/saml2/time_util.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/time_util.py + touch --ref=src/saml2/time_util.py.ts src/saml2/time_util.py + rm src/saml2/time_util.py.ts + read source + head -n1 src/saml2/soap.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/soap.py src/saml2/soap.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/soap.py + touch --ref=src/saml2/soap.py.ts src/saml2/soap.py + rm src/saml2/soap.py.ts + read source + head -n1 src/saml2/sigver.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/server.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/server.py src/saml2/server.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/server.py + touch --ref=src/saml2/server.py.ts src/saml2/server.py + rm src/saml2/server.py.ts + read source + head -n1 src/saml2/sdb.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/schema/wsdl.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/wsdl.py src/saml2/schema/wsdl.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py.ts src/saml2/schema/wsdl.py + rm src/saml2/schema/wsdl.py.ts + read source + head -n1 src/saml2/schema/soapenv.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/soapenv.py src/saml2/schema/soapenv.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/soapenv.py + touch --ref=src/saml2/schema/soapenv.py.ts src/saml2/schema/soapenv.py + rm src/saml2/schema/soapenv.py.ts + read source + head -n1 src/saml2/schema/soap.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/soap.py src/saml2/schema/soap.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/soap.py + touch --ref=src/saml2/schema/soap.py.ts src/saml2/schema/soap.py + rm src/saml2/schema/soap.py.ts + read source + head -n1 src/saml2/schema/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/samlp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/samlp.py src/saml2/samlp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/samlp.py + touch --ref=src/saml2/samlp.py.ts src/saml2/samlp.py + rm src/saml2/samlp.py.ts + read source + head -n1 src/saml2/saml.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/saml.py src/saml2/saml.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/saml.py + touch --ref=src/saml2/saml.py.ts src/saml2/saml.py + rm src/saml2/saml.py.ts + read source + head -n1 src/saml2/s_utils.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/s_utils.py src/saml2/s_utils.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/s_utils.py + touch --ref=src/saml2/s_utils.py.ts src/saml2/s_utils.py + rm src/saml2/s_utils.py.ts + read source + head -n1 src/saml2/s2repoze/plugins/sp.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/ini.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/formswithhidden.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/entitlement.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/s2repoze/plugins/entitlement.py src/saml2/s2repoze/plugins/entitlement.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/s2repoze/plugins/entitlement.py + touch --ref=src/saml2/s2repoze/plugins/entitlement.py.ts src/saml2/s2repoze/plugins/entitlement.py + rm src/saml2/s2repoze/plugins/entitlement.py.ts + read source + head -n1 src/saml2/s2repoze/plugins/challenge_decider.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/response.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/response.py src/saml2/response.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/response.py + touch --ref=src/saml2/response.py.ts src/saml2/response.py + rm src/saml2/response.py.ts + read source + head -n1 src/saml2/request.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/profile/samlec.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/profile/paos.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/profile/paos.py src/saml2/profile/paos.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/profile/paos.py + touch --ref=src/saml2/profile/paos.py.ts src/saml2/profile/paos.py + rm src/saml2/profile/paos.py.ts + read source + head -n1 src/saml2/profile/ecp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/profile/ecp.py src/saml2/profile/ecp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/profile/ecp.py + touch --ref=src/saml2/profile/ecp.py.ts src/saml2/profile/ecp.py + rm src/saml2/profile/ecp.py.ts + read source + head -n1 src/saml2/profile/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/population.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/pack.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/mongo_store.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/metadata.py src/saml2/metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/metadata.py + touch --ref=src/saml2/metadata.py.ts src/saml2/metadata.py + rm src/saml2/metadata.py.ts + read source + head -n1 src/saml2/mdstore.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/mdie.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mdie.py src/saml2/mdie.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mdie.py + touch --ref=src/saml2/mdie.py.ts src/saml2/mdie.py + rm src/saml2/mdie.py.ts + read source + head -n1 src/saml2/mdbcache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mdbcache.py src/saml2/mdbcache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mdbcache.py + touch --ref=src/saml2/mdbcache.py.ts src/saml2/mdbcache.py + rm src/saml2/mdbcache.py.ts + read source + head -n1 src/saml2/md.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/md.py src/saml2/md.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/md.py + touch --ref=src/saml2/md.py.ts src/saml2/md.py + rm src/saml2/md.py.ts + read source + head -n1 src/saml2/mcache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mcache.py src/saml2/mcache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mcache.py + touch --ref=src/saml2/mcache.py.ts src/saml2/mcache.py + rm src/saml2/mcache.py.ts + read source + head -n1 src/saml2/ident.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/httputil.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/httpbase.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/filter.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/extension/sp_type.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/sp_type.py src/saml2/extension/sp_type.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/sp_type.py + touch --ref=src/saml2/extension/sp_type.py.ts src/saml2/extension/sp_type.py + rm src/saml2/extension/sp_type.py.ts + read source + head -n1 src/saml2/extension/shibmd.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/shibmd.py src/saml2/extension/shibmd.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/shibmd.py + touch --ref=src/saml2/extension/shibmd.py.ts src/saml2/extension/shibmd.py + rm src/saml2/extension/shibmd.py.ts + read source + head -n1 src/saml2/extension/requested_attributes.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/requested_attributes.py src/saml2/extension/requested_attributes.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/requested_attributes.py + touch --ref=src/saml2/extension/requested_attributes.py.ts src/saml2/extension/requested_attributes.py + rm src/saml2/extension/requested_attributes.py.ts + read source + head -n1 src/saml2/extension/reqinit.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/reqinit.py src/saml2/extension/reqinit.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/reqinit.py + touch --ref=src/saml2/extension/reqinit.py.ts src/saml2/extension/reqinit.py + rm src/saml2/extension/reqinit.py.ts + read source + head -n1 src/saml2/extension/pefim.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/pefim.py src/saml2/extension/pefim.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/pefim.py + touch --ref=src/saml2/extension/pefim.py.ts src/saml2/extension/pefim.py + rm src/saml2/extension/pefim.py.ts + read source + head -n1 src/saml2/extension/mdui.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdui.py src/saml2/extension/mdui.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdui.py + touch --ref=src/saml2/extension/mdui.py.ts src/saml2/extension/mdui.py + rm src/saml2/extension/mdui.py.ts + read source + head -n1 src/saml2/extension/mdrpi.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdrpi.py src/saml2/extension/mdrpi.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdrpi.py + touch --ref=src/saml2/extension/mdrpi.py.ts src/saml2/extension/mdrpi.py + rm src/saml2/extension/mdrpi.py.ts + read source + head -n1 src/saml2/extension/mdattr.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdattr.py src/saml2/extension/mdattr.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdattr.py + touch --ref=src/saml2/extension/mdattr.py.ts src/saml2/extension/mdattr.py + rm src/saml2/extension/mdattr.py.ts + read source + head -n1 src/saml2/extension/idpdisc.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/idpdisc.py src/saml2/extension/idpdisc.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/idpdisc.py + touch --ref=src/saml2/extension/idpdisc.py.ts src/saml2/extension/idpdisc.py + rm src/saml2/extension/idpdisc.py.ts + read source + head -n1 src/saml2/extension/dri.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/dri.py src/saml2/extension/dri.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/dri.py + touch --ref=src/saml2/extension/dri.py.ts src/saml2/extension/dri.py + rm src/saml2/extension/dri.py.ts + read source + head -n1 src/saml2/extension/algsupport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/algsupport.py src/saml2/extension/algsupport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/algsupport.py + touch --ref=src/saml2/extension/algsupport.py.ts src/saml2/extension/algsupport.py + rm src/saml2/extension/algsupport.py.ts + read source + head -n1 src/saml2/extension/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/eptid.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/swamid.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/refeds.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/incommon.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/edugain.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/at_egov_pvp2.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ecp_client.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ecp_client.py src/saml2/ecp_client.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ecp_client.py + touch --ref=src/saml2/ecp_client.py.ts src/saml2/ecp_client.py + rm src/saml2/ecp_client.py.ts + read source + head -n1 src/saml2/ecp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ecp.py src/saml2/ecp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ecp.py + touch --ref=src/saml2/ecp.py.ts src/saml2/ecp.py + rm src/saml2/ecp.py.ts + read source + head -n1 src/saml2/discovery.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/templates/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/schemas/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/symmetric.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/pki.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/errors.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/asymmetric.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/country_codes.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/country_codes.py src/saml2/country_codes.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/country_codes.py + touch --ref=src/saml2/country_codes.py.ts src/saml2/country_codes.py + rm src/saml2/country_codes.py.ts + read source + head -n1 src/saml2/config.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/client_base.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/client_base.py src/saml2/client_base.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/client_base.py + touch --ref=src/saml2/client_base.py.ts src/saml2/client_base.py + rm src/saml2/client_base.py.ts + read source + head -n1 src/saml2/client.py + grep -F /usr/bin/env # !/usr/bin/env python + touch --ref=src/saml2/client.py src/saml2/client.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/client.py + touch --ref=src/saml2/client.py.ts src/saml2/client.py + rm src/saml2/client.py.ts + read source + head -n1 src/saml2/cert.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/cache.py src/saml2/cache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/cache.py + touch --ref=src/saml2/cache.py.ts src/saml2/cache.py + rm src/saml2/cache.py.ts + read source + head -n1 src/saml2/authn_context/timesync.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/timesync.py src/saml2/authn_context/timesync.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/timesync.py + touch --ref=src/saml2/authn_context/timesync.py.ts src/saml2/authn_context/timesync.py + rm src/saml2/authn_context/timesync.py.ts + read source + head -n1 src/saml2/authn_context/sslcert.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/sslcert.py src/saml2/authn_context/sslcert.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/sslcert.py + touch --ref=src/saml2/authn_context/sslcert.py.ts src/saml2/authn_context/sslcert.py + rm src/saml2/authn_context/sslcert.py.ts + read source + head -n1 src/saml2/authn_context/pword.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/pword.py src/saml2/authn_context/pword.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/pword.py + touch --ref=src/saml2/authn_context/pword.py.ts src/saml2/authn_context/pword.py + rm src/saml2/authn_context/pword.py.ts + read source + head -n1 src/saml2/authn_context/ppt.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/ppt.py src/saml2/authn_context/ppt.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/ppt.py + touch --ref=src/saml2/authn_context/ppt.py.ts src/saml2/authn_context/ppt.py + rm src/saml2/authn_context/ppt.py.ts + read source + head -n1 src/saml2/authn_context/mobiletwofactor.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/mobiletwofactor.py src/saml2/authn_context/mobiletwofactor.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/mobiletwofactor.py + touch --ref=src/saml2/authn_context/mobiletwofactor.py.ts src/saml2/authn_context/mobiletwofactor.py + rm src/saml2/authn_context/mobiletwofactor.py.ts + read source + head -n1 src/saml2/authn_context/ippword.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/ippword.py src/saml2/authn_context/ippword.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/ippword.py + touch --ref=src/saml2/authn_context/ippword.py.ts src/saml2/authn_context/ippword.py + rm src/saml2/authn_context/ippword.py.ts + read source + head -n1 src/saml2/authn_context/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/authn.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/shibboleth_uri.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/saml_uri.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/basic.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/adfs_v20.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/adfs_v1x.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attribute_resolver.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/attribute_resolver.py src/saml2/attribute_resolver.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/attribute_resolver.py + touch --ref=src/saml2/attribute_resolver.py.ts src/saml2/attribute_resolver.py + rm src/saml2/attribute_resolver.py.ts + read source + head -n1 src/saml2/attribute_converter.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/attribute_converter.py src/saml2/attribute_converter.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/attribute_converter.py + touch --ref=src/saml2/attribute_converter.py.ts src/saml2/attribute_converter.py + rm src/saml2/attribute_converter.py.ts + read source + head -n1 src/saml2/assertion.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/assertion.py src/saml2/assertion.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/assertion.py + touch --ref=src/saml2/assertion.py.ts src/saml2/assertion.py + rm src/saml2/assertion.py.ts + read source + head -n1 src/saml2/argtree.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/algsupport.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/__init__.py src/saml2/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/__init__.py + touch --ref=src/saml2/__init__.py.ts src/saml2/__init__.py + rm src/saml2/__init__.py.ts + read source + source=src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py src/saml2/schema/wsdl.py.ts + sed -i '1,3{d;q}' src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py.ts src/saml2/schema/wsdl.py + rm src/saml2/schema/wsdl.py.ts + RPM_EC=0 ++ jobs -p + exit 0 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.D55A2d + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + FEDORA=42 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement not satisfied: poetry_core>=1.0.0 Exiting dependency generation pass: build backend + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-buildrequires + rm -rfv '*.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-9.fc42.buildreqs.nosrc.rpm INFO: Going to install missing dynamic buildrequires Updating and loading repositories: updates 100% | 96.7 KiB/s | 28.7 KiB | 00m00s fedora 100% | 488.7 KiB/s | 29.3 KiB | 00m00s Copr repository 100% | 109.8 KiB/s | 1.5 KiB | 00m00s Copr repository 100% | 54.8 MiB/s | 4.3 MiB | 00m00s Repositories loaded. Package "git-core-2.50.1-1.fc42.x86_64" is already installed. Package "pyproject-rpm-macros-1.18.3-1.fc42.noarch" is already installed. Package "python3-devel-3.13.5-1.fc42.x86_64" is already installed. Package "python3-pymongo-4.13.1-2.fc42.x86_64" is already installed. Package "python3-pytest-8.3.5-5.fc42.noarch" is already installed. Package "python3-responses-0.25.7-2.fc42.noarch" is already installed. Package "python3-sphinx-1:8.1.3-2.fc42.noarch" is already installed. Package "python3-packaging-25.0-3.fc42.noarch" is already installed. Package "xmlsec1-1:1.2.41-2.fc42.x86_64" is already installed. Package "xmlsec1-openssl-1:1.2.41-2.fc42.x86_64" is already installed. Package Arch Version Repository Size Installing: python3-pip noarch 25.1.1-13.fc42 copr_base 11.6 MiB python3-poetry-core noarch 2.1.3-1.fc42 copr_base 1.1 MiB Installing dependencies: python3-fastjsonschema noarch 2.21.1-4.fc42 copr_base 189.2 KiB python3-lark noarch 1.2.2-2.fc42 fedora 1.3 MiB Transaction Summary: Installing: 4 packages Total size of inbound packages is 3 MiB. Need to download 730 KiB. After this operation, 14 MiB extra will be used (install 14 MiB, remove 0 B). [1/4] python3-pip-0:25.1.1-13.fc42.noar 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [2/4] python3-fastjsonschema-0:2.21.1-4 100% | 4.5 MiB/s | 59.4 KiB | 00m00s [3/4] python3-lark-0:1.2.2-2.fc42.noarc 100% | 27.2 MiB/s | 389.4 KiB | 00m00s [4/4] python3-poetry-core-0:2.1.3-1.fc4 100% | 18.3 MiB/s | 281.5 KiB | 00m00s -------------------------------------------------------------------------------- [4/4] Total 100% | 9.1 MiB/s | 730.3 KiB | 00m00s Running transaction [1/6] Verify package files 100% | 333.0 B/s | 4.0 B | 00m00s [2/6] Prepare transaction 100% | 222.0 B/s | 4.0 B | 00m00s [3/6] Installing python3-fastjsonschema 100% | 96.4 MiB/s | 197.4 KiB | 00m00s [4/6] Installing python3-lark-0:1.2.2-2 100% | 219.6 MiB/s | 1.3 MiB | 00m00s [5/6] Installing python3-poetry-core-0: 100% | 116.5 MiB/s | 1.2 MiB | 00m00s [6/6] Installing python3-pip-0:25.1.1-1 100% | 155.6 MiB/s | 11.8 MiB | 00m00s Warning: skipped OpenPGP checks for 3 packages from repository: copr_base Complete! Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1753401600 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.4LAExS + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + FEDORA=42 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 2.1.3) Handling tox-current-env >= 0.0.16 from tox itself Requirement not satisfied: tox-current-env >= 0.0.16 Exiting dependency generation pass: tox itself + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-buildrequires + rm -rfv '*.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-9.fc42.buildreqs.nosrc.rpm INFO: Going to install missing dynamic buildrequires Updating and loading repositories: updates 100% | 108.0 KiB/s | 28.7 KiB | 00m00s fedora 100% | 480.7 KiB/s | 29.3 KiB | 00m00s Copr repository 100% | 85.4 KiB/s | 1.5 KiB | 00m00s Repositories loaded. Package "git-core-2.50.1-1.fc42.x86_64" is already installed. Package "pyproject-rpm-macros-1.18.3-1.fc42.noarch" is already installed. Package "python3-devel-3.13.5-1.fc42.x86_64" is already installed. Package "python3-pymongo-4.13.1-2.fc42.x86_64" is already installed. Package "python3-pytest-8.3.5-5.fc42.noarch" is already installed. Package "python3-responses-0.25.7-2.fc42.noarch" is already installed. Package "python3-sphinx-1:8.1.3-2.fc42.noarch" is already installed. Package "python3-packaging-25.0-3.fc42.noarch" is already installed. Package "python3-pip-25.1.1-13.fc42.noarch" is already installed. Package "python3-poetry-core-2.1.3-1.fc42.noarch" is already installed. Package "xmlsec1-1:1.2.41-2.fc42.x86_64" is already installed. Package "xmlsec1-openssl-1:1.2.41-2.fc42.x86_64" is already installed. Package Arch Version Repository Size Installing: python3-tox-current-env noarch 0.0.16-3.fc42 copr_base 77.7 KiB Installing dependencies: python-setuptools-wheel noarch 78.1.1-6.fc42~bootstrap copr_base 1.1 MiB python3-cachetools noarch 5.5.2-1.fc42 copr_base 133.9 KiB python3-chardet noarch 5.2.0-18.fc42 copr_base 2.1 MiB python3-colorama noarch 0.4.6-10.fc42 fedora 187.6 KiB python3-distlib noarch 0.3.9-4.fc42 copr_base 1.2 MiB python3-filelock noarch 3.15.4-7.fc42 copr_base 89.7 KiB python3-platformdirs noarch 4.2.2-4.fc42 fedora 162.0 KiB python3-pyproject-api noarch 1.9.0-1.fc42 fedora 79.1 KiB python3-virtualenv noarch 20.31.2-4.fc42 copr_base 663.3 KiB tox noarch 4.26.0-2.fc42~bootstrap copr_base 1.2 MiB Transaction Summary: Installing: 11 packages Total size of inbound packages is 2 MiB. Need to download 0 B. After this operation, 7 MiB extra will be used (install 7 MiB, remove 0 B). [ 1/11] python3-tox-current-env-0:0.0.1 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 2/11] tox-0:4.26.0-2.fc42~bootstrap.n 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 3/11] python3-colorama-0:0.4.6-10.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 4/11] python3-pyproject-api-0:1.9.0-1 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 5/11] python3-cachetools-0:5.5.2-1.fc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 6/11] python3-chardet-0:5.2.0-18.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 7/11] python3-filelock-0:3.15.4-7.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 8/11] python3-platformdirs-0:4.2.2-4. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 9/11] python3-virtualenv-0:20.31.2-4. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [10/11] python-setuptools-wheel-0:78.1. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [11/11] python3-distlib-0:0.3.9-4.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [11/11] Total 100% | 0.0 B/s | 0.0 B | 00m00s Running transaction [ 1/13] Verify package files 100% | 1.1 KiB/s | 11.0 B | 00m00s [ 2/13] Prepare transaction 100% | 846.0 B/s | 11.0 B | 00m00s [ 3/13] Installing python3-platformdirs 100% | 82.2 MiB/s | 168.4 KiB | 00m00s [ 4/13] Installing python3-filelock-0:3 100% | 94.3 MiB/s | 96.6 KiB | 00m00s [ 5/13] Installing python3-distlib-0:0. 100% | 390.8 MiB/s | 1.2 MiB | 00m00s [ 6/13] Installing python-setuptools-wh 100% | 573.9 MiB/s | 1.1 MiB | 00m00s [ 7/13] Installing python3-virtualenv-0 100% | 31.1 MiB/s | 733.0 KiB | 00m00s [ 8/13] Installing python3-chardet-0:5. 100% | 104.7 MiB/s | 2.1 MiB | 00m00s [ 9/13] Installing python3-cachetools-0 100% | 134.8 MiB/s | 138.1 KiB | 00m00s [10/13] Installing python3-pyproject-ap 100% | 83.2 MiB/s | 85.2 KiB | 00m00s [11/13] Installing python3-colorama-0:0 100% | 96.4 MiB/s | 197.5 KiB | 00m00s [12/13] Installing tox-0:4.26.0-2.fc42~ 100% | 59.8 MiB/s | 1.3 MiB | 00m00s [13/13] Installing python3-tox-current- 100% | 6.2 MiB/s | 82.2 KiB | 00m00s Warning: skipped OpenPGP checks for 8 packages from repository: copr_base Complete! Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1753401600 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.zm85dF + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + FEDORA=42 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 2.1.3) Handling tox-current-env >= 0.0.16 from tox itself Requirement satisfied: tox-current-env >= 0.0.16 (installed: tox-current-env 0.0.16) py313: OK (0.00 seconds) congratulations :) (0.05 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.26.0) py313: OK (0.00 seconds) congratulations :) (0.05 seconds) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: cryptography (>=3.1) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: defusedxml Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: pyopenssl Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: python-dateutil Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: pytz Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.4) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: xmlschema (>=1.2.1) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/LICENSE' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-9.fc42.buildreqs.nosrc.rpm INFO: Going to install missing dynamic buildrequires Updating and loading repositories: updates 100% | 106.4 KiB/s | 28.7 KiB | 00m00s fedora 100% | 305.4 KiB/s | 29.3 KiB | 00m00s Copr repository 100% | 90.4 KiB/s | 1.5 KiB | 00m00s Repositories loaded. Package "git-core-2.50.1-1.fc42.x86_64" is already installed. Package "pyproject-rpm-macros-1.18.3-1.fc42.noarch" is already installed. Package "python3-devel-3.13.5-1.fc42.x86_64" is already installed. Package "python3-pymongo-4.13.1-2.fc42.x86_64" is already installed. Package "python3-pytest-8.3.5-5.fc42.noarch" is already installed. Package "python3-responses-0.25.7-2.fc42.noarch" is already installed. Package "python3-sphinx-1:8.1.3-2.fc42.noarch" is already installed. Package "python3-packaging-25.0-3.fc42.noarch" is already installed. Package "python3-pip-25.1.1-13.fc42.noarch" is already installed. Package "python3-poetry-core-2.1.3-1.fc42.noarch" is already installed. Package "tox-4.26.0-2.fc42~bootstrap.noarch" is already installed. Package "python3-tox-current-env-0.0.16-3.fc42.noarch" is already installed. Package "xmlsec1-1:1.2.41-2.fc42.x86_64" is already installed. Package "xmlsec1-openssl-1:1.2.41-2.fc42.x86_64" is already installed. Package Arch Version Repository Size Installing: python3-cryptography x86_64 44.0.0-5.fc42 copr_base 5.0 MiB python3-dateutil noarch 1:2.9.0.post0-3.fc42 copr_base 859.4 KiB python3-defusedxml noarch 0.7.1-18.fc42 fedora 196.4 KiB python3-pyOpenSSL noarch 25.1.0-1.fc42 copr_base 690.1 KiB python3-pytz noarch 2025.2-2.fc42 copr_base 205.0 KiB python3-xmlschema noarch 3.4.5-1.fc42 copr_base 3.8 MiB Installing dependencies: python3-cffi x86_64 1.17.1-2.fc42 fedora 1.3 MiB python3-elementpath noarch 4.8.0-3.fc42 copr_base 3.0 MiB python3-ply noarch 3.11-28.fc42 copr_base 565.3 KiB python3-pycparser noarch 2.22-1.fc42 copr_base 897.0 KiB python3-six noarch 1.17.0-4.fc42 copr_base 117.1 KiB Transaction Summary: Installing: 11 packages Total size of inbound packages is 4 MiB. Need to download 4 MiB. After this operation, 17 MiB extra will be used (install 17 MiB, remove 0 B). [ 1/11] python3-defusedxml-0:0.7.1-18.f 100% | 5.2 MiB/s | 58.5 KiB | 00m00s [ 2/11] python3-pyOpenSSL-0:25.1.0-1.fc 100% | 8.9 MiB/s | 118.5 KiB | 00m00s [ 3/11] python3-dateutil-1:2.9.0.post0- 100% | 46.4 MiB/s | 332.6 KiB | 00m00s [ 4/11] python3-pytz-0:2025.2-2.fc42.no 100% | 11.4 MiB/s | 58.2 KiB | 00m00s [ 5/11] python3-cryptography-0:44.0.0-5 100% | 62.7 MiB/s | 1.4 MiB | 00m00s [ 6/11] python3-six-0:1.17.0-4.fc42.noa 100% | 20.6 MiB/s | 42.1 KiB | 00m00s [ 7/11] python3-cffi-0:1.17.1-2.fc42.x8 100% | 60.3 MiB/s | 308.9 KiB | 00m00s [ 8/11] python3-pycparser-0:2.22-1.fc42 100% | 50.7 MiB/s | 155.6 KiB | 00m00s [ 9/11] python3-ply-0:3.11-28.fc42.noar 100% | 32.1 MiB/s | 131.5 KiB | 00m00s [10/11] python3-xmlschema-0:3.4.5-1.fc4 100% | 10.1 MiB/s | 644.0 KiB | 00m00s [11/11] python3-elementpath-0:4.8.0-3.f 100% | 7.6 MiB/s | 585.3 KiB | 00m00s -------------------------------------------------------------------------------- [11/11] Total 100% | 13.9 MiB/s | 3.8 MiB | 00m00s Running transaction [ 1/13] Verify package files 100% | 785.0 B/s | 11.0 B | 00m00s [ 2/13] Prepare transaction 100% | 440.0 B/s | 11.0 B | 00m00s [ 3/13] Installing python3-ply-0:3.11-2 100% | 278.6 MiB/s | 570.5 KiB | 00m00s [ 4/13] Installing python3-pycparser-0: 100% | 295.8 MiB/s | 908.7 KiB | 00m00s [ 5/13] Installing python3-cffi-0:1.17. 100% | 331.3 MiB/s | 1.3 MiB | 00m00s [ 6/13] Installing python3-cryptography 100% | 256.3 MiB/s | 5.1 MiB | 00m00s [ 7/13] Installing python3-six-0:1.17.0 100% | 116.6 MiB/s | 119.4 KiB | 00m00s [ 8/13] Installing python3-elementpath- 100% | 302.8 MiB/s | 3.0 MiB | 00m00s [ 9/13] Installing python3-xmlschema-0: 100% | 155.5 MiB/s | 3.9 MiB | 00m00s [10/13] Installing python3-dateutil-1:2 100% | 284.2 MiB/s | 872.9 KiB | 00m00s [11/13] Installing python3-pyOpenSSL-0: 100% | 339.9 MiB/s | 696.1 KiB | 00m00s [12/13] Installing python3-pytz-0:2025. 100% | 205.4 MiB/s | 210.3 KiB | 00m00s [13/13] Installing python3-defusedxml-0 100% | 15.4 MiB/s | 204.6 KiB | 00m00s Warning: skipped OpenPGP checks for 9 packages from repository: copr_base Complete! Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1753401600 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.MqfDh8 + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + FEDORA=42 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 2.1.3) Handling tox-current-env >= 0.0.16 from tox itself Requirement satisfied: tox-current-env >= 0.0.16 (installed: tox-current-env 0.0.16) py313: OK (0.00 seconds) congratulations :) (0.05 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.26.0) py313: OK (0.00 seconds) congratulations :) (0.05 seconds) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: cryptography (>=3.1) (installed: cryptography 44.0.0) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: defusedxml (installed: defusedxml 0.7.1) Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pyopenssl (installed: pyopenssl 25.1.0) Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: python-dateutil (installed: python-dateutil 2.9.0.post0) Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pytz (installed: pytz 2025.2) Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.4) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: xmlschema (>=1.2.1) (installed: xmlschema 3.4.5) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/LICENSE' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-9.fc42.buildreqs.nosrc.rpm INFO: Going to install missing dynamic buildrequires Updating and loading repositories: updates 100% | 97.4 KiB/s | 28.7 KiB | 00m00s fedora 100% | 380.8 KiB/s | 29.3 KiB | 00m00s Copr repository 100% | 90.4 KiB/s | 1.5 KiB | 00m00s Repositories loaded. Package "git-core-2.50.1-1.fc42.x86_64" is already installed. Package "pyproject-rpm-macros-1.18.3-1.fc42.noarch" is already installed. Package "python3-devel-3.13.5-1.fc42.x86_64" is already installed. Package "python3-pymongo-4.13.1-2.fc42.x86_64" is already installed. Package "python3-pytest-8.3.5-5.fc42.noarch" is already installed. Package "python3-responses-0.25.7-2.fc42.noarch" is already installed. Package "python3-sphinx-1:8.1.3-2.fc42.noarch" is already installed. Package "python3-cryptography-44.0.0-5.fc42.x86_64" is already installed. Package "python3-defusedxml-0.7.1-18.fc42.noarch" is already installed. Package "python3-packaging-25.0-3.fc42.noarch" is already installed. Package "python3-pip-25.1.1-13.fc42.noarch" is already installed. Package "python3-poetry-core-2.1.3-1.fc42.noarch" is already installed. Package "python3-pyOpenSSL-25.1.0-1.fc42.noarch" is already installed. Package "python3-dateutil-1:2.9.0.post0-3.fc42.noarch" is already installed. Package "python3-pytz-2025.2-2.fc42.noarch" is already installed. Package "tox-4.26.0-2.fc42~bootstrap.noarch" is already installed. Package "python3-tox-current-env-0.0.16-3.fc42.noarch" is already installed. Package "python3-xmlschema-3.4.5-1.fc42.noarch" is already installed. Package "xmlsec1-1:1.2.41-2.fc42.x86_64" is already installed. Package "xmlsec1-openssl-1:1.2.41-2.fc42.x86_64" is already installed. Nothing to do. Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1753401600 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.NeykkI + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + FEDORA=42 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 2.1.3) Handling tox-current-env >= 0.0.16 from tox itself Requirement satisfied: tox-current-env >= 0.0.16 (installed: tox-current-env 0.0.16) py313: OK (0.00 seconds) congratulations :) (0.05 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.26.0) py313: OK (0.00 seconds) congratulations :) (0.05 seconds) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: cryptography (>=3.1) (installed: cryptography 44.0.0) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: defusedxml (installed: defusedxml 0.7.1) Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pyopenssl (installed: pyopenssl 25.1.0) Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: python-dateutil (installed: python-dateutil 2.9.0.post0) Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pytz (installed: pytz 2025.2) Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.4) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: xmlschema (>=1.2.1) (installed: xmlschema 3.4.5) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/LICENSE' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.0iyqIj + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib64: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_wheel.py /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir Processing /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2 Preparing metadata (pyproject.toml): started Running command Preparing metadata (pyproject.toml) Preparing metadata (pyproject.toml): finished with status 'done' Building wheels for collected packages: pysaml2 Building wheel for pysaml2 (pyproject.toml): started Running command Building wheel for pysaml2 (pyproject.toml) Building wheel for pysaml2 (pyproject.toml): finished with status 'done' Created wheel for pysaml2: filename=pysaml2-7.4.2-py3-none-any.whl size=417772 sha256=2b0838bbf67706c7296af27d99f360d07ccb738ad6a24e44a3d69e163b056424 Stored in directory: /builddir/.cache/pip/wheels/01/b9/eb/75f72f6a4448fdc07c5ffc8f00ad2896051c69eedccbfbb041 Successfully built pysaml2 + RPM_EC=0 ++ jobs -p + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.EpyhX8 + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + '[' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT '!=' / ']' + rm -rf /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT ++ dirname /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build + mkdir /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib64: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 ++ ls /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir/pysaml2-7.4.2-py3-none-any.whl ++ xargs basename --multiple ++ sed -E 's/([^-]+)-([^-]+)-.+\.whl/\1==\2/' + specifier=pysaml2==7.4.2 + '[' -z pysaml2==7.4.2 ']' + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + /usr/bin/python3 -m pip install --root /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --prefix /usr --no-deps --disable-pip-version-check --progress-bar off --verbose --ignore-installed --no-warn-script-location --no-index --no-cache-dir --find-links /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir pysaml2==7.4.2 Using pip 25.1.1 from /usr/lib/python3.13/site-packages/pip (python 3.13) Looking in links: /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir Processing ./pyproject-wheeldir/pysaml2-7.4.2-py3-none-any.whl Installing collected packages: pysaml2 Creating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2 to 755 Successfully installed pysaml2-7.4.2 + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin ']' + '[' -z sP ']' + shebang_flags=-kasP + /usr/bin/python3 -B /usr/lib/rpm/redhat/pathfix.py -pni /usr/bin/python3 -kasP /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2: updating + rm -rfv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/__pycache__ + rm -f /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-ghost-distinfo + site_dirs=() + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages ']' + site_dirs+=("/usr/lib/python3.13/site-packages") + '[' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages '!=' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages ']' + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages ']' + for site_dir in ${site_dirs[@]} + for distinfo in /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT$site_dir/*.dist-info + echo '%ghost /usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info' + sed -i s/pip/rpm/ /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/INSTALLER + PYTHONPATH=/usr/lib/rpm/redhat + /usr/bin/python3 -B /usr/lib/rpm/redhat/pyproject_preprocess_record.py --buildroot /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --record /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-record + rm -fv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD removed '/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD' + rm -fv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/REQUESTED removed '/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/REQUESTED' ++ wc -l /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-ghost-distinfo ++ cut -f1 '-d ' + lines=1 + '[' 1 -ne 1 ']' + RPM_FILES_ESCAPE=4.19 + /usr/bin/python3 /usr/lib/rpm/redhat/pyproject_save_files.py --output-files /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-files --output-modules /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-modules --buildroot /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --sitelib /usr/lib/python3.13/site-packages --sitearch /usr/lib64/python3.13/site-packages --python-version 3.13 --pyproject-record /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-9.fc42.x86_64-pyproject-record --prefix /usr saml2 saml2test + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s parse_xsd2 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/parse_xsd2.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s make_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/make_metadata.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s mdexport /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/mdexport.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s merge_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/merge_metadata.py + sed -i /alabaster/d docs/conf.py + export PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/lib/python3.13/site-packages + PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/lib/python3.13/site-packages + sphinx-build-3 docs html Running Sphinx v8.1.3 loading translations [en]... done making output directory... done Converting `source_suffix = '.rst'` to `source_suffix = {'.rst': 'restructuredtext'}`. building [mo]: targets for 0 po files that are out of date writing output... building [html]: targets for 8 source files that are out of date updating environment: [new config] 8 added, 0 changed, 0 removed reading sources... [ 12%] examples/idp reading sources... [ 25%] examples/index reading sources... [ 38%] examples/sp reading sources... [ 50%] howto/config reading sources... [ 62%] howto/index reading sources... [ 75%] index reading sources... [ 88%] install reading sources... [100%] sp_test/internal looking for now-outdated files... none found pickling environment... done checking consistency... done preparing documents... done copying assets... copying static files... Writing evaluated template result to /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/html/_static/language_data.js Writing evaluated template result to /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/html/_static/documentation_options.js Writing evaluated template result to /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/html/_static/basic.css Writing evaluated template result to /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/html/_static/alabaster.css copying static files: done copying extra files... copying extra files: done copying assets: done writing output... [ 12%] examples/idp writing output... [ 25%] examples/index writing output... [ 38%] examples/sp writing output... [ 50%] howto/config writing output... [ 62%] howto/index writing output... [ 75%] index writing output... [ 88%] install writing output... [100%] sp_test/internal generating indices... genindex done writing additional pages... search done dumping search index in English (code: en)... done dumping object inventory... done build succeeded. The HTML pages are in html. + rm -rf html/.doctrees html/.buildinfo + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-ldconfig + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump + /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/check-rpaths + /usr/lib/rpm/redhat/brp-mangle-shebangs mangling shebang in /usr/lib/python3.13/site-packages/saml2/tools/update_metadata.sh from /bin/sh to #!/usr/bin/sh *** WARNING: ./usr/lib/python3.13/site-packages/saml2/authn_context/timesync.py is executable but has no shebang, removing executable bit + /usr/lib/rpm/brp-remove-la-files + env /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0 -j4 Bytecompiling .py files below /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13 using python3.13 + /usr/lib/rpm/redhat/brp-python-hardlink + /usr/bin/add-determinism --brp -j4 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/status.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/tool.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/opfunc.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/interaction.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/check.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/time_util.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/check.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/virtual_org.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/soap.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/version.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/validate.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/sdb.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/server.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/s_utils.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/samlp.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/sigver.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/metadata.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/saml.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/request.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/population.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/pack.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/response.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mcache.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ident.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdie.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mongo_store.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/httputil.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/md.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdbcache.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/filter.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/httpbase.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/cert.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/client.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdstore.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/eptid.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ecp_client.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/discovery.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ecp.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/cache.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/country_codes.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/attribute_resolver.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/entity.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/argtree.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/config.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/algsupport.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/client_base.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/authn.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/assertion.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/attribute_converter.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xml/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xml/schema/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wsutil.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xmlenc/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wssec.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wspol.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/userinfo/__pycache__/ldapinfo.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/userinfo/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/sync_attrmaps.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wsaddr.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/sync_attrmaps.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/verify_metadata.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/merge_metadata.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdimport.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdexport_test.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdexport.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/make_metadata.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/make_metadata.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xmldsig/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/soapenv.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wstrust.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/wsdl.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/challenge_decider.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/ini.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/soap.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/formswithhidden.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/samlec.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/entitlement.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/paos.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/ecp.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/requested_attributes.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/reqinit.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/pefim.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/sp_type.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/shibmd.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/sp.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdattr.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/idpdisc.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdui.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdrpi.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/swamid.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/algsupport.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/refeds.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/incommon.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/edugain.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/at_egov_pvp2.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/templates/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/schemas/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/pki.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/errors.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/dri.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/asymmetric.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/symmetric.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/parse_xsd2.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/pword.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/sslcert.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/ppt.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/timesync.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/saml_uri.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/basic.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/adfs_v20.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/adfs_v1x.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/shibboleth_uri.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/mobiletwofactor.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/ippword.cpython-313.opt-1.pyc: rewriting with normalized contents Scanned 49 directories and 434 files, processed 127 inodes, 127 modified (6 replaced + 121 rewritten), 0 unsupported format, 0 errors Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.YOMX1h + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib64: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' + PATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin + PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages:/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages + PYTHONDONTWRITEBYTECODE=1 + PYTEST_ADDOPTS=' --ignore=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir' + PYTEST_XDIST_AUTO_NUM_WORKERS=4 + /usr/bin/pytest ============================= test session starts ============================== platform linux -- Python 3.13.5, pytest-8.3.5, pluggy-1.6.0 -- /usr/bin/python3 cachedir: .pytest_cache rootdir: /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2 configfile: pyproject.toml testpaths: tests collecting ... collected 785 items tests/test_00_xmldsig.py::TestObject::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestObject::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestMgmtData::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestMgmtData::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKISexp::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKISexp::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKIData::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKIData::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestPGPData::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestPGPData::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestX509IssuerSerial::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestX509IssuerSerial::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestX509Data::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestX509Data::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestTransform::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestTransform::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestTransforms::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestTransforms::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestRetrievalMethod::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestRetrievalMethod::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestRSAKeyValue::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestRSAKeyValue::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestDSAKeyValue::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestDSAKeyValue::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyValue::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyValue::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyName::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyName::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyInfo::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyInfo::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestDigestValue::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestDigestValue::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestDigestMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestDigestMethod::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestReference::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestReference::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestSignatureMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestSignatureMethod::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestCanonicalizationMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestCanonicalizationMethod::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignedInfo::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignedInfo::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignatureValue::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignatureValue::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignature::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignature::testUsingTestData PASSED [ 5%] tests/test_01_xmlenc.py::test_1 PASSED [ 5%] tests/test_01_xmlenc.py::test_2 PASSED [ 6%] tests/test_01_xmlenc.py::test_3 PASSED [ 6%] tests/test_01_xmlenc.py::test_4 PASSED [ 6%] tests/test_01_xmlenc.py::test_5 PASSED [ 6%] tests/test_01_xmlenc.py::test_6 PASSED [ 6%] tests/test_02_saml.py::TestExtensionElement::test_loadd PASSED [ 6%] tests/test_02_saml.py::TestExtensionElement::test_find_children PASSED [ 6%] tests/test_02_saml.py::TestExtensionContainer::test_find_extensions PASSED [ 7%] tests/test_02_saml.py::TestExtensionContainer::test_add_extension_elements PASSED [ 7%] tests/test_02_saml.py::TestExtensionContainer::test_add_extension_attribute PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_dict PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_str PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_multi_dict PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_to_string_nspair PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_set_text_empty PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_set_text_value PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_text_update_same_type PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_text_cannot_change_value_type PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_xs_type_anytype_unchanged_value PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_xs_type_date PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_treat_invalid_types_as_string PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_div PASSED [ 8%] tests/test_02_saml.py::TestNameID::testEmptyExtensionsList PASSED [ 8%] tests/test_02_saml.py::TestNameID::testFormatAttribute PASSED [ 9%] tests/test_02_saml.py::TestNameID::testNameIDText PASSED [ 9%] tests/test_02_saml.py::TestNameID::testSPProvidedID PASSED [ 9%] tests/test_02_saml.py::TestNameID::testEmptyNameIDToAndFromStringMatch PASSED [ 9%] tests/test_02_saml.py::TestNameID::testNameIDToAndFromStringMatch PASSED [ 9%] tests/test_02_saml.py::TestNameID::testExtensionAttributes PASSED [ 9%] tests/test_02_saml.py::TestNameID::testname_id_from_string PASSED [ 9%] tests/test_02_saml.py::TestIssuer::testIssuerToAndFromString PASSED [ 9%] tests/test_02_saml.py::TestIssuer::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestSubjectLocality::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestSubjectLocality::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextClassRef::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextClassRef::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDeclRef::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDeclRef::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDecl::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDecl::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthenticatingAuthority::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthenticatingAuthority::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthnContext::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthnContext::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthnStatement::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthnStatement::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAttributeValue::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAttributeValue::testUsingTestData PASSED [ 12%] tests/test_02_saml.py::TestAttribute::testAccessors PASSED [ 12%] tests/test_02_saml.py::TestAttribute::testUsingTestData PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_str PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_int PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_base64 PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_boolean_true PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_boolean_false PASSED [ 12%] tests/test_02_saml.py::TestAttributeStatement::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestAttributeStatement::testUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmationData::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmationData::testUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testBearerUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testHolderOfKeyUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubject::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestSubject::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestCondition::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestCondition::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestAudience::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestAudience::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestAudienceRestriction::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestAudienceRestriction::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestOneTimeUse::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestOneTimeUse::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestProxyRestriction::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestProxyRestriction::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestConditions::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestConditions::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestAssertionIDRef::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestAssertionIDRef::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestAssertionURIRef::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAssertionURIRef::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAction::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAction::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestEvidence::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestEvidence::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAuthzDecisionStatement::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAuthzDecisionStatement::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAdvice::testAccessors PASSED [ 17%] tests/test_02_saml.py::TestAdvice::testUsingTestData PASSED [ 17%] tests/test_02_saml.py::TestAssertion::testAccessors PASSED [ 17%] tests/test_02_saml.py::TestAssertion::testUsingTestData PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_nameid PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_issuer PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_locality PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_confirmation_data PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_confirmation PASSED [ 18%] tests/test_03_saml2.py::test_create_class_from_xml_string_wrong_class_spec PASSED [ 18%] tests/test_03_saml2.py::test_create_class_from_xml_string_xxe PASSED [ 18%] tests/test_03_saml2.py::test_ee_1 PASSED [ 18%] tests/test_03_saml2.py::test_ee_2 PASSED [ 18%] tests/test_03_saml2.py::test_ee_3 PASSED [ 18%] tests/test_03_saml2.py::test_ee_4 PASSED [ 18%] tests/test_03_saml2.py::test_ee_5 PASSED [ 18%] tests/test_03_saml2.py::test_ee_6 PASSED [ 19%] tests/test_03_saml2.py::test_nameid_with_extension PASSED [ 19%] tests/test_03_saml2.py::test_subject_confirmation_with_extension PASSED [ 19%] tests/test_03_saml2.py::test_to_fro_string_1 PASSED [ 19%] tests/test_03_saml2.py::test_make_vals_str PASSED [ 19%] tests/test_03_saml2.py::test_make_vals_list_of_strs PASSED [ 19%] tests/test_03_saml2.py::test_attribute_element_to_extension_element PASSED [ 19%] tests/test_03_saml2.py::test_ee_7 PASSED [ 20%] tests/test_03_saml2.py::test_ee_xxe PASSED [ 20%] tests/test_03_saml2.py::test_extension_element_loadd PASSED [ 20%] tests/test_03_saml2.py::test_extensions_loadd PASSED [ 20%] tests/test_04_samlp.py::TestStatusDetail::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusMessage::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusCode::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusCode::testUsingTestData PASSED [ 20%] tests/test_04_samlp.py::TestStatus::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestStatus::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestResponse::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestResponse::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestNameIDPolicy::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestNameIDPolicy::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestIDPEntry::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestIDPEntry::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestIDPList::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestIDPList::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestScoping::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestScoping::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestRequestedAuthnContext::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestRequestedAuthnContext::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestAuthnRequest::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestAuthnRequest::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestLogoutRequest::testAccessors PASSED [ 23%] tests/test_04_samlp.py::TestLogoutRequest::testUsingTestData PASSED [ 23%] tests/test_04_samlp.py::TestLogoutResponse::testAccessors PASSED [ 23%] tests/test_04_samlp.py::TestLogoutResponse::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestEndpointType::testAccessors PASSED [ 23%] tests/test_05_md.py::TestEndpointType::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestIndexedEndpointType::testAccessors PASSED [ 23%] tests/test_05_md.py::TestIndexedEndpointType::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestExtensions::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationName::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationName::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganizationDisplayName::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationDisplayName::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganizationURL::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationURL::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganization::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganization::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestContactPerson::testAccessors PASSED [ 25%] tests/test_05_md.py::TestContactPerson::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestAdditionalMetadataLocation::testAccessors PASSED [ 25%] tests/test_05_md.py::TestAdditionalMetadataLocation::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestEncryptionMethod::testAccessors PASSED [ 25%] tests/test_05_md.py::TestEncryptionMethod::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestKeyDescriptor::testAccessors PASSED [ 25%] tests/test_05_md.py::TestKeyDescriptor::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestRoleDescriptor::testAccessors PASSED [ 26%] tests/test_05_md.py::TestRoleDescriptor::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestArtifactResolutionService::testAccessors PASSED [ 26%] tests/test_05_md.py::TestArtifactResolutionService::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestSingleLogout::testAccessors PASSED [ 26%] tests/test_05_md.py::TestSingleLogout::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestManageNameIDService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestManageNameIDService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestNameIDFormat::testAccessors PASSED [ 27%] tests/test_05_md.py::TestNameIDFormat::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestSingleSignOnService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestSingleSignOnService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestNameIDMappingService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestNameIDMappingService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestAssertionIDRequestService::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAssertionIDRequestService::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestAttributeProfile::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAttributeProfile::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testAccessors PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testUsingScope PASSED [ 28%] tests/test_05_md.py::TestAssertionConsumerService::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAssertionConsumerService::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestRequestedAttribute::testAccessors PASSED [ 29%] tests/test_05_md.py::TestRequestedAttribute::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestServiceName::testAccessors PASSED [ 29%] tests/test_05_md.py::TestServiceName::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestServiceDescription::testAccessors PASSED [ 29%] tests/test_05_md.py::TestServiceDescription::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestAttributeConsumingService::testAccessors PASSED [ 29%] tests/test_05_md.py::TestAttributeConsumingService::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestSPSSODescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestSPSSODescriptor::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestEntityDescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestEntityDescriptor::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestEntitiesDescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestEntitiesDescriptor::testUsingTestData PASSED [ 30%] tests/test_06_setarg.py::test_path PASSED [ 30%] tests/test_06_setarg.py::test_set_arg PASSED [ 31%] tests/test_06_setarg.py::test_multi PASSED [ 31%] tests/test_06_setarg.py::test_is_set PASSED [ 31%] tests/test_10_time_util.py::test_f_quotient PASSED [ 31%] tests/test_10_time_util.py::test_modulo PASSED [ 31%] tests/test_10_time_util.py::test_f_quotient_2 PASSED [ 31%] tests/test_10_time_util.py::test_modulo_2 PASSED [ 31%] tests/test_10_time_util.py::test_parse_duration PASSED [ 31%] tests/test_10_time_util.py::test_parse_duration2 PASSED [ 32%] tests/test_10_time_util.py::test_parse_duration_n PASSED [ 32%] tests/test_10_time_util.py::test_add_duration_1 PASSED [ 32%] tests/test_10_time_util.py::test_add_duration_2 PASSED [ 32%] tests/test_10_time_util.py::test_str_to_time PASSED [ 32%] tests/test_10_time_util.py::test_instant PASSED [ 32%] tests/test_10_time_util.py::test_valid PASSED [ 32%] tests/test_10_time_util.py::test_timeout PASSED [ 32%] tests/test_10_time_util.py::test_before PASSED [ 33%] tests/test_10_time_util.py::test_after PASSED [ 33%] tests/test_10_time_util.py::test_not_before PASSED [ 33%] tests/test_10_time_util.py::test_not_on_or_after PASSED [ 33%] tests/test_12_s_utils.py::test_inflate_then_deflate PASSED [ 33%] tests/test_12_s_utils.py::test_status_success PASSED [ 33%] tests/test_12_s_utils.py::test_error_status PASSED [ 33%] tests/test_12_s_utils.py::test_status_from_exception PASSED [ 34%] tests/test_12_s_utils.py::test_status_from_tuple PASSED [ 34%] tests/test_12_s_utils.py::test_status_from_tuple_empty_message PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_sn PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_age PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_onoff PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_base64 PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_statement PASSED [ 34%] tests/test_12_s_utils.py::test_audience PASSED [ 35%] tests/test_12_s_utils.py::test_conditions PASSED [ 35%] tests/test_12_s_utils.py::test_value_1 PASSED [ 35%] tests/test_12_s_utils.py::test_value_2 PASSED [ 35%] tests/test_12_s_utils.py::test_value_3 PASSED [ 35%] tests/test_12_s_utils.py::test_value_4 PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement_0 PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement_multi PASSED [ 36%] tests/test_12_s_utils.py::test_subject PASSED [ 36%] tests/test_12_s_utils.py::test_parse_attribute_map PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_0 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_1 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_2 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_3 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_4 PASSED [ 36%] tests/test_12_s_utils.py::test_nameformat_email PASSED [ 37%] tests/test_12_s_utils.py::test_attribute PASSED [ 37%] tests/test_12_s_utils.py::test_attribute_statement_2 PASSED [ 37%] tests/test_12_s_utils.py::test_subject_confirmation_data PASSED [ 37%] tests/test_12_s_utils.py::test_subject_confirmation PASSED [ 37%] tests/test_12_s_utils.py::test_authn_context_class_ref PASSED [ 37%] tests/test_12_s_utils.py::test_authn_context PASSED [ 37%] tests/test_12_s_utils.py::test_authn_statement PASSED [ 37%] tests/test_12_s_utils.py::test_signature PASSED [ 38%] tests/test_12_s_utils.py::test_complex_factory PASSED [ 38%] tests/test_13_validate.py::test_duration PASSED [ 38%] tests/test_13_validate.py::test_unsigned_short PASSED [ 38%] tests/test_13_validate.py::test_valid_non_negative_integer PASSED [ 38%] tests/test_13_validate.py::test_valid_string PASSED [ 38%] tests/test_13_validate.py::test_valid_anyuri PASSED [ 38%] tests/test_13_validate.py::test_valid_instance PASSED [ 38%] tests/test_13_validate.py::test_valid_anytype PASSED [ 39%] tests/test_13_validate.py::test_valid_address PASSED [ 39%] tests/test_19_attribute_converter.py::test_default PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_setup PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_ava_fro_1 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_ava_fro_2 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_to_attrstat_1 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_to_attrstat_2 PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name_from_unspecified PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name_from_basic PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_and_for PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_unspecified_name_format PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_mixed_attributes_1 PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_only_from_defined PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_only_to_defined PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_no_mapping_defined PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_from_local_nest_eduPersonTargetedID_in_NameID PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_from_local_eduPersonTargetedID_with_qualifiers PASSED [ 41%] tests/test_19_attribute_converter.py::test_noop_attribute_conversion PASSED [ 41%] tests/test_19_attribute_converter.py::TestSchac::test PASSED [ 41%] tests/test_19_attribute_converter.py::TestEIDAS::test PASSED [ 41%] tests/test_20_assertion.py::test_filter_on_attributes_0 PASSED [ 41%] tests/test_20_assertion.py::test_filter_on_attributes_1 PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_2 PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_without_friendly_name PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_required_attribute PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_optional_attribute PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_name_format PASSED [ 42%] tests/test_20_assertion.py::test_lifetime_1 PASSED [ 42%] tests/test_20_assertion.py::test_lifetime_2 PASSED [ 42%] tests/test_20_assertion.py::test_ava_filter_1 PASSED [ 43%] tests/test_20_assertion.py::test_ava_filter_2 PASSED [ 43%] tests/test_20_assertion.py::test_ava_filter_dont_fail PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_0 PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_1 PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_2 PASSED [ 43%] tests/test_20_assertion.py::test_assertion_1 PASSED [ 43%] tests/test_20_assertion.py::test_assertion_2 PASSED [ 43%] tests/test_20_assertion.py::test_filter_values_req_2 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_3 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_4 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_5 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_6 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_0 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_1 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_2 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_4 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_0 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_1 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_2 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_3 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_4 PASSED [ 45%] tests/test_20_assertion.py::test_req_opt PASSED [ 45%] tests/test_20_assertion.py::test_filter_on_wire_representation_1 PASSED [ 45%] tests/test_20_assertion.py::test_filter_on_wire_representation_2 PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_noop_attribute_conv PASSED [ 46%] tests/test_20_assertion.py::test_filter_ava_5 PASSED [ 46%] tests/test_20_assertion.py::test_filter_ava_registration_authority_1 PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_zero_attributes PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_authn_instant PASSED [ 46%] tests/test_20_assertion.py::test_attribute_producer_should_default_to_uri PASSED [ 46%] tests/test_20_assertion.py::test_attribute_consumer_should_default_to_unspecified PASSED [ 47%] tests/test_22_mdie.py::test_construct_contact PASSED [ 47%] tests/test_30_mdstore.py::test_invalid_metadata PASSED [ 47%] tests/test_30_mdstore.py::test_empty_metadata PASSED [ 47%] tests/test_30_mdstore.py::test_swami_1 PASSED [ 47%] tests/test_30_mdstore.py::test_incommon_1 PASSED [ 47%] tests/test_30_mdstore.py::test_ext_2 PASSED [ 47%] tests/test_30_mdstore.py::test_example PASSED [ 47%] tests/test_30_mdstore.py::test_switch_1 PASSED [ 48%] tests/test_30_mdstore.py::test_metadata_file PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_service PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_service_request_timeout PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_single_sign_on_service PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_metadata_freshness_period_not_expired PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_metadata_freshness_period_expired PASSED [ 48%] tests/test_30_mdstore.py::test_load_local_dir PASSED [ 48%] tests/test_30_mdstore.py::test_load_extern_incommon PASSED [ 49%] tests/test_30_mdstore.py::test_load_local PASSED [ 49%] tests/test_30_mdstore.py::test_load_remote_encoding PASSED [ 49%] tests/test_30_mdstore.py::test_load_string PASSED [ 49%] tests/test_30_mdstore.py::test_get_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_unnamed_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_named_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_certs_from_metadata_without_keydescriptor PASSED [ 49%] tests/test_30_mdstore.py::test_metadata_extension_algsupport PASSED [ 50%] tests/test_30_mdstore.py::test_supported_algorithms PASSED [ 50%] tests/test_30_mdstore.py::test_registration_info PASSED [ 50%] tests/test_30_mdstore.py::test_registration_info_no_policy PASSED [ 50%] tests/test_30_mdstore.py::test_subject_id_requirement PASSED [ 50%] tests/test_30_mdstore.py::test_extension PASSED [ 50%] tests/test_30_mdstore.py::test_shibmd_scope_no_regex_no_descriptor_type PASSED [ 50%] tests/test_30_mdstore.py::test_shibmd_scope_no_regex_all_descriptors PASSED [ 50%] tests/test_30_mdstore_old.py::test_swami_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_incommon_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_ext_2 PASSED [ 51%] tests/test_30_mdstore_old.py::test_example PASSED [ 51%] tests/test_30_mdstore_old.py::test_switch_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_metadata_file PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_local_dir PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_external PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_string PASSED [ 52%] tests/test_31_config.py::test_1 PASSED [ 52%] tests/test_31_config.py::test_2 PASSED [ 52%] tests/test_31_config.py::test_minimum PASSED [ 52%] tests/test_31_config.py::test_idp_1 PASSED [ 52%] tests/test_31_config.py::test_idp_2 PASSED [ 52%] tests/test_31_config.py::test_wayf PASSED [ 52%] tests/test_31_config.py::test_conf_syslog PASSED [ 52%] tests/test_31_config.py::test_3 PASSED [ 53%] tests/test_31_config.py::test_sp PASSED [ 53%] tests/test_31_config.py::test_dual PASSED [ 53%] tests/test_31_config.py::test_ecp PASSED [ 53%] tests/test_31_config.py::test_assertion_consumer_service PASSED [ 53%] tests/test_31_config.py::test_crypto_backend PASSED [ 53%] tests/test_31_config.py::test_unset_force_authn PASSED [ 53%] tests/test_31_config.py::test_set_force_authn PASSED [ 54%] tests/test_32_cache.py::TestClass::test_set PASSED [ 54%] tests/test_32_cache.py::TestClass::test_add_ava_info PASSED [ 54%] tests/test_32_cache.py::TestClass::test_from_one_target_source PASSED [ 54%] tests/test_32_cache.py::TestClass::test_entities PASSED [ 54%] tests/test_32_cache.py::TestClass::test_remove_info PASSED [ 54%] tests/test_32_cache.py::TestClass::test_active PASSED [ 54%] tests/test_32_cache.py::TestClass::test_subjects PASSED [ 54%] tests/test_32_cache.py::TestClass::test_second_subject PASSED [ 55%] tests/test_32_cache.py::TestClass::test_receivers PASSED [ 55%] tests/test_32_cache.py::TestClass::test_timeout PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_2 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_transient_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_vo_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_vo_2 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_nameid PASSED [ 56%] tests/test_33_identifier.py::TestIdentifier::test_transient_nameid PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_add_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_extend_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_add_another_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_modify_person PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_set_get_1 PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_set_get_2 PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_remove PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_subjects PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_identity PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_remove_2 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava2 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava3 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava4 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava5 PASSED [ 58%] tests/test_37_entity_categories.py::test_idp_policy_filter PASSED [ 58%] tests/test_37_entity_categories.py::test_entity_category_import_from_path PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_required_attributes_with_no_friendly_name PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_esi_coco PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_anonymous_access SKIPPED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_pseudonymous_access SKIPPED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_personalized_access SKIPPED [ 58%] tests/test_38_metadata_filter.py::test_swamid_sp PASSED [ 59%] tests/test_38_metadata_filter.py::test_swamid_idp PASSED [ 59%] tests/test_39_metadata.py::test_requested_attribute_name_format PASSED [ 59%] tests/test_39_metadata.py::test_signed_metadata_proper_str_bytes_handling FAILED [ 59%] tests/test_39_metadata.py::test_cert_trailing_newlines_ignored PASSED [ 59%] tests/test_39_metadata.py::test_invalid_cert_raises_error PASSED [ 59%] tests/test_40_sigver.py::test_cert_from_instance_1 PASSED [ 59%] tests/test_40_sigver.py::test_cert_from_instance_ssp SKIPPED (pyasn1 is not installed) [ 60%] tests/test_40_sigver.py::TestSecurity::test_verify_1 PASSED [ 60%] tests/test_40_sigver.py::TestSecurity::test_non_verify_1 PASSED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_assertion FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_assertion FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_response FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_response FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_response_2 FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_verify FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_sign_verify_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_sign_verify_assertion_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_exception_sign_verify_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_verify_1 PASSED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_non_verify_1 PASSED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_assertion FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_assertion FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_response FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response_2 FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_assertion_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_exception_sign_verify_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::test_xbox FAILED [ 62%] tests/test_40_sigver.py::test_xbox_non_ascii_ava FAILED [ 63%] tests/test_40_sigver.py::test_okta PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_err PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_err_non_ascii_ava PASSED [ 63%] tests/test_40_sigver.py::test_sha256_signing PASSED [ 63%] tests/test_40_sigver.py::test_sha256_signing_non_ascii_ava PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_output_line_parsing PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_v1_3_x_output_line_parsing PASSED [ 63%] tests/test_40_sigver.py::test_cert_trailing_newlines_ignored PASSED [ 64%] tests/test_40_sigver.py::test_invalid_cert_raises_error PASSED [ 64%] tests/test_40_sigver.py::test_der_certificate_loading PASSED [ 64%] tests/test_41_response.py::TestResponse::test_1 ERROR [ 64%] tests/test_41_response.py::TestResponse::test_2 ERROR [ 64%] tests/test_41_response.py::TestResponse::test_issuer_none ERROR [ 64%] tests/test_41_response.py::TestResponse::test_false_sign ERROR [ 64%] tests/test_41_response.py::TestResponse::test_other_response ERROR [ 64%] tests/test_42_enc.py::test_pre_enc_key_format PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_pregenerated_key PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_generated_key PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_named_key PASSED [ 65%] tests/test_42_enc.py::test_reshuffle_response PASSED [ 65%] tests/test_42_enc.py::test_enc1 PASSED [ 65%] tests/test_42_enc.py::test_enc2 PASSED [ 65%] tests/test_43_soap.py::test_parse_soap_envelope PASSED [ 65%] tests/test_43_soap.py::test_make_soap_envelope PASSED [ 66%] tests/test_43_soap.py::test_parse_soap_enveloped_saml_thingy_xxe PASSED [ 66%] tests/test_43_soap.py::test_class_instances_from_soap_enveloped_saml_thingies_xxe PASSED [ 66%] tests/test_43_soap.py::test_open_soap_envelope_xxe PASSED [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_1 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_signed_1 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_parse_2 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_w_authn ERROR [ 67%] tests/test_44_authnresp.py::TestAuthnResponse::test_unpack_nested_eptid ERROR [ 67%] tests/test_44_authnresp.py::TestAuthnResponse::test_multiple_attribute_statement ERROR [ 67%] tests/test_50_server.py::TestServer1::test_issuer PASSED [ 67%] tests/test_50_server.py::TestServer1::test_assertion PASSED [ 67%] tests/test_50_server.py::TestServer1::test_response PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_faulty_request PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_faulty_request_to_err_status PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_ok_request PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_with_identity PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_without_identity PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_specific_instant PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_failure_response PASSED [ 68%] tests/test_50_server.py::TestServer1::test_authn_response_0 PASSED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response FAILED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response_1 FAILED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response_2 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_signed_response_3 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_1 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_2 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_3 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_4 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_1 PASSED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_2 PASSED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_3 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_4 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_5 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_6 FAILED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_7 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_8 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_9 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_slo_http_post PASSED [ 70%] tests/test_50_server.py::TestServer1::test_slo_soap PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_issuer PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_assertion PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_response PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_faulty_request PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_faulty_request_to_err_status PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_ok_request PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_with_identity PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_without_identity PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_specific_instant PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_failure_response PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_authn_response_0 PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_1 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_2 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_3 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_1 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_2 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_3 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_4 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_1 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_2 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_3 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_4 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_5 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 FAILED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_7 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_8 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_9 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_http_post PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_soap PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_soap_signed PASSED [ 75%] tests/test_50_server.py::TestServer2::test_do_attribute_reponse PASSED [ 75%] tests/test_50_server.py::TestServerLogout::test_1 PASSED [ 75%] tests/test_50_server.py::TestServerLogout::test_2 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query1 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query2 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query_3 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_auth_request_0 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_auth_request_requested_attributes PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_unset_force_authn_by_default PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_not_true_or_1 PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_true PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_1 PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_nameid_policy_allow_create PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_vo PASSED [ 76%] tests/test_51_client.py::TestClient::test_sign_auth_request_0 FAILED [ 76%] tests/test_51_client.py::TestClient::test_logout_response FAILED [ 77%] tests/test_51_client.py::TestClient::test_create_logout_request PASSED [ 77%] tests/test_51_client.py::TestClient::test_response_1 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_2 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_3 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_4 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_5 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_6 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_7 FAILED [ 78%] tests/test_51_client.py::TestClient::test_response_8 FAILED [ 78%] tests/test_51_client.py::TestClient::test_response_no_name_id PASSED [ 78%] tests/test_51_client.py::TestClient::test_init_values PASSED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 FAILED [ 78%] tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect FAILED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_passes_if_needs_signed_requests PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_received_unsigned PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_sigalg_not_matches PASSED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_signed_redirect FAILED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid FAILED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_post FAILED [ 80%] tests/test_51_client.py::TestClient::test_do_logout_redirect_no_cache PASSED [ 80%] tests/test_51_client.py::TestClient::test_do_logout_session_expired FAILED [ 80%] tests/test_51_client.py::TestClient::test_signature_wants FAILED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query1 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query2 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query_3 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_0 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_unset_force_authn PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_set_force_authn PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_nameid_policy_allow_create PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_vo PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_logout_request PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_no_name_id PASSED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status PASSED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status_non_standard_status_code PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_init_values PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_signed_redirect PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post FAILED [ 84%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired FAILED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_authn PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_negotiated_authn PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_attribute_query PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_logout_1 PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_post_sso PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_negotiated_post_sso PASSED [ 84%] tests/test_51_client.py::TestClientNoConfigContext::test_logout_1 PASSED [ 85%] tests/test_51_client.py::test_parse_soap_enveloped_saml_xxe PASSED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response FAILED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 FAILED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_2 PASSED [ 85%] tests/test_60_sp.py::TestSP::test_setup SKIPPED (s2repoze dependencies not installed) [ 85%] tests/test_60_sp.py::TestSP::test_identify SKIPPED (s2repoze dependencies not installed) [ 85%] tests/test_62_vo.py::TestVirtualOrg::test_mta PASSED [ 85%] tests/test_62_vo.py::TestVirtualOrg::test_unknown_subject PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg::test_id PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg::test_id_unknown PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_mta PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_unknown_subject PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_id PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_id_unknown PASSED [ 86%] tests/test_63_ecp.py::test_complete_flow PASSED [ 87%] tests/test_64_artifact.py::test_create_artifact PASSED [ 87%] tests/test_64_artifact.py::test_create_artifact_resolve PASSED [ 87%] tests/test_64_artifact.py::test_artifact_flow PASSED [ 87%] tests/test_65_authn_query.py::test_basic PASSED [ 87%] tests/test_65_authn_query.py::test_flow PASSED [ 87%] tests/test_66_name_id_mapping.py::test_base_request PASSED [ 87%] tests/test_66_name_id_mapping.py::test_request_response PASSED [ 87%] tests/test_67_manage_name_id.py::test_basic PASSED [ 88%] tests/test_67_manage_name_id.py::test_flow PASSED [ 88%] tests/test_68_assertion_id.py::test_basic_flow PASSED [ 88%] tests/test_69_discovery.py::test_verify PASSED [ 88%] tests/test_69_discovery.py::test_construct_0 PASSED [ 88%] tests/test_69_discovery.py::test_construct_1 PASSED [ 88%] tests/test_69_discovery.py::test_construct_deconstruct_request PASSED [ 88%] tests/test_69_discovery.py::test_construct_deconstruct_response PASSED [ 88%] tests/test_70_redirect_signing.py::test FAILED [ 89%] tests/test_71_authn_request.py::test_authn_request_with_acs_by_index PASSED [ 89%] tests/test_72_eptid.py::test_eptid PASSED [ 89%] tests/test_72_eptid.py::test_eptid_shelve PASSED [ 89%] tests/test_75_mongodb.py::test_flow PASSED [ 89%] tests/test_75_mongodb.py::test_eptid_mongo_db PASSED [ 89%] tests/test_76_metadata_in_mdb.py::test_metadata PASSED [ 89%] tests/test_77_authn_context.py::test_passwd PASSED [ 89%] tests/test_77_authn_context.py::test_factory PASSED [ 90%] tests/test_77_authn_context.py::test_authn_decl_in_authn_context PASSED [ 90%] tests/test_77_authn_context.py::test_authn_1 PASSED [ 90%] tests/test_77_authn_context.py::test_authn_2 PASSED [ 90%] tests/test_77_authn_context.py::test_authn_3 PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains FAILED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_expire PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_passphrase PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert FAILED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_sp_type_true PASSED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_sp_type_false PASSED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_entity_attributes PASSED [ 91%] tests/test_88_nsprefix.py::test_nsprefix PASSED [ 91%] tests/test_88_nsprefix.py::test_nsprefix2 PASSED [ 91%] tests/test_89_http_post_relay_state.py::test_relay_state PASSED [ 91%] tests/test_92_aes.py::TestAES::test_aes_defaults PASSED [ 91%] tests/test_92_aes.py::TestAES::test_aes_128_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_128_cfb PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_192_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_192_cfb PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_256_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_256_cfb PASSED [ 92%] tests/test_93_hok.py::TestHolderOfKeyResponse::test_valid_hok_response_is_parsed PASSED [ 92%] tests/test_93_hok.py::TestHolderOfKeyResponse::test_invalid_hok_response_fails_verification PASSED [ 92%] tests/test_94_read_cert.py::test_read_single_cert PASSED [ 93%] tests/test_94_read_cert.py::test_read_cert_chain PASSED [ 93%] tests/test_94_read_cert.py::test_read_cert_chain_with_linebreaks PASSED [ 93%] tests/test_schema_validator.py::test_invalid_saml_metadata_doc[invalid_metadata_file.xml] PASSED [ 93%] tests/test_schema_validator.py::test_invalid_saml_metadata_doc[empty_metadata_file.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[InCommon-metadata.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_2.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_aa.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_all.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_example.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_soap.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re_nren.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_rs.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_sfs_hei.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_esi_and_coco_sp.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_no_friendly_name_sp.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[extended.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_slo_redirect.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_uiinfo.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.aaitest.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_cert.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_example.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1_no_encryption.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_2.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metasp.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[pdp_meta.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[servera.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp_slo_redirect.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[urn-mace-swami.se-swamid-test-1.0-metadata.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[uu.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[vo_metadata.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[attribute_response.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[okta_response.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[simplesamlphp_authnresponse.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml2_response.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_false_signed.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok_invalid.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_signed.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_unsigned.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_partial_doc[encrypted_attribute_statement.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_eidas_saml_response_doc[eidas_response.xml] PASSED [ 98%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_response_with_hmac_should_fail PASSED [ 99%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_hmac_should_fail PASSED [ 99%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored FAILED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_wrapper_should_fail PASSED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_extensions_should_fail PASSED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_assertion_should_fail PASSED [ 99%] tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_assertion_first_sig_should_fail PASSED [ 99%] tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_response_first_sig_should_fail PASSED [100%] ==================================== ERRORS ==================================== ____________________ ERROR at setup of TestResponse.test_1 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b4c8311a69834dedd31c42de24ed9c636ed5154f0a3062ebc226cbcd3e306d72urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-a56jqVB2oYqPnsWxn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6rfyrqcj.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6rfyrqcj.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b4c8311a69834dedd31c42de24ed9c636ed5154f0a3062ebc226cbcd3e306d72urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-a56jqVB2oYqPnsWxn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-a56jqVB2oYqPnsWxn', '--output', '/tmp/tmp8it0oqbe.xml', '/tmp/tmp6rfyrqcj.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log setup ------------------------------ ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp6rfyrqcj.xml" output= ____________________ ERROR at setup of TestResponse.test_2 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b4c8311a69834dedd31c42de24ed9c636ed5154f0a3062ebc226cbcd3e306d72urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-a56jqVB2oYqPnsWxn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6rfyrqcj.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6rfyrqcj.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b4c8311a69834dedd31c42de24ed9c636ed5154f0a3062ebc226cbcd3e306d72urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-a56jqVB2oYqPnsWxn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-a56jqVB2oYqPnsWxn', '--output', '/tmp/tmp8it0oqbe.xml', '/tmp/tmp6rfyrqcj.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _______________ ERROR at setup of TestResponse.test_issuer_none ________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b4c8311a69834dedd31c42de24ed9c636ed5154f0a3062ebc226cbcd3e306d72urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-a56jqVB2oYqPnsWxn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6rfyrqcj.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6rfyrqcj.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b4c8311a69834dedd31c42de24ed9c636ed5154f0a3062ebc226cbcd3e306d72urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-a56jqVB2oYqPnsWxn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-a56jqVB2oYqPnsWxn', '--output', '/tmp/tmp8it0oqbe.xml', '/tmp/tmp6rfyrqcj.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ________________ ERROR at setup of TestResponse.test_false_sign ________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b4c8311a69834dedd31c42de24ed9c636ed5154f0a3062ebc226cbcd3e306d72urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-a56jqVB2oYqPnsWxn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6rfyrqcj.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6rfyrqcj.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b4c8311a69834dedd31c42de24ed9c636ed5154f0a3062ebc226cbcd3e306d72urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-a56jqVB2oYqPnsWxn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-a56jqVB2oYqPnsWxn', '--output', '/tmp/tmp8it0oqbe.xml', '/tmp/tmp6rfyrqcj.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ______________ ERROR at setup of TestResponse.test_other_response ______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b4c8311a69834dedd31c42de24ed9c636ed5154f0a3062ebc226cbcd3e306d72urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-a56jqVB2oYqPnsWxn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6rfyrqcj.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6rfyrqcj.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=b4c8311a69834dedd31c42de24ed9c636ed5154f0a3062ebc226cbcd3e306d72urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-a56jqVB2oYqPnsWxn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-a56jqVB2oYqPnsWxn', '--output', '/tmp/tmp8it0oqbe.xml', '/tmp/tmp6rfyrqcj.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ______________ ERROR at setup of TestAuthnResponse.test_verify_1 _______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpiuscum3p.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpiuscum3p.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log setup ------------------------------ ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpiuscum3p.xml" output= ___________ ERROR at setup of TestAuthnResponse.test_verify_signed_1 ___________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpiuscum3p.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpiuscum3p.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _______________ ERROR at setup of TestAuthnResponse.test_parse_2 _______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpiuscum3p.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpiuscum3p.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ___________ ERROR at setup of TestAuthnResponse.test_verify_w_authn ____________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpiuscum3p.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpiuscum3p.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _________ ERROR at setup of TestAuthnResponse.test_unpack_nested_eptid _________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpiuscum3p.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpiuscum3p.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ____ ERROR at setup of TestAuthnResponse.test_multiple_attribute_statement _____ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpiuscum3p.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpiuscum3p.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a28325fbd3887e24f879efd7e7ade3ee96c847e06d9d0431766c4e52709619feurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wpPD9IBdh8wzVt5eS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError =================================== FAILURES =================================== ________________ test_signed_metadata_proper_str_bytes_handling ________________ self = statement = 'MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==Rolands SP' node_name = 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = None def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', ...] extra_args = ['/tmp/tmplpts6aka.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmplpts6aka.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_signed_metadata_proper_str_bytes_handling(): sp_conf_2 = sp_conf.copy() sp_conf_2["key_file"] = full_path("test.key") sp_conf_2["cert_file"] = full_path("inc-md-cert.pem") # requires xmlsec binaries per https://pysaml2.readthedocs.io/en/latest/examples/sp.html sp_conf_2["xmlsec_binary"] = sigver.get_xmlsec_binary(["/opt/local/bin"]) cnf = SPConfig().load(sp_conf_2) # This will raise TypeError if string/bytes handling is not correct > sp_metadata = create_metadata_string("", config=cnf, sign=True) tests/test_39_metadata.py:66: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/metadata.py:118: in create_metadata_string eid, xmldoc = sign_entity_descriptor(eid, mid, secc, sign_alg, digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/metadata.py:851: in sign_entity_descriptor xmldoc = secc.sign_statement(f"{edesc}", class_name(edesc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==Rolands SP' node_name = 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = None def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', '--output', '/tmp/tmpir29z2wh.xml', '/tmp/tmplpts6aka.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmplpts6aka.xml" output= _______________________ TestSecurity.test_sign_assertion _______________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp3cn2yp6l.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp3cn2yp6l.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_assertion(self): ass = self._assertion print(ass) > sign_ass = self.sec.sign_assertion(f"{ass}", node_id=ass.id) tests/test_40_sigver.py:186: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1710: in sign_assertion return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp02h8s6kh.xml', '/tmp/tmp3cn2yp6l.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp3cn2yp6l.xml" output= _______________ TestSecurity.test_multiple_signatures_assertion ________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpthbyfyx6.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpthbyfyx6.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_assertion(self): ass = self._assertion # basic test with two of the same to_sign = [(ass, ass.id), (ass, ass.id)] > sign_ass = self.sec.multiple_signatures(str(ass), to_sign) tests/test_40_sigver.py:205: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpuo9o3u_g.xml', '/tmp/tmpthbyfyx6.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpthbyfyx6.xml" output= ________________ TestSecurity.test_multiple_signatures_response ________________ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpln072_77.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpln072_77.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) # order is important, we can't validate if the signatures are made # in the reverse order to_sign = [(self._assertion, self._assertion.id), (response, response.id)] > s_response = self.sec.multiple_signatures(str(response), to_sign) tests/test_40_sigver.py:233: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpjk09dcrw.xml', '/tmp/tmpln072_77.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpln072_77.xml" output= _______________________ TestSecurity.test_sign_response ________________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp7op93lv9.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp7op93lv9.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:270: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp2xsd5ohh.xml', '/tmp/tmp7op93lv9.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp7op93lv9.xml" output= ______________________ TestSecurity.test_sign_response_2 _______________________ self = statement = b'the-isser-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpp3ro3hap.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpp3ro3hap.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response_2(self): assertion2 = factory( saml.Assertion, version="2.0", id="id-11122", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11122", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Fox", ""), ("name:givenName", "nameformat", "givenName"): ("Bear", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser-2"), status=success_status_factory(), assertion=assertion2, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(assertion2), assertion2.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:314: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isser-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmpfi1y29a8.xml', '/tmp/tmpp3ro3hap.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpp3ro3hap.xml" output= ________________________ TestSecurity.test_sign_verify _________________________ self = statement = b'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpilmcrqi3.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpilmcrqi3.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify(self): response = factory( samlp.Response, assertion=self._assertion, id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:341: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpbyv5xtn8.xml', '/tmp/tmpilmcrqi3.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpilmcrqi3.xml" output= ____________ TestSecurity.test_sign_verify_with_cert_from_instance _____________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpvwfn5rf8.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpvwfn5rf8.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_with_cert_from_instance(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:363: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp8308zsk5.xml', '/tmp/tmpvwfn5rf8.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpvwfn5rf8.xml" output= _______ TestSecurity.test_sign_verify_assertion_with_cert_from_instance ________ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpfi61dray.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpfi61dray.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_assertion_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11100", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Fox", ""), ("name:givenName", "nameformat", "givenName"): ("Bear", ""), } ), ) to_sign = [(class_name(assertion), assertion.id)] > s_assertion = sigver.signed_instance_factory(assertion, self.sec, to_sign) tests/test_40_sigver.py:395: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmpeao6f8zr.xml', '/tmp/tmpfi61dray.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpfi61dray.xml" output= _______ TestSecurity.test_exception_sign_verify_with_cert_from_instance ________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpccrzyfra.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpccrzyfra.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_exception_sign_verify_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Foo", ""), ("name:givenName", "nameformat", "givenName"): ("Bar", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:436: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpr1asx37q.xml', '/tmp/tmpccrzyfra.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpccrzyfra.xml" output= _________________ TestSecurityNonAsciiAva.test_sign_assertion __________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp05olme9m.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp05olme9m.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_assertion(self): ass = self._assertion print(ass) > sign_ass = self.sec.sign_assertion(f"{ass}", node_id=ass.id) tests/test_40_sigver.py:491: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1710: in sign_assertion return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp11q03uz8.xml', '/tmp/tmp05olme9m.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp05olme9m.xml" output= __________ TestSecurityNonAsciiAva.test_multiple_signatures_assertion __________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpfv87pfts.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpfv87pfts.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_assertion(self): ass = self._assertion # basic test with two of the same to_sign = [(ass, ass.id), (ass, ass.id)] > sign_ass = self.sec.multiple_signatures(str(ass), to_sign) tests/test_40_sigver.py:511: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpu900l1t2.xml', '/tmp/tmpfv87pfts.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpfv87pfts.xml" output= __________ TestSecurityNonAsciiAva.test_multiple_signatures_response ___________ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpr88kck2e.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpr88kck2e.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) # order is important, we can't validate if the signatures are made # in the reverse order to_sign = [(self._assertion, self._assertion.id), (response, response.id)] > s_response = self.sec.multiple_signatures(str(response), to_sign) tests/test_40_sigver.py:539: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp05af4j0m.xml', '/tmp/tmpr88kck2e.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpr88kck2e.xml" output= __________________ TestSecurityNonAsciiAva.test_sign_response __________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpd7qixgkp.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpd7qixgkp.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:576: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp_dg45xeb.xml', '/tmp/tmpd7qixgkp.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpd7qixgkp.xml" output= _________________ TestSecurityNonAsciiAva.test_sign_response_2 _________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpkrqxkwvi.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkrqxkwvi.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response_2(self): assertion2 = factory( saml.Assertion, version="2.0", id="id-11122", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11122", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Räv", ""), ("name:givenName", "nameformat", "givenName"): ("Björn", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion2, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(assertion2), assertion2.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmptzpff8nv.xml', '/tmp/tmpkrqxkwvi.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpkrqxkwvi.xml" output= ___________________ TestSecurityNonAsciiAva.test_sign_verify ___________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp1xzkjhox.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1xzkjhox.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:648: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpvcc0wucd.xml', '/tmp/tmp1xzkjhox.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1xzkjhox.xml" output= _______ TestSecurityNonAsciiAva.test_sign_verify_with_cert_from_instance _______ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpok7klwxi.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpok7klwxi.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_with_cert_from_instance(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:670: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpj0zm29_u.xml', '/tmp/tmpok7klwxi.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpok7klwxi.xml" output= __ TestSecurityNonAsciiAva.test_sign_verify_assertion_with_cert_from_instance __ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpb07znuuz.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpb07znuuz.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_assertion_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11100", self.sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Räv", ""), ("name:givenName", "nameformat", "givenName"): ("Björn", ""), } ), ) to_sign = [(class_name(assertion), assertion.id)] > s_assertion = sigver.signed_instance_factory(assertion, self.sec, to_sign) tests/test_40_sigver.py:702: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmp7i7985ej.xml', '/tmp/tmpb07znuuz.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpb07znuuz.xml" output= __ TestSecurityNonAsciiAva.test_exception_sign_verify_with_cert_from_instance __ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerF\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp4wtwky5x.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp4wtwky5x.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_exception_sign_verify_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Föö", ""), ("name:givenName", "nameformat", "givenName"): ("Bär", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:743: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerF\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmp62welwyi.xml', '/tmp/tmp4wtwky5x.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp4wtwky5x.xml" output= __________________________________ test_xbox ___________________________________ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmplgt9d6hm.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmplgt9d6hm.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_xbox(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="id-11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("", "", "surName"): ("Foo", ""), ("", "", "givenName"): ("Bar", ""), } ), ) > sigass = sec.sign_statement( assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id, ) tests/test_40_sigver.py:843: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp9xgt15ym.xml', '/tmp/tmplgt9d6hm.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmplgt9d6hm.xml" output= ___________________________ test_xbox_non_ascii_ava ____________________________ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpwfsxky4y.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpwfsxky4y.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_xbox_non_ascii_ava(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="id-11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("", "", "surName"): ("Föö", ""), ("", "", "givenName"): ("Bär", ""), } ), ) > sigass = sec.sign_statement( assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id, ) tests/test_40_sigver.py:901: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp78cj_wwh.xml', '/tmp/tmpwfsxky4y.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpwfsxky4y.xml" output= _______________________ TestServer1.test_signed_response _______________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d66b615a332e7723c4dd3f15524de3095594219b07839df207f445b58e4b848burn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-oZBQjXfWmsjJyW6As' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmppeh2yuew.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmppeh2yuew.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_50_server.py:441: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d66b615a332e7723c4dd3f15524de3095594219b07839df207f445b58e4b848burn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-oZBQjXfWmsjJyW6As' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-oZBQjXfWmsjJyW6As', '--output', '/tmp/tmp4c3wqkq9.xml', '/tmp/tmppeh2yuew.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmppeh2yuew.xml" output= ______________________ TestServer1.test_signed_response_1 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-svhyf2auuT6HlCLjm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpuohp16we.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpuohp16we.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_50_server.py:464: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-svhyf2auuT6HlCLjm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-svhyf2auuT6HlCLjm', '--output', '/tmp/tmp8jk34hcv.xml', '/tmp/tmpuohp16we.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpuohp16we.xml" output= ______________________ TestServer1.test_signed_response_2 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Rqh6HioWjsvfNBPIW' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpcvd_z3o7.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpcvd_z3o7.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_2(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, ) tests/test_50_server.py:495: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Rqh6HioWjsvfNBPIW' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-Rqh6HioWjsvfNBPIW', '--output', '/tmp/tmpcsdw3v6n.xml', '/tmp/tmpcvd_z3o7.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpcvd_z3o7.xml" output= ______________________ TestServer1.test_signed_response_3 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ALcEsObOvCqWguSHV' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpue7og562.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpue7og562.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_3(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=True, ) tests/test_50_server.py:519: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ALcEsObOvCqWguSHV' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ALcEsObOvCqWguSHV', '--output', '/tmp/tmpxqg6m6vp.xml', '/tmp/tmpue7og562.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpue7og562.xml" output= _________________ TestServer1.test_encrypted_signed_response_1 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTI5WhcNMzUwNzIzMjIzOTI5WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA50qO7R47+Q1d1iuHMmZ1/RCIX7onk6POeuNGBO6GcbOCb8TxM5Ofhbxx\nF9FExGi0PKFdeif0BFa/qa/dvHT4sLuyILzYaLFwDWdNpES9crFuKc4tDW/q9QUI\nCjsXiMkPJTlzdQRQy32WELWvNf4a0mHsCJ9i/crMBp3Eaasc3AEHQ4e7GsXoiQS5\nfeRIn0YvBKGDRKB2ZUwTaGSczM745G3sPnkF6lJZkAZw023p0IweSqQMb07MKxoh\n3VID32ip3NUHKzWXYNhVsrMtflFnKH++Cy0ltVyC1Ibbb72NJzcfysTFOwyOl3i8\nRDg+L2oGi5FIKf46ViYairHu6Dtk9QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJ0d\nA5U94i5xdRg13X/tun02qmtyA+49jUA2/Lc/ogf643OHG8jLVfNhZmTNDt4XHHYW\njQu4V7nYQQaopYdyLl7YglxDi+JP4SKTHOGMAVl4omKA/QXeFM7EyO+h/E8+xRek\n8TxBFnMl7IWLRdQo8zmcR8IQ0oZRWpxIBK7PvGT5eSbGDMZWohPdDlk/JhYg5dEcvz6qXZoIPEmyH6C1C6x8l/mCisbSjuugcY/lvOJn\n6hc857g77pzEZ39VQSYKUC02HedqMdR99CbO8/3swDqlPmoc30pkyLB5RUPYsR0H\nQ+Zvdh093aiCqqV7CwKxMtTGb9vyKC5EkJ9TYabsPB/E3CVMkA6rW56CmG6eR5fh\ny7ndNe1MamffErfngFirtP+0cnB8eRD9Ply+TiKQY+RGkyl6y/lo7FmG24Gu5U2z\nDNHZu2hQTkT6gyI/JKfVLbdtGloFAC9XIyoa0j6PMUnbSzY6oAZWKz+BYh06TSrG\nY/LwI5Jp/H/2TEVrKgKoLA==/x1HVWzJrC9DpCkYOSxdoFBYJBHzb2WyNCOjLuXTJvCDJea6rFR2TrW33xmIuY+g\nTZC85fAiDxz9etVUvpkDlK6AgWmrzlxZobXoaVe1qPHB5xjCdl2TUtXPwqGexCS9\nRD9RgZxbPk0HDqEjosBmysIIHkXHsG1HDn5tibNzULkKxBFzzpfn0jYkqFyZnv4t\nwz+WYlUm3xbYT5dQZGKbVj1rYkUX35nLt6PuYMPTdOYeni+R39YUWPMtiZBvdVmt\nG87Oe9hkEs4BrO3x9eixmPMVebI//WouTdSa+xCptDDNkQgziWsz5PDkrxTb7ru6\nsgoJp9gvDz1/r5t/0HKoSV82r4U58eyk0fY0V7vw2Vz/Hcj+kkUk4d17HIQg5Nvq\nWDTpR27H/o++mdQ+Nvcl8Oc+OgZy1phOod66uDSikoBYWGVXqUOyYGkROgDaC6Pj\n/6B5aicxov6cuGqTHRlHnOhrE9+b+Wxuv8fQE8ROY36vSJoWFc7+yl+dm+U7sbex\n8MYNpK2fAy22w54vUBMxuzCwamiU4pqThuso9zqYbxAuMoPhUBwjxKAT8fyF8iwV\n5O7s7eIGs8j5HJk1nOcDH9odq5k54Wc5ybko97TESjp6x5FgN0eo72+y6j1X8Jx/\nVg9R2gQ+5ZT55KCIeWuLeYZP6qaL6BBNPFtJgQxx/0ydIKN9WIB5g2QYz4pTJKDj\nwybQ0hkZc0CrlLADZlF18mQSXgmgQjnkkqLCiZvt6vBusf5EHrxauYEvzE3VK04I\nSXie6f1S2nfXFrzXd2UtJgP5vEHYMlTHjFacKlmWxJUZQOPQKTJ+0HAXCNOrNxYu\nrbKHBrs7zK1uSTQSFXCm4EcbGIQtJ17n0XLifOqhJepFmwN+Ep/RZy46ToNMixzi\nuiimH1qpjS7qyelEM6TxN+cVxEH1MaoBadDQCXQFk+p9k6oqE6a0Blz7daepsT+H\no8VAE0x+jNp99nH+vAOJ+hE7gvIZSJKTEWqSpojbehMv+jx4MiaKrHl1AyIis0aX\nW0WwYW5VgPxN0dJE0OySuvA6IAxhS+YjRMUZogbtrqOUHXBjTjG9ku2omat3UbyX\nmZNKt1SoXrM0NrCXmf3qViiolYLP6KBBGSYMsDxtpRFUzgJHW7hI93GC9s4Ww4k/\n574TNh48kgIpBaxhf4WRDOMHIBtK25VxU5Drmpe/pQJqq2MpwMB+AFsZfL2dGDjU\nVTo/+OfhRHjbMGGEi5dy0JadhAHioYQlmb0LHUdESr+ClrBKrKpMd9dsBcTya4jb\nzl1GOz3pV1TQl+Je5JyelsPxL48aiQxya9VopKTXqjEaGH9mv2I5QbA4wU4Rcbph\nj9UYuJbBaYXa/knT0LeKAMHqMcgq6QSsoK3MDtSxTT2EahHgtiA9ClPZgjcS/Pxp\nzciMuC1OqO3yP1UCiMJXvgtDHJgmtSL3HfOC3SUwTMzc9J2fQFi2STYkcdpR13rq\n7vP8fOREkRH1XWXuCLhUtUlzAX9Ke8RVNRWPT1r8dmrzxC5PaTr75kDwDnTDg6z6\n1JJV1YXfMmInpm20ScTvHOySHhQkH7jXaW96ucQVvENvyn6/2VlvhYrGQz31LzQP\njg7DPy06uDbZHCVwJlgjvvRk5ByRO+bHD3kFxHxxnlK+H1I0ksFZWUdoG3j3MPPg\npKmbAe2zBtp9XsYDahNH3yjxUrEE792RrdMw0w4OfHNoj7l4pOq403/lPZuK+g3E\nT9ozsQo24B3uUzN5StxqBCgn4rjtO4mROv29OROGCX7gQnEa4vvLq1DQAGHMx56O\nREzDkhMNwmJOM28ATezcC40wu3qS4PrX5YvzTRG9xGGu9MTqesvTr+XKM673jKIC\nzrfX07HHJ9j76/MiFZnYu428jHd0nU4qfplBcy924VbmTwhn81zJdmK/qnDn6ow1\nNtZTLQjlp2DdFw9vw2j7iAk27M27kWGnKXUp53LkmP8xl6/NZR0h4fJxTlYQ7Li4\nQqTR5QUPUZGX7ILzlgwp1l4hCs8PvGNi6of5nYQv8tF1UXmBHh0aJIKhMnHsVmut\nOL57geNsQ/lVt9xB/J/Bt0fu9CbZoAapalCB7FbEUwXZbXusNZGcRKxuZLQM4nSa\nNiN1x+gWdu+FqyocedcHNOE4akYalgKdtdNSInraiXrJOuPbYN5QXKoQQAFQ9kQv\nJ89q5B4itd4YaFDOu6YeuXusHAosiSC91K6k+dd6dpc4I0TDfIcMh+5rRDkCq6Oc\n+d1dte++9PsxqnxyBjg7TjWEV2QFObcskxbH4MCiwTYZxbSBKnXg2SuPM6MJ4Eqr\nOF0gfa6IGOHpV4ffh30FY1EpUGs/udgNHOgxzhoEMrn4Vx1aLhOPq65xU7lgeAJF\nG68VEmBNw/DhYmnYEVofPIGXDZqyvFCPQUu/D7i2Qh/K39ZJc29vTg==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-iCXdJIApgjlE6rdcG' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp3_fywy5i.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp3_fywy5i.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_1(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:547: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTI5WhcNMzUwNzIzMjIzOTI5WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA50qO7R47+Q1d1iuHMmZ1/RCIX7onk6POeuNGBO6GcbOCb8TxM5Ofhbxx\nF9FExGi0PKFdeif0BFa/qa/dvHT4sLuyILzYaLFwDWdNpES9crFuKc4tDW/q9QUI\nCjsXiMkPJTlzdQRQy32WELWvNf4a0mHsCJ9i/crMBp3Eaasc3AEHQ4e7GsXoiQS5\nfeRIn0YvBKGDRKB2ZUwTaGSczM745G3sPnkF6lJZkAZw023p0IweSqQMb07MKxoh\n3VID32ip3NUHKzWXYNhVsrMtflFnKH++Cy0ltVyC1Ibbb72NJzcfysTFOwyOl3i8\nRDg+L2oGi5FIKf46ViYairHu6Dtk9QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJ0d\nA5U94i5xdRg13X/tun02qmtyA+49jUA2/Lc/ogf643OHG8jLVfNhZmTNDt4XHHYW\njQu4V7nYQQaopYdyLl7YglxDi+JP4SKTHOGMAVl4omKA/QXeFM7EyO+h/E8+xRek\n8TxBFnMl7IWLRdQo8zmcR8IQ0oZRWpxIBK7PvGT5eSbGDMZWohPdDlk/JhYg5dEcvz6qXZoIPEmyH6C1C6x8l/mCisbSjuugcY/lvOJn\n6hc857g77pzEZ39VQSYKUC02HedqMdR99CbO8/3swDqlPmoc30pkyLB5RUPYsR0H\nQ+Zvdh093aiCqqV7CwKxMtTGb9vyKC5EkJ9TYabsPB/E3CVMkA6rW56CmG6eR5fh\ny7ndNe1MamffErfngFirtP+0cnB8eRD9Ply+TiKQY+RGkyl6y/lo7FmG24Gu5U2z\nDNHZu2hQTkT6gyI/JKfVLbdtGloFAC9XIyoa0j6PMUnbSzY6oAZWKz+BYh06TSrG\nY/LwI5Jp/H/2TEVrKgKoLA==/x1HVWzJrC9DpCkYOSxdoFBYJBHzb2WyNCOjLuXTJvCDJea6rFR2TrW33xmIuY+g\nTZC85fAiDxz9etVUvpkDlK6AgWmrzlxZobXoaVe1qPHB5xjCdl2TUtXPwqGexCS9\nRD9RgZxbPk0HDqEjosBmysIIHkXHsG1HDn5tibNzULkKxBFzzpfn0jYkqFyZnv4t\nwz+WYlUm3xbYT5dQZGKbVj1rYkUX35nLt6PuYMPTdOYeni+R39YUWPMtiZBvdVmt\nG87Oe9hkEs4BrO3x9eixmPMVebI//WouTdSa+xCptDDNkQgziWsz5PDkrxTb7ru6\nsgoJp9gvDz1/r5t/0HKoSV82r4U58eyk0fY0V7vw2Vz/Hcj+kkUk4d17HIQg5Nvq\nWDTpR27H/o++mdQ+Nvcl8Oc+OgZy1phOod66uDSikoBYWGVXqUOyYGkROgDaC6Pj\n/6B5aicxov6cuGqTHRlHnOhrE9+b+Wxuv8fQE8ROY36vSJoWFc7+yl+dm+U7sbex\n8MYNpK2fAy22w54vUBMxuzCwamiU4pqThuso9zqYbxAuMoPhUBwjxKAT8fyF8iwV\n5O7s7eIGs8j5HJk1nOcDH9odq5k54Wc5ybko97TESjp6x5FgN0eo72+y6j1X8Jx/\nVg9R2gQ+5ZT55KCIeWuLeYZP6qaL6BBNPFtJgQxx/0ydIKN9WIB5g2QYz4pTJKDj\nwybQ0hkZc0CrlLADZlF18mQSXgmgQjnkkqLCiZvt6vBusf5EHrxauYEvzE3VK04I\nSXie6f1S2nfXFrzXd2UtJgP5vEHYMlTHjFacKlmWxJUZQOPQKTJ+0HAXCNOrNxYu\nrbKHBrs7zK1uSTQSFXCm4EcbGIQtJ17n0XLifOqhJepFmwN+Ep/RZy46ToNMixzi\nuiimH1qpjS7qyelEM6TxN+cVxEH1MaoBadDQCXQFk+p9k6oqE6a0Blz7daepsT+H\no8VAE0x+jNp99nH+vAOJ+hE7gvIZSJKTEWqSpojbehMv+jx4MiaKrHl1AyIis0aX\nW0WwYW5VgPxN0dJE0OySuvA6IAxhS+YjRMUZogbtrqOUHXBjTjG9ku2omat3UbyX\nmZNKt1SoXrM0NrCXmf3qViiolYLP6KBBGSYMsDxtpRFUzgJHW7hI93GC9s4Ww4k/\n574TNh48kgIpBaxhf4WRDOMHIBtK25VxU5Drmpe/pQJqq2MpwMB+AFsZfL2dGDjU\nVTo/+OfhRHjbMGGEi5dy0JadhAHioYQlmb0LHUdESr+ClrBKrKpMd9dsBcTya4jb\nzl1GOz3pV1TQl+Je5JyelsPxL48aiQxya9VopKTXqjEaGH9mv2I5QbA4wU4Rcbph\nj9UYuJbBaYXa/knT0LeKAMHqMcgq6QSsoK3MDtSxTT2EahHgtiA9ClPZgjcS/Pxp\nzciMuC1OqO3yP1UCiMJXvgtDHJgmtSL3HfOC3SUwTMzc9J2fQFi2STYkcdpR13rq\n7vP8fOREkRH1XWXuCLhUtUlzAX9Ke8RVNRWPT1r8dmrzxC5PaTr75kDwDnTDg6z6\n1JJV1YXfMmInpm20ScTvHOySHhQkH7jXaW96ucQVvENvyn6/2VlvhYrGQz31LzQP\njg7DPy06uDbZHCVwJlgjvvRk5ByRO+bHD3kFxHxxnlK+H1I0ksFZWUdoG3j3MPPg\npKmbAe2zBtp9XsYDahNH3yjxUrEE792RrdMw0w4OfHNoj7l4pOq403/lPZuK+g3E\nT9ozsQo24B3uUzN5StxqBCgn4rjtO4mROv29OROGCX7gQnEa4vvLq1DQAGHMx56O\nREzDkhMNwmJOM28ATezcC40wu3qS4PrX5YvzTRG9xGGu9MTqesvTr+XKM673jKIC\nzrfX07HHJ9j76/MiFZnYu428jHd0nU4qfplBcy924VbmTwhn81zJdmK/qnDn6ow1\nNtZTLQjlp2DdFw9vw2j7iAk27M27kWGnKXUp53LkmP8xl6/NZR0h4fJxTlYQ7Li4\nQqTR5QUPUZGX7ILzlgwp1l4hCs8PvGNi6of5nYQv8tF1UXmBHh0aJIKhMnHsVmut\nOL57geNsQ/lVt9xB/J/Bt0fu9CbZoAapalCB7FbEUwXZbXusNZGcRKxuZLQM4nSa\nNiN1x+gWdu+FqyocedcHNOE4akYalgKdtdNSInraiXrJOuPbYN5QXKoQQAFQ9kQv\nJ89q5B4itd4YaFDOu6YeuXusHAosiSC91K6k+dd6dpc4I0TDfIcMh+5rRDkCq6Oc\n+d1dte++9PsxqnxyBjg7TjWEV2QFObcskxbH4MCiwTYZxbSBKnXg2SuPM6MJ4Eqr\nOF0gfa6IGOHpV4ffh30FY1EpUGs/udgNHOgxzhoEMrn4Vx1aLhOPq65xU7lgeAJF\nG68VEmBNw/DhYmnYEVofPIGXDZqyvFCPQUu/D7i2Qh/K39ZJc29vTg==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-iCXdJIApgjlE6rdcG' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-iCXdJIApgjlE6rdcG', '--output', '/tmp/tmp5s9ab2oc.xml', '/tmp/tmp3_fywy5i.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp3_fywy5i.xml" output= _________________ TestServer1.test_encrypted_signed_response_2 _________________ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==4WV2L+NfWMYi6gI+AFvv4VCHmUtk7Ep16NeiTW437D0FCaowd5kbu1xrRVQcJQcu\nixpek6M7L6Ng1CfqH6l++fbnrXKb8zGJPTBJubfdW+jn5yQxpf37hcV/FgpYowpQ\nW3ylYEPFf6/RdWjOdC9rBjT+Fk1JLo+IPO2kuE1/K7o=fvy5c3+kRNbIh5zz0mG0298kbKoKcrtXOqwJHlVFfPJjjVjY3nnSHwZZRh/3IVjX\naW06OPuulFpZPUmMthUl/FWZ3eBunBTPkb8pSnFwXAB4hFjBypdiK0NolMuVM9Zu\nBfoLwhWIXzQiMC8vzJeZNVLVOO1Pj/VCghpRmKHFWPpbsANQ+ZKjc12cp55aSnME\nrZZPlY4ioN4cIQjw+nd6AcrctWhQNAXFaxF2bdXdVTZyLAPRwjazh+XpM2ynsW9B\nJvxUlZ/7DEV4I8brepm+z32vr5FdCqznV1jrY2IK4gzZ+LIxfC0BgyMXY2ktfXRJ\nOh47TAZ/RsIdkCgDOjPIb8CE7NeD7ev7HldF5k9AxoXv6vxhz76+iXcQghwMsHti\nvcSfpKWqXNdyXz7PpWHiDZqyxJq/wdBPvOw6rxeBTsZrB03rfUT4RFvMAzmMArR1\nnUn0xkkpXHVhoVM2cpnMdUeyJN7lAzX9KuNg36pOFXnNUHkq+XD/+8R6NkuMTk0K\neSUAOTWVNlQkOKRG6vyrbOOgfNqXZuIgl/JXSEvuSrmOgczWCI6wKIbnL7FXwyEs\n+6vUojCtGndL/3ShZP7jpZqzTMieYR0QY6QtLFi6l/be85B/TdYNAoTr0mC0bs9f\nCKLp5JfgYyW+QO5466uLK6WY+o/XKqfsqLgD1q7hXVLW6IrM44meBPivtraoryyM\ng8ERYM5qAKQ7HkBAKI6km6Ep4pzm8aiStccXZVZtBlI06zWdyXqRbmMUzTj0VD+t\n96Pu+X5XXifKfbkUZIh3nqgRu41WkRu1oGGy/5OgzQT9i+6v7aNAeKf0x9UUdhlg\nOEpfEHGgNxfAltMUawIbid86EuNDjqFi0SS7zBJPmcmNMol9B9T76C2/JRq+LMpD\n19/HSWjjazZq1qAKntTMzrSlcK3A+pqW8hDq1kytGosx4ESd9rnbg5kLBomaeidM\ne6S8gqZklZMc4gVQzzyp7ehUzdst7akGZScL0fU0WRkG41yVkHETXIKjjRbxIi3A\nu/K3NriCOc1bCKZoNkSP6pA//sV7TWIE+L6nG8N2aurQCHcKgfkJKhHLsVf1Nfij\ntZsXC/dVUGq78z78Rxp6WM//hF/G0dLSRK2qcNjCbcOY5N7Rk3J/YfaqEreqxpFd\n/I2ctlX84UOlJqd9Mj0GtTq9w/5FZxozD2X7X9EBGj87eIQGJdw4IObHOJYwmnv+\n1iaK3gc+3KngVioRIb/h5p/Us/xfEXyEHZBJ6oeFCsZoFOZlcjrdELF4f0QCWv0e\nYmIIjf5t/5gq77PSUHXnlLmKVkKbiDHCzhs14WiW5F3jayrU7ANtZCoxaXH5QWSl\nqfk7nqbtw0h9DWLZxdDIpVrlQkz5kNGq6RgcMKvmgd6ogmo8Q4E7cBnzjbWQpBTp\nB8liXR0jGqs6kWwz1SWpb9Sbt5amY3+0HH1DmCTJbO0U/6jE99IqND420QOj2r7X\nBR7u03rqpReuE/XO6/82XCDkBejbkITMUS3TDmj5PcpE9Ux1zu0WU8a2I3Ve3HGf\np3SkK9o3hNacHVEt2iiostSCd7b3snvR7r2i/TDmkhBPkPPZw+1bcnKx8SocWWua\n+J6LTH5TuJ51/h9C/ZRSHeBg8O0kxxQUY5SC3Uf4uZ/9wrjY9Jmp3pivyewhkiF6\nL1jZg77J9hZUcp8mqvaj3gHiC+a38IMoMesBg+86beQ4CVonQPb4el00hfZ/klvT\n/jkNlY/BGIoc0hyHzAlZLovUAauc7hgZ23VEZsZzS2X/QfmM8BA8/tRHQcVXz0GR\n03pHu11rfTRfiZZAzTVSAYrSSfalzvbUfwEo0aBXS3WoylhKU4uDMNoCCOIBAp2U\nJo93XqFW8h9uOcVQNDwmLDxY3qU2CwE2kYaXn6js3rX6eyW+cuXYwN5R/im+kbiS\nMpxHFAGppDwCSqScvtYXSp1jWSj4YLmAYBtGTlaD1uoEtbTST618pDrrPObCWNb4\nsd/51b7RKxKjhCiB6hf7H49/eaXNZFBSlmXu9OoH8pC2ak5ClqqfmUqstrVwZW3W\n/ZmLki3KwHH2MzuPXUNGEBGiGntHv8F8KMKjrGoRPyK7SYQrZW4BfExUc+Jvtym5\nwTltTabPOMq1kETONU+IIxfabYdZ68yHqmeuDmlr+XxvPOxB4p4W0XbEaSFMVU1R\naM+Rw7KcoD7mkcIAjG8VdSlNQKlzV5SAC1ouO7trFMxdcJnUq+Xn32BTysXwinNr\nYeVwprfJmS7YPxTSP6eDjgPrzvqknxcn1YlqMI4rf0ZzKXzm+gACSeFn59+rWhd7\nFlziooSB/DQwzK4mjYwiP+yz5Na9TNENPoBjxWVMZcDXpPpWvhZHg26nmwUKSt9Y\nVVwZJ2ztTdjDqIP8e2E1I75whDzd3FbJ/F3xnXMHBKs9My9MAY3XijLv9I4TpB0O\nVdPjjTaOh3fuZLd0EsY8J3hD5VatbylCUsvboRvPxsOgOamInGBoVddG88tgmV3C\nGyi26E6TfLa+GuXoWnoaK0FJydTS3ah1UEUsLX2RwP5nlqKXLMWKqbks+b2tWASk\n6nEcQMfLS+z3HCg5+RmOyV+tXmdqtIj/insTxJ5XPcrHhWloBL690Y7uD7U1yj9H\ny/FW8NxMgWx1yV5L2BI5VAIlTxvn25BTKtWHZGZX9M3aSXIBUGl8Z0re1UxHe+UK\nZ0yGd0jpgLKoCcQoC3OR2vmMhIlsxLij9eZZp6gzkdIhtMfKQCUsx7BDeF5jeW0p\n4sUS5RuLrDuhQ3e2aD0yTFhwCQgCgBhP9+NO/0rd6HTFTLOKAIB4p9+JQTe0iuMb\n/DsDvR+gFStfYveIJgKzO6ol7gSy6Rf7Ze6qxyIdNI7IOC6JZPk7SWYwDJfobe3u\njWDBeF48nwK35/32OID3yX5wf4J8AD343+V+kqtbNO7TT6MrZoYgVA==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KKSSnY8NkFX96ckRY' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp5fvshh0s.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp5fvshh0s.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_2(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, ) tests/test_50_server.py:605: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:912: in _response return signed_instance_factory(response, self.sec, sign_class) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==4WV2L+NfWMYi6gI+AFvv4VCHmUtk7Ep16NeiTW437D0FCaowd5kbu1xrRVQcJQcu\nixpek6M7L6Ng1CfqH6l++fbnrXKb8zGJPTBJubfdW+jn5yQxpf37hcV/FgpYowpQ\nW3ylYEPFf6/RdWjOdC9rBjT+Fk1JLo+IPO2kuE1/K7o=fvy5c3+kRNbIh5zz0mG0298kbKoKcrtXOqwJHlVFfPJjjVjY3nnSHwZZRh/3IVjX\naW06OPuulFpZPUmMthUl/FWZ3eBunBTPkb8pSnFwXAB4hFjBypdiK0NolMuVM9Zu\nBfoLwhWIXzQiMC8vzJeZNVLVOO1Pj/VCghpRmKHFWPpbsANQ+ZKjc12cp55aSnME\nrZZPlY4ioN4cIQjw+nd6AcrctWhQNAXFaxF2bdXdVTZyLAPRwjazh+XpM2ynsW9B\nJvxUlZ/7DEV4I8brepm+z32vr5FdCqznV1jrY2IK4gzZ+LIxfC0BgyMXY2ktfXRJ\nOh47TAZ/RsIdkCgDOjPIb8CE7NeD7ev7HldF5k9AxoXv6vxhz76+iXcQghwMsHti\nvcSfpKWqXNdyXz7PpWHiDZqyxJq/wdBPvOw6rxeBTsZrB03rfUT4RFvMAzmMArR1\nnUn0xkkpXHVhoVM2cpnMdUeyJN7lAzX9KuNg36pOFXnNUHkq+XD/+8R6NkuMTk0K\neSUAOTWVNlQkOKRG6vyrbOOgfNqXZuIgl/JXSEvuSrmOgczWCI6wKIbnL7FXwyEs\n+6vUojCtGndL/3ShZP7jpZqzTMieYR0QY6QtLFi6l/be85B/TdYNAoTr0mC0bs9f\nCKLp5JfgYyW+QO5466uLK6WY+o/XKqfsqLgD1q7hXVLW6IrM44meBPivtraoryyM\ng8ERYM5qAKQ7HkBAKI6km6Ep4pzm8aiStccXZVZtBlI06zWdyXqRbmMUzTj0VD+t\n96Pu+X5XXifKfbkUZIh3nqgRu41WkRu1oGGy/5OgzQT9i+6v7aNAeKf0x9UUdhlg\nOEpfEHGgNxfAltMUawIbid86EuNDjqFi0SS7zBJPmcmNMol9B9T76C2/JRq+LMpD\n19/HSWjjazZq1qAKntTMzrSlcK3A+pqW8hDq1kytGosx4ESd9rnbg5kLBomaeidM\ne6S8gqZklZMc4gVQzzyp7ehUzdst7akGZScL0fU0WRkG41yVkHETXIKjjRbxIi3A\nu/K3NriCOc1bCKZoNkSP6pA//sV7TWIE+L6nG8N2aurQCHcKgfkJKhHLsVf1Nfij\ntZsXC/dVUGq78z78Rxp6WM//hF/G0dLSRK2qcNjCbcOY5N7Rk3J/YfaqEreqxpFd\n/I2ctlX84UOlJqd9Mj0GtTq9w/5FZxozD2X7X9EBGj87eIQGJdw4IObHOJYwmnv+\n1iaK3gc+3KngVioRIb/h5p/Us/xfEXyEHZBJ6oeFCsZoFOZlcjrdELF4f0QCWv0e\nYmIIjf5t/5gq77PSUHXnlLmKVkKbiDHCzhs14WiW5F3jayrU7ANtZCoxaXH5QWSl\nqfk7nqbtw0h9DWLZxdDIpVrlQkz5kNGq6RgcMKvmgd6ogmo8Q4E7cBnzjbWQpBTp\nB8liXR0jGqs6kWwz1SWpb9Sbt5amY3+0HH1DmCTJbO0U/6jE99IqND420QOj2r7X\nBR7u03rqpReuE/XO6/82XCDkBejbkITMUS3TDmj5PcpE9Ux1zu0WU8a2I3Ve3HGf\np3SkK9o3hNacHVEt2iiostSCd7b3snvR7r2i/TDmkhBPkPPZw+1bcnKx8SocWWua\n+J6LTH5TuJ51/h9C/ZRSHeBg8O0kxxQUY5SC3Uf4uZ/9wrjY9Jmp3pivyewhkiF6\nL1jZg77J9hZUcp8mqvaj3gHiC+a38IMoMesBg+86beQ4CVonQPb4el00hfZ/klvT\n/jkNlY/BGIoc0hyHzAlZLovUAauc7hgZ23VEZsZzS2X/QfmM8BA8/tRHQcVXz0GR\n03pHu11rfTRfiZZAzTVSAYrSSfalzvbUfwEo0aBXS3WoylhKU4uDMNoCCOIBAp2U\nJo93XqFW8h9uOcVQNDwmLDxY3qU2CwE2kYaXn6js3rX6eyW+cuXYwN5R/im+kbiS\nMpxHFAGppDwCSqScvtYXSp1jWSj4YLmAYBtGTlaD1uoEtbTST618pDrrPObCWNb4\nsd/51b7RKxKjhCiB6hf7H49/eaXNZFBSlmXu9OoH8pC2ak5ClqqfmUqstrVwZW3W\n/ZmLki3KwHH2MzuPXUNGEBGiGntHv8F8KMKjrGoRPyK7SYQrZW4BfExUc+Jvtym5\nwTltTabPOMq1kETONU+IIxfabYdZ68yHqmeuDmlr+XxvPOxB4p4W0XbEaSFMVU1R\naM+Rw7KcoD7mkcIAjG8VdSlNQKlzV5SAC1ouO7trFMxdcJnUq+Xn32BTysXwinNr\nYeVwprfJmS7YPxTSP6eDjgPrzvqknxcn1YlqMI4rf0ZzKXzm+gACSeFn59+rWhd7\nFlziooSB/DQwzK4mjYwiP+yz5Na9TNENPoBjxWVMZcDXpPpWvhZHg26nmwUKSt9Y\nVVwZJ2ztTdjDqIP8e2E1I75whDzd3FbJ/F3xnXMHBKs9My9MAY3XijLv9I4TpB0O\nVdPjjTaOh3fuZLd0EsY8J3hD5VatbylCUsvboRvPxsOgOamInGBoVddG88tgmV3C\nGyi26E6TfLa+GuXoWnoaK0FJydTS3ah1UEUsLX2RwP5nlqKXLMWKqbks+b2tWASk\n6nEcQMfLS+z3HCg5+RmOyV+tXmdqtIj/insTxJ5XPcrHhWloBL690Y7uD7U1yj9H\ny/FW8NxMgWx1yV5L2BI5VAIlTxvn25BTKtWHZGZX9M3aSXIBUGl8Z0re1UxHe+UK\nZ0yGd0jpgLKoCcQoC3OR2vmMhIlsxLij9eZZp6gzkdIhtMfKQCUsx7BDeF5jeW0p\n4sUS5RuLrDuhQ3e2aD0yTFhwCQgCgBhP9+NO/0rd6HTFTLOKAIB4p9+JQTe0iuMb\n/DsDvR+gFStfYveIJgKzO6ol7gSy6Rf7Ze6qxyIdNI7IOC6JZPk7SWYwDJfobe3u\njWDBeF48nwK35/32OID3yX5wf4J8AD343+V+kqtbNO7TT6MrZoYgVA==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KKSSnY8NkFX96ckRY' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-KKSSnY8NkFX96ckRY', '--output', '/tmp/tmpx82i8_rv.xml', '/tmp/tmp5fvshh0s.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp5fvshh0s.xml" output= _________________ TestServer1.test_encrypted_signed_response_3 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-VBt3mcapw4LDebl5P' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpt5276gd4.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpt5276gd4.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_3(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=False, encrypt_cert_assertion=cert_str, ) tests/test_50_server.py:650: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-VBt3mcapw4LDebl5P' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-VBt3mcapw4LDebl5P', '--output', '/tmp/tmpi74kz9ew.xml', '/tmp/tmpt5276gd4.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpt5276gd4.xml" output= _________________ TestServer1.test_encrypted_signed_response_4 _________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTI5WhcNMzUwNzIzMjIzOTI5WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAtjL6GLCC+U9+MDFcWuc+Ao+rSV5R/eDN90R03CydXX8276HqBRawdXd4\nZdP5MetIIcqQ9+QV3EJJT+mV0+ziPO4xmQmuOZwvGIl5n5tSLQsZYlGHXguQAhw6\n471EjW9TiZw875VPcidKwQogBvQmLST7ZcthXe3D4aUar3hIsEW8McHNDqur7WPL\nIP+L7+r7pqDg98Vkm3G+JLr4VkLs1e2o8R9+LJ5DS3rdD0Pcbw85ZwZJ48y3v705\n1bHe/776ERLB+ThwssYnc4arqHXcE9N8guyVDyiQK73L/1fEwNSfzLiz9QwSn3bX\nzHtH5o5KcURB4G0fkNMPHisRTDTQdwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJjY\nyC7viH7Z4EUu47SDklm6wpXpGLbvKRHCN7LT9sjv+rlb5vmgjfK+DWInv/Fyh//j\n494Anhpo6MboGLWt5cp3xx1LbBkZzBzDekYjbolY+tVWZqBC+dnSWfc9IVmH4BO4\nGw7h6pVTDzwkCAO1EHrTkcngiANImjpsqod0BE9ZnPUQt33utqWnmq59UywygeUIIChYUhoMiXKJ8gcHyxsRFaIQf5j5dtA7x7expvZJ\n2mJZppUJ12f9TrKjY+TU7H6cU5DGCvgp9OXcDvZrSLx39kgTLtuvf7aJmtQMdeQY\nlmhGIB+AswF7bwSlKRz1bnzaifRz9g1U/5nu6c9NDHXbuyYMCXy6tzAas95iatrf\nS0l6CE0RYbfxQZOfTkfSP5bIeDk267kpA5cG3YIyPSXbgMBu0Ojv0wLKRpMjPCPl\nZle2X1epJGzXu8BouslvKDOqBElvcqHMcR3JieBqG44awmmYw6V3N73M5WLSCJeg\nG8VChYGotA6xLU2iX76FDw==tqber65SlsLUCb8Ugb0btFzpyUCic0nJno7Y4EQfh0zv9xa1QVnpQ8s13nDTR9kW\noMiYHJ8tTx8KQdmtOngPEI4IzkOZ6YnBlhF4ZDj1AralORjRUzlcguGbT4vivmWL\nMICpjwO95n81eL2DL3WCWhXDXICFDH6ZtyDPoi75loflhXOyEwbQeDiSuuhWOuFB\nwX7JwydHjg/7kdTIoinzUwB4vsx7FvvnOIPRyPBvwZBuK7BSJvyxlxeGMJ9KcEGq\nCdVmwBNjMR0hBbq4T4dapdiBjor1XTk/tWqAJ38YJtio096SVik/OxNFv1bOWMNT\nfyaTNiM4iW53LTIp8mWLZ2JIZUNnxiRMBsChyypf78odUAy/pTUXH/GhjigLZGRf\nnXT0O3ea4PwD4TEYbiACD9q+Twbe2XvkBXMMkhwrV9g8eJnZmkwJaAnwkIRI3f5q\nxXqz24F6cDUzxXTykG+NuGQqo8tiNu7lN+0WFpc4wzvGmo/mf+rMn5oxi2x8AOJi\nWwgjpTfq3xZikDMCDfzze9ttuTV1U5/jGzlOvfre8vtj3tQtZKFFwq72ntxfeuZX\nLaDXFrqUNj7DfAXHsz3wInZFf8O3HbHIjyxuKatPsb5ZSbq/ElwjTqQFzSpTTN/t\nF/XbIEKns6U3bzguF5K30uBbxlWDHcUlLSB7eRyJhi2On1pOk8owOoYAM4/LQ6eM\n30Gn4qawmoKk5bEuQ46Dbkb8cyCCO9f5DeOfWuHlNS9RqsQ4ncec1LAN12iYdV4V\nP9XskFeDrKacwCFLW92uTKBan2EEG7YRbJeWJW7qVIoWu4TRp0zfhor5Q9T9tV2C\nLB/NNOv8uYVFnnPDswHZ/WdrVt20jxPRwMjF/g1aF+IiQUhSKzE9gsDrJraPpzdV\nqoJNsAtvYbtHJA9w+zyM96Ax65tE5k5SlZ6SWXP0x2e8XYlnZYkNOmwLdxQTNJ1W\nKsSI/X2w47jgWW0zoCa4tOk5R5kDpIkHqiUsW36OB970ePj9ALT+yK94zWTOEDMI\nzIIvjZqHwlWGTdn3nnl4MzGbCZpqvfhvsgjSW2YQWdFlgcncwBT/JK4uzbzuqnvR\ntJ7LdUE3ATHV5qjsotyAniQG7qNnoGBjhlBuxeUbbP39IyvKX6gDld/Y3LWmMGYV\n34ph31fcDM/MSGoRn+RVDMP/13KzZYAGySpRVyweD6CeVutv2pdYCwEd0QbRtKS2\n6pF4G3WP0sT+kdTQdI/1WwvuxY4Xv8Zkfqdq6Un9lCLwjBzjo5QakN9Xq6pSzoEh\n7pqvHQvNulkgJEBaMu2wmDrIedDWxvGfntPKX69t42yMAGNg+QqCGLt+MSDbXBtI\nz/l3FMet9T98ey0J+KpSXsp8viOv5vsgEk3alc1mlnBS2zUoTFjV4p2e33VCGYcx\nVyNaueUDqlx4TZm9e8zAKmDJw+Tv8WhsBw3zgKV83i5yYHbilGbsTEfW87l4diaL\nwBN5ynGkNShabG1jKruyNIJc/HCoA52xWKsU8G4MDpRZ521rb417gfTwWCZrn0mF\nI3uipaf9QUxNDBg/rmXy588PAsbO4e8YX72ZombesZ+K9qNCwF/Jhnw/XVaINKX5\njUTPNG4R0ZYhEMVUCQLr3y3u1VAHCXBfBOhlznf01xJ4DB+atU//AFQnHsB5b22z\nzpCkgkiFFyjpjJF7TWlwlePQ7bQaDuDt+HGmPu/n8Jjh++Mu5k3crh+aNbl/03pE\nk+v0zllgoI1MswBRZeh1EKvpB47gmJWUvvXNdAo66ZveLYNWR6ENJpfgj+bboaZe\n9//OkAZ9vBVqyMhUltDjWjKZtBh17NSBUV1dtjF2OCjf/jnJuXaQtrAYPgIKlhxR\nwe0oKYmH6N9KRSYEE5VWpjqWdThyNWM7cK5EdNikzueLFV2w6+ZKP/nlkYRlEAiC\nw58i1c5/DUhOoXRt7iirJmv9E6WNzGerlT/wbgcBX7gefvUhHQKX/mjuozTFZ38Y\nFegZtZxWvp2PsMEXEAGcGlPPtkIW4A58FTcMoAefM7V0TR9bU2QKEGn9j0Tyx2cZ\nLA7C0xBg9UxL5NWGzbRsOodnOCmHZFLPOOynYxP7Kon8/E6jAOG4a4F6VZFeYKOF\n8lQcDX6M9b5Uty0ETZiX9lVFz2R9+I7QlmrK4p9oI7o2OZjS8a4jiGgIGEc5CkCL\nX6T7uhn/zqlxtSkqazFdmPEtrtW6zcGCJF3pDE2vi8nII4plzUo9HHap15zaAGwU\nkYcCMNdY060/b75/NOZkn2DS+sG+xBSw1oocbW/Sb/2no8DqZbDj3bn/S3BsScfQ\nwvu1Dx/4rNqI1Umdk5bp5mTmNTRdpKJLqgnUd1arze/1DEfSeDzOtxDn+zx5jM//\nZVWkDtElhU/QwOm0ecC8ARGOV6dkKr+cHYnMdPAepll6cj/zfl0OmA==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-gg5fKVihR0YnhGv1i' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpkw32fmiy.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkw32fmiy.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_4(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:697: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3ee895b8e25dc02cdd49405e63066688e112e33d3dd1e9fa8ccd28fbd1730bf8urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTI5WhcNMzUwNzIzMjIzOTI5WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAtjL6GLCC+U9+MDFcWuc+Ao+rSV5R/eDN90R03CydXX8276HqBRawdXd4\nZdP5MetIIcqQ9+QV3EJJT+mV0+ziPO4xmQmuOZwvGIl5n5tSLQsZYlGHXguQAhw6\n471EjW9TiZw875VPcidKwQogBvQmLST7ZcthXe3D4aUar3hIsEW8McHNDqur7WPL\nIP+L7+r7pqDg98Vkm3G+JLr4VkLs1e2o8R9+LJ5DS3rdD0Pcbw85ZwZJ48y3v705\n1bHe/776ERLB+ThwssYnc4arqHXcE9N8guyVDyiQK73L/1fEwNSfzLiz9QwSn3bX\nzHtH5o5KcURB4G0fkNMPHisRTDTQdwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJjY\nyC7viH7Z4EUu47SDklm6wpXpGLbvKRHCN7LT9sjv+rlb5vmgjfK+DWInv/Fyh//j\n494Anhpo6MboGLWt5cp3xx1LbBkZzBzDekYjbolY+tVWZqBC+dnSWfc9IVmH4BO4\nGw7h6pVTDzwkCAO1EHrTkcngiANImjpsqod0BE9ZnPUQt33utqWnmq59UywygeUIIChYUhoMiXKJ8gcHyxsRFaIQf5j5dtA7x7expvZJ\n2mJZppUJ12f9TrKjY+TU7H6cU5DGCvgp9OXcDvZrSLx39kgTLtuvf7aJmtQMdeQY\nlmhGIB+AswF7bwSlKRz1bnzaifRz9g1U/5nu6c9NDHXbuyYMCXy6tzAas95iatrf\nS0l6CE0RYbfxQZOfTkfSP5bIeDk267kpA5cG3YIyPSXbgMBu0Ojv0wLKRpMjPCPl\nZle2X1epJGzXu8BouslvKDOqBElvcqHMcR3JieBqG44awmmYw6V3N73M5WLSCJeg\nG8VChYGotA6xLU2iX76FDw==tqber65SlsLUCb8Ugb0btFzpyUCic0nJno7Y4EQfh0zv9xa1QVnpQ8s13nDTR9kW\noMiYHJ8tTx8KQdmtOngPEI4IzkOZ6YnBlhF4ZDj1AralORjRUzlcguGbT4vivmWL\nMICpjwO95n81eL2DL3WCWhXDXICFDH6ZtyDPoi75loflhXOyEwbQeDiSuuhWOuFB\nwX7JwydHjg/7kdTIoinzUwB4vsx7FvvnOIPRyPBvwZBuK7BSJvyxlxeGMJ9KcEGq\nCdVmwBNjMR0hBbq4T4dapdiBjor1XTk/tWqAJ38YJtio096SVik/OxNFv1bOWMNT\nfyaTNiM4iW53LTIp8mWLZ2JIZUNnxiRMBsChyypf78odUAy/pTUXH/GhjigLZGRf\nnXT0O3ea4PwD4TEYbiACD9q+Twbe2XvkBXMMkhwrV9g8eJnZmkwJaAnwkIRI3f5q\nxXqz24F6cDUzxXTykG+NuGQqo8tiNu7lN+0WFpc4wzvGmo/mf+rMn5oxi2x8AOJi\nWwgjpTfq3xZikDMCDfzze9ttuTV1U5/jGzlOvfre8vtj3tQtZKFFwq72ntxfeuZX\nLaDXFrqUNj7DfAXHsz3wInZFf8O3HbHIjyxuKatPsb5ZSbq/ElwjTqQFzSpTTN/t\nF/XbIEKns6U3bzguF5K30uBbxlWDHcUlLSB7eRyJhi2On1pOk8owOoYAM4/LQ6eM\n30Gn4qawmoKk5bEuQ46Dbkb8cyCCO9f5DeOfWuHlNS9RqsQ4ncec1LAN12iYdV4V\nP9XskFeDrKacwCFLW92uTKBan2EEG7YRbJeWJW7qVIoWu4TRp0zfhor5Q9T9tV2C\nLB/NNOv8uYVFnnPDswHZ/WdrVt20jxPRwMjF/g1aF+IiQUhSKzE9gsDrJraPpzdV\nqoJNsAtvYbtHJA9w+zyM96Ax65tE5k5SlZ6SWXP0x2e8XYlnZYkNOmwLdxQTNJ1W\nKsSI/X2w47jgWW0zoCa4tOk5R5kDpIkHqiUsW36OB970ePj9ALT+yK94zWTOEDMI\nzIIvjZqHwlWGTdn3nnl4MzGbCZpqvfhvsgjSW2YQWdFlgcncwBT/JK4uzbzuqnvR\ntJ7LdUE3ATHV5qjsotyAniQG7qNnoGBjhlBuxeUbbP39IyvKX6gDld/Y3LWmMGYV\n34ph31fcDM/MSGoRn+RVDMP/13KzZYAGySpRVyweD6CeVutv2pdYCwEd0QbRtKS2\n6pF4G3WP0sT+kdTQdI/1WwvuxY4Xv8Zkfqdq6Un9lCLwjBzjo5QakN9Xq6pSzoEh\n7pqvHQvNulkgJEBaMu2wmDrIedDWxvGfntPKX69t42yMAGNg+QqCGLt+MSDbXBtI\nz/l3FMet9T98ey0J+KpSXsp8viOv5vsgEk3alc1mlnBS2zUoTFjV4p2e33VCGYcx\nVyNaueUDqlx4TZm9e8zAKmDJw+Tv8WhsBw3zgKV83i5yYHbilGbsTEfW87l4diaL\nwBN5ynGkNShabG1jKruyNIJc/HCoA52xWKsU8G4MDpRZ521rb417gfTwWCZrn0mF\nI3uipaf9QUxNDBg/rmXy588PAsbO4e8YX72ZombesZ+K9qNCwF/Jhnw/XVaINKX5\njUTPNG4R0ZYhEMVUCQLr3y3u1VAHCXBfBOhlznf01xJ4DB+atU//AFQnHsB5b22z\nzpCkgkiFFyjpjJF7TWlwlePQ7bQaDuDt+HGmPu/n8Jjh++Mu5k3crh+aNbl/03pE\nk+v0zllgoI1MswBRZeh1EKvpB47gmJWUvvXNdAo66ZveLYNWR6ENJpfgj+bboaZe\n9//OkAZ9vBVqyMhUltDjWjKZtBh17NSBUV1dtjF2OCjf/jnJuXaQtrAYPgIKlhxR\nwe0oKYmH6N9KRSYEE5VWpjqWdThyNWM7cK5EdNikzueLFV2w6+ZKP/nlkYRlEAiC\nw58i1c5/DUhOoXRt7iirJmv9E6WNzGerlT/wbgcBX7gefvUhHQKX/mjuozTFZ38Y\nFegZtZxWvp2PsMEXEAGcGlPPtkIW4A58FTcMoAefM7V0TR9bU2QKEGn9j0Tyx2cZ\nLA7C0xBg9UxL5NWGzbRsOodnOCmHZFLPOOynYxP7Kon8/E6jAOG4a4F6VZFeYKOF\n8lQcDX6M9b5Uty0ETZiX9lVFz2R9+I7QlmrK4p9oI7o2OZjS8a4jiGgIGEc5CkCL\nX6T7uhn/zqlxtSkqazFdmPEtrtW6zcGCJF3pDE2vi8nII4plzUo9HHap15zaAGwU\nkYcCMNdY060/b75/NOZkn2DS+sG+xBSw1oocbW/Sb/2no8DqZbDj3bn/S3BsScfQ\nwvu1Dx/4rNqI1Umdk5bp5mTmNTRdpKJLqgnUd1arze/1DEfSeDzOtxDn+zx5jM//\nZVWkDtElhU/QwOm0ecC8ARGOV6dkKr+cHYnMdPAepll6cj/zfl0OmA==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-gg5fKVihR0YnhGv1i' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-gg5fKVihR0YnhGv1i', '--output', '/tmp/tmpzn6m50bg.xml', '/tmp/tmpkw32fmiy.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpkw32fmiy.xml" output= ____________________ TestServer1.test_encrypted_response_6 _____________________ self = def test_encrypted_response_6(self): _server = Server("idp_conf_verify_cert") cert_str_advice, cert_key_str_advice = generate_cert() cert_str_assertion, cert_key_str_assertion = generate_cert() > _resp = _server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str_advice, encrypt_cert_assertion=cert_str_assertion, ) tests/test_50_server.py:911: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:832: in create_authn_response args = self.gather_authn_response_args( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = sp_entity_id = 'urn:mace:example.com:saml:roland:sp', name_id_policy = None userid = None kwargs = {'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMwWhcNMzUwNzIzMjIzOTMwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAq3XLQfSmE4Bc805s8WsWKimVHXiJmp3DklsSnyLbNvrHJaIwUm2LnJLk\nJBUcokCkkHt1tfgvArLzt7y38IWt2LoqTnl2mnaIv6RkDV7VLurhtRxxSIJrSULJ\n8cFgvvLpefP+k2CVISmE/XUfq5XwCIXii0kpce+8E3q3YkMjtFkt/bTq+D4v5/w6\noNKM5bawODE5pYZWyzo0XNA29o78wi7C+9pbamr3IFaeRSqqSlF015mzTPoz5kPi\nn+kPhN22mtB80WwxLVXvE5vk/P20iOADWDfoB2E9aX1AAO6i9fvNl0KX43vttK/k\n/M6RKCl6rP6mqqcD8u8Sc+TrGeXsDwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJTx\nmFQJc7Jka3YAB00WA/Fr9Ot3t/i5/bf2jRWfZM8Havll47HsHft7NakCGqaBppmL\n1eb2esfNjEM3ZglKau9iVXXf2cRIooy8DHgxgrYoa5iMNLz4/+0+4sUBuLiVWe5c\ng1JknttcfHpwsPplTC403coP6W1QkQa3GCMx8F9l\n-----END CERTIFICATE-----\n', 'encrypt_cert_assertion': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMwWhcNMzUwNzIzMjIzOTMwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEArvIG/0uCIWLdx1ythxwUXRb6Q41EIJGFwL0TX9yXEt1cIm/SXGg/612M\ngr9JIJ1RjaYrzbiJ3P0UBaLnIZxhL4/WoOA+KR1p+t4oZrpjdjdAMUMtqaJrjVZf\n9LbW2K6wp1F0gV3HGkbQk3CskxRZOxfvYKNVbB659jAcX+8rEJNiuSafrfMEqlMI\nrxtcG8ggA/GMHp8Vy5HajmL7IQrdKf1dbhyJriEVg49TRelXSRki8/CDSqWv8nKc\nj9ekjF0XUFnuYVkCx9y5EG0JCDfQ2cI4v4abtiE0hainEzVW85slOtTh1L4nOCWf\nYFuhWqNSsmkYNhXo8UgRubJVDvO5fwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBALGd\nKLphF5s7F0venI/LTWvXQDremVgFQjri72PWtMEC97Ln8prm3GBmB/qq0s21bXJU\nBXEXxY6zw0/1cQ5S/OQ+lg5by1oMhCzvKYpDJNAO9rL33XH+EEHwVX7iNTuLyYj4\nCim+E+wxcJuSYPYj9r8ixM83ziArICrYOhtFT40p\n-----END CERTIFICATE-----\n', ...} args = {'best_effort': False, 'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMwWhcNMzUwNzIzMjIzOTMwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAq3XLQfSmE4Bc805s8WsWKimVHXiJmp3DklsSnyLbNvrHJaIwUm2LnJLk\nJBUcokCkkHt1tfgvArLzt7y38IWt2LoqTnl2mnaIv6RkDV7VLurhtRxxSIJrSULJ\n8cFgvvLpefP+k2CVISmE/XUfq5XwCIXii0kpce+8E3q3YkMjtFkt/bTq+D4v5/w6\noNKM5bawODE5pYZWyzo0XNA29o78wi7C+9pbamr3IFaeRSqqSlF015mzTPoz5kPi\nn+kPhN22mtB80WwxLVXvE5vk/P20iOADWDfoB2E9aX1AAO6i9fvNl0KX43vttK/k\n/M6RKCl6rP6mqqcD8u8Sc+TrGeXsDwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJTx\nmFQJc7Jka3YAB00WA/Fr9Ot3t/i5/bf2jRWfZM8Havll47HsHft7NakCGqaBppmL\n1eb2esfNjEM3ZglKau9iVXXf2cRIooy8DHgxgrYoa5iMNLz4/+0+4sUBuLiVWe5c\ng1JknttcfHpwsPplTC403coP6W1QkQa3GCMx8F9l\n-----END CERTIFICATE-----\n', ...} param_defaults = {'best_effort': False, 'encrypt_assertion': False, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': None, ...} param = 'encrypt_cert_assertion', val_default = None val_kw = '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMwWhcNMzUwNzIzMjIzOTMwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEArvIG/0uCIWLdx1ythxwUXRb6Q41EIJGFwL0TX9yXEt1cIm/SXGg/612M\ngr9JIJ1RjaYrzbiJ3P0UBaLnIZxhL4/WoOA+KR1p+t4oZrpjdjdAMUMtqaJrjVZf\n9LbW2K6wp1F0gV3HGkbQk3CskxRZOxfvYKNVbB659jAcX+8rEJNiuSafrfMEqlMI\nrxtcG8ggA/GMHp8Vy5HajmL7IQrdKf1dbhyJriEVg49TRelXSRki8/CDSqWv8nKc\nj9ekjF0XUFnuYVkCx9y5EG0JCDfQ2cI4v4abtiE0hainEzVW85slOtTh1L4nOCWf\nYFuhWqNSsmkYNhXo8UgRubJVDvO5fwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBALGd\nKLphF5s7F0venI/LTWvXQDremVgFQjri72PWtMEC97Ln8prm3GBmB/qq0s21bXJU\nBXEXxY6zw0/1cQ5S/OQ+lg5by1oMhCzvKYpDJNAO9rL33XH+EEHwVX7iNTuLyYj4\nCim+E+wxcJuSYPYj9r8ixM83ziArICrYOhtFT40p\n-----END CERTIFICATE-----\n' val_config = None, arg = 'encrypted_advice_attributes' def gather_authn_response_args(self, sp_entity_id, name_id_policy, userid, **kwargs): kwargs["policy"] = kwargs.get("release_policy") # collect args and return them args = {} # XXX will be passed to _authn_response param_defaults = { "policy": None, "best_effort": False, "sign_assertion": False, "sign_response": False, "encrypt_assertion": False, "encrypt_assertion_self_contained": True, "encrypted_advice_attributes": False, "encrypt_cert_advice": None, "encrypt_cert_assertion": None, # need to be named sign_alg and digest_alg } for param, val_default in param_defaults.items(): val_kw = kwargs.get(param) val_config = self.config.getattr(param, "idp") args[param] = val_kw if val_kw is not None else val_config if val_config is not None else val_default for arg, attr, eca, pefim in [ ("encrypted_advice_attributes", "verify_encrypt_cert_advice", "encrypt_cert_advice", kwargs["pefim"]), ("encrypt_assertion", "verify_encrypt_cert_assertion", "encrypt_cert_assertion", False), ]: if args[arg] or pefim: _enc_cert = self.config.getattr(attr, "idp") if _enc_cert is not None: if kwargs[eca] is None: raise CertificateError( "No SPCertEncType certificate for encryption " "contained in authentication " "request." ) if not _enc_cert(kwargs[eca]): > raise CertificateError("Invalid certificate for encryption!") E saml2.cert.CertificateError: Invalid certificate for encryption! ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:736: CertificateError _________________ TestServer1NonAsciiAva.test_signed_response __________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=1cd4b32089cc965ab41072a3bd0323b70414452671e1a64355bd8021f4c57956urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-3EdKRFni7L62wN43s' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpw0i4afad.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpw0i4afad.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_50_server.py:1517: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=1cd4b32089cc965ab41072a3bd0323b70414452671e1a64355bd8021f4c57956urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-3EdKRFni7L62wN43s' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-3EdKRFni7L62wN43s', '--output', '/tmp/tmp9zchheec.xml', '/tmp/tmpw0i4afad.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpw0i4afad.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_1 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-XUXbPUWppHsdi7e6Z' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpi2r84lu2.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpi2r84lu2.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_50_server.py:1540: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-XUXbPUWppHsdi7e6Z' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XUXbPUWppHsdi7e6Z', '--output', '/tmp/tmpv3_lr2hi.xml', '/tmp/tmpi2r84lu2.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpi2r84lu2.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_2 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpd517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-DmrN3cFYCZfAcKWr2' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpcw3nbglj.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpcw3nbglj.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_2(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, ) tests/test_50_server.py:1571: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpd517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-DmrN3cFYCZfAcKWr2' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-DmrN3cFYCZfAcKWr2', '--output', '/tmp/tmphfbkwkxq.xml', '/tmp/tmpcw3nbglj.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpcw3nbglj.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_3 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-2foi3YyVKw65VtWWZ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp0mi1tu_3.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp0mi1tu_3.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_3(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=True, ) tests/test_50_server.py:1595: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-2foi3YyVKw65VtWWZ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-2foi3YyVKw65VtWWZ', '--output', '/tmp/tmp2c1vmq_5.xml', '/tmp/tmp0mi1tu_3.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp0mi1tu_3.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_1 ____________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMxWhcNMzUwNzIzMjIzOTMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAhPCqWpYoLHbtbLljtsGTY8aK7qEQVkgcceHeBq5+knychs9xsXALXe7U\nSUfaz2lfyOviTokPuVkUy21CnoEJknYgJh7u9SimMjFqjzu3rpnM17UAEqlZSYy1\nuAcu9hSQstegSiiTjV+LdFTB6LaWdAfpB45MduN76udelxxs2OEct2e1x7hQy3+i\n8QJun442UUYGK+Jmcd1ZtUdNxsP+dvZqLAWkgo1oUECRN/ca5CQ+jCe1jMW6/g6m\nHMLgHEjLSRCnjYMU4RzVCMQEZx3FQhsVA6d4ZOJzJAkXnsCYlIS96jeWLWO4ojTl\nBI4m2JGDC4oAFNbW2p8xkbO0QMl4nQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFwy\n/6D38o2kYfy3oqGdt5sVlENxY5Pu9/HpHoA4gdTgUqU4+o0I7SdRt6nRRBbwi4us\nftHU4Vlc+nazY/tok9gUlFxC10r8hPFEldHeoh5kcCcwUFOhe8gbnD1QOjv1xN8A\ngoeDidJ+JivwWjgelFQwZfGHFiy9UT6C+7/Fz27PJGDfkIUiYKt6POoS8Gu43j47nEN5C8bb7CVTO/Q/i5aBRcjeNVOez3bMrF+F3PSD\n17PI7LBjUaGXaUcnHWJUJ+duEmPSRfAVfIgNHHImYQU/Oq4A41vDrUkVs5D+V7Qx\ngnxY3YHa7kcdwFnIL77Umv58nDcGzoEtG0OV7nuoZIe1uAvdfqJMOpgUHfuJ7KZz\nbc4kVKRwVMtyoxAeQkmbUrmoQjcfkaVOQrVNyL3qYkTSleUTS6VlQwe5wH67C7Bm\ngjmDQLnHuGiY9DyESW47Ms0iN5j/OYEFKNrvf5iDT3blMwkVPbI9J3Dp1EEwpvjP\nNx80nceGh6BjTmb1qjbmLA==2/QpoIIZZSA1ZILpGG1tKtjg2l7p5L4SkYyZKx46jX9Go/9W9WjfI8HOoBeYoMbm\nH77bQ8Avb8vnv4pSUZs1u5Vl+bgiacebJ8i8j/Pim/8aIZ4SniXvjRCIy9AtyF7M\nMgcvD8IdfTTTgrl4yW0OOkCl3p3NL++iuskEeIpHbrY3cx/9yCj5QyzpoZ22lsja\nXziJ570YOadA1abJvLwWGXzLWszoR+bVj4uuasCbIwuSkm9eD6QaH6MGFnYi8a5b\nHeGxaMOMUYy4fjjOWfJlcf+wtek3uiUM6gejTfapwS+2x/soSgOvu2mWpi01eYyF\nVyCGbKofi4R5KrOA+OQMfrcgMBcApptlAEtwxFgZlMdajJluCJRBxAT3QFBnzBzg\n3tOpJLT18IURbAmAGyFrJHfPNBioOhqpxrgReCN+Ojd2k7d90uEex1DhwNmUD/XT\n1PWkF5wDKwp3HKMyxjfxgNWxwouV7VEr1l/LbFMu6UZN90a4XrYkvJN0P3P9sW/q\n1jumdMfzepp8yOJdhvTWdvO8sdLmk22xhBZegnqEb+6o93coN+GCDP03HvjqURaz\nxhktwGaQSCIaNaPjgJVRin6cInZoAFB54f7UBONPpQh1aB7lA8dIhXgF+rUdJIjH\nokrmZ7h8xJslR6xZc/ORZLlb/rYeRrNrIoPgHDqJSZX/VnMMOsUwfaTcPQYyrKIN\nYSA3rCf9r+P3GkH5n3qvul3as/jgseCLKo7cSi4I44dFRAZiQKuhPcS/AgeKn9/V\nNooM5B1iG9n5Tw76aFGqjrIs34yiXBDkuppFJxtgHNXfpOIfMmyhvLro5UpS47rM\nViQUmusxodOY56LohFHrqzD/tEsQ6vPZ5GQ8WLWGooIpe3uLYfuaYfoWvlUtX3Rf\nZctublV/ymuad7qC1qfUQ615OEjbIMNXQtz2JCvOtHvrq4Ne6fwR+vVaO33Mm+nH\nQrJApGkoa1KqnehBiOPVjqEtncFT6TxpPjfWvHGZ3As/ItfprBrQQYGVwOrqh4Ky\nhwmK2vxmbQnuZQF7192QFCvKL8rQ/nmzkuGbKHv0xfBL+pZ9onu75kerjuy3BNSb\nI40aAgbK+FrgGxpvYyYdHsN3GPHkBcubE6qlFBBweZ0eKsDbeOZ7SfjQr2lDDxMo\nsr6ZGGNlK8qlq9aePD8ijiBzltApile9wgiques9Iw+1YpmLVP4s+YsijBs/OWJC\ntDq1FySA9bQTDkSPFzyrwpLEoS16Z2ZvpGGtZF70YHMugO78JTt7BLGcui7Hbjip\n1kWmHQYxiR8DObsK8s4HOqJEzaoVYskJnR5I8aXp67xn98ANskQ2br8JD05n/IUv\nA8hBIU/GmpAQ8aeYmarzzUirMdztbfe+beDV1mOqALVQMtkvD0AsiD4Mr5Ant3ys\nzHOMSPIrSlZDS3oJ6roSsmF5gCOOHlEjUfs4l01FPLtHyfoMvWdIE6ogVI8wYaEX\nK8R2jS8cJsnqX3hfXHuZbQ0eniBuHon7jsJ+O3o5CdvCqhRsjd3T3355jfWpGTD+\n1buMr2M7mYcW13bycx0k5xgz8Cu4tIov8q2USIAdhTHKumcqleFpNcQyyF8fHrJJ\nFZB/SToJR72fwqCaSJwldNZ3vzhlZW2axypWfYOWhVTs3ycgnYwtmE/zv/unx40J\n7ej3WNhSo2gXca+EtAR4LknYayg5qxXSfzm/R4h/xJjJtVtkTmwFQbGWZeogDjcx\nFUu8xhXMxQ17riF6mVNeZl0cvTyfeFlCVFwpX3AiOyODpWKILQQI8key7e+bbK52\ne0J1h87ap6MzUwTuCM+KqLEJQP1/aXOQwHa9ip5gm90r4MxVZyvqYduqw2zVbys8\n3YJ9NyT+aeHrWcOlb6fZBf88tgqydOSPamrO8aByFiuNPDKD7oumdF7qkhKD3M3+\nOuC1AonGSt0lEAxaWM2HxAnoqXLjDzpy/1TVmTv8ugvK34RujBMRRY8dW+q7gFnk\nKdCUgkTZhYtbceRDap8oloamM/dfsu3XwUxM1nVjjf8ga9dL+9V1wtscH7G7dZm0\nOmWBUhhXTHP6F8exEbcw+Kf+AAWT8qiq8KFlEtV0eE+8dvhCYJCch/Nfu+p0iqBn\nFhUJusFX4YYFmjL78jjyGLMhMZLqOi4zpSF4KkWZq+l2IfyY4Xyg+6YqJFJsYbaP\nQ0fXPC2CnqGqGiZoAhLuvOkRJce0CUSmowL3WNY+NMJk7KwL0/WrYD0NJKmBgqhN\nSrqqPrPIw2Acxf9bl6gLKf1WJ0cnxBniDC02bNgH5Kp925EPI7WUUJNJVSk3zeub\nqgOU4iWBUDkJRcV1NaMoouFh6h5ewqw2/BUFfG9fc8O0o9VXBFhShInLn5+CgYEO\nBWkO82uVHqV9PxnTXFRp0lJjzguGH8aUzEIDFJKqb7E4f/aI5neSmw==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-RJrL0sgY8ta2j5lVu' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmptuq2ig7c.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmptuq2ig7c.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_1(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:1623: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMxWhcNMzUwNzIzMjIzOTMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAhPCqWpYoLHbtbLljtsGTY8aK7qEQVkgcceHeBq5+knychs9xsXALXe7U\nSUfaz2lfyOviTokPuVkUy21CnoEJknYgJh7u9SimMjFqjzu3rpnM17UAEqlZSYy1\nuAcu9hSQstegSiiTjV+LdFTB6LaWdAfpB45MduN76udelxxs2OEct2e1x7hQy3+i\n8QJun442UUYGK+Jmcd1ZtUdNxsP+dvZqLAWkgo1oUECRN/ca5CQ+jCe1jMW6/g6m\nHMLgHEjLSRCnjYMU4RzVCMQEZx3FQhsVA6d4ZOJzJAkXnsCYlIS96jeWLWO4ojTl\nBI4m2JGDC4oAFNbW2p8xkbO0QMl4nQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFwy\n/6D38o2kYfy3oqGdt5sVlENxY5Pu9/HpHoA4gdTgUqU4+o0I7SdRt6nRRBbwi4us\nftHU4Vlc+nazY/tok9gUlFxC10r8hPFEldHeoh5kcCcwUFOhe8gbnD1QOjv1xN8A\ngoeDidJ+JivwWjgelFQwZfGHFiy9UT6C+7/Fz27PJGDfkIUiYKt6POoS8Gu43j47nEN5C8bb7CVTO/Q/i5aBRcjeNVOez3bMrF+F3PSD\n17PI7LBjUaGXaUcnHWJUJ+duEmPSRfAVfIgNHHImYQU/Oq4A41vDrUkVs5D+V7Qx\ngnxY3YHa7kcdwFnIL77Umv58nDcGzoEtG0OV7nuoZIe1uAvdfqJMOpgUHfuJ7KZz\nbc4kVKRwVMtyoxAeQkmbUrmoQjcfkaVOQrVNyL3qYkTSleUTS6VlQwe5wH67C7Bm\ngjmDQLnHuGiY9DyESW47Ms0iN5j/OYEFKNrvf5iDT3blMwkVPbI9J3Dp1EEwpvjP\nNx80nceGh6BjTmb1qjbmLA==2/QpoIIZZSA1ZILpGG1tKtjg2l7p5L4SkYyZKx46jX9Go/9W9WjfI8HOoBeYoMbm\nH77bQ8Avb8vnv4pSUZs1u5Vl+bgiacebJ8i8j/Pim/8aIZ4SniXvjRCIy9AtyF7M\nMgcvD8IdfTTTgrl4yW0OOkCl3p3NL++iuskEeIpHbrY3cx/9yCj5QyzpoZ22lsja\nXziJ570YOadA1abJvLwWGXzLWszoR+bVj4uuasCbIwuSkm9eD6QaH6MGFnYi8a5b\nHeGxaMOMUYy4fjjOWfJlcf+wtek3uiUM6gejTfapwS+2x/soSgOvu2mWpi01eYyF\nVyCGbKofi4R5KrOA+OQMfrcgMBcApptlAEtwxFgZlMdajJluCJRBxAT3QFBnzBzg\n3tOpJLT18IURbAmAGyFrJHfPNBioOhqpxrgReCN+Ojd2k7d90uEex1DhwNmUD/XT\n1PWkF5wDKwp3HKMyxjfxgNWxwouV7VEr1l/LbFMu6UZN90a4XrYkvJN0P3P9sW/q\n1jumdMfzepp8yOJdhvTWdvO8sdLmk22xhBZegnqEb+6o93coN+GCDP03HvjqURaz\nxhktwGaQSCIaNaPjgJVRin6cInZoAFB54f7UBONPpQh1aB7lA8dIhXgF+rUdJIjH\nokrmZ7h8xJslR6xZc/ORZLlb/rYeRrNrIoPgHDqJSZX/VnMMOsUwfaTcPQYyrKIN\nYSA3rCf9r+P3GkH5n3qvul3as/jgseCLKo7cSi4I44dFRAZiQKuhPcS/AgeKn9/V\nNooM5B1iG9n5Tw76aFGqjrIs34yiXBDkuppFJxtgHNXfpOIfMmyhvLro5UpS47rM\nViQUmusxodOY56LohFHrqzD/tEsQ6vPZ5GQ8WLWGooIpe3uLYfuaYfoWvlUtX3Rf\nZctublV/ymuad7qC1qfUQ615OEjbIMNXQtz2JCvOtHvrq4Ne6fwR+vVaO33Mm+nH\nQrJApGkoa1KqnehBiOPVjqEtncFT6TxpPjfWvHGZ3As/ItfprBrQQYGVwOrqh4Ky\nhwmK2vxmbQnuZQF7192QFCvKL8rQ/nmzkuGbKHv0xfBL+pZ9onu75kerjuy3BNSb\nI40aAgbK+FrgGxpvYyYdHsN3GPHkBcubE6qlFBBweZ0eKsDbeOZ7SfjQr2lDDxMo\nsr6ZGGNlK8qlq9aePD8ijiBzltApile9wgiques9Iw+1YpmLVP4s+YsijBs/OWJC\ntDq1FySA9bQTDkSPFzyrwpLEoS16Z2ZvpGGtZF70YHMugO78JTt7BLGcui7Hbjip\n1kWmHQYxiR8DObsK8s4HOqJEzaoVYskJnR5I8aXp67xn98ANskQ2br8JD05n/IUv\nA8hBIU/GmpAQ8aeYmarzzUirMdztbfe+beDV1mOqALVQMtkvD0AsiD4Mr5Ant3ys\nzHOMSPIrSlZDS3oJ6roSsmF5gCOOHlEjUfs4l01FPLtHyfoMvWdIE6ogVI8wYaEX\nK8R2jS8cJsnqX3hfXHuZbQ0eniBuHon7jsJ+O3o5CdvCqhRsjd3T3355jfWpGTD+\n1buMr2M7mYcW13bycx0k5xgz8Cu4tIov8q2USIAdhTHKumcqleFpNcQyyF8fHrJJ\nFZB/SToJR72fwqCaSJwldNZ3vzhlZW2axypWfYOWhVTs3ycgnYwtmE/zv/unx40J\n7ej3WNhSo2gXca+EtAR4LknYayg5qxXSfzm/R4h/xJjJtVtkTmwFQbGWZeogDjcx\nFUu8xhXMxQ17riF6mVNeZl0cvTyfeFlCVFwpX3AiOyODpWKILQQI8key7e+bbK52\ne0J1h87ap6MzUwTuCM+KqLEJQP1/aXOQwHa9ip5gm90r4MxVZyvqYduqw2zVbys8\n3YJ9NyT+aeHrWcOlb6fZBf88tgqydOSPamrO8aByFiuNPDKD7oumdF7qkhKD3M3+\nOuC1AonGSt0lEAxaWM2HxAnoqXLjDzpy/1TVmTv8ugvK34RujBMRRY8dW+q7gFnk\nKdCUgkTZhYtbceRDap8oloamM/dfsu3XwUxM1nVjjf8ga9dL+9V1wtscH7G7dZm0\nOmWBUhhXTHP6F8exEbcw+Kf+AAWT8qiq8KFlEtV0eE+8dvhCYJCch/Nfu+p0iqBn\nFhUJusFX4YYFmjL78jjyGLMhMZLqOi4zpSF4KkWZq+l2IfyY4Xyg+6YqJFJsYbaP\nQ0fXPC2CnqGqGiZoAhLuvOkRJce0CUSmowL3WNY+NMJk7KwL0/WrYD0NJKmBgqhN\nSrqqPrPIw2Acxf9bl6gLKf1WJ0cnxBniDC02bNgH5Kp925EPI7WUUJNJVSk3zeub\nqgOU4iWBUDkJRcV1NaMoouFh6h5ewqw2/BUFfG9fc8O0o9VXBFhShInLn5+CgYEO\nBWkO82uVHqV9PxnTXFRp0lJjzguGH8aUzEIDFJKqb7E4f/aI5neSmw==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-RJrL0sgY8ta2j5lVu' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-RJrL0sgY8ta2j5lVu', '--output', '/tmp/tmpjwqtyj7l.xml', '/tmp/tmptuq2ig7c.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmptuq2ig7c.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_2 ____________ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==esrqBtxG2RKccA2jYDddgUu2sKV/dFG+LbPo0mJKknKCdHtf9y5bqhvoHqgnPY8J\n/p77x9ulZaRtB4UGcobZ+Vaa9pYgbV1V8EfU39f9gjR/Pgh++CPygRis5FXLI+NN\nnpOa2ehMj9tV/0dgd4RaHAIql9wMz9A40YLm7Rsaslk=upxgjRxUdGWodpGFuTrZJ++H3Y+s5+oVQN6REamR4lRXevNz4h+PyMbHUP6q92ED\nkvMhK8WzI48xoiAcX8gT5BF7NmV6mSND7inZ1ptEZDvLIyLBqqQQOREcvlH4cA5k\nQYFuSgdKp/d02X/x3re60D9Y+rE7yldbgTelXlSYyCkUs1IOYdVw9slMwOce1ZCS\nLDnlSMJXZmAxihsaxZmlaskF20Zm1Sw8bHtPVwHDAgmvQQvQW/Cnj4MgIPtT8tVV\nD7JMCVaSV60ShBPbDXZ/jH+1irFLEIXfdhpChNvnXHF94WlU9zvpLYt/q26cdaIw\nlJpEPzKb4ARPfmKWSp4cBJtm+TQ9vvWxX9DfEnOqwxYUShxHarFWNqD6OQ4jFhji\n+q0+XpOq2ILzrPF92in/37tzRdMCgyQa47McynO6oQmki5I/s0VXAY9mieztkJKr\n3BNdTaT9/VZerePGpRBWHZsEEvTZ1FAX8r6D0RTrMFRSlwRQTdqpRP3BUyjcKYmK\nrJwiq2obOI12Ccv1pc+lAE0/N9eh0uBeKolPdKVEh1Hlgiu+woHZ0NmkanBssNIU\nCAYAKeWe5G0nnwDfMPmJSfCVjB778hQtIbmU2ilIyfZOLhsmzcxYPlf4bYKLEB9j\n755lshTY3tt8zKZjuA8Yqm5x6Zs57825ae1E0RfZLgZWJX6Y9gVo7vrD9nHtdyAc\nw/tJI1NqmYbt3wu3+ZIyRh2wJiDC/yxzFpKlL0CckBdMTbtqOs9W6YExLWGsfCFF\nzA/OMJORg18+gtuj1z9icUvThzMq0HgBw1+7yRuScjhvQ4gINEWBhApmnstyzhW1\nQp8T4HyGJPvViQmFCGNQxp6OTo4GbAGBgePdL50FOxB5XfvipUdHfRuXUwAFi19r\nHAdKxG0CzV8M2KzXuooXfrOwyek8XBdovkepPe1N62j+m4mSFREbAW2bzzyRi5DO\nHv/YkyBvpIwvyKB8FV/Hzg8Ohanxco6dbOlMjj18UUwWCUKWQ+XBfriKDwwcn/Dg\n4AvdlqUSKranDY5TCrUaj0nibXW+zp7dVN/uMpPWv5Wkuxxbt+OkJ/NMAVKB2OQY\nYG6jUHe/Qw6UJFtWJTBd83Q/nZej0nQIxjDL47moj89PJP+7y7vWcA2FVlS2VyCQ\ndzz9gQuGvmnvbOy0Fc/xpv8Q6TAjDK1YOZ8JTv6WundOnKu/M9J8M+84YqW3rgqp\nSf7ddU9R6T+AhE6p8iQyusJTLjTve1JyysbF14TUVPMTqK2M1xEyo8YAOggDweIl\n5Kxbx6+/Wl+OoIrTcH/NZkRSxEG4PC4cU/M9w5TdBlO8aJvjfmeyYhwJYIZbVVQU\n4+d/kM3dYLcQx9l1qWTDnRPNMN/G9y41hrZT7jCtXo6rWnqj7tAgL8wp84v5UQZy\n9Z/Wsw133k07jXVbNEJyvYtdTY4o6AS8BdWhcmbkVbgsfC1ZeRr7us9kgM/ZeBZI\npaVyh+Ncn7cyEpAoMY+VjNseRZwY7FOc4drCA1z5e39kGae8hSGyzxQKngEp5+Ys\nffKUf1rSlM59VhwEZugWZDMYxxAVAajjiw5P+53CdZ68ZzClvwZvY0zb/PloylYn\n/RumVujZT0USo34dB6Kmud1scZTUiLsVXDvnhe3G1dL7yIYIT6ANwe5/ALB/CsG+\nIxrUSM1ZZVd4Qq1Z1159qnmWt2HU8xz355IdCtdpgyaP18hXqOkFZCuGL2IEx0dE\nmUIFYEyJrMkm3rC0+/1xLROkQ7tjn8zFWP+hXoN73w/tLe9l2mHygbISttpwEFyH\nwUlBjl+9Hf//65AKstt3M6Vk2KTpr5E2h2z6koihLy+hZjhPHQAW3jNojLNIxxh5\n0m0MEEygX4CvnWb4O2ooVVGC5rhUdfqaykxP8Pnb8eTixpUFsupNsMeD7inf0sef\nP69BkZNK/CP2BuXvkx/S4cYggD1hjp/Ud2Zj7kUx4kTatj96YLI0Opm4oOSUpXKN\n2sI85Brls60I0OL0mcfDZVkxmNwTJFWQRK0WQVsdx3XRSmoJrCrZJ+p3VsQJHc05\n7KsGsWLsuH6s7I7D64jzORBmy4SekWIJ/imvkVFSZAAEDXdHWMx/dr887MJeattK\nhclhNQM2xtnd5haCkKAYGv0poq7OpXVMV8Ch73wglFdIz6Tj7ftltPxTpIFPc4D3\no8QFyFjuPpnHfU77pFRyV07i8Sep/EF+gkAu9WyT4yfHx4slEO8fgvlKDs7XQmpc\n7UKyupWepzZy1zYpsBaz2TRnSOpj6t7X2BQRFaznDIcsthYLJKQ8Pi/kJ+ncSkWL\n69C1YSGPKPTLdR1hT4bQv9/WJ9PTX5A44B5JrACcQ4wlFZjvC6AZyJh3pfhh5ymn\nkcfNeEk9KzFpXDpUmYPT6x31njcuAKDA78Bl82aulJD/fTvV1TKRiE6cNbRfYUR/\nRsaNt8HNVWLQoX720ThMC0Nwcr4EIRc+lHq9pINsQPk71l5vJBv1g2grr9QNt55U\nCAG79Zl4M6qi3UzZFG+OYE0rCp6am4Z5tHAjLKlpuUW6oHVXdd18byZhqGqgiiPi\nI/LDdVRLojrVy2FZyNzqpJ9q1xaKb/dTRgsN6rhmyhhKMX1FkeTu5fcqYUjRIIlH\n1fHABfGgCAtF+NiSKeChlmzFTuwBNUlR0G8xfIKTQtTTazM06NOqsvcjNyNzG45X\n6l39G8Nz4TAMgw9Ow51DMPSD5bJk1umDO6HQBjTAQn3blRw3ZxVz5AxNjLMLa8nD\nYADfEdFRpwRtiEw6toCf1W6td+anUMkgsKoiCibnZ4YC4rIlCs3vpWNd4HlSrOPw\nWDqI9xeNhooWc2GBv8F9ShMSpLxnMTxbhCBVMBLgVBt7tE5UXF+DiwHXKbN9XSKw\nFdRBpf/JHzNtVTDcqy7ynSdjiao2kWDYhLowpb4jdjrWudKWVCWkAQ==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sYjkdS65Kb8JReyrT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpl691c9ws.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpl691c9ws.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_2(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, ) tests/test_50_server.py:1681: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:912: in _response return signed_instance_factory(response, self.sec, sign_class) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==esrqBtxG2RKccA2jYDddgUu2sKV/dFG+LbPo0mJKknKCdHtf9y5bqhvoHqgnPY8J\n/p77x9ulZaRtB4UGcobZ+Vaa9pYgbV1V8EfU39f9gjR/Pgh++CPygRis5FXLI+NN\nnpOa2ehMj9tV/0dgd4RaHAIql9wMz9A40YLm7Rsaslk=upxgjRxUdGWodpGFuTrZJ++H3Y+s5+oVQN6REamR4lRXevNz4h+PyMbHUP6q92ED\nkvMhK8WzI48xoiAcX8gT5BF7NmV6mSND7inZ1ptEZDvLIyLBqqQQOREcvlH4cA5k\nQYFuSgdKp/d02X/x3re60D9Y+rE7yldbgTelXlSYyCkUs1IOYdVw9slMwOce1ZCS\nLDnlSMJXZmAxihsaxZmlaskF20Zm1Sw8bHtPVwHDAgmvQQvQW/Cnj4MgIPtT8tVV\nD7JMCVaSV60ShBPbDXZ/jH+1irFLEIXfdhpChNvnXHF94WlU9zvpLYt/q26cdaIw\nlJpEPzKb4ARPfmKWSp4cBJtm+TQ9vvWxX9DfEnOqwxYUShxHarFWNqD6OQ4jFhji\n+q0+XpOq2ILzrPF92in/37tzRdMCgyQa47McynO6oQmki5I/s0VXAY9mieztkJKr\n3BNdTaT9/VZerePGpRBWHZsEEvTZ1FAX8r6D0RTrMFRSlwRQTdqpRP3BUyjcKYmK\nrJwiq2obOI12Ccv1pc+lAE0/N9eh0uBeKolPdKVEh1Hlgiu+woHZ0NmkanBssNIU\nCAYAKeWe5G0nnwDfMPmJSfCVjB778hQtIbmU2ilIyfZOLhsmzcxYPlf4bYKLEB9j\n755lshTY3tt8zKZjuA8Yqm5x6Zs57825ae1E0RfZLgZWJX6Y9gVo7vrD9nHtdyAc\nw/tJI1NqmYbt3wu3+ZIyRh2wJiDC/yxzFpKlL0CckBdMTbtqOs9W6YExLWGsfCFF\nzA/OMJORg18+gtuj1z9icUvThzMq0HgBw1+7yRuScjhvQ4gINEWBhApmnstyzhW1\nQp8T4HyGJPvViQmFCGNQxp6OTo4GbAGBgePdL50FOxB5XfvipUdHfRuXUwAFi19r\nHAdKxG0CzV8M2KzXuooXfrOwyek8XBdovkepPe1N62j+m4mSFREbAW2bzzyRi5DO\nHv/YkyBvpIwvyKB8FV/Hzg8Ohanxco6dbOlMjj18UUwWCUKWQ+XBfriKDwwcn/Dg\n4AvdlqUSKranDY5TCrUaj0nibXW+zp7dVN/uMpPWv5Wkuxxbt+OkJ/NMAVKB2OQY\nYG6jUHe/Qw6UJFtWJTBd83Q/nZej0nQIxjDL47moj89PJP+7y7vWcA2FVlS2VyCQ\ndzz9gQuGvmnvbOy0Fc/xpv8Q6TAjDK1YOZ8JTv6WundOnKu/M9J8M+84YqW3rgqp\nSf7ddU9R6T+AhE6p8iQyusJTLjTve1JyysbF14TUVPMTqK2M1xEyo8YAOggDweIl\n5Kxbx6+/Wl+OoIrTcH/NZkRSxEG4PC4cU/M9w5TdBlO8aJvjfmeyYhwJYIZbVVQU\n4+d/kM3dYLcQx9l1qWTDnRPNMN/G9y41hrZT7jCtXo6rWnqj7tAgL8wp84v5UQZy\n9Z/Wsw133k07jXVbNEJyvYtdTY4o6AS8BdWhcmbkVbgsfC1ZeRr7us9kgM/ZeBZI\npaVyh+Ncn7cyEpAoMY+VjNseRZwY7FOc4drCA1z5e39kGae8hSGyzxQKngEp5+Ys\nffKUf1rSlM59VhwEZugWZDMYxxAVAajjiw5P+53CdZ68ZzClvwZvY0zb/PloylYn\n/RumVujZT0USo34dB6Kmud1scZTUiLsVXDvnhe3G1dL7yIYIT6ANwe5/ALB/CsG+\nIxrUSM1ZZVd4Qq1Z1159qnmWt2HU8xz355IdCtdpgyaP18hXqOkFZCuGL2IEx0dE\nmUIFYEyJrMkm3rC0+/1xLROkQ7tjn8zFWP+hXoN73w/tLe9l2mHygbISttpwEFyH\nwUlBjl+9Hf//65AKstt3M6Vk2KTpr5E2h2z6koihLy+hZjhPHQAW3jNojLNIxxh5\n0m0MEEygX4CvnWb4O2ooVVGC5rhUdfqaykxP8Pnb8eTixpUFsupNsMeD7inf0sef\nP69BkZNK/CP2BuXvkx/S4cYggD1hjp/Ud2Zj7kUx4kTatj96YLI0Opm4oOSUpXKN\n2sI85Brls60I0OL0mcfDZVkxmNwTJFWQRK0WQVsdx3XRSmoJrCrZJ+p3VsQJHc05\n7KsGsWLsuH6s7I7D64jzORBmy4SekWIJ/imvkVFSZAAEDXdHWMx/dr887MJeattK\nhclhNQM2xtnd5haCkKAYGv0poq7OpXVMV8Ch73wglFdIz6Tj7ftltPxTpIFPc4D3\no8QFyFjuPpnHfU77pFRyV07i8Sep/EF+gkAu9WyT4yfHx4slEO8fgvlKDs7XQmpc\n7UKyupWepzZy1zYpsBaz2TRnSOpj6t7X2BQRFaznDIcsthYLJKQ8Pi/kJ+ncSkWL\n69C1YSGPKPTLdR1hT4bQv9/WJ9PTX5A44B5JrACcQ4wlFZjvC6AZyJh3pfhh5ymn\nkcfNeEk9KzFpXDpUmYPT6x31njcuAKDA78Bl82aulJD/fTvV1TKRiE6cNbRfYUR/\nRsaNt8HNVWLQoX720ThMC0Nwcr4EIRc+lHq9pINsQPk71l5vJBv1g2grr9QNt55U\nCAG79Zl4M6qi3UzZFG+OYE0rCp6am4Z5tHAjLKlpuUW6oHVXdd18byZhqGqgiiPi\nI/LDdVRLojrVy2FZyNzqpJ9q1xaKb/dTRgsN6rhmyhhKMX1FkeTu5fcqYUjRIIlH\n1fHABfGgCAtF+NiSKeChlmzFTuwBNUlR0G8xfIKTQtTTazM06NOqsvcjNyNzG45X\n6l39G8Nz4TAMgw9Ow51DMPSD5bJk1umDO6HQBjTAQn3blRw3ZxVz5AxNjLMLa8nD\nYADfEdFRpwRtiEw6toCf1W6td+anUMkgsKoiCibnZ4YC4rIlCs3vpWNd4HlSrOPw\nWDqI9xeNhooWc2GBv8F9ShMSpLxnMTxbhCBVMBLgVBt7tE5UXF+DiwHXKbN9XSKw\nFdRBpf/JHzNtVTDcqy7ynSdjiao2kWDYhLowpb4jdjrWudKWVCWkAQ==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sYjkdS65Kb8JReyrT' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-sYjkdS65Kb8JReyrT', '--output', '/tmp/tmpg1y_detz.xml', '/tmp/tmpl691c9ws.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpl691c9ws.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_3 ____________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-dFDfyuETDwrfc2sXH' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpl_h77bx6.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpl_h77bx6.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_3(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=False, encrypt_cert_assertion=cert_str, ) tests/test_50_server.py:1726: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-dFDfyuETDwrfc2sXH' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-dFDfyuETDwrfc2sXH', '--output', '/tmp/tmpom9xf0v3.xml', '/tmp/tmpl_h77bx6.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpl_h77bx6.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_4 ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMxWhcNMzUwNzIzMjIzOTMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAvpzqJuawUJm1mkgTVUKYMv+Y6uCrCZTPfgmrbbT6ICVnmZNmagQ9RO7C\nSArSfYBrndVtdSbPXNhuiYJYSvVmdRgF/IWxRGber1+bOz5YcSR6rgTvHX3rooN9\nFDqOJTA8DorFyynCn5HkNVojaGkACullAVt9hjSth5QnO6wRgV6kcwrmYcP4p355\nR3/eXocWsP9ipt8wR4YAxfPoywiTIqBLlyOXDZ0iuRHCvceosFo8lvcGM0FK09dU\nM9yTbe6BgPqgMGzXCFdavIGmidMW9myD0uGCuaJPFbTMK5WaDePulvLXiMJPSPOd\nFPn6jyZOTJi2cC3jCDRdpTv+cKlcCwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIN0\nJAM6yyH3XnYqPTQexUSNm/zgrf1/ez7NqeswD0c/FK20vvPn3HTBsJy5Wrhz6SC9\niaXC6Us6jK9phgS0xHXCbQscP9qChSGNp/1RMIcp4H//tiH1wPSQfvNzvzGnwTdn\nhb+qcqCJWEYisDRGEaOhZfnP/a7+7I9yviBoAROUdtWjLYeRw8j+BpppxlCg6h72l9JwChiXVUY+rBVJ6Ewh4383zszmXiw0wMm17fWj\nC9DJGYwUdasj/eEIHemCM0RasodirdmZl5gEgeT6xhav5FNpvhG9Iu4h7EAgNAsJ\nYcrw/K8YIF3ms0lCFmx/0fVyFLK54GFj/o61Nze3vAEL8mqknu2RC/d05ubnCfe6\nP1VRxeJ/QmHT5jkLchupox8Hsu0fEKWvDLQ4LOVdpR2CBCrHq5SXWEqzeLqwmZFW\nAp9HRsA6tMZmHYQZRRsFK0zRPQcoSuiZlvs80HQaP7EBz1QgnN4KP3e4uoWKL3h9\nhc9FGFWI6Dk/NFGnbp6OZQ==AhzSQ60rH/orhDd8R/y/WpUvfVQMYrWCEkZH/9W4vqzACMBI0gDDkVYD/muGq4hN\ngT4PnFjuiAgwGdr+FVw08fyrhrghzNuRWhC8irpEfY8neSAyyXwMeexEmQtQprvq\ns6R7ueG+Hk366CBvd7FHqeyXejY0w9grq75qnegJxXYsbCXtJ9pcu+uYDwBfjNfL\niu3X7aA03CsXb+uzzvjEaVj1pN0wk26mDKDYN0KV+l2D/1flsgc5jyQfesKq5oH9\ncvCPo0+MfK08SJkCdEzYrxQbeQve/Iand+A8QkYGsiNqDQEK3hx9uAlU+qNQD2sW\n5kwHSSub56YlAvJslxAh/dQusk8cU9dRXrBhYidK4xqaf4z161vetyXzNxj/e2w+\nmNOaaKUYvaeuYRmURsTkZmri+4RPrV/8cXvSFyk6XyYDjPcBpCp85vtia8YUIUXc\nzcHKdy8Mjd6Vxp14cNKZmiAc2XuoI32pH6QTpgo3oRB1/o4hGb+kryqm9kceQ7xH\neULYFkfCudYZpmQuhFfgJPv0ywLM3cV7uJoW7c5a6ReHiblDsayzlnHD7JgLVnoK\nzNjWcgcQx9ijmU1xbn+xARousON2k/tKJfUvLwCDF9KFNNuHr94vw5LenAnGSiXg\ndFszojOIV1p0IuguWBK+fvsnMoDUo3zCUFEkpOyL6BJ0p2pqDbH317Em1JcSaoNH\n85nAp9H8ttM7yDRYfWAjruhd8UHW6hSzRpxUEwov3xkIncIEcFMmr5l/m6NOb2Xy\npAH66c5cdPbnpGOxw/8aWPiIM+ERimCGNltIgrxvD3Fq6EkwmvSAiKTO1Uqt1SHc\nm1PQXNX69dxpdQDBzJTekuEQaB2HCjIDxyhUY1GFl4kYn15B23f6nh4mcxpWxkJI\nba4jOPZGcQtlXiGKq0mpO7fMexIv/VYSAAfiexObAN7I2hAjt5luzR8PwTlaNnsY\nW+upwc7yDbLAS0fkoIDlToI1Bd8I0yE3l5xLRvCj7AzhTT29rFnGjGjSyRGCF83K\nHmr216gjWwLkNfow3xBlvi1Qt9H0ay3opmMatgaL/bgXRm/aB2pH4+yiZnhq1fD8\nVSnceV4Kbhz+zY+0Zm/GKgQi9frCFw8OUEpDwme/6sYksHxzfNIYT3pFZrFrCD0k\nha2VMiC6Bu0ac9Iwdo85GDbxuzPt0zSCnF9Erc3QhHNZ6ijBU8EIWAER7zQ3DYhR\n1/V27RDXNwKHUiDPsMibD1R9QpYON2uRVIeU/zzHl0MRtp3ZoW+Vs2ac28K33ZfQ\npCJpapXZw5OrFW1ad8emxCcvxK+Qj3DGh9Gcdt0EXKq8DqK+hcp8fn4AE11x3Zk1\nEYEF+QNOXl2tifi/5UTNAwH8qylTUyuifdFxJYPy7zYN+4eCT2kDdaHd7k8qDnqg\n7KYsRlILIELIgMk6D8RQgLQuzHs/aWTCZPrBUyF+eLSQ841IkDOokwWg62fkWE5W\nCZPJxMimYnG+gM6mZoo6EcZ64pFsUBgBYi4jVhwupX7MN3SgimxjAjB+dT9AI04Q\nQM6QyCkQVf1Cu8B1taaM+wdh+3OUM2SBat/AEXJSYFKpxmyWPsAwVX6d5OFLtwc0\nQkcHVdxzrYMZvGvt8JNvEPOHE4GILL9mXy1AKy47VxHZSnh+jMp2wwKsqCgHgk8N\n27sY9DF6HWsCndZYBSW17Gb6okkgRulf3wqVt3VmXMk0dTN4PwqAOG9uz+W5bfML\nIJYAEZkGBVr+k6aIKVrJcCpp41K2xzM81Cl7d/acFounJbbxNc+mPDzpxHgP1dUK\ndg+kLR5X7U5WUQO8mgYYlQXdqueWS8CPgvFw+bVJx9Nvz0EBIelx8G04Vp2JQsm2\nyKyoe4gSkKyOJWV16s3IvP3D5PZ+zxwoYnuSHCA7XemMbkeT7QK4mAgJIvzfevfR\nff3tS1pAtnCFPMBiHOWXnhTZSigy4qhq8w3mPeFz9KLBr/vDp/21i+e3KL91nY0L\n1o3jNFH6PCWSWsjrSukTnLIAMPRXNkz4EeQhfE8vdjtbA9Jzx5SR2CBJRlWLT8EW\npIxUtlmmtrgx3pErgPqJDSv3jZpTgvdMr+bjJXnVgffctS+Yaty3qM+lUziYHOsh\nVThg2DqwrufevazSwXOV7HWQzTwaApU5tdq3WSj6uNLI1f7FB6AwtlJmCEa0Vte5\nMFy0qOilU3PD0PZ40BDu9wYnSC/6iXeFy9j+hPR6kyQlJrfOqUXCJRirUjjoehSP\nIQC5FT/2Y9bRJuyEffypq1eoMpETcqEX3P8Xto8g0BCgKevT5eB+KsMPi0/YpiSx\n+p4ytxA2AI483di3JxelC2wdOVh88AwkSuQZV47CVDTNNuzfO6d1cuoRGeoS4Mpb\nVOGS5dzeu5TgLNVNZoZzF7SYvOeLlXJVg+ljn8GCAfr5dbzkj+CAVA==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-onfc3qodKQhjVcqaV' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpmnek5cv6.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpmnek5cv6.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_4(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:1773: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d517e290277db3aa687433e870c90f32b0c45d858eaf5891bbd40897158c25c3urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMxWhcNMzUwNzIzMjIzOTMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAvpzqJuawUJm1mkgTVUKYMv+Y6uCrCZTPfgmrbbT6ICVnmZNmagQ9RO7C\nSArSfYBrndVtdSbPXNhuiYJYSvVmdRgF/IWxRGber1+bOz5YcSR6rgTvHX3rooN9\nFDqOJTA8DorFyynCn5HkNVojaGkACullAVt9hjSth5QnO6wRgV6kcwrmYcP4p355\nR3/eXocWsP9ipt8wR4YAxfPoywiTIqBLlyOXDZ0iuRHCvceosFo8lvcGM0FK09dU\nM9yTbe6BgPqgMGzXCFdavIGmidMW9myD0uGCuaJPFbTMK5WaDePulvLXiMJPSPOd\nFPn6jyZOTJi2cC3jCDRdpTv+cKlcCwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIN0\nJAM6yyH3XnYqPTQexUSNm/zgrf1/ez7NqeswD0c/FK20vvPn3HTBsJy5Wrhz6SC9\niaXC6Us6jK9phgS0xHXCbQscP9qChSGNp/1RMIcp4H//tiH1wPSQfvNzvzGnwTdn\nhb+qcqCJWEYisDRGEaOhZfnP/a7+7I9yviBoAROUdtWjLYeRw8j+BpppxlCg6h72l9JwChiXVUY+rBVJ6Ewh4383zszmXiw0wMm17fWj\nC9DJGYwUdasj/eEIHemCM0RasodirdmZl5gEgeT6xhav5FNpvhG9Iu4h7EAgNAsJ\nYcrw/K8YIF3ms0lCFmx/0fVyFLK54GFj/o61Nze3vAEL8mqknu2RC/d05ubnCfe6\nP1VRxeJ/QmHT5jkLchupox8Hsu0fEKWvDLQ4LOVdpR2CBCrHq5SXWEqzeLqwmZFW\nAp9HRsA6tMZmHYQZRRsFK0zRPQcoSuiZlvs80HQaP7EBz1QgnN4KP3e4uoWKL3h9\nhc9FGFWI6Dk/NFGnbp6OZQ==AhzSQ60rH/orhDd8R/y/WpUvfVQMYrWCEkZH/9W4vqzACMBI0gDDkVYD/muGq4hN\ngT4PnFjuiAgwGdr+FVw08fyrhrghzNuRWhC8irpEfY8neSAyyXwMeexEmQtQprvq\ns6R7ueG+Hk366CBvd7FHqeyXejY0w9grq75qnegJxXYsbCXtJ9pcu+uYDwBfjNfL\niu3X7aA03CsXb+uzzvjEaVj1pN0wk26mDKDYN0KV+l2D/1flsgc5jyQfesKq5oH9\ncvCPo0+MfK08SJkCdEzYrxQbeQve/Iand+A8QkYGsiNqDQEK3hx9uAlU+qNQD2sW\n5kwHSSub56YlAvJslxAh/dQusk8cU9dRXrBhYidK4xqaf4z161vetyXzNxj/e2w+\nmNOaaKUYvaeuYRmURsTkZmri+4RPrV/8cXvSFyk6XyYDjPcBpCp85vtia8YUIUXc\nzcHKdy8Mjd6Vxp14cNKZmiAc2XuoI32pH6QTpgo3oRB1/o4hGb+kryqm9kceQ7xH\neULYFkfCudYZpmQuhFfgJPv0ywLM3cV7uJoW7c5a6ReHiblDsayzlnHD7JgLVnoK\nzNjWcgcQx9ijmU1xbn+xARousON2k/tKJfUvLwCDF9KFNNuHr94vw5LenAnGSiXg\ndFszojOIV1p0IuguWBK+fvsnMoDUo3zCUFEkpOyL6BJ0p2pqDbH317Em1JcSaoNH\n85nAp9H8ttM7yDRYfWAjruhd8UHW6hSzRpxUEwov3xkIncIEcFMmr5l/m6NOb2Xy\npAH66c5cdPbnpGOxw/8aWPiIM+ERimCGNltIgrxvD3Fq6EkwmvSAiKTO1Uqt1SHc\nm1PQXNX69dxpdQDBzJTekuEQaB2HCjIDxyhUY1GFl4kYn15B23f6nh4mcxpWxkJI\nba4jOPZGcQtlXiGKq0mpO7fMexIv/VYSAAfiexObAN7I2hAjt5luzR8PwTlaNnsY\nW+upwc7yDbLAS0fkoIDlToI1Bd8I0yE3l5xLRvCj7AzhTT29rFnGjGjSyRGCF83K\nHmr216gjWwLkNfow3xBlvi1Qt9H0ay3opmMatgaL/bgXRm/aB2pH4+yiZnhq1fD8\nVSnceV4Kbhz+zY+0Zm/GKgQi9frCFw8OUEpDwme/6sYksHxzfNIYT3pFZrFrCD0k\nha2VMiC6Bu0ac9Iwdo85GDbxuzPt0zSCnF9Erc3QhHNZ6ijBU8EIWAER7zQ3DYhR\n1/V27RDXNwKHUiDPsMibD1R9QpYON2uRVIeU/zzHl0MRtp3ZoW+Vs2ac28K33ZfQ\npCJpapXZw5OrFW1ad8emxCcvxK+Qj3DGh9Gcdt0EXKq8DqK+hcp8fn4AE11x3Zk1\nEYEF+QNOXl2tifi/5UTNAwH8qylTUyuifdFxJYPy7zYN+4eCT2kDdaHd7k8qDnqg\n7KYsRlILIELIgMk6D8RQgLQuzHs/aWTCZPrBUyF+eLSQ841IkDOokwWg62fkWE5W\nCZPJxMimYnG+gM6mZoo6EcZ64pFsUBgBYi4jVhwupX7MN3SgimxjAjB+dT9AI04Q\nQM6QyCkQVf1Cu8B1taaM+wdh+3OUM2SBat/AEXJSYFKpxmyWPsAwVX6d5OFLtwc0\nQkcHVdxzrYMZvGvt8JNvEPOHE4GILL9mXy1AKy47VxHZSnh+jMp2wwKsqCgHgk8N\n27sY9DF6HWsCndZYBSW17Gb6okkgRulf3wqVt3VmXMk0dTN4PwqAOG9uz+W5bfML\nIJYAEZkGBVr+k6aIKVrJcCpp41K2xzM81Cl7d/acFounJbbxNc+mPDzpxHgP1dUK\ndg+kLR5X7U5WUQO8mgYYlQXdqueWS8CPgvFw+bVJx9Nvz0EBIelx8G04Vp2JQsm2\nyKyoe4gSkKyOJWV16s3IvP3D5PZ+zxwoYnuSHCA7XemMbkeT7QK4mAgJIvzfevfR\nff3tS1pAtnCFPMBiHOWXnhTZSigy4qhq8w3mPeFz9KLBr/vDp/21i+e3KL91nY0L\n1o3jNFH6PCWSWsjrSukTnLIAMPRXNkz4EeQhfE8vdjtbA9Jzx5SR2CBJRlWLT8EW\npIxUtlmmtrgx3pErgPqJDSv3jZpTgvdMr+bjJXnVgffctS+Yaty3qM+lUziYHOsh\nVThg2DqwrufevazSwXOV7HWQzTwaApU5tdq3WSj6uNLI1f7FB6AwtlJmCEa0Vte5\nMFy0qOilU3PD0PZ40BDu9wYnSC/6iXeFy9j+hPR6kyQlJrfOqUXCJRirUjjoehSP\nIQC5FT/2Y9bRJuyEffypq1eoMpETcqEX3P8Xto8g0BCgKevT5eB+KsMPi0/YpiSx\n+p4ytxA2AI483di3JxelC2wdOVh88AwkSuQZV47CVDTNNuzfO6d1cuoRGeoS4Mpb\nVOGS5dzeu5TgLNVNZoZzF7SYvOeLlXJVg+ljn8GCAfr5dbzkj+CAVA==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-onfc3qodKQhjVcqaV' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-onfc3qodKQhjVcqaV', '--output', '/tmp/tmp1f3m5eec.xml', '/tmp/tmpmnek5cv6.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpmnek5cv6.xml" output= _______________ TestServer1NonAsciiAva.test_encrypted_response_6 _______________ self = def test_encrypted_response_6(self): _server = Server("idp_conf_verify_cert") cert_str_advice, cert_key_str_advice = generate_cert() cert_str_assertion, cert_key_str_assertion = generate_cert() > _resp = _server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str_advice, encrypt_cert_assertion=cert_str_assertion, ) tests/test_50_server.py:1987: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:832: in create_authn_response args = self.gather_authn_response_args( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = sp_entity_id = 'urn:mace:example.com:saml:roland:sp', name_id_policy = None userid = None kwargs = {'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMxWhcNMzUwNzIzMjIzOTMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAre+IRuVJSHUDdzS9lVpzOy0/V2Z06Rly6s3eKS16huNCS9Tzfj1UiO/O\nbdIOhL6/5zlIxY9XHAntcQEPMUWADfDJPNmftynT93h3Mk4J73IIXWnPC5h03xZ4\nHEK6oUMwq+os03KFW4+JiVskfg0Z9J1XdL3+l5lb/YxINRVeboTWtMcWf+8jo2h/\nwApfnbKpWmRcg5nMADpdOg6MKcZ3PcdYn8whYeZiGFC6Vp9MTjH1787FgGHcGXYj\nj7qIUhR/aauE1AXJNt/9BWvdPcOSMeooqzmzkgBRA/lVy4SdK/+KrsDGk2ASmzO8\nT9SbapVCHfXe5ZYykA2ZNuRAH5gAXwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACy7\nNue8P3nSq+Gj8eyGEfE1h6XEZwbnm2REVXhq5K/SMr5/70cnQNSP4jzb3iQ0TKYd\nXU3J32lzYrl/TAZg5qR8t6q54pXvywWUPRKOiBEHQLq8d6C/tPg+jsnzQqBok2Kp\n3ap5bC8m7d/gKRJOcheq54JSZrJ3XP/5rzcev4fL\n-----END CERTIFICATE-----\n', 'encrypt_cert_assertion': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMxWhcNMzUwNzIzMjIzOTMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA5yazaQDYSUVAkI1LuOqgY38fmLxpyiWxyn0w7UFfVuNqBIB2aHPDgJ9t\nIckP/EfGr3GZeUDEUVPfpKDUSHiEphheW1goRVqyhUq6kSoqVqoGWNR0I0o2oVzb\n96fflnYfDWsjvJrcjuH5Fu68BDl7zsZ+ErTKkbDov2zEx8dwMt/l8EQBs5MoCfZq\nvjUPCVOrVn1U/cpG9F1LUIGJPQxuEs/JFLNdD6+0ZIJJZ92n7iwl44X54zsIwza6\nug/dGt1gAxXRD2Pc6XuH0G75OVFBHn6KE0FXksHM/9nAySeTaBFwAPYQ/nfN4xse\nq4kOh91NxE0JskPIJ1v5HmnvuutE/wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIGB\nyHLcgH2SPYMFAlYjAOfBzfndHpPhbsa7w0NB/OHplordrjOfIUzCPuaL5z63BISY\n3a0lmi6Ac2U86pzMjh19KiLBDwHGXMj3o8C/3ZSkc1UUmymYVHf4KzHkhIg/wNzP\n1dKEJdOwE4NJ1DPZ6IO5LrORHfityLUGFFiJ/jSA\n-----END CERTIFICATE-----\n', ...} args = {'best_effort': False, 'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMxWhcNMzUwNzIzMjIzOTMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAre+IRuVJSHUDdzS9lVpzOy0/V2Z06Rly6s3eKS16huNCS9Tzfj1UiO/O\nbdIOhL6/5zlIxY9XHAntcQEPMUWADfDJPNmftynT93h3Mk4J73IIXWnPC5h03xZ4\nHEK6oUMwq+os03KFW4+JiVskfg0Z9J1XdL3+l5lb/YxINRVeboTWtMcWf+8jo2h/\nwApfnbKpWmRcg5nMADpdOg6MKcZ3PcdYn8whYeZiGFC6Vp9MTjH1787FgGHcGXYj\nj7qIUhR/aauE1AXJNt/9BWvdPcOSMeooqzmzkgBRA/lVy4SdK/+KrsDGk2ASmzO8\nT9SbapVCHfXe5ZYykA2ZNuRAH5gAXwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACy7\nNue8P3nSq+Gj8eyGEfE1h6XEZwbnm2REVXhq5K/SMr5/70cnQNSP4jzb3iQ0TKYd\nXU3J32lzYrl/TAZg5qR8t6q54pXvywWUPRKOiBEHQLq8d6C/tPg+jsnzQqBok2Kp\n3ap5bC8m7d/gKRJOcheq54JSZrJ3XP/5rzcev4fL\n-----END CERTIFICATE-----\n', ...} param_defaults = {'best_effort': False, 'encrypt_assertion': False, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': None, ...} param = 'encrypt_cert_assertion', val_default = None val_kw = '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMxWhcNMzUwNzIzMjIzOTMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA5yazaQDYSUVAkI1LuOqgY38fmLxpyiWxyn0w7UFfVuNqBIB2aHPDgJ9t\nIckP/EfGr3GZeUDEUVPfpKDUSHiEphheW1goRVqyhUq6kSoqVqoGWNR0I0o2oVzb\n96fflnYfDWsjvJrcjuH5Fu68BDl7zsZ+ErTKkbDov2zEx8dwMt/l8EQBs5MoCfZq\nvjUPCVOrVn1U/cpG9F1LUIGJPQxuEs/JFLNdD6+0ZIJJZ92n7iwl44X54zsIwza6\nug/dGt1gAxXRD2Pc6XuH0G75OVFBHn6KE0FXksHM/9nAySeTaBFwAPYQ/nfN4xse\nq4kOh91NxE0JskPIJ1v5HmnvuutE/wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIGB\nyHLcgH2SPYMFAlYjAOfBzfndHpPhbsa7w0NB/OHplordrjOfIUzCPuaL5z63BISY\n3a0lmi6Ac2U86pzMjh19KiLBDwHGXMj3o8C/3ZSkc1UUmymYVHf4KzHkhIg/wNzP\n1dKEJdOwE4NJ1DPZ6IO5LrORHfityLUGFFiJ/jSA\n-----END CERTIFICATE-----\n' val_config = None, arg = 'encrypted_advice_attributes' def gather_authn_response_args(self, sp_entity_id, name_id_policy, userid, **kwargs): kwargs["policy"] = kwargs.get("release_policy") # collect args and return them args = {} # XXX will be passed to _authn_response param_defaults = { "policy": None, "best_effort": False, "sign_assertion": False, "sign_response": False, "encrypt_assertion": False, "encrypt_assertion_self_contained": True, "encrypted_advice_attributes": False, "encrypt_cert_advice": None, "encrypt_cert_assertion": None, # need to be named sign_alg and digest_alg } for param, val_default in param_defaults.items(): val_kw = kwargs.get(param) val_config = self.config.getattr(param, "idp") args[param] = val_kw if val_kw is not None else val_config if val_config is not None else val_default for arg, attr, eca, pefim in [ ("encrypted_advice_attributes", "verify_encrypt_cert_advice", "encrypt_cert_advice", kwargs["pefim"]), ("encrypt_assertion", "verify_encrypt_cert_assertion", "encrypt_cert_assertion", False), ]: if args[arg] or pefim: _enc_cert = self.config.getattr(attr, "idp") if _enc_cert is not None: if kwargs[eca] is None: raise CertificateError( "No SPCertEncType certificate for encryption " "contained in authentication " "request." ) if not _enc_cert(kwargs[eca]): > raise CertificateError("Invalid certificate for encryption!") E saml2.cert.CertificateError: Invalid certificate for encryption! ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:736: CertificateError _____________________ TestClient.test_sign_auth_request_0 ______________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', ...] extra_args = ['/tmp/tmp4v6h6pro.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp4v6h6pro.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_auth_request_0(self): > req_id, areq = self.client.create_authn_request("http://www.example.com/sso", sign=True, message_id="id1") tests/test_51_client.py:396: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client_base.py:445: in create_authn_request msg = self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmp8j1ziwzd.xml', '/tmp/tmp4v6h6pro.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp4v6h6pro.xml" output= _______________________ TestClient.test_logout_response ________________________ self = def test_logout_response(self): req_id, req = self.server.create_logout_request( "http://localhost:8088/slo", "urn:mace:example.com:saml:roland:sp", name_id=nid, reason="Tired", expire=in_a_while(minutes=15), session_indexes=["_foo"], ) info = self.client.apply_binding(BINDING_HTTP_POST, req, destination="", relay_state="relay2") _dic_info = unpack_form(info["data"], "SAMLRequest") samlreq = _dic_info["SAMLRequest"] > resphttp = self.client.handle_logout_request(samlreq, nid, BINDING_HTTP_POST) tests/test_51_client.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = request = 'PG5zMDpMb2dvdXRSZXF1ZXN0IHhtbG5zOm5zMD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQtUXp1MU52aEhWVEI5QVhWUVAiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDI1LTA3LTI1VDIyOjM5OjMyWiIgRGVzdGluYXRpb249Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9zbG8iIFJlYXNvbj0iVGlyZWQiIE5vdE9uT3JBZnRlcj0iMjAyNS0wNy0yNVQyMjo1NDozMloiPjxzYW1sOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+dXJuOm1hY2U6ZXhhbXBsZS5jb206c2FtbDpyb2xhbmQ6aWRwPC9zYW1sOklzc3Vlcj48c2FtbDpOYW1lSUQgTmFtZVF1YWxpZmllcj0iZm9vIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+MTIzNDU2PC9zYW1sOk5hbWVJRD48bnMwOlNlc3Npb25JbmRleD5fZm9vPC9uczA6U2Vzc2lvbkluZGV4PjwvbnMwOkxvZ291dFJlcXVlc3Q+' name_id = binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', sign = True sign_alg = None, digest_alg = None, relay_state = None, sigalg = None signature = None def handle_logout_request( self, request, name_id, binding, sign=None, sign_alg=None, digest_alg=None, relay_state=None, sigalg=None, signature=None, ): """ Deal with a LogoutRequest :param request: The request as text string :param name_id: The id of the current user :param binding: Which binding the message came in over :param sign: Whether the response will be signed or not :param sign_alg: The signing algorithm for the response :param digest_alg: The digest algorithm for the the response :param relay_state: The relay state of the request :param sigalg: The SigAlg query param of the request :param signature: The Signature query param of the request :return: Keyword arguments which can be used to send the response what's returned follow different patterns for different bindings. If the binding is BINDIND_SOAP, what is returned looks like this:: { "data": "url": "", 'headers': [('content-type', 'application/soap+xml')] 'method': "POST } """ logger.debug("logout request: %s", request) _req = self.parse_logout_request( xmlstr=request, binding=binding, relay_state=relay_state, sigalg=sigalg, signature=signature, ) if _req.message.name_id == name_id: try: if self.local_logout(name_id): status = success_status_factory() else: status = status_message_factory("Server error", STATUS_REQUEST_DENIED) except KeyError: status = status_message_factory("Server error", STATUS_REQUEST_DENIED) else: status = status_message_factory("Wrong user", STATUS_UNKNOWN_PRINCIPAL) response_bindings = { BINDING_SOAP: [BINDING_SOAP], BINDING_HTTP_POST: [BINDING_HTTP_POST, BINDING_HTTP_REDIRECT], BINDING_HTTP_REDIRECT: [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST], }.get(binding, []) for response_binding in response_bindings: sign = sign if sign is not None else self.logout_responses_signed sign_redirect = sign and response_binding == BINDING_HTTP_REDIRECT sign_post = sign and not sign_redirect try: response = self.create_logout_response( _req.message, bindings=[response_binding], status=status, sign=sign_post, sign_alg=sign_alg, digest_alg=digest_alg, ) rinfo = self.response_args(_req.message, [response_binding]) return self.apply_binding( rinfo["binding"], response, rinfo["destination"], relay_state, response=True, sign=sign_redirect, sigalg=sign_alg, ) except Exception: continue log_ctx = { "message": "No supported bindings found to create LogoutResponse", "issuer": _req.issuer.text, "response_bindings": response_bindings, } > raise SAMLError(log_ctx) E saml2.SAMLError: {'message': 'No supported bindings found to create LogoutResponse', 'issuer': 'urn:mace:example.com:saml:roland:idp', 'response_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']} ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:733: SAMLError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp8nvd2t6d.xml" output= ERROR saml2.mdstore:mdstore.py:1184 Unsupported binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (urn:mace:example.com:saml:roland:idp) ERROR saml2.entity:entity.py:352 Failed to find consumer URL: urn:mace:example.com:saml:roland:idp, ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'], idpsso __________________________ TestClient.test_response_1 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpf52a4d19056da4eccb2348a22a729cc9df41fcc2e9ff53c10a96cfdfc1a0b95furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-gESekWUWQSUUnqaZ6' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpi4e_gvja.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpi4e_gvja.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_1(self): IDP = "urn:mace:example.com:saml:roland:idp" ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id_policy=nameid_policy, sign_response=True, userid="foba0001@example.com", authn=AUTHN, ) tests/test_51_client.py:469: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpf52a4d19056da4eccb2348a22a729cc9df41fcc2e9ff53c10a96cfdfc1a0b95furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-gESekWUWQSUUnqaZ6' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-gESekWUWQSUUnqaZ6', '--output', '/tmp/tmpobsdb0d5.xml', '/tmp/tmpi4e_gvja.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpi4e_gvja.xml" output= __________________________ TestClient.test_response_2 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=77f0f7cb904f32d090a1dbd7f8addaaa3ce0823d412a2809db53cff0ce84b3d6urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMyWhcNMzUwNzIzMjIzOTMyWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwGQJewoccKfgugzjC5AiQjT9XbJJysnvGP8N4VZO4iCX4J+LS8NrxXqd\nJo40M7KpshHzd+ZXQbHnu4KFi4rI+sDMHmB3Uw9kD5u2Pl00DfnWOtpMzdSI2aUF\nkvZvksBBjJZS8cRm5TzBGEEXpw2YNZd6rV99yI6F9sEUOec6RhIPvhylLI6huwu/\nysnWzwlF1bhPeGaz8OpWXteRr5DueqUv2OlSET1+9Nkr9XVLec0KPqxiHqhAhlYu\nVd+tl/EtUrtOUQVCi28owVhEm/g9s0TMKiMHZgOdE2B2RhTUEIGktrrgrruhJYdz\nmyZMRlVZDoLoed1zv93O679pBJoTywIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJEL\nufFy7p+o/xOIfbvKUrDE/x8ZQq8+QXNQJ/iRKmCguK5r/5fyq9XO7Mv9UfglQHXd\nQNsG85LJI3WPoSEEO+3tI92u9aokiEK6zLVioi/Pxi7IKEreMHZCGeCnIGdJBILg\nw+0oJrwUCib7CDUoL9O/1BkahA+XAwtJVKrUc7X0DtemG2dSqSzPdJAwrpcF7ont+7THtXW8Z66WOdPf7Cs9BrbYOPApKZEJUISrNYTd\nxzWwj1V7inR2hUDri6YqcXycrwTiRgGWZyep5FZVdFPUw8+Pfyd0AMqMAYUwXqTu\ntwHwaza5DOLqR8KyK+BKzugaRxH+WJsfCqHQiltsLuQFCIm5h/cYVwCzySz5oRlP\nRBAnCaLKhAP59H5ZUUScnMwjP8vIt2haVzBMqphKY9/FvpVrb8VisFOlE9WBWXaQ\ndHY9d5WSu3ekiVcoT0e8PPpb8BJiy2QlVD8kbkMeRac/MFLz4Lq3Ky/FatlRkNgM\noz5SM8StC8yUTqJyeDBT9w==bKxZs9lllRT7Gla1k9QkRksd3R/MJiGtxmHqFEzwWKEm11RPvtAelnGPoDrRYqV9\nwUxuBnI2d9UuxpdrBTF2/LIiSoqDA6V4+aCxW8cLhATiX38DMiivraAGs95KJeB9\n/45vC9fv1ZHPyGKloXG8nc7NsIxT94yVRAkCjakz8M1DxEpGfw+h5el7qKk49L0w\nYqfA7tABxCsMB215AVSBULvsyEzqslRQTPxikzDF7ewRqigbvnGVrZCFmXQxskfm\nSys1P5nZBbvoepmmT5eHOpcLw69vbsYR0uwnCtlQ4OR75JWApkGwHnMXUR1CFLhm\nZDQD/pcrR4s2lC4ZGncz9D4QKwjL0ZDsWNTq0x/9sxvdthbqCRUTdcFREzFfc3jn\n8ctzqCLEsWrVXGrdN1zR3OA5ZzMT55a5wbgk/zEFfdElqMWDxdp2KqCYdj3RFFOz\nr5odZfltckEzfxCk6pKi23fwf1hrxNRWR8aHPRdseX/hXdRVczUoiJn/7REP5JxP\nokP3nV9GMFGpvohafjhSaRkp1CX6tBfSuP1TaYIfEta6i1Xfjph0q/Dpbyt6sMFz\n2yeFhRLtkClgVXqP7US6xnd8/BYdEh+7FcntTqN1qZZ8LE72/kuPbJGkrZwFZUS7\ndW8WkpiLpIyQFGLSi19bWi7mxLQyXocb+cE/ik+MhXf5Uwp3cR96hTJIHxVzG+cb\nwPdQMMaK1SF7vtFvoyhpxdZUury0/I8fKGN2MH+uigbgfMh88bTzY+sGKWxGEw4S\n4a6rg4Bh1DSg6sBcy+rjHE7gySykiuzxjtg6cWel+Fx9ksuYyOHydBcC8Q2Yiinn\nCEmFU+VDJ8H4n2wJMK1zitX8iLx7lg6mHkNYCK+yS1GjIqFegrZqM9N9uIQ3zDtC\n+DEfagY006FyT+yafpqtYrF/z68H1dxXDRQg45elGrPKbUtOE6bbzSegvTsp5oJt\nJLkw9FVtt+217+DqGij+MYW3yqf1oDt3O+K0Q8tEzX5HdcmrrrN25GarXck/75AB\nUEYfiHp2Znzrxj9xnMzyYyeXQZNuALVLfyCwbDr9Nt1jgFkOKt1sV/f7KPFJhf3t\noZYhHOOhg2aHAAtlvIu+CrlbcSA6m1iQXhzV7lzSlf66w7Fyy5ULaEsgxxp4cGNt\nQY/FSRm5fKXpIVEm5G03rZqIXKRzlbDvkpZ5YXWfv0ALD+YI28ZFOUIRA+Q/7TGi\nPkFaAVGwYNLtZqVds8r5TphL0StnNYvTuqjCcy4J3qVIe5/dInlg6Jww3mBHPxuV\n2h8wPPovsztrm9Dak/BOe8Wj7vqqmAm4ZKHf7ErMpOtAhkiJ2Ij/pjdc7tr3bP4R\nolrk8Cc7In8GlxrF41VPLMWxyOj8LiBaScpisUUMFO4b6GqGZ0mUtn871r0zSOr/\n/1J89dLYpwCYY2D18nULq3aMthMqCxOLtNzljxzTVL/r7hz5+t6Bdu8+R2O2MxzN\n9enmyJojkaVY2BogKmrA+0YLS/3XW1Q+/Ic3LjxSDHEv7GEq4Ci6I3n3UV6wBJO1\n7JOw4sisZWbC0Fh/hC+3EluU/RF0UEIUiERLaMtn0FN4GwT79YXIoNhYdh/QXVGS\n95T+uh5usSqIjkPT0v8dlnDUV++b5JrCT388lrHALOReYV61eLKPdZe7oRTqrwlf\nVJfzSYpvkEmfsh5KMQ96VKfMLurIeg5JHE3UkgTv/JqgJCKWmhNahngKT9l29lUs\nbGZAlst1kFHqX1QhGg20Ft6RINqcKYbl2AOqnnvbJQaF7cSuDT+iLj3c6HZQeJQf\n7COuhiYs63CQKD/SwmF9QrwRHLjKj+lGH/TduWwWIxiqL9EwB/h+apKpv0U4G/rK\n3ZIMw5PfwlPugC32jMzIZtTFZX9CC3ecYBtVQPQZ5CX03bk3QUNrEhg7NW2lXD5z\ncits4KlTTStKYmQiPIeigklCT/+X5kTdJVlWnLNCu6yEPEwUk72KWCgjcujLrvGM\nOBaU53MLEib1Lgdze8R7isxPun3RecRnGg4akdxHjRg3A7742GjT0O76/Ul/Sd6P\n/iuuwsYjiORHBSxRQxV5J3XxBIPwlG9z+ROo5OmK9MiiJ0tAkEVTYBtJQ9tIBVEs\niPmzCHYU1rwJ8H0fA2PM3Q62MkkUbwGyz3szpV0sAooA9af1YX/QMeJ0eLSZgQ19\nVLf7O2CMk8qvgXdSz2+Ws5GHXXwuQA/mfeqhv3cSlwQ+6FVmmBeeX8XtUYboZMzM\nowVs2hb3l2poEi4o7l82F1zvEoiM4xnBe4zkJ7OIbSUd2QZxJ1dhwRRKmXdXRwWG\nX7L6YBQRHXaeHUlcOsiZz3QTxypYdEDaxJLlxPwuNHSqmzgrSVNj+kJ6GPUntEOc\nZJN4q/sXMLRifjJaMY/1fcQfiO2wrIrINvoDajxtZplcmpwheu7iBQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-HZDXzeRSXpaEXkMWy' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpe349laot.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpe349laot.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_2(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_51_client.py:549: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=77f0f7cb904f32d090a1dbd7f8addaaa3ce0823d412a2809db53cff0ce84b3d6urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMyWhcNMzUwNzIzMjIzOTMyWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwGQJewoccKfgugzjC5AiQjT9XbJJysnvGP8N4VZO4iCX4J+LS8NrxXqd\nJo40M7KpshHzd+ZXQbHnu4KFi4rI+sDMHmB3Uw9kD5u2Pl00DfnWOtpMzdSI2aUF\nkvZvksBBjJZS8cRm5TzBGEEXpw2YNZd6rV99yI6F9sEUOec6RhIPvhylLI6huwu/\nysnWzwlF1bhPeGaz8OpWXteRr5DueqUv2OlSET1+9Nkr9XVLec0KPqxiHqhAhlYu\nVd+tl/EtUrtOUQVCi28owVhEm/g9s0TMKiMHZgOdE2B2RhTUEIGktrrgrruhJYdz\nmyZMRlVZDoLoed1zv93O679pBJoTywIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJEL\nufFy7p+o/xOIfbvKUrDE/x8ZQq8+QXNQJ/iRKmCguK5r/5fyq9XO7Mv9UfglQHXd\nQNsG85LJI3WPoSEEO+3tI92u9aokiEK6zLVioi/Pxi7IKEreMHZCGeCnIGdJBILg\nw+0oJrwUCib7CDUoL9O/1BkahA+XAwtJVKrUc7X0DtemG2dSqSzPdJAwrpcF7ont+7THtXW8Z66WOdPf7Cs9BrbYOPApKZEJUISrNYTd\nxzWwj1V7inR2hUDri6YqcXycrwTiRgGWZyep5FZVdFPUw8+Pfyd0AMqMAYUwXqTu\ntwHwaza5DOLqR8KyK+BKzugaRxH+WJsfCqHQiltsLuQFCIm5h/cYVwCzySz5oRlP\nRBAnCaLKhAP59H5ZUUScnMwjP8vIt2haVzBMqphKY9/FvpVrb8VisFOlE9WBWXaQ\ndHY9d5WSu3ekiVcoT0e8PPpb8BJiy2QlVD8kbkMeRac/MFLz4Lq3Ky/FatlRkNgM\noz5SM8StC8yUTqJyeDBT9w==bKxZs9lllRT7Gla1k9QkRksd3R/MJiGtxmHqFEzwWKEm11RPvtAelnGPoDrRYqV9\nwUxuBnI2d9UuxpdrBTF2/LIiSoqDA6V4+aCxW8cLhATiX38DMiivraAGs95KJeB9\n/45vC9fv1ZHPyGKloXG8nc7NsIxT94yVRAkCjakz8M1DxEpGfw+h5el7qKk49L0w\nYqfA7tABxCsMB215AVSBULvsyEzqslRQTPxikzDF7ewRqigbvnGVrZCFmXQxskfm\nSys1P5nZBbvoepmmT5eHOpcLw69vbsYR0uwnCtlQ4OR75JWApkGwHnMXUR1CFLhm\nZDQD/pcrR4s2lC4ZGncz9D4QKwjL0ZDsWNTq0x/9sxvdthbqCRUTdcFREzFfc3jn\n8ctzqCLEsWrVXGrdN1zR3OA5ZzMT55a5wbgk/zEFfdElqMWDxdp2KqCYdj3RFFOz\nr5odZfltckEzfxCk6pKi23fwf1hrxNRWR8aHPRdseX/hXdRVczUoiJn/7REP5JxP\nokP3nV9GMFGpvohafjhSaRkp1CX6tBfSuP1TaYIfEta6i1Xfjph0q/Dpbyt6sMFz\n2yeFhRLtkClgVXqP7US6xnd8/BYdEh+7FcntTqN1qZZ8LE72/kuPbJGkrZwFZUS7\ndW8WkpiLpIyQFGLSi19bWi7mxLQyXocb+cE/ik+MhXf5Uwp3cR96hTJIHxVzG+cb\nwPdQMMaK1SF7vtFvoyhpxdZUury0/I8fKGN2MH+uigbgfMh88bTzY+sGKWxGEw4S\n4a6rg4Bh1DSg6sBcy+rjHE7gySykiuzxjtg6cWel+Fx9ksuYyOHydBcC8Q2Yiinn\nCEmFU+VDJ8H4n2wJMK1zitX8iLx7lg6mHkNYCK+yS1GjIqFegrZqM9N9uIQ3zDtC\n+DEfagY006FyT+yafpqtYrF/z68H1dxXDRQg45elGrPKbUtOE6bbzSegvTsp5oJt\nJLkw9FVtt+217+DqGij+MYW3yqf1oDt3O+K0Q8tEzX5HdcmrrrN25GarXck/75AB\nUEYfiHp2Znzrxj9xnMzyYyeXQZNuALVLfyCwbDr9Nt1jgFkOKt1sV/f7KPFJhf3t\noZYhHOOhg2aHAAtlvIu+CrlbcSA6m1iQXhzV7lzSlf66w7Fyy5ULaEsgxxp4cGNt\nQY/FSRm5fKXpIVEm5G03rZqIXKRzlbDvkpZ5YXWfv0ALD+YI28ZFOUIRA+Q/7TGi\nPkFaAVGwYNLtZqVds8r5TphL0StnNYvTuqjCcy4J3qVIe5/dInlg6Jww3mBHPxuV\n2h8wPPovsztrm9Dak/BOe8Wj7vqqmAm4ZKHf7ErMpOtAhkiJ2Ij/pjdc7tr3bP4R\nolrk8Cc7In8GlxrF41VPLMWxyOj8LiBaScpisUUMFO4b6GqGZ0mUtn871r0zSOr/\n/1J89dLYpwCYY2D18nULq3aMthMqCxOLtNzljxzTVL/r7hz5+t6Bdu8+R2O2MxzN\n9enmyJojkaVY2BogKmrA+0YLS/3XW1Q+/Ic3LjxSDHEv7GEq4Ci6I3n3UV6wBJO1\n7JOw4sisZWbC0Fh/hC+3EluU/RF0UEIUiERLaMtn0FN4GwT79YXIoNhYdh/QXVGS\n95T+uh5usSqIjkPT0v8dlnDUV++b5JrCT388lrHALOReYV61eLKPdZe7oRTqrwlf\nVJfzSYpvkEmfsh5KMQ96VKfMLurIeg5JHE3UkgTv/JqgJCKWmhNahngKT9l29lUs\nbGZAlst1kFHqX1QhGg20Ft6RINqcKYbl2AOqnnvbJQaF7cSuDT+iLj3c6HZQeJQf\n7COuhiYs63CQKD/SwmF9QrwRHLjKj+lGH/TduWwWIxiqL9EwB/h+apKpv0U4G/rK\n3ZIMw5PfwlPugC32jMzIZtTFZX9CC3ecYBtVQPQZ5CX03bk3QUNrEhg7NW2lXD5z\ncits4KlTTStKYmQiPIeigklCT/+X5kTdJVlWnLNCu6yEPEwUk72KWCgjcujLrvGM\nOBaU53MLEib1Lgdze8R7isxPun3RecRnGg4akdxHjRg3A7742GjT0O76/Ul/Sd6P\n/iuuwsYjiORHBSxRQxV5J3XxBIPwlG9z+ROo5OmK9MiiJ0tAkEVTYBtJQ9tIBVEs\niPmzCHYU1rwJ8H0fA2PM3Q62MkkUbwGyz3szpV0sAooA9af1YX/QMeJ0eLSZgQ19\nVLf7O2CMk8qvgXdSz2+Ws5GHXXwuQA/mfeqhv3cSlwQ+6FVmmBeeX8XtUYboZMzM\nowVs2hb3l2poEi4o7l82F1zvEoiM4xnBe4zkJ7OIbSUd2QZxJ1dhwRRKmXdXRwWG\nX7L6YBQRHXaeHUlcOsiZz3QTxypYdEDaxJLlxPwuNHSqmzgrSVNj+kJ6GPUntEOc\nZJN4q/sXMLRifjJaMY/1fcQfiO2wrIrINvoDajxtZplcmpwheu7iBQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-HZDXzeRSXpaEXkMWy' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-HZDXzeRSXpaEXkMWy', '--output', '/tmp/tmpuho7aj7p.xml', '/tmp/tmpe349laot.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpe349laot.xml" output= __________________________ TestClient.test_response_3 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=e17da8eaa3ba6151537ac3d8fe9c40206a006d939e09e46aff746e61450db951urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==vr5EjTW6cI0jAVa6U7s0crWm1CCmAdyrG9XaVQLtmnSI+6DWS+owb5PT58sNYuKH\nEB1St6tAFqevMWs9yktfuaUik5gJgb9xmyAyQMPp8ffxtMjSVRxiqEgFtE/0uJGd\n4ds7myxHInIF9c+ldGM44dfDCDSy5Ks4gepnYgyeT0Y=AmTnnrbgXEAKkDlUed2n9kHEcKwGjmBtbWPbjE/T7Q7b3mQZRrJRoe76JrFOD0bK\nM6Ea7VcAUKeTvF+/2R/MP2Ays8HW93MD3oSUU9+gHaYrkvZ9ERb8rTZblCzJF4Mh\n2t3WsSvIJVxicmSmpEftXHxqNq6ScOuQWYYAVKJ7kkImy+ywZXuQoSGbqVqvI/jY\nVL+gc5naN+weFOjGjJs+tGdZYUOY6TkT5nud0nJ7j9aFU59v/PrZfe4icheWChLD\nN+NlU9IeX6lABpA4BAj6Inf35z12gn+UJWsT9GpQ58UyR+jWGtS38M6zEH5taISB\n+1L/MdtrTcTYR3YmM7ln/HLDNS6UGO3iMZ+uGQoTaq8TakRUMTgaD6OdxHbIQnzj\nMgADPTZeVOuI0p53cx0CLGYiRuGGmtXdY0UMh8bvwJl/Sr1mDECj6b4NxFkDUtjj\n9M0HszwxxOQzPU97HgfkefkzSXYX0D6iaoL86kkAz8/qwbp51PBG6NkTruKWIKlT\nmd7BV2zBCLPfMhBuOEsJfiFjZZqhccZaJEzz6pb++QT6UevX7coJuztHRxp/3Gyn\n9HuF9cyv8tZ+LuycGEhYOTpcJhA8w3z1dk1w7BmzBzUhEVj2IHkm+KX4vs5Wkwe0\nWJyJxYIhI5YbjaQqQvuVjljWyiiBmTxRuEUUxyPjqi3PzHBGldgGFTZPH2jk7ljk\nhUSQqszn/QwjdQ6JY/eYzLP7KZmAwaowPTiQAyymgknRg0ptHKfDLn/tW90qCrf4\n54ErXPwgEUpmP6YU0KzTZ+xvGBDUzG9eoykyqPlu+08L5CDs4VfPgbXrL9xvHNzZ\nfeiImRq1m9pjhBT96k2YeRF7OozcIbdlbloIBGjokG7rMt6mXh2YXod1lcsss3nt\nv42YEi2BYG4737xQrQUXCXEwotxhOjLTz5VQlTAngQphp2Dhh+C5UWIBrZNxQYlQ\nOIvdWWZurwI3Y5dDQ98/8/8EgvPFjn5EOHK2CkHwr/tSA887y4BeZ6HEneWXfsB5\n0RB5EdkDK9J387JGsmVgOPwIG9/gZMGfzPNHEs9O4MIvhzl13lHUqEvmNiCVLDIy\n12cLYS7xnkDsCnuaCihjuciDXCLc/YWqL8dg+2uFuLwF0lOWJY01mQaBvdJy0fAU\nxsOrphC/6ugqRSLHFbXUz0gjDWKGC6fzAaHYCc+RZtfikZZBN3d8dIbEnQ0TAJrK\nF+miHoMGiDhKsyrQSpb9gtffpXHeYKySZk3NkHvJkt+Ka/Sbnn9UC2o9fNo0E/jm\nPTnmDL6xYRefsBBXFLSYwuiHaftHw2rOgKXK0C12CD+d4zX1xyUe57IEurr+CFyP\nRUq5aaDhSLDcOX6d239vN1+Y9j/qJdUwGGP6UM8hxTL8swpguxTfM2rMHx82pj8v\nyWLy0eJTBe83TLHUJ0FQ+GqM9LBJMT7xeaAIf9A9mmZ2zsSi0qfH2LWbM+C2uQrQ\nXp3FIwdVJCqEOfDmC/BYIiRxgez1wJag9ev8m04kTF2tsal3wIGpUNp9xBk6huIP\nMuZoPVju/g7b8czTvS2VT5c+8mztRp0YY0PqfPvuBj6+Fx8wfl2aeUPMn5Wm7GwW\nfv495LEmJ9neU65VMYAQ8wmm3vVIxAgV8rqOWVmie1hO9OYwPtKaQmQwLoYwq4P3\nk2vhL1rN2Wu0R9fwO65xS72ndzyWf5us/Oku0Nk0TMCHJ/c3o3MT8N73olx6YDpY\nh4i8UWzxP0sCttBkZGB3eJVBVhdNnWahDl9falwaV7gynS5WyuBleg8xCa4Eiavm\n/7sKZ32gTRMkVT/Gg85Jphfy1R5GgEscWNyxNuo7l8CcW/Na+VYTcz8RVRE3NLo7\n/wKQibJ08g+ZvWuv6bAcIDVZ75XO+eqkqHbansQjBgi5qJWbJDnnHfymjdpdKBgq\n47LIYNTTHUhxq7PvwLGZxbztMVLOSRzAK/rO7lTun1p2N7jO6cwtBBpeLwxHWMQ1\nhpZEFzBsP5+7oPGkJ+JU36/UKYuKLPh0/7Ig8QDrw+Yp28BEV9zq8zSuHE7t8NCm\nUaAUlZLMnt15uwFxDFU9qkOWeWO3UEeGk83CVULbLMd0ioy/BDEP+j8tt79gHcY3\ngTdtCmDfJBgoTEmKbLNRVC1MtJNuLyOJPpANH9+LFb7uiHI0cPXLRi6TPeCcXtJ3\ngQF9b70v6RV8hrewFYAIqLSyd1RKTzYp19DHc14Hsz+FD/sOErF3ejDdOL3Spjrc\nm8QmFWY4nDpBMpmHiVoum2opXuyx+BDNyBceAn4Xlgogn5lqFi5FGN9EQc6ViX6y\nskMuQkuBq98SzH0tPNuZ5JoD+gWbweasZ/BEqzu5nSIxeeeMxZg6q87+wJx9F+ig\n725Gm2y6zvAOtspOKCHPCB2Hv+AMrv125vQIOAgLOw33pjEMkdtC8Q==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6QSax0maUpBKz272m' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpbafwlzjg.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpbafwlzjg.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_3(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:584: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=e17da8eaa3ba6151537ac3d8fe9c40206a006d939e09e46aff746e61450db951urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==vr5EjTW6cI0jAVa6U7s0crWm1CCmAdyrG9XaVQLtmnSI+6DWS+owb5PT58sNYuKH\nEB1St6tAFqevMWs9yktfuaUik5gJgb9xmyAyQMPp8ffxtMjSVRxiqEgFtE/0uJGd\n4ds7myxHInIF9c+ldGM44dfDCDSy5Ks4gepnYgyeT0Y=AmTnnrbgXEAKkDlUed2n9kHEcKwGjmBtbWPbjE/T7Q7b3mQZRrJRoe76JrFOD0bK\nM6Ea7VcAUKeTvF+/2R/MP2Ays8HW93MD3oSUU9+gHaYrkvZ9ERb8rTZblCzJF4Mh\n2t3WsSvIJVxicmSmpEftXHxqNq6ScOuQWYYAVKJ7kkImy+ywZXuQoSGbqVqvI/jY\nVL+gc5naN+weFOjGjJs+tGdZYUOY6TkT5nud0nJ7j9aFU59v/PrZfe4icheWChLD\nN+NlU9IeX6lABpA4BAj6Inf35z12gn+UJWsT9GpQ58UyR+jWGtS38M6zEH5taISB\n+1L/MdtrTcTYR3YmM7ln/HLDNS6UGO3iMZ+uGQoTaq8TakRUMTgaD6OdxHbIQnzj\nMgADPTZeVOuI0p53cx0CLGYiRuGGmtXdY0UMh8bvwJl/Sr1mDECj6b4NxFkDUtjj\n9M0HszwxxOQzPU97HgfkefkzSXYX0D6iaoL86kkAz8/qwbp51PBG6NkTruKWIKlT\nmd7BV2zBCLPfMhBuOEsJfiFjZZqhccZaJEzz6pb++QT6UevX7coJuztHRxp/3Gyn\n9HuF9cyv8tZ+LuycGEhYOTpcJhA8w3z1dk1w7BmzBzUhEVj2IHkm+KX4vs5Wkwe0\nWJyJxYIhI5YbjaQqQvuVjljWyiiBmTxRuEUUxyPjqi3PzHBGldgGFTZPH2jk7ljk\nhUSQqszn/QwjdQ6JY/eYzLP7KZmAwaowPTiQAyymgknRg0ptHKfDLn/tW90qCrf4\n54ErXPwgEUpmP6YU0KzTZ+xvGBDUzG9eoykyqPlu+08L5CDs4VfPgbXrL9xvHNzZ\nfeiImRq1m9pjhBT96k2YeRF7OozcIbdlbloIBGjokG7rMt6mXh2YXod1lcsss3nt\nv42YEi2BYG4737xQrQUXCXEwotxhOjLTz5VQlTAngQphp2Dhh+C5UWIBrZNxQYlQ\nOIvdWWZurwI3Y5dDQ98/8/8EgvPFjn5EOHK2CkHwr/tSA887y4BeZ6HEneWXfsB5\n0RB5EdkDK9J387JGsmVgOPwIG9/gZMGfzPNHEs9O4MIvhzl13lHUqEvmNiCVLDIy\n12cLYS7xnkDsCnuaCihjuciDXCLc/YWqL8dg+2uFuLwF0lOWJY01mQaBvdJy0fAU\nxsOrphC/6ugqRSLHFbXUz0gjDWKGC6fzAaHYCc+RZtfikZZBN3d8dIbEnQ0TAJrK\nF+miHoMGiDhKsyrQSpb9gtffpXHeYKySZk3NkHvJkt+Ka/Sbnn9UC2o9fNo0E/jm\nPTnmDL6xYRefsBBXFLSYwuiHaftHw2rOgKXK0C12CD+d4zX1xyUe57IEurr+CFyP\nRUq5aaDhSLDcOX6d239vN1+Y9j/qJdUwGGP6UM8hxTL8swpguxTfM2rMHx82pj8v\nyWLy0eJTBe83TLHUJ0FQ+GqM9LBJMT7xeaAIf9A9mmZ2zsSi0qfH2LWbM+C2uQrQ\nXp3FIwdVJCqEOfDmC/BYIiRxgez1wJag9ev8m04kTF2tsal3wIGpUNp9xBk6huIP\nMuZoPVju/g7b8czTvS2VT5c+8mztRp0YY0PqfPvuBj6+Fx8wfl2aeUPMn5Wm7GwW\nfv495LEmJ9neU65VMYAQ8wmm3vVIxAgV8rqOWVmie1hO9OYwPtKaQmQwLoYwq4P3\nk2vhL1rN2Wu0R9fwO65xS72ndzyWf5us/Oku0Nk0TMCHJ/c3o3MT8N73olx6YDpY\nh4i8UWzxP0sCttBkZGB3eJVBVhdNnWahDl9falwaV7gynS5WyuBleg8xCa4Eiavm\n/7sKZ32gTRMkVT/Gg85Jphfy1R5GgEscWNyxNuo7l8CcW/Na+VYTcz8RVRE3NLo7\n/wKQibJ08g+ZvWuv6bAcIDVZ75XO+eqkqHbansQjBgi5qJWbJDnnHfymjdpdKBgq\n47LIYNTTHUhxq7PvwLGZxbztMVLOSRzAK/rO7lTun1p2N7jO6cwtBBpeLwxHWMQ1\nhpZEFzBsP5+7oPGkJ+JU36/UKYuKLPh0/7Ig8QDrw+Yp28BEV9zq8zSuHE7t8NCm\nUaAUlZLMnt15uwFxDFU9qkOWeWO3UEeGk83CVULbLMd0ioy/BDEP+j8tt79gHcY3\ngTdtCmDfJBgoTEmKbLNRVC1MtJNuLyOJPpANH9+LFb7uiHI0cPXLRi6TPeCcXtJ3\ngQF9b70v6RV8hrewFYAIqLSyd1RKTzYp19DHc14Hsz+FD/sOErF3ejDdOL3Spjrc\nm8QmFWY4nDpBMpmHiVoum2opXuyx+BDNyBceAn4Xlgogn5lqFi5FGN9EQc6ViX6y\nskMuQkuBq98SzH0tPNuZ5JoD+gWbweasZ/BEqzu5nSIxeeeMxZg6q87+wJx9F+ig\n725Gm2y6zvAOtspOKCHPCB2Hv+AMrv125vQIOAgLOw33pjEMkdtC8Q==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6QSax0maUpBKz272m' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-6QSax0maUpBKz272m', '--output', '/tmp/tmplugvglj5.xml', '/tmp/tmpbafwlzjg.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpbafwlzjg.xml" output= __________________________ TestClient.test_response_4 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=424b6a0b8e46337f5ae2dcead9a3dc9800c5ffc9aafc2b52a65d799939b460a4urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==x1NG1Tw1XyJQuCxuhQbZa5l8+wS/d8YLwn5YJ/koSctk6/vSptrB6bGH6REybRtn\n8NEcqcA0crcVxcSxpeG6tA9a+RErlA4v4rElrPLyYoj8vUGe23S+sNpW8tQCZBRG\ngLa1VzKkJvyXrNvnzMQ5b0ELSdnv4sXvCDJK/7LU1eo=f7Gxi/t6q2k0M5UPcCMmMhBA1teRothuhSmcqgNZ5fxHxW4w97AmxayqnHezwag0\nc3Lkj57bIzga65yhBW+cUOuvoKjMe2oxOFaRVR/ezGnFMPDH/I/1lfzzjcBAMXYZ\n90niPL8GSELV8tigkBB/BY9cHNaqKarq6Is9Kb64mPhaA2HhsEFLPXC/JvsukZHc\nfalwFFyujpiNkBi5+f+kpvIIUzBmZpE51dVgWVCC+HN0vYZod9JuBrZhHwGWUA9A\noHhvhw61vlVnpsl30dfJ8wstpIC6FC0oa2RgK+KevjCXcY251FKG2eoFWiEkqiew\nxgl9xxBtSiQ+XPmw6MhEDavADyjNqR2GpX3LtwTzdEi26gxQAKskuUbXXttNEgCI\ngJva2Mn+Ae42jHUS6qiYOAfdm1/WX2fTr3L4yJ0CAplHsC7MDmFVzq4+8hP7BNNt\nb7cx6fVV7VPB+agHjL/cno/rjSY//RGsX0eDdkGd6+wsh06kgF9sORlHJT+E3YUt\nBbt7wI1fRAITNXwASoioAi3F4kDIns56750NIuDBzU4WTxpKekdVOXzbAGMiedu1\n+hAwUvjYEvz8oqAp8WqWm47oVERuktUyDideMIvVQPUtY/BDmEJRD2mD+a3Rvych\n3LZr5lBCS7lWv1pqI7Bncg2383bt2+T9+1OMxAR/ntcf2EW5m4cgSd4aTJukhJlw\nktYQ3yTNqiyN2QbeAW9pQqzL++litKEdiqYGpzDLKHZ3Ph1KJwKGxg7jnSqa8LHF\nJltOusbB6lsfBi3o95MnlEjOFaEk8cuUaLFjQ5ytiZqGzuL8LIE8lP0X7htlzmLb\nFwosChngDbh3WVfZW2h8u6CdWp9x6o+BosC4hxLVe4nv0SKYdPbtr0lNTQzu6wS2\n8Q+se4m8DFO+k5p5qmfl7rE1LtMMqq8mOhCs9LuJ4f+ZD4eJYTuVrB27S5dvcAc9\nC6Ksr20JYNa+aHC7G+IbK6ksr13/ZzVTXvtnINpZ91pg7XeVGqJtQAivHNK/uRi3\n+tLg3Qvx3HwYSszGRLKBCARE4mm/HXXz1X/v3Ay/diu+A/p4D0+8jWdw1v06yOZp\n/vvtUfUDxGX8UKg4tucuKtI93WqjS12ctGjpPXJv434rm6kQyWj94VBYmDS1rLaB\nyMIWgeGvpACP6IIBeOrheMbSJfC6779xPx01s71ssRYGIQlggkbabPXgQ1NYRo6d\nY0uXQnAiy3wgQHWcl6eZc2JKJruMD1D/1ZCAfwOSMfaDuyw7/8fdmemGfIV01lTu\nRZsXsZdtiTy/qJjTT/2Zf1Z9JGMthRXvdo9IE1/qtcgB1th/v1+olU1qIYKtYg5M\nzV2gg+XFcpJwFHOc0oOnJAA6D+Go9D5HdUE8+nk7Q5B6FDal1k+rQIIXchLN3TFj\nQ0qc9UG64l/1/lS1J7BerdPleMd9w8hNvpVsFWN0LDC2Lcy7vasa3DS/4COmUxT1\nBTV1Ovf/GWqnF4mLpLWTEkJ7O9OZoc1YyWSHm/PcTdzqRjb645duLWq45KIbjeP2\njrpJv8a93qYwnslE9qA/bTh5hEHwiHWg1zEI84+KZsi/oTwxN4mRLJy6grqwLOE3\njm7BIg3j8/jQNLra1bx+1SkjMwdsc6LSkqA3Lr80K2ncQa431rrRJD6oGVNoKk0T\nrkCg1FET1Z5sS7Bs7HbRKCOJwcI4t2rYgSR3SNnbmsYHtoCkHc7dIi6c9iKp7DA/\nxs2JMvOmTGtrhAe8Yfq3QgZHFt3O5KPmBJSrm2JIAcI86F006asH4dqXEkj+V0s+\n8tdyhJNcCST6b+GVLgG8Gcx8jgKHZMp/mqvSzzNtZcpJf441q59qLorRL3FlBsXo\nYqhuzJSI7Ll6j8vEwTl8L/LykMfE2g8CwBRTFAdiLxhvzAFe7LKYt0Hu1ufeE7XO\nCpKPjawRTdtpZPxyhOnpk8a9kpbfyuz2dYedEnN7SUVGQ/6FzTP5kqFtwvSDJLxL\nsukLfiHGlItY3R0hHzR1iR5AgOXEUzIm2xyf8MEVQYQVNMzJWTipRW433rfypEC6\n4BEogHk+g3E6HNxXlvYUfI43Q49D45Wulb+xgFMPHtGy6m0oulO+CnnSbbx0dW8R\n0kC6UdstMGb40TAVaMc4+brTM1gq0aIhXPQ7jtkOWNfmMr+2trVBjNfyNVzErvYv\n16LTH/rPmTfIHb2k9WTKTVkWALmf+P7lsZdjXsyNRHlFw6iBNT2Hg4anD9TJzkyR\nr6mMOsjzuKvngNNceuxt7Yw1EJczClbZCQt3pW1U1WlQDBuJ7qGUlGaPl7opX/hx\nORE5UhJpt1zk6oUnH+s/CQ+Ft8UCNjmzXtWGSEf++jTlwMPmtuts55SCkoNJ3D8E\nSbJGT6BqwomuvRzxv/oeUxQtXl3jsJ5EZtBjvcP9iVIHM4aiEqKg2w==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-GsVc4Hhqql4eorqXm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp25fs0aa4.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp25fs0aa4.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_4(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:618: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=424b6a0b8e46337f5ae2dcead9a3dc9800c5ffc9aafc2b52a65d799939b460a4urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==x1NG1Tw1XyJQuCxuhQbZa5l8+wS/d8YLwn5YJ/koSctk6/vSptrB6bGH6REybRtn\n8NEcqcA0crcVxcSxpeG6tA9a+RErlA4v4rElrPLyYoj8vUGe23S+sNpW8tQCZBRG\ngLa1VzKkJvyXrNvnzMQ5b0ELSdnv4sXvCDJK/7LU1eo=f7Gxi/t6q2k0M5UPcCMmMhBA1teRothuhSmcqgNZ5fxHxW4w97AmxayqnHezwag0\nc3Lkj57bIzga65yhBW+cUOuvoKjMe2oxOFaRVR/ezGnFMPDH/I/1lfzzjcBAMXYZ\n90niPL8GSELV8tigkBB/BY9cHNaqKarq6Is9Kb64mPhaA2HhsEFLPXC/JvsukZHc\nfalwFFyujpiNkBi5+f+kpvIIUzBmZpE51dVgWVCC+HN0vYZod9JuBrZhHwGWUA9A\noHhvhw61vlVnpsl30dfJ8wstpIC6FC0oa2RgK+KevjCXcY251FKG2eoFWiEkqiew\nxgl9xxBtSiQ+XPmw6MhEDavADyjNqR2GpX3LtwTzdEi26gxQAKskuUbXXttNEgCI\ngJva2Mn+Ae42jHUS6qiYOAfdm1/WX2fTr3L4yJ0CAplHsC7MDmFVzq4+8hP7BNNt\nb7cx6fVV7VPB+agHjL/cno/rjSY//RGsX0eDdkGd6+wsh06kgF9sORlHJT+E3YUt\nBbt7wI1fRAITNXwASoioAi3F4kDIns56750NIuDBzU4WTxpKekdVOXzbAGMiedu1\n+hAwUvjYEvz8oqAp8WqWm47oVERuktUyDideMIvVQPUtY/BDmEJRD2mD+a3Rvych\n3LZr5lBCS7lWv1pqI7Bncg2383bt2+T9+1OMxAR/ntcf2EW5m4cgSd4aTJukhJlw\nktYQ3yTNqiyN2QbeAW9pQqzL++litKEdiqYGpzDLKHZ3Ph1KJwKGxg7jnSqa8LHF\nJltOusbB6lsfBi3o95MnlEjOFaEk8cuUaLFjQ5ytiZqGzuL8LIE8lP0X7htlzmLb\nFwosChngDbh3WVfZW2h8u6CdWp9x6o+BosC4hxLVe4nv0SKYdPbtr0lNTQzu6wS2\n8Q+se4m8DFO+k5p5qmfl7rE1LtMMqq8mOhCs9LuJ4f+ZD4eJYTuVrB27S5dvcAc9\nC6Ksr20JYNa+aHC7G+IbK6ksr13/ZzVTXvtnINpZ91pg7XeVGqJtQAivHNK/uRi3\n+tLg3Qvx3HwYSszGRLKBCARE4mm/HXXz1X/v3Ay/diu+A/p4D0+8jWdw1v06yOZp\n/vvtUfUDxGX8UKg4tucuKtI93WqjS12ctGjpPXJv434rm6kQyWj94VBYmDS1rLaB\nyMIWgeGvpACP6IIBeOrheMbSJfC6779xPx01s71ssRYGIQlggkbabPXgQ1NYRo6d\nY0uXQnAiy3wgQHWcl6eZc2JKJruMD1D/1ZCAfwOSMfaDuyw7/8fdmemGfIV01lTu\nRZsXsZdtiTy/qJjTT/2Zf1Z9JGMthRXvdo9IE1/qtcgB1th/v1+olU1qIYKtYg5M\nzV2gg+XFcpJwFHOc0oOnJAA6D+Go9D5HdUE8+nk7Q5B6FDal1k+rQIIXchLN3TFj\nQ0qc9UG64l/1/lS1J7BerdPleMd9w8hNvpVsFWN0LDC2Lcy7vasa3DS/4COmUxT1\nBTV1Ovf/GWqnF4mLpLWTEkJ7O9OZoc1YyWSHm/PcTdzqRjb645duLWq45KIbjeP2\njrpJv8a93qYwnslE9qA/bTh5hEHwiHWg1zEI84+KZsi/oTwxN4mRLJy6grqwLOE3\njm7BIg3j8/jQNLra1bx+1SkjMwdsc6LSkqA3Lr80K2ncQa431rrRJD6oGVNoKk0T\nrkCg1FET1Z5sS7Bs7HbRKCOJwcI4t2rYgSR3SNnbmsYHtoCkHc7dIi6c9iKp7DA/\nxs2JMvOmTGtrhAe8Yfq3QgZHFt3O5KPmBJSrm2JIAcI86F006asH4dqXEkj+V0s+\n8tdyhJNcCST6b+GVLgG8Gcx8jgKHZMp/mqvSzzNtZcpJf441q59qLorRL3FlBsXo\nYqhuzJSI7Ll6j8vEwTl8L/LykMfE2g8CwBRTFAdiLxhvzAFe7LKYt0Hu1ufeE7XO\nCpKPjawRTdtpZPxyhOnpk8a9kpbfyuz2dYedEnN7SUVGQ/6FzTP5kqFtwvSDJLxL\nsukLfiHGlItY3R0hHzR1iR5AgOXEUzIm2xyf8MEVQYQVNMzJWTipRW433rfypEC6\n4BEogHk+g3E6HNxXlvYUfI43Q49D45Wulb+xgFMPHtGy6m0oulO+CnnSbbx0dW8R\n0kC6UdstMGb40TAVaMc4+brTM1gq0aIhXPQ7jtkOWNfmMr+2trVBjNfyNVzErvYv\n16LTH/rPmTfIHb2k9WTKTVkWALmf+P7lsZdjXsyNRHlFw6iBNT2Hg4anD9TJzkyR\nr6mMOsjzuKvngNNceuxt7Yw1EJczClbZCQt3pW1U1WlQDBuJ7qGUlGaPl7opX/hx\nORE5UhJpt1zk6oUnH+s/CQ+Ft8UCNjmzXtWGSEf++jTlwMPmtuts55SCkoNJ3D8E\nSbJGT6BqwomuvRzxv/oeUxQtXl3jsJ5EZtBjvcP9iVIHM4aiEqKg2w==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-GsVc4Hhqql4eorqXm' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-GsVc4Hhqql4eorqXm', '--output', '/tmp/tmphvxvnz8v.xml', '/tmp/tmp25fs0aa4.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp25fs0aa4.xml" output= __________________________ TestClient.test_response_5 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=f272b4d6b7d82b37abaca11c290fc98f97a5414f875c3da545951fc92f5f24d1urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==TwC8YAyag1ryCfxGnP5u2sCb4NVHTvXcAK1+BHTJcDxq8b6xiIeLsQIVMXcl705o\n3R/RnvH9ZWuDE9jChYinwdCUEFyRKvGlEtKkEbgLCsXSuJ0+R+NC21mIazDKLFgg\nY5VJLlvYppADeogU/6cWG7nuHkAGRXHh0Qnzk6nqgEI=r/UNxto32Tm17I7yjBWPChErLjRJfoKgVj8mHWqu4nuoh2nOtWdo/KUzf37yQRMB\nxISbkVQPRTq3rRqKaWKMVOkzmebfkCRHFnNybTqIIiXfAzF1/ImU17QRE10iVgO0\nyN9JCaxypmVhfn/I2CAvjxtsVf2gYHZXIPRFEZ/IBB3RkeGr/izjfp25dRBijbwO\nX1cF3H05Y0ZiODr/2yP6z654sV4DiIO1IbVEFyqAkRo2kUa8PlI6QPW1ibBROTDW\n0i9IK8DIsnLoyMPgaO/hPgUHoH6B7MkY3WeRfUfeDCEMDkv2M1Nnelj3nxX3SStE\n2nUGJtx4ul0SqAjYBCMb1r8pxT/PEUaigYG+dKQKoK8f2+SQG2G1yozIoj4CjGdd\nzDHgKjT4eSzTx1zWzbv5lQOkFhAW9BjvjSEEs+SzPiebVlWyyyRIEs7lEC8X86m1\nGcMB8Dnr46AyEjh1B7C23EpR6o02LPPCwh5R29r3oBQaq5HG1TAww9jwmhA7syok\nwcm7e+izJq5zAzer4BikgOHio7GvI3jU4IvheYilPGg5IVstAhCDn5uRke+NQFYY\nT0a7TAfQiIl08cGZSQIa1yM59w1OmCdPMcYp8h84HD27Appkp6TvzTKhLh1+RYZO\nngMepsUX8Q9X64FQmXBvewVXghqShwGfs6qmWxpO+fA47Cpmhm1T+QDFpdt5WwgM\nLdLGJKYd/1uT2H9Kwe8wfBY/Sz4We3uoiqAJV4tsgSNH8lcT9SjmDFE5lXmav9s2\nRMlUF7NVpDclW+6kafgBRC92BXasomb7xgLcCHEeEG3SkKFzT/pKH6mDEGF2YBV0\nN9q3m4/x3Qo1TYJ4kwyfPbLNkEgRGK98jdWmvmYLZPL40wcJUpMa4ZODVSAT8bx9\nUbu8QHJa+KgPsvjkGIPYkQ3VB1f4H878jCTBBp9PpI22CdBJxSGb1+vGX+vVkvXE\nA2g4JEdIQfHhFxW70Id6nfyX9sKaQo/zRoiYx35YWio2bRocQYh+BQKBwPrY5dcZ\nsil3x/oLCt76lKKxjdpPl5iaM8vdDTGB6oUKkIZOoeI2nBAF5B95FCnShVzbctIu\nv8NH66OpiAqsNpE246wa4EhOuO5Uwn/dTXngaWFk6s3/aQpymByswl7D0yoRI8TK\npfKstAuSHjFYTWLx6tA6n1DVjfQBlcMwSCc2HQh2v3JxHuMG1T2ctdC6kp2GZwgb\nFIzyzSbFyWn2QSjLrmhi5cn+kxTE42U3dMKD7GU3BGMU9KYHs7QjldtfBwZ09VJl\n5iW+D6c8D/cNXam3UL3c1XHq3DHgIq8A8NKuSQwAqbY2uaeISY58Zn2QxKlGRRku\nAUJcCcnCgbP0ko7ZJZ35QroZsyKBShgP8Rr9Po1l7o4midDraCnT89XgT7qINzFH\nTnf2BZDkZnt83TiA00rQJlhwcPjrF24FhRJzqa+iiEF91wZ0y5yUN63FWjQsF9XZ\n56PCeZWG2eUy05XIlcz1tCcfcTYCC6tWsBb7gsQry+/av2oahKV9b7Auy4ttxKID\nev6z9UkoZJU9VwSoTLGQsOK6DvcNZHSTtRr4Z9mTlQ06RF6CfWiRnt2lxDxu5+rt\nEYXrjD+hAZZlMSijw7S95GZyxo4qGw6Yq0MZUM8DhslvnAMdkVyIoWN+TAwqM4FJ\nRyhVH/HFk/GxWaPwQGVeHhSXWnwL52qUsX94qUNVu+PK0A7u0lTqozQN8e8pQ3cn\n6H2YWqDxXDOCNp6S5pPz/k5GrlLmjSir6COAz9R0g39TxUk/aqH1xg11PaaE3eLS\nhPJiHWJBDgO1H6CeRKcnNrjJSb4ShCuF1Be16XwnUTI44OVVnASWhi/1l+r9476W\nrbs3nbyUN1Qg07dlEb6d+FnHxWjpMobHfZkks/vkiLRBJJUNWHNDHf6I5JsblHVA\nc4i5V8gW73ntRe6XutBK+04PYWo0n+ZsFadqJsB6QHHRstzHvFNn+/92twUOrCqo\nziC9RNMCyy56QPnfcDwXaJF+FbV3NsJtuxuG537Nh0cIr7IfJrxPkyhu0VwSW3JP\nqhtJWba3qKkeEv0MI3dpBQvw8NGgDm7gVBK3Jv9kvLaScScJN+UkPVHTfvfd01u7\nzkaKPQ9eHSex0KPsFZToKB4OKAlHPHmw5Z4mtfKG+yA3UT+2OfZqaeneMUOB4PSz\n5ly6Zl6QcwPIC8DGjdsztwYQkGvQrCVkbpiP2dBFcNQ3jxvZmkWTjP22wfiK2OzH\nawB9QpZhVoRbOV+25nW+71kNpKDP+oSgXObkHK843S/UsOvaRS5HpsGvKBJvGy97\nLrDmQ0571hRpHF+Yb4Aa1Msk1vzwWepNd1FzBm9e/JC1vrwv0gjY1cTW32E+Dgkk\nmy7b1rbdBnLhy2AhD52/NnTAW5X51RKZ0gWP0rClABzkeooxeawCvA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-4SBGgbLjHLSqktxGS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpok9rvfv3.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpok9rvfv3.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_5(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:656: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=f272b4d6b7d82b37abaca11c290fc98f97a5414f875c3da545951fc92f5f24d1urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==TwC8YAyag1ryCfxGnP5u2sCb4NVHTvXcAK1+BHTJcDxq8b6xiIeLsQIVMXcl705o\n3R/RnvH9ZWuDE9jChYinwdCUEFyRKvGlEtKkEbgLCsXSuJ0+R+NC21mIazDKLFgg\nY5VJLlvYppADeogU/6cWG7nuHkAGRXHh0Qnzk6nqgEI=r/UNxto32Tm17I7yjBWPChErLjRJfoKgVj8mHWqu4nuoh2nOtWdo/KUzf37yQRMB\nxISbkVQPRTq3rRqKaWKMVOkzmebfkCRHFnNybTqIIiXfAzF1/ImU17QRE10iVgO0\nyN9JCaxypmVhfn/I2CAvjxtsVf2gYHZXIPRFEZ/IBB3RkeGr/izjfp25dRBijbwO\nX1cF3H05Y0ZiODr/2yP6z654sV4DiIO1IbVEFyqAkRo2kUa8PlI6QPW1ibBROTDW\n0i9IK8DIsnLoyMPgaO/hPgUHoH6B7MkY3WeRfUfeDCEMDkv2M1Nnelj3nxX3SStE\n2nUGJtx4ul0SqAjYBCMb1r8pxT/PEUaigYG+dKQKoK8f2+SQG2G1yozIoj4CjGdd\nzDHgKjT4eSzTx1zWzbv5lQOkFhAW9BjvjSEEs+SzPiebVlWyyyRIEs7lEC8X86m1\nGcMB8Dnr46AyEjh1B7C23EpR6o02LPPCwh5R29r3oBQaq5HG1TAww9jwmhA7syok\nwcm7e+izJq5zAzer4BikgOHio7GvI3jU4IvheYilPGg5IVstAhCDn5uRke+NQFYY\nT0a7TAfQiIl08cGZSQIa1yM59w1OmCdPMcYp8h84HD27Appkp6TvzTKhLh1+RYZO\nngMepsUX8Q9X64FQmXBvewVXghqShwGfs6qmWxpO+fA47Cpmhm1T+QDFpdt5WwgM\nLdLGJKYd/1uT2H9Kwe8wfBY/Sz4We3uoiqAJV4tsgSNH8lcT9SjmDFE5lXmav9s2\nRMlUF7NVpDclW+6kafgBRC92BXasomb7xgLcCHEeEG3SkKFzT/pKH6mDEGF2YBV0\nN9q3m4/x3Qo1TYJ4kwyfPbLNkEgRGK98jdWmvmYLZPL40wcJUpMa4ZODVSAT8bx9\nUbu8QHJa+KgPsvjkGIPYkQ3VB1f4H878jCTBBp9PpI22CdBJxSGb1+vGX+vVkvXE\nA2g4JEdIQfHhFxW70Id6nfyX9sKaQo/zRoiYx35YWio2bRocQYh+BQKBwPrY5dcZ\nsil3x/oLCt76lKKxjdpPl5iaM8vdDTGB6oUKkIZOoeI2nBAF5B95FCnShVzbctIu\nv8NH66OpiAqsNpE246wa4EhOuO5Uwn/dTXngaWFk6s3/aQpymByswl7D0yoRI8TK\npfKstAuSHjFYTWLx6tA6n1DVjfQBlcMwSCc2HQh2v3JxHuMG1T2ctdC6kp2GZwgb\nFIzyzSbFyWn2QSjLrmhi5cn+kxTE42U3dMKD7GU3BGMU9KYHs7QjldtfBwZ09VJl\n5iW+D6c8D/cNXam3UL3c1XHq3DHgIq8A8NKuSQwAqbY2uaeISY58Zn2QxKlGRRku\nAUJcCcnCgbP0ko7ZJZ35QroZsyKBShgP8Rr9Po1l7o4midDraCnT89XgT7qINzFH\nTnf2BZDkZnt83TiA00rQJlhwcPjrF24FhRJzqa+iiEF91wZ0y5yUN63FWjQsF9XZ\n56PCeZWG2eUy05XIlcz1tCcfcTYCC6tWsBb7gsQry+/av2oahKV9b7Auy4ttxKID\nev6z9UkoZJU9VwSoTLGQsOK6DvcNZHSTtRr4Z9mTlQ06RF6CfWiRnt2lxDxu5+rt\nEYXrjD+hAZZlMSijw7S95GZyxo4qGw6Yq0MZUM8DhslvnAMdkVyIoWN+TAwqM4FJ\nRyhVH/HFk/GxWaPwQGVeHhSXWnwL52qUsX94qUNVu+PK0A7u0lTqozQN8e8pQ3cn\n6H2YWqDxXDOCNp6S5pPz/k5GrlLmjSir6COAz9R0g39TxUk/aqH1xg11PaaE3eLS\nhPJiHWJBDgO1H6CeRKcnNrjJSb4ShCuF1Be16XwnUTI44OVVnASWhi/1l+r9476W\nrbs3nbyUN1Qg07dlEb6d+FnHxWjpMobHfZkks/vkiLRBJJUNWHNDHf6I5JsblHVA\nc4i5V8gW73ntRe6XutBK+04PYWo0n+ZsFadqJsB6QHHRstzHvFNn+/92twUOrCqo\nziC9RNMCyy56QPnfcDwXaJF+FbV3NsJtuxuG537Nh0cIr7IfJrxPkyhu0VwSW3JP\nqhtJWba3qKkeEv0MI3dpBQvw8NGgDm7gVBK3Jv9kvLaScScJN+UkPVHTfvfd01u7\nzkaKPQ9eHSex0KPsFZToKB4OKAlHPHmw5Z4mtfKG+yA3UT+2OfZqaeneMUOB4PSz\n5ly6Zl6QcwPIC8DGjdsztwYQkGvQrCVkbpiP2dBFcNQ3jxvZmkWTjP22wfiK2OzH\nawB9QpZhVoRbOV+25nW+71kNpKDP+oSgXObkHK843S/UsOvaRS5HpsGvKBJvGy97\nLrDmQ0571hRpHF+Yb4Aa1Msk1vzwWepNd1FzBm9e/JC1vrwv0gjY1cTW32E+Dgkk\nmy7b1rbdBnLhy2AhD52/NnTAW5X51RKZ0gWP0rClABzkeooxeawCvA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-4SBGgbLjHLSqktxGS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-4SBGgbLjHLSqktxGS', '--output', '/tmp/tmpiakmops9.xml', '/tmp/tmpok9rvfv3.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpok9rvfv3.xml" output= __________________________ TestClient.test_response_6 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3020b8bb00ebaba211649db8fb89ea4e830e8d02bd07f68fa4598b00b1d5c04furn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMzWhcNMzUwNzIzMjIzOTMzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAs6mT0rYqOKtLg6s+frqZ7JW1/X030jzkLk8wyydG3aU5jhQ96O9/1ZeW\nQ7YDMi7TERcSVtnmNoGEfPfkqQWOjqWMWVC9WyTsdh6rB4d4iFBVZK26lxuAdWrd\nR3Ec2T1DE7h+4PJp0YgX8q0cqyGpXFG0sVescYqUSE1GPejkLNQ7qTN559WoeX/x\nC5KjL/mMIyPseRv0XMFPehtIgZog7EOL3lzZiIhPtfaNf88bcFfzQsb6pgqXUdID\nx+sIyemooDtOICnCksgtN8C25FkZKGXNudyOyUy+4YlmEaKoYTjG+jUoVT9WydYT\nGie4Iu3K5fOUNR7CDT6aYoVu5d20JQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIdz\n+0eQkKGaGxlBR7gPG5baL5iM0v1k5zqZwQHqZlwdaqBMDZujhNiUvSKbZ5pf4S2k\nx5h+k4AMdhrlKj/QOX1yHFp4PQ1NCkxxL4QXmv8AUjsE7lg+a/Cik6oZ/TWYYtJf\nmAGr4j//hhz2puYKRZkZz5ya+c5dzcUh5rIcf8UjNKxXm4LZxXxEwPe1VmUNOk/7RFclrDR+k7Q9bKglOBKyKsb2VMPyO8F64QEsnWbw\nSFBg1oqnqKUJ/bz3SgcS5B7Ny/exOwoSNt8NzACxPffEfz0Mut4/7OK2RnZe+3Uc\nDqFVYdtUJ/W9YqiS28VI1d8Qsj1B/6x+OZbHLRyruGYo2lKWbUwcZiNp7sauU7bE\nKimxGiiPyT8xjxn7xolOg66sADi09GLkzlxDusX18w115TKxa+Ru+zecCHKBCPE8\n9X8yIEkgIXIClEDXjDb7+yTrXXOMU2OPvU2VgwYCxvrrtf8Xg6Xj4dCRVUQlDg93\nsoVQxSc6tsC/bi+/565sfw==v3yDkcThBU3JK/+1diLyi4PQG5FLcd6LOEC20C6ZOTNIXXciTDjr+JJYdtF2ArKM\njxptNMHJ2lAnX4k7RSe8dDuUwJimZtlElGKhiRR7WjEFrtCWa77psBo62p2EcuzJ\ne+at3hN9cIYNH5m4Pifjigv8/9RF4jwh7FzVNfRiAar2ZfkYSiEWGsH6x4KzQeYV\nzF4KVHAS3Od6fgl4zo4P7XE6DL64eUiCOup/I4llvG6Ecf6dfcbPAwLoK8Xwb4tr\n9/lUdT9LBPz71uH+in83NQQO/jkc1bFyEp/u7mO1SyjSIz3da6KzXCPhybrm95R2\nXYpTYeprMipXPPcLPE/d6QvQkFSiJE9O1p0Xv3AI6wZyDPnGYoXPxMbXaNM25/3T\n1A777d/ejB6TPysnmaW3/7legDAqqip39pN1ISzHvNXvZy3kIn2N8KVcW7BTwGoR\nn8Nax/zpf9CMssSTisqSB7xlTbsPOhk0tzA7FU6IenjEI7+qsR+Gw0l8npmgbPMJ\nMEhZ467eW0mPcmxuAeIO8oJEl59ql7VKgus2iUqNZjdAdPpTrli7B34MDwAW4Hvi\nn7NpXmMeYt3+A8G+2mcWGUAxUUwxT7udlM/d5VE9L4toOxNenNr0Rgib0rfQ+HNY\nVquGVgetA4qbVdsND954+Mq5nugI0zduNB/7xq3lcQ6Hnqv6gchNphi+O/GKJVw7\nZXriEr8R5ek8osJWFv7lDasYn+5FJrcHl8QtTK4dIztumffvQwS2viG0DbCz14n5\nnn0YyCwaiS7XTmXOnnh5nu0VKIYeR2nWxZ+i1GgY8EYQoL9eUG5tO8mSpQDrIUJ4\nfLIyYEHtP4fd/42nLSyd91TT+G2506TpWGy5bTX19IxeatDj09mbv01s9qDyNpuV\n6ZZ3gBsL7iyKm3GIrCu9dvnBf3tDD2gphBEX/DzFvaq3kcGDE76C9CuXsNeZJ9yt\nSWo6IqA7Pz85B63nNdD58E2OOShwB212OlbuY+XkriQ3VVDewdI4aCdHW2NzCrob\nTOXYY0MDeKGFTrIPMIUcKCYc2GPUtOzDdjsKhQg2LeIsi4F0SAuBno9HyuBOQYGJ\nDUEwBa4EjK2guopOz4HMeMgFbLR4LaBZN3RbwGryo4Gjjvo+yvtOqZWNAJUBZO6o\nJP3TZtFH63MCBnesL0giq5rB2CafULjZo1mV/jnjIMnXpmurMYeK54swHHVc+wB3\nv/TDWWRa+SQLVe0D7hT+rRevUBacKJa76CObtMZClJ2mF/0YETTvFWRknyr12mBH\nNSbV8nvOAz1mBIdKPaxlOVu/cZOuAHzKAEqc3hWr9Fne5dYrQZZa0/KpCykKQ/0u\nOcyrRn+41TEhgfHHt5OypMFCOSqazSXMUxb/rsMKIIEW7QxH47t7ANaC9S1x8XfG\npjM+Arkd+Fq5JThGyTgRXPYnt3wCMAeo+YJ6uXEIdHGWIsxb8gasybB/vSIfqU//\nhnDY5z302rPV+deaZ59f2QJyBlrK2QoTJXX3VgrE+3VSu3K3yoXZKFV6AdMFkXuE\nVesu/urMBWnEhrRX1Wg8eDIGOEVpXegMZAfMG0/0JhzCB5LByBDtWHivtnlJe1Ih\nNVSPriQMLmEwvMZMrYUYSjvIt0SVqxHZJGsio6SNf5yqkSubhQOs4HzTn+OkCI1B\nkWgcwRqUnb4AeXXu7sBHhiDouJSGXJFMOm6EcWqJi73pztTgkC7oYgyRiIkFtQFC\nyRDy/owfZIjtlxarhlB3tb9tLAq3aS9cq8kMr08ci4SYUu62CpFxEW3NGKejHw7/\nK3nsnxHSxEf/ALW34234G/bxPrvoFsm+kFcxLgSf+sAKStaGpZ8bymF3nXHhcY5V\npHas1FgYSttLzhJJMWIf0MTDMNjeGwx9aLLgsfTgnOLZajEXbkmCXb6SgF0AbUyo\nBSsoL/qubWceANO4OxdDogmGpTznaeEs2Q1T2iT5uPp9FOzl6K1nVlxC++ZnkWS1\nQ+aXC/5zUdEkm8ehn2U+uM46fQPrB3ldXUyGa3+CdU3tHahOX1m4nqJjamjyWbFs\nhd45V6QlzIIL4MnKh8KUajYK+MBpFOuVlUDQhFQ1mdnTouqAPUjDb97OP8MX8NIz\nEnVjHmPMRU59B7DgeCUbSs54MpbXiJO+BbUK6+BznaJ4aFy4/BZvGawF3ZYflmes\nFE427N7vAbPTt3vMNfekopR/NSBuoNpnzCe7cYsocALIaUq3oVElOjP13QUSpjf7\nibhqU4Qtlbvhl2Z1/9+GTnubvnlwDPE8iuiByvlmxcWkDbKRiTMuYCr/MIM5Xp/3\nUDeV6zDAkHPMx2bHizKGKPHcm4LVCbHvtx4NslT8SzDJCROGUQY1bLlErXS4W6AE\nvtFviS5grCwAZNbGZRYD+MWivJ8cnCL4sPARvPTsa2afBz0xHWpVzw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KWp2NyYKgp5oXXXYL' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpo926y96b.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpo926y96b.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_6(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_assertion_str, cert_key_assertion_str = generate_cert() cert_assertion = {"cert": cert_assertion_str, "key": cert_key_assertion_str} cert_advice_str, cert_key_advice_str = generate_cert() cert_advice = {"cert": cert_advice_str, "key": cert_key_advice_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_assertion_str, encrypt_cert_advice=cert_advice_str, ) tests/test_51_client.py:699: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3020b8bb00ebaba211649db8fb89ea4e830e8d02bd07f68fa4598b00b1d5c04furn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTMzWhcNMzUwNzIzMjIzOTMzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAs6mT0rYqOKtLg6s+frqZ7JW1/X030jzkLk8wyydG3aU5jhQ96O9/1ZeW\nQ7YDMi7TERcSVtnmNoGEfPfkqQWOjqWMWVC9WyTsdh6rB4d4iFBVZK26lxuAdWrd\nR3Ec2T1DE7h+4PJp0YgX8q0cqyGpXFG0sVescYqUSE1GPejkLNQ7qTN559WoeX/x\nC5KjL/mMIyPseRv0XMFPehtIgZog7EOL3lzZiIhPtfaNf88bcFfzQsb6pgqXUdID\nx+sIyemooDtOICnCksgtN8C25FkZKGXNudyOyUy+4YlmEaKoYTjG+jUoVT9WydYT\nGie4Iu3K5fOUNR7CDT6aYoVu5d20JQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIdz\n+0eQkKGaGxlBR7gPG5baL5iM0v1k5zqZwQHqZlwdaqBMDZujhNiUvSKbZ5pf4S2k\nx5h+k4AMdhrlKj/QOX1yHFp4PQ1NCkxxL4QXmv8AUjsE7lg+a/Cik6oZ/TWYYtJf\nmAGr4j//hhz2puYKRZkZz5ya+c5dzcUh5rIcf8UjNKxXm4LZxXxEwPe1VmUNOk/7RFclrDR+k7Q9bKglOBKyKsb2VMPyO8F64QEsnWbw\nSFBg1oqnqKUJ/bz3SgcS5B7Ny/exOwoSNt8NzACxPffEfz0Mut4/7OK2RnZe+3Uc\nDqFVYdtUJ/W9YqiS28VI1d8Qsj1B/6x+OZbHLRyruGYo2lKWbUwcZiNp7sauU7bE\nKimxGiiPyT8xjxn7xolOg66sADi09GLkzlxDusX18w115TKxa+Ru+zecCHKBCPE8\n9X8yIEkgIXIClEDXjDb7+yTrXXOMU2OPvU2VgwYCxvrrtf8Xg6Xj4dCRVUQlDg93\nsoVQxSc6tsC/bi+/565sfw==v3yDkcThBU3JK/+1diLyi4PQG5FLcd6LOEC20C6ZOTNIXXciTDjr+JJYdtF2ArKM\njxptNMHJ2lAnX4k7RSe8dDuUwJimZtlElGKhiRR7WjEFrtCWa77psBo62p2EcuzJ\ne+at3hN9cIYNH5m4Pifjigv8/9RF4jwh7FzVNfRiAar2ZfkYSiEWGsH6x4KzQeYV\nzF4KVHAS3Od6fgl4zo4P7XE6DL64eUiCOup/I4llvG6Ecf6dfcbPAwLoK8Xwb4tr\n9/lUdT9LBPz71uH+in83NQQO/jkc1bFyEp/u7mO1SyjSIz3da6KzXCPhybrm95R2\nXYpTYeprMipXPPcLPE/d6QvQkFSiJE9O1p0Xv3AI6wZyDPnGYoXPxMbXaNM25/3T\n1A777d/ejB6TPysnmaW3/7legDAqqip39pN1ISzHvNXvZy3kIn2N8KVcW7BTwGoR\nn8Nax/zpf9CMssSTisqSB7xlTbsPOhk0tzA7FU6IenjEI7+qsR+Gw0l8npmgbPMJ\nMEhZ467eW0mPcmxuAeIO8oJEl59ql7VKgus2iUqNZjdAdPpTrli7B34MDwAW4Hvi\nn7NpXmMeYt3+A8G+2mcWGUAxUUwxT7udlM/d5VE9L4toOxNenNr0Rgib0rfQ+HNY\nVquGVgetA4qbVdsND954+Mq5nugI0zduNB/7xq3lcQ6Hnqv6gchNphi+O/GKJVw7\nZXriEr8R5ek8osJWFv7lDasYn+5FJrcHl8QtTK4dIztumffvQwS2viG0DbCz14n5\nnn0YyCwaiS7XTmXOnnh5nu0VKIYeR2nWxZ+i1GgY8EYQoL9eUG5tO8mSpQDrIUJ4\nfLIyYEHtP4fd/42nLSyd91TT+G2506TpWGy5bTX19IxeatDj09mbv01s9qDyNpuV\n6ZZ3gBsL7iyKm3GIrCu9dvnBf3tDD2gphBEX/DzFvaq3kcGDE76C9CuXsNeZJ9yt\nSWo6IqA7Pz85B63nNdD58E2OOShwB212OlbuY+XkriQ3VVDewdI4aCdHW2NzCrob\nTOXYY0MDeKGFTrIPMIUcKCYc2GPUtOzDdjsKhQg2LeIsi4F0SAuBno9HyuBOQYGJ\nDUEwBa4EjK2guopOz4HMeMgFbLR4LaBZN3RbwGryo4Gjjvo+yvtOqZWNAJUBZO6o\nJP3TZtFH63MCBnesL0giq5rB2CafULjZo1mV/jnjIMnXpmurMYeK54swHHVc+wB3\nv/TDWWRa+SQLVe0D7hT+rRevUBacKJa76CObtMZClJ2mF/0YETTvFWRknyr12mBH\nNSbV8nvOAz1mBIdKPaxlOVu/cZOuAHzKAEqc3hWr9Fne5dYrQZZa0/KpCykKQ/0u\nOcyrRn+41TEhgfHHt5OypMFCOSqazSXMUxb/rsMKIIEW7QxH47t7ANaC9S1x8XfG\npjM+Arkd+Fq5JThGyTgRXPYnt3wCMAeo+YJ6uXEIdHGWIsxb8gasybB/vSIfqU//\nhnDY5z302rPV+deaZ59f2QJyBlrK2QoTJXX3VgrE+3VSu3K3yoXZKFV6AdMFkXuE\nVesu/urMBWnEhrRX1Wg8eDIGOEVpXegMZAfMG0/0JhzCB5LByBDtWHivtnlJe1Ih\nNVSPriQMLmEwvMZMrYUYSjvIt0SVqxHZJGsio6SNf5yqkSubhQOs4HzTn+OkCI1B\nkWgcwRqUnb4AeXXu7sBHhiDouJSGXJFMOm6EcWqJi73pztTgkC7oYgyRiIkFtQFC\nyRDy/owfZIjtlxarhlB3tb9tLAq3aS9cq8kMr08ci4SYUu62CpFxEW3NGKejHw7/\nK3nsnxHSxEf/ALW34234G/bxPrvoFsm+kFcxLgSf+sAKStaGpZ8bymF3nXHhcY5V\npHas1FgYSttLzhJJMWIf0MTDMNjeGwx9aLLgsfTgnOLZajEXbkmCXb6SgF0AbUyo\nBSsoL/qubWceANO4OxdDogmGpTznaeEs2Q1T2iT5uPp9FOzl6K1nVlxC++ZnkWS1\nQ+aXC/5zUdEkm8ehn2U+uM46fQPrB3ldXUyGa3+CdU3tHahOX1m4nqJjamjyWbFs\nhd45V6QlzIIL4MnKh8KUajYK+MBpFOuVlUDQhFQ1mdnTouqAPUjDb97OP8MX8NIz\nEnVjHmPMRU59B7DgeCUbSs54MpbXiJO+BbUK6+BznaJ4aFy4/BZvGawF3ZYflmes\nFE427N7vAbPTt3vMNfekopR/NSBuoNpnzCe7cYsocALIaUq3oVElOjP13QUSpjf7\nibhqU4Qtlbvhl2Z1/9+GTnubvnlwDPE8iuiByvlmxcWkDbKRiTMuYCr/MIM5Xp/3\nUDeV6zDAkHPMx2bHizKGKPHcm4LVCbHvtx4NslT8SzDJCROGUQY1bLlErXS4W6AE\nvtFviS5grCwAZNbGZRYD+MWivJ8cnCL4sPARvPTsa2afBz0xHWpVzw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KWp2NyYKgp5oXXXYL' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KWp2NyYKgp5oXXXYL', '--output', '/tmp/tmpd7lini4a.xml', '/tmp/tmpo926y96b.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpo926y96b.xml" output= __________________________ TestClient.test_response_7 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=1a9602d9126d5a60f6f78957d5eca1efeb54c98c9b9888608e2254da43db131aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6Em6ZyXvPqkUFECjt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpv_9k1m49.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpv_9k1m49.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_7(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypted_advice_attributes=True, ) tests/test_51_client.py:738: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=1a9602d9126d5a60f6f78957d5eca1efeb54c98c9b9888608e2254da43db131aurn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6Em6ZyXvPqkUFECjt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-6Em6ZyXvPqkUFECjt', '--output', '/tmp/tmpnxmoo3tj.xml', '/tmp/tmpv_9k1m49.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpv_9k1m49.xml" output= __________________________ TestClient.test_response_8 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=067ee2e432e19053909e31590cbbd80c6e8d9b0e61e790cd3a9b63a53e84840curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Uf7adB3SldbuVYaBR' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp0uiq5nn8.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp0uiq5nn8.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_8(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:776: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=067ee2e432e19053909e31590cbbd80c6e8d9b0e61e790cd3a9b63a53e84840curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Uf7adB3SldbuVYaBR' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Uf7adB3SldbuVYaBR', '--output', '/tmp/tmp9_1cfnsb.xml', '/tmp/tmp0uiq5nn8.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp0uiq5nn8.xml" output= _________________ TestClient.test_sign_then_encrypt_assertion __________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-bU47IInyiWU7nkn4y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpguvs3ox8.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpguvs3ox8.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion(self): # Begin with the IdPs side _sec = self.server.sec assertion = s_utils.assertion_factory( subject=factory(saml.Subject, text="_aaa", name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)), attribute_statement=do_attribute_statement( { ("", "", "sn"): ("Jeter", ""), ("", "", "givenName"): ("Derek", ""), } ), issuer=self.server._issuer(), ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id ) tests/test_51_client.py:906: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-bU47IInyiWU7nkn4y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-bU47IInyiWU7nkn4y', '--output', '/tmp/tmpk71h881l.xml', '/tmp/tmpguvs3ox8.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpguvs3ox8.xml" output= _________________ TestClient.test_sign_then_encrypt_assertion2 _________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-XTeZK40zbm9ftJgn9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpcfuohikq.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpcfuohikq.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Derek", "sn": "Jeter"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=self.client.sec.key_file, node_id=assertion.id ) tests/test_51_client.py:979: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-XTeZK40zbm9ftJgn9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XTeZK40zbm9ftJgn9', '--output', '/tmp/tmp7drc5b85.xml', '/tmp/tmpcfuohikq.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpcfuohikq.xml" output= _____________ TestClient.test_sign_then_encrypt_assertion_advice_1 _____________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-BPDLzBHAZ9KzCCKdq' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6nl16ajy.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6nl16ajy.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_1(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Derek", "sn": "Jeter"}) subject_confirmation_specs = { "recipient": "http://lingon.catalogix.se:8087/", "in_response_to": "_012345", "subject_confirmation_method": saml.SCM_BEARER, } name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), name_id=name_id, authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"}) a_assertion = a_asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion.signature = sigver.pre_signature_part(a_assertion.id, _sec.my_cert, 1) assertion.advice = Advice() assertion.advice.encrypted_assertion = [] assertion.advice.encrypted_assertion.append(EncryptedAssertion()) assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion.append(assertion) > response = _sec.sign_statement( f"{response}", class_name(a_assertion), key_file=self.client.sec.key_file, node_id=a_assertion.id ) tests/test_51_client.py:1081: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-BPDLzBHAZ9KzCCKdq' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-BPDLzBHAZ9KzCCKdq', '--output', '/tmp/tmpqqcraboa.xml', '/tmp/tmp6nl16ajy.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp6nl16ajy.xml" output= _____________ TestClient.test_sign_then_encrypt_assertion_advice_2 _____________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-JvtJzSG8b3VjqCFBt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpt_f5qv_z.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpt_f5qv_z.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser_1 = Assertion({"givenName": "Derek"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) assertion_1 = asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) asser_2 = Assertion({"sn": "Jeter"}) assertion_2 = asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_1 = Assertion({"uid": "test01"}) a_assertion_1 = a_asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_2 = Assertion({"email": "test.testsson@test.se"}) a_assertion_2 = a_asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_3 = Assertion({"street": "street"}) a_assertion_3 = a_asser_3.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_4 = Assertion({"title": "title"}) a_assertion_4 = a_asser_4.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion_1.signature = sigver.pre_signature_part(a_assertion_1.id, _sec.my_cert, 1) a_assertion_2.signature = sigver.pre_signature_part(a_assertion_2.id, _sec.my_cert, 1) a_assertion_3.signature = sigver.pre_signature_part(a_assertion_3.id, _sec.my_cert, 1) a_assertion_4.signature = sigver.pre_signature_part(a_assertion_4.id, _sec.my_cert, 1) assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1) assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion = assertion_1 response.assertion.advice = Advice() response.assertion.advice.encrypted_assertion = [] response.assertion.advice.encrypted_assertion.append(EncryptedAssertion()) response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1) advice_tag = response.assertion.advice._to_element_tree().tag assertion_tag = a_assertion_1._to_element_tree().tag response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion( assertion_tag, advice_tag ) > response = _sec.sign_statement( f"{response}", class_name(a_assertion_1), key_file=self.server.sec.key_file, node_id=a_assertion_1.id ) tests/test_51_client.py:1242: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-JvtJzSG8b3VjqCFBt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-JvtJzSG8b3VjqCFBt', '--output', '/tmp/tmp5u7dajq3.xml', '/tmp/tmpt_f5qv_z.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpt_f5qv_z.xml" output= ______________ TestClient.test_signed_with_default_algo_redirect _______________ self = def test_signed_with_default_algo_redirect(self): # Revert configuration change to disallow unsinged responses self.client.want_response_signed = True reqid, req = self.client.create_authn_request("http://localhost:8088/sso", message_id="id1") msg_str = str(req) > info = self.client.apply_binding( BINDING_HTTP_REDIRECT, msg_str, destination="", relay_state="relay2", sign=True, ) tests/test_51_client.py:1389: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=tZRRb9owEMe%2FiuX3OMGMlVoEia2rhtR1qLA97M3EB5yW2JnvUtFvPyVAW1UUsalVnny%2By%2B%2F%2FP5898pSZScMbfwd%2FGiAW26r0ZDxluWyiN8ESkvG2AjJcmPnk243RKjN1DByKUMrHAp3LDXNt0hTQWVLQxFBbBU1KtioT2DJ4wuDpUNKGT0MsEUTG4KWYXuUSXU%2BKnxDbv%2BRSq0yKKVEDU09sPedSZ3qQZBeJHiy0Nv1L0%2B%2F%2FkuIKiNFb7qr2EstQ2HITiM0wGw5ToiDFbG%2FpE3qHfn1a2nKXRObrYjFLZt%2FnCykmB7mfg6emgjiHeI8F%2FLi7eQKjXwevCsu2DGvcKoJWwkXa8e%2FRQby1FezglS3AwNZWdQmqCFXXMhNDab0zVMvxqAt0TYjiOsTK8mnZbQRdsupSDXhGfpDjM1ij9BlqPGrH5svjibZrbfYTBG7CHHHZMLy6IZ48BnSmp%2Frqo%2BqpD6qnBpe6r3rdp2WXd44vyxzb6MFZE1GK64jgXfmwg4FrZhAp%2BFssfre5UiC10jCCy%2BXKlgRSpGdI7lrlMHbUbjNxsDJHAP8rf2kJi380wLF5I%2F3zItTgJqsVlmh31%2B99jBwBHT%2BS9NX5Sl9OYvryRRv%2FBQ%3D%3D&RelayState=relay2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm __________________ TestClient.test_do_logout_signed_redirect ___________________ self = def test_do_logout_signed_redirect(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT ) tests/test_51_client.py:1527: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVJLS8NAEP4ry97TxCTVOCSB0iJE%2BkAtCt7WZGMXNjtxZwKtv14SexCFHjwNDN9zmNxRBGt8x4Ef9cegicWxs47AUVTIwTtARYbAqU4TcA1Pi80a4lkEvUfGGq08E0h19jJDEWnPBp0U1aqQpgneNodNeoooe9l8qvtquZTiWXsy6AoZzyIpKqJBV45YOS5kHMXzILoJ4vk%2BjiG5hSR5lWKliY1TPLEOzD2EocVa2QMSQxZlWUgWpXjUikbI3njdSLFF3rmdX7Ss%2FW%2FpNJ2ky3wsBVMIL%2B7Qd4ovVxw3pgnaCQraseGTLEdGp2oN%2Bqi63upZjd10L%2FBolWuA%2Bjz8YXX23apOVysxjodBWdOaMWmLKP%2BRhb1yZLRjWV7FSTq%2FPjt%2Bm5R5%2BOcRyi8%3D&RelayState=id-bMhM4y0s8WMzaJICC%7C1753483173%7C12063bad4ac5ef22774b5c9e5812ce636ae580c2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm ______________ TestClient.test_do_logout_signed_redirect_invalid _______________ self = def test_do_logout_signed_redirect_invalid(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT, ) tests/test_51_client.py:1565: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVLdSwJBEP9Xln3Xu%2FY0bdADQQrJDzIT6m05x1za3bGdObL%2FPu7yIQp86Glg%2BH0OM4qcw5xeqZY1vtfIok7BR4bI%2BVjXKQJZdgzRBmSQCh4nizmYbg7HREIVeX0msA3%2BMsMyYxJHUavZdKzdrlO8hfvn0wDN%2BuNpsTV4p9UWEzuKY226uVYz5hpnkcVGGWuTm34nH3RMf2MMFDdQFC9aTZHFRSst6yByhCzzVFl%2FIBYY5sNhxp60WqPlBrJxCXdaLUlWcZUme8H0W7rXa6XLUVMK2hBJ3VIKVi5XbDZu19m3UMAoTj512TCCrRDwZMPRY7ei0N4LEnkbd8DHUfbD6uy7tAFnU9WMh9p6t3dN0j2R%2FkcWSTaywyi6vDJFr399dvw2KUfZn0covwA%3D&RelayState=id-3kmKYx7e2RwUMV2eG%7C1753483173%7C642c285d6f3092efc7fc4f855ad8c575ae1eae76&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm ________________________ TestClient.test_do_logout_post ________________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6Ipy6TzGNYl3o17se' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmp7m8c2g9v.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp7m8c2g9v.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_post(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:1609: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6Ipy6TzGNYl3o17se' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-6Ipy6TzGNYl3o17se', '--output', '/tmp/tmp9qlr4mx2.xml', '/tmp/tmp7m8c2g9v.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp7m8c2g9v.xml" output= __________________ TestClient.test_do_logout_session_expired ___________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-X7IIZPETMlP99EQdw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmphl3momru.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmphl3momru.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_session_expired(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": a_while_ago(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:1661: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-X7IIZPETMlP99EQdw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-X7IIZPETMlP99EQdw', '--output', '/tmp/tmp30hp7qdb.xml', '/tmp/tmphl3momru.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmphl3momru.xml" output= _______________________ TestClient.test_signature_wants ________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpf52a4d19056da4eccb2348a22a729cc9df41fcc2e9ff53c10a96cfdfc1a0b95furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-PJFPNPJs3t0AnuyD0' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp1wey_isi.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1wey_isi.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signature_wants(self): ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) kwargs = { "identity": ava, "in_response_to": "id1", "destination": "http://lingon.catalogix.se:8087/", "sp_entity_id": "urn:mace:example.com:saml:roland:sp", "name_id_policy": nameid_policy, "userid": "foba0001@example.com", "authn": AUTHN, } outstanding = {"id1": "http://foo.example.com/service"} def create_authn_response(**kwargs): return b64encode(str(self.server.create_authn_response(**kwargs)).encode()) def parse_authn_response(response): self.client.parse_authn_request_response(response, BINDING_HTTP_POST, outstanding) def set_client_want(response, assertion, either): self.client.want_response_signed = response self.client.want_assertions_signed = assertion self.client.want_assertions_or_response_signed = either # Response is signed but assertion is not. kwargs["sign_response"] = True kwargs["sign_assertion"] = False > response = create_authn_response(**kwargs) tests/test_51_client.py:1706: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/test_51_client.py:1693: in create_authn_response return b64encode(str(self.server.create_authn_response(**kwargs)).encode()) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpf52a4d19056da4eccb2348a22a729cc9df41fcc2e9ff53c10a96cfdfc1a0b95furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-PJFPNPJs3t0AnuyD0' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-PJFPNPJs3t0AnuyD0', '--output', '/tmp/tmp58kaovye.xml', '/tmp/tmp1wey_isi.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1wey_isi.xml" output= ________________ TestClientNonAsciiAva.test_sign_auth_request_0 ________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', ...] extra_args = ['/tmp/tmp_qor4d_9.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp_qor4d_9.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_auth_request_0(self): > req_id, areq = self.client.create_authn_request("http://www.example.com/sso", sign=True, message_id="id1") tests/test_51_client.py:2023: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client_base.py:445: in create_authn_request msg = self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpac9n_sq2.xml', '/tmp/tmp_qor4d_9.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp_qor4d_9.xml" output= ____________________ TestClientNonAsciiAva.test_response_1 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpf52a4d19056da4eccb2348a22a729cc9df41fcc2e9ff53c10a96cfdfc1a0b95furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepci\xc3\xb3nDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-UiVAUMbNsFmYGYg3F' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp_mkt4hr9.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp_mkt4hr9.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_1(self): IDP = "urn:mace:example.com:saml:roland:idp" ava = {"givenName": ["Dave"], "sn": ["Concepción"], "mail": ["Dave@cnr.mlb.com"], "title": ["#13"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id_policy=nameid_policy, sign_response=True, userid="foba0001@example.com", authn=AUTHN, ) tests/test_51_client.py:2066: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpf52a4d19056da4eccb2348a22a729cc9df41fcc2e9ff53c10a96cfdfc1a0b95furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepci\xc3\xb3nDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-UiVAUMbNsFmYGYg3F' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-UiVAUMbNsFmYGYg3F', '--output', '/tmp/tmpqs9nhcys.xml', '/tmp/tmp_mkt4hr9.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp_mkt4hr9.xml" output= ____________________ TestClientNonAsciiAva.test_response_2 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=56fc37440259aa982e56b840e8ab9bdcbec0687885663fb5167fde2194ac8ad2urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTM0WhcNMzUwNzIzMjIzOTM0WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA0M60biAd5FvTAyGatan0GX9sIgoH/JpdfqNe+xN1SH/j5yjz6wwamCaw\n+GgDicEV2hmBvx5AsR4VJcNyVgReEgd3m9JsnECTB2lbHczK6mNGmnLRb0Rb6Fsh\nEy0AK9KLeUN90Z0PSOlavfSFUy+2BfaOoIc36bl2CPL+Ha7Wv4Q1dvfpPEKnQKgP\nXbMXgS/dWbk2ih33U5f72LzUNJWtCtyzy2eYzv1CSvNrgut/m8Sq5Li8fwaYRHW+\n0z42NpsD6gFxQdIH/C/gEnypxn7u/4cIVvU67705YEonnVeSc3lhyuiP9dsSppD0\nnlOAioEPFfi29nbdJn+zQ3ZDZgOw0QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFvy\nj1TsFOwx7aUnIB6nAIS9U80eHgQj0gAWyMFZI6U+KBzhyEyVcGOI0JLNSGSbhWyS\nqd588uX4aAXFmARawiz7/9Dsychxk0acSFPv8WNz/3aBUyIqEfTYodOOMNmn14Sn\nAZYX6xD4LaJIjzzMbPjJFKC/7f8b64cBjPk8ulGZskckCFVMpHnSUH6mePvh6H39/YwpKPLyTWoXoTfLL7sXVseLzujyupL4XnZZUcnI\n7zod7+L2K1cHq0rc4bSJl5j+um9C/rSq1mFrYFzJnKZJ7vW6gTOqxO1JyOP7vlvv\nVLt2LACSIpY8z5JYu1bBCRFtOXZ31oDlw+YUAo2JjKcQjIzv44dQAn2Ea9ttTLRD\nMedOkBF/1d6xHnGc6575PEd1Tw6sE8fD5OxPSo5f6jEXntpJjBFZBtNlsT/mIKbM\n+aUnFmueHTRE0SkkDwsPgyOBsLcqg748ydeXEGphDD3zhJkyg+SOokEuv2VXdwx2\nWsoUB2OkyOvGY+ZrhXFJqA==Uf8AlYHCwjvPywQh0mLe7ouYxPcv6Ql+4uea/JqkB34XtE6iIO4jI9MYt5yGUzlr\nLNIrBHjcUflI+G9E1cTM6/2v4fJPribp7HExGM2YQQ9gg1myWZrpQqyRmWK1rujf\n9adAwOneHae6mGiwKHqvIycUZEaotx1j+0c9UrGCs1jv+AhekwAECP8Q0GISFdY3\nqu5hpFSCDds2H01ATrZ1F6AwdRrw/3INQ00k37JxjZVeo59UnyGDvcHoWX0va8lH\nahB+j4V4EnXSirryklqE4cp6YPvJLfNZTqNgCjJtuDAeVvu9jdQri0S4wr4p1syS\nsdfvdLRmHlA1lQRVgK7tjR+XG6gW39eluykuFsUdYf5MK7nVo5rs3GL9nk+d6Mo1\nvmn8ETgPq8YRy8XH7lYnvAGIya/T2TxKL77WCqc+EQ9d6s0169DrJv0nby6v8fKx\n549eOFKh7PlDmOxfd9qA7qdc5G4FcTZNrt/CadUsAuL5IWmTW1J7IKRa6av0wNi7\nDe+Zq9ZfMT8+U1LpssnppaWTvia41qMNhuQgpgz4bYeDmSY8sNZQm3LpfcO9E7Cr\nZjtQsMs1VNhzHAhsh/HojtrSg3t6ouRNKWqx0tfBxrSLuBXeXsVrBy9kQY7W0bG4\n2DvclOy5x4AT8OQmETUeW7ARAp9G798nAds2a2Djyh7pPhTSTb4r6YnEmSCyci07\nmgLdrsKwetgiKVw+0+7bMRt2b1s2vB9Jdtpz6O/Ik6lIxi08PY+iZFSs1tkFWV2V\nFZIAmvVtYecvGWM4m3BCswus5JiemzNLDDxmGz73fDFxjYUAQRZp9K3WJLUuWM/V\nGzGBzUTPrLP5i1UxObR+5FJG/BnfHitN0v+HwiTUeM9PoPoezMgZ+1lGYQ8INMnw\n/e95JpVX0nTGXy3Rnllzt41JqJXr1yBRNUZQP5ZsVyVC5XKa6WXRUSeCg7g7PuyP\nDvEDk+73voneXqMDYRdlPKDEnEzIk07DxhAgeXyP6DZtVRcD0fYi0sghpLcga9Xm\nYDG8Yuzi6Vp6bzOvx9yWMBfz3CjYmHWj1nZUpQQl4wehhq1hngQyvHACJreLmgI6\nL8bHqEHv7KC5uMrsrL1yDcoXZNESoT5ox7UedfQ0pZTxyH0gX/9AG7f1D33zPesn\nwQnT88oTFNjU+7wy8OXJ1yvsC1/vh2vUhWOuBDNYG+0/ZF3XirpxB/KbYA0QRw42\nvJ9Re94QKbz2+VfWgOOXOoC4T8IToAcaRPysltsysbaYb6q6uGQTT9IaQdw8WQHm\nTDFpnD0pBNewamEiiXiYCOWsIpFAiahFT/hq7J3t0gPl0yrvhs38Xwvj+YGY+wm+\nknQ1+n6PLUa+qsHXd6mNXq+wN/y4s0kYh/xTMtSiC7Z9Ak+CtW36dQBkFsB5GdNz\nq6moG1f8M11FHDhkuZS+Nqj65+B77kvEYRY4A6sPx1wPt6A+X2p5TrweFlZLpno6\nXBCZzB4Vmg0qhPT5WnXi9uu7JA/jsdEcWbYKqAS28tIfsc+eCzHKEOVxe6NwErVv\ndME/p8tERt57bpCHjZr9hHJXPIYDF2o4hGz/tgI9fNxwKhZ7TbkwVphBI9TF77fn\nr1YiPN8uU7NbQ/n7aPC5wdsmxD6OmkFt0xnrXBM8F9KzSFSbR4xZm0lnDNSlnZlo\nwL3/0m9hppk9QHjAoUWdehejSFcfCKR5iyZAC+LCLyp9+lN4t41JtpTAIt/n04Io\nYsZBXNfGc9zp2TdelguVtcg5RzvEiPiasslyzmOqKz1AW+P8sUO4ZmoCip1yfofq\nT6Af2UOsm+lVT1Q4I71dCZ+RLsUrrvdYHugRD1/LXV4poIc/gUdwWGsj7X/l4DIg\nFyvoKCGZ0GNUlsjjYyBcHvL4h9d6ydRKflhe3SQ7c4wc78QqkMwZx6w8rO8kZlqp\nKO/Q182dVR7kE4GJhNXWi2MZ6bZEW0UtYsPkmGNgo6lnGrTNY5eaK+g3xg51fQ28\ngUOtjces4O/Svjr4bl1YBS3+kmvwNEjNz9WVNqIeHtYsZpCKvYEQljH8HjSc8Zgd\neH4ZnaBba3ZYCDxSMml7igBxXbtGrkHXZNuYoS8o9KGpJQAYKOdGuGGYjbhr4yA6\nzDCWTfl/IJppHXDvdIabAcg8kO8ftKVq0nspLmXsn8QuhLUbMSNdShKinkqAT5Fk\nRYW55nYQovcl1t+dX/ykBmMqQuI563QPZW/OpEAZmsKSj+IVYlm2ux7mJzEhXsmD\nI65e0TUn0+VpgEIDlxWh4/a38s9h3xC70DM+MiIdKRFHRGoFuvDqXoCsL3sEWXVP\n65eZY2HH3939ncADCDbs+fZE3+A0EBGY0WqIIqMXkT3quRNTmbGQA4Px27Xlq3oF\nXTgz4x49z5sRcWXcKir689Wpe5S95zEume0JGfhTMWnzsWEW/DV6xA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-IndtBQRhX6EqiInCx' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp42livriw.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp42livriw.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_2(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_51_client.py:2146: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=56fc37440259aa982e56b840e8ab9bdcbec0687885663fb5167fde2194ac8ad2urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTM0WhcNMzUwNzIzMjIzOTM0WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA0M60biAd5FvTAyGatan0GX9sIgoH/JpdfqNe+xN1SH/j5yjz6wwamCaw\n+GgDicEV2hmBvx5AsR4VJcNyVgReEgd3m9JsnECTB2lbHczK6mNGmnLRb0Rb6Fsh\nEy0AK9KLeUN90Z0PSOlavfSFUy+2BfaOoIc36bl2CPL+Ha7Wv4Q1dvfpPEKnQKgP\nXbMXgS/dWbk2ih33U5f72LzUNJWtCtyzy2eYzv1CSvNrgut/m8Sq5Li8fwaYRHW+\n0z42NpsD6gFxQdIH/C/gEnypxn7u/4cIVvU67705YEonnVeSc3lhyuiP9dsSppD0\nnlOAioEPFfi29nbdJn+zQ3ZDZgOw0QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFvy\nj1TsFOwx7aUnIB6nAIS9U80eHgQj0gAWyMFZI6U+KBzhyEyVcGOI0JLNSGSbhWyS\nqd588uX4aAXFmARawiz7/9Dsychxk0acSFPv8WNz/3aBUyIqEfTYodOOMNmn14Sn\nAZYX6xD4LaJIjzzMbPjJFKC/7f8b64cBjPk8ulGZskckCFVMpHnSUH6mePvh6H39/YwpKPLyTWoXoTfLL7sXVseLzujyupL4XnZZUcnI\n7zod7+L2K1cHq0rc4bSJl5j+um9C/rSq1mFrYFzJnKZJ7vW6gTOqxO1JyOP7vlvv\nVLt2LACSIpY8z5JYu1bBCRFtOXZ31oDlw+YUAo2JjKcQjIzv44dQAn2Ea9ttTLRD\nMedOkBF/1d6xHnGc6575PEd1Tw6sE8fD5OxPSo5f6jEXntpJjBFZBtNlsT/mIKbM\n+aUnFmueHTRE0SkkDwsPgyOBsLcqg748ydeXEGphDD3zhJkyg+SOokEuv2VXdwx2\nWsoUB2OkyOvGY+ZrhXFJqA==Uf8AlYHCwjvPywQh0mLe7ouYxPcv6Ql+4uea/JqkB34XtE6iIO4jI9MYt5yGUzlr\nLNIrBHjcUflI+G9E1cTM6/2v4fJPribp7HExGM2YQQ9gg1myWZrpQqyRmWK1rujf\n9adAwOneHae6mGiwKHqvIycUZEaotx1j+0c9UrGCs1jv+AhekwAECP8Q0GISFdY3\nqu5hpFSCDds2H01ATrZ1F6AwdRrw/3INQ00k37JxjZVeo59UnyGDvcHoWX0va8lH\nahB+j4V4EnXSirryklqE4cp6YPvJLfNZTqNgCjJtuDAeVvu9jdQri0S4wr4p1syS\nsdfvdLRmHlA1lQRVgK7tjR+XG6gW39eluykuFsUdYf5MK7nVo5rs3GL9nk+d6Mo1\nvmn8ETgPq8YRy8XH7lYnvAGIya/T2TxKL77WCqc+EQ9d6s0169DrJv0nby6v8fKx\n549eOFKh7PlDmOxfd9qA7qdc5G4FcTZNrt/CadUsAuL5IWmTW1J7IKRa6av0wNi7\nDe+Zq9ZfMT8+U1LpssnppaWTvia41qMNhuQgpgz4bYeDmSY8sNZQm3LpfcO9E7Cr\nZjtQsMs1VNhzHAhsh/HojtrSg3t6ouRNKWqx0tfBxrSLuBXeXsVrBy9kQY7W0bG4\n2DvclOy5x4AT8OQmETUeW7ARAp9G798nAds2a2Djyh7pPhTSTb4r6YnEmSCyci07\nmgLdrsKwetgiKVw+0+7bMRt2b1s2vB9Jdtpz6O/Ik6lIxi08PY+iZFSs1tkFWV2V\nFZIAmvVtYecvGWM4m3BCswus5JiemzNLDDxmGz73fDFxjYUAQRZp9K3WJLUuWM/V\nGzGBzUTPrLP5i1UxObR+5FJG/BnfHitN0v+HwiTUeM9PoPoezMgZ+1lGYQ8INMnw\n/e95JpVX0nTGXy3Rnllzt41JqJXr1yBRNUZQP5ZsVyVC5XKa6WXRUSeCg7g7PuyP\nDvEDk+73voneXqMDYRdlPKDEnEzIk07DxhAgeXyP6DZtVRcD0fYi0sghpLcga9Xm\nYDG8Yuzi6Vp6bzOvx9yWMBfz3CjYmHWj1nZUpQQl4wehhq1hngQyvHACJreLmgI6\nL8bHqEHv7KC5uMrsrL1yDcoXZNESoT5ox7UedfQ0pZTxyH0gX/9AG7f1D33zPesn\nwQnT88oTFNjU+7wy8OXJ1yvsC1/vh2vUhWOuBDNYG+0/ZF3XirpxB/KbYA0QRw42\nvJ9Re94QKbz2+VfWgOOXOoC4T8IToAcaRPysltsysbaYb6q6uGQTT9IaQdw8WQHm\nTDFpnD0pBNewamEiiXiYCOWsIpFAiahFT/hq7J3t0gPl0yrvhs38Xwvj+YGY+wm+\nknQ1+n6PLUa+qsHXd6mNXq+wN/y4s0kYh/xTMtSiC7Z9Ak+CtW36dQBkFsB5GdNz\nq6moG1f8M11FHDhkuZS+Nqj65+B77kvEYRY4A6sPx1wPt6A+X2p5TrweFlZLpno6\nXBCZzB4Vmg0qhPT5WnXi9uu7JA/jsdEcWbYKqAS28tIfsc+eCzHKEOVxe6NwErVv\ndME/p8tERt57bpCHjZr9hHJXPIYDF2o4hGz/tgI9fNxwKhZ7TbkwVphBI9TF77fn\nr1YiPN8uU7NbQ/n7aPC5wdsmxD6OmkFt0xnrXBM8F9KzSFSbR4xZm0lnDNSlnZlo\nwL3/0m9hppk9QHjAoUWdehejSFcfCKR5iyZAC+LCLyp9+lN4t41JtpTAIt/n04Io\nYsZBXNfGc9zp2TdelguVtcg5RzvEiPiasslyzmOqKz1AW+P8sUO4ZmoCip1yfofq\nT6Af2UOsm+lVT1Q4I71dCZ+RLsUrrvdYHugRD1/LXV4poIc/gUdwWGsj7X/l4DIg\nFyvoKCGZ0GNUlsjjYyBcHvL4h9d6ydRKflhe3SQ7c4wc78QqkMwZx6w8rO8kZlqp\nKO/Q182dVR7kE4GJhNXWi2MZ6bZEW0UtYsPkmGNgo6lnGrTNY5eaK+g3xg51fQ28\ngUOtjces4O/Svjr4bl1YBS3+kmvwNEjNz9WVNqIeHtYsZpCKvYEQljH8HjSc8Zgd\neH4ZnaBba3ZYCDxSMml7igBxXbtGrkHXZNuYoS8o9KGpJQAYKOdGuGGYjbhr4yA6\nzDCWTfl/IJppHXDvdIabAcg8kO8ftKVq0nspLmXsn8QuhLUbMSNdShKinkqAT5Fk\nRYW55nYQovcl1t+dX/ykBmMqQuI563QPZW/OpEAZmsKSj+IVYlm2ux7mJzEhXsmD\nI65e0TUn0+VpgEIDlxWh4/a38s9h3xC70DM+MiIdKRFHRGoFuvDqXoCsL3sEWXVP\n65eZY2HH3939ncADCDbs+fZE3+A0EBGY0WqIIqMXkT3quRNTmbGQA4Px27Xlq3oF\nXTgz4x49z5sRcWXcKir689Wpe5S95zEume0JGfhTMWnzsWEW/DV6xA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-IndtBQRhX6EqiInCx' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-IndtBQRhX6EqiInCx', '--output', '/tmp/tmp3o9133ji.xml', '/tmp/tmp42livriw.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp42livriw.xml" output= ____________________ TestClientNonAsciiAva.test_response_3 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=8fc94ba564db1519a4ec1d9f08ba634237e8741c135d0c9627f53df77a8ce3e7urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==lyefYhHny+rKZqynN2dO/Q328oCB3dSgXNYfpxk8pagSA7FLm2aNTlOGZ0NkvSkV\nCh/ETCshFrGfS98jnJ5WnlagybOLTkz/Cu3T4PAmaVvc0KGoYJ3mWaMOGPufWXLF\nP34EO87538MDKmvQTcHxHktWD7UH8E52Jvt1nhAtXQc=yGFURNL5gaRiRiI3q/XFueqQt4deUG/MxpQP4nz1ply2n1mWST93IZUpbWKu4mrk\ncegDNXTy1CwLpDqRgQXAyUqLJKJIywjh9tMpZfkBoD+Gk9yzjM0umIKGa8Iws3HH\n7nkrTxvGPHb5/hnP0lL+l4qYd31sWd3gfNQWgptmg4wnRQDU24ffjuaEUP7K9dwI\nDjkHUKi6FnUeA0sN1NvYurt2C5+UT3lTIZ/1+MYt1cKyflbg7MV+PeqZXKN/Asge\ndwnonhEO8GV/d3QwQN2ohNFGoI1UqAs3VqUQR2moaBpt9hiCQaQzEX+RescT0RCb\n1uX4q0XHA+ecAdKzTcrmcoWmPSA6JO4VWnLUuPqccC8qlva/8EmX7SpBishRacCc\n2LwfUfUn3x3HR78WoctBh22AXRV5Vi7IgkwaBcCoqFSVDzzgnJ5xS4K/3GHh1LS9\n6rxbhsF94MNKvL5Ol/CQ6krJKA78T1T0MxYA4D2vDVuQYUogUSuJBBwOvKfH4ajR\n2waZYzZIaNk0yTUuBAZNYGHDSYb0TAm/QDB0rGhiOKdASVO1gJixKtxqVr63O+pd\nUZ4Et3t4m5ciUahCtrz7mOa4U4XWXyobfkXvhAFQFdpMpQ3xIONQ64CY01SJw6MJ\nv9dlL7j34IyBHfveagg9MsdJb0o7RjF3Pyjob9PtnV79jAuyTpLqOTS7ZlMxCmZJ\nnYAu+1CDNsr1gExMHNDlIs7A/Yuk0XDrZWojeRA3MNjN29ijoDrMoFj4vlf7QFnA\nU4Kp0YrLSiiM2/IvujYA1NIQXmHhQPeTblpPRjhfnlEwFQ+zqUwvJxZdTYm0MhX7\n7+QZxc0hOUXGKK/cA9CzzfvWse6WURiOBAhQ8mVyIjdsmqJ12xXG891e+K7xOeB9\n/sezHGssgANyQZ5kFPu/QHSGzBvgI5RZBv3j1bQUW5oztQrAVQVykOUYo1KEokqp\nLkxkhF+mPYhQSjWlU8bHNFHjk7ZwWHjqY40aoPOWSEvmBaoCXqVUejp+uFYsBk1M\ncXnmzOkaoTE1e1jo79sYZbYP9Ekk+0Xi/sGu+r4mcI7DeDfK2wxtIBzq5+zsQYye\nGEdLuVkbBUEsXaofkHi3nOr14P6aJ6eaZBMONzoIOs5CT8Hrn0Y1oNO6Z6LvwNXV\nEX0IdaoesWkOw7X6gpzrQnsvBFfL0xed/q4n+LOA78GHGnMu4wLvBwkMWMF0qo+c\nRibBdf5K2j7hEJoncZg1HxPuYVXzJyIHJW2M8HJDKxA4qS2TYzPtsqBaR69amIB2\nxFGEMkXaTPSNFoIGlxisd1kW3zffFuwwUGv2CdnYisEOEiF7QRouqwwlCj9Y2QEV\n5SlfqVsrNeBgNcHozLzRIy9GPMFXMEYyN1aQ6tYpPtCgoUtRXzCeiD/3LuDqMkKm\nPe2JpMQIxB0vGkpZMOjjTkCzvo7aAqrn8Nu+cSkt0lsZ0qozD/Z03nNLK4ey+YND\nwAlWj9T+gTW6qa3DTMGwKIjwHS/SSTmcblTMfK7bhKSsl4z81KCeTZoEmA01ZuqM\n+zrqJeRWQR+nwDx3cDVgZdKrW18Afg9yhZg67yOHYYK9OWrQmYozHB0/kcq2nlyl\nBlxNZOZWYTJSpXLdy7dmGG7JeQBv0FU5wP9UoELGO+/PaBCan2f1vALd8M0AZNwU\noL/P6IX2HN+XSccYKCsikz4FWVKf8kCvqw8sFlYduNuyIhY0D9/9pUDvUs/a9HId\n9ik5elTvkl+0rFMjG7S/plYAGEUh/NMX/gEWzzps8QFreHmod8SrK0zDgIJ9+OGL\nBASdBbEDVW9IKQ705r9e73da6/8lrUqs7Zn145K78uaGda3xgOTgnvHKfGgxPTj0\nl8fehv1ZBY8GB8LT+JwPZJp8hTVarWph6cqReqXEVuy3djrvFEF1u6l+GvFYGqB8\nC0cgXRcQ1f5JxuNLN+RvKZnOHEpf2AccqOs9UzYYDdOVSNXWy5/PHpr8xTa/drFp\nXOPm3QHQwqoP50HpJlCk20wi1Wdpy2HdrY3+9Obqlkq1PWqliQ57lQ9ePUKGd0cl\nv/M4ROFgnpuqUkOollazeTq+KwLXbBPL9PIc2P8YGrGVeRo98QGVRXjEtoadVs3p\n5w5rHB5xKjZr2p2UjVTS/5BX2+4qpaoOwF16OauNaw0fMRr5hBWpU/aIHQ+4GU+Y\nFO1uwXTG1pdbAqtkeMK030SGyixlGvwtFLM9Wnm/NdUSStnADkzcIrm4/Kha992L\nnSlDTelzHtDiH5zs0o9gS7B1Qv7b5GWGeI26MdqGWl1qcUNEKYosJgC6c0CsB0H0\n197Qn7dyMkv138KensBaqgYJxHpTvuLV+6Zy4/4uAKcpiighio2qZ/nazZ9MEFWG\ntjAQdGB2Ycb4HTUZX9BP9YgVM93Ml+qXpGFPwSueRqxYNRmKKeNnxw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-UTmCE9sCFHp3KY7r9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmplzjz8j7d.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmplzjz8j7d.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_3(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:2181: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=8fc94ba564db1519a4ec1d9f08ba634237e8741c135d0c9627f53df77a8ce3e7urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==lyefYhHny+rKZqynN2dO/Q328oCB3dSgXNYfpxk8pagSA7FLm2aNTlOGZ0NkvSkV\nCh/ETCshFrGfS98jnJ5WnlagybOLTkz/Cu3T4PAmaVvc0KGoYJ3mWaMOGPufWXLF\nP34EO87538MDKmvQTcHxHktWD7UH8E52Jvt1nhAtXQc=yGFURNL5gaRiRiI3q/XFueqQt4deUG/MxpQP4nz1ply2n1mWST93IZUpbWKu4mrk\ncegDNXTy1CwLpDqRgQXAyUqLJKJIywjh9tMpZfkBoD+Gk9yzjM0umIKGa8Iws3HH\n7nkrTxvGPHb5/hnP0lL+l4qYd31sWd3gfNQWgptmg4wnRQDU24ffjuaEUP7K9dwI\nDjkHUKi6FnUeA0sN1NvYurt2C5+UT3lTIZ/1+MYt1cKyflbg7MV+PeqZXKN/Asge\ndwnonhEO8GV/d3QwQN2ohNFGoI1UqAs3VqUQR2moaBpt9hiCQaQzEX+RescT0RCb\n1uX4q0XHA+ecAdKzTcrmcoWmPSA6JO4VWnLUuPqccC8qlva/8EmX7SpBishRacCc\n2LwfUfUn3x3HR78WoctBh22AXRV5Vi7IgkwaBcCoqFSVDzzgnJ5xS4K/3GHh1LS9\n6rxbhsF94MNKvL5Ol/CQ6krJKA78T1T0MxYA4D2vDVuQYUogUSuJBBwOvKfH4ajR\n2waZYzZIaNk0yTUuBAZNYGHDSYb0TAm/QDB0rGhiOKdASVO1gJixKtxqVr63O+pd\nUZ4Et3t4m5ciUahCtrz7mOa4U4XWXyobfkXvhAFQFdpMpQ3xIONQ64CY01SJw6MJ\nv9dlL7j34IyBHfveagg9MsdJb0o7RjF3Pyjob9PtnV79jAuyTpLqOTS7ZlMxCmZJ\nnYAu+1CDNsr1gExMHNDlIs7A/Yuk0XDrZWojeRA3MNjN29ijoDrMoFj4vlf7QFnA\nU4Kp0YrLSiiM2/IvujYA1NIQXmHhQPeTblpPRjhfnlEwFQ+zqUwvJxZdTYm0MhX7\n7+QZxc0hOUXGKK/cA9CzzfvWse6WURiOBAhQ8mVyIjdsmqJ12xXG891e+K7xOeB9\n/sezHGssgANyQZ5kFPu/QHSGzBvgI5RZBv3j1bQUW5oztQrAVQVykOUYo1KEokqp\nLkxkhF+mPYhQSjWlU8bHNFHjk7ZwWHjqY40aoPOWSEvmBaoCXqVUejp+uFYsBk1M\ncXnmzOkaoTE1e1jo79sYZbYP9Ekk+0Xi/sGu+r4mcI7DeDfK2wxtIBzq5+zsQYye\nGEdLuVkbBUEsXaofkHi3nOr14P6aJ6eaZBMONzoIOs5CT8Hrn0Y1oNO6Z6LvwNXV\nEX0IdaoesWkOw7X6gpzrQnsvBFfL0xed/q4n+LOA78GHGnMu4wLvBwkMWMF0qo+c\nRibBdf5K2j7hEJoncZg1HxPuYVXzJyIHJW2M8HJDKxA4qS2TYzPtsqBaR69amIB2\nxFGEMkXaTPSNFoIGlxisd1kW3zffFuwwUGv2CdnYisEOEiF7QRouqwwlCj9Y2QEV\n5SlfqVsrNeBgNcHozLzRIy9GPMFXMEYyN1aQ6tYpPtCgoUtRXzCeiD/3LuDqMkKm\nPe2JpMQIxB0vGkpZMOjjTkCzvo7aAqrn8Nu+cSkt0lsZ0qozD/Z03nNLK4ey+YND\nwAlWj9T+gTW6qa3DTMGwKIjwHS/SSTmcblTMfK7bhKSsl4z81KCeTZoEmA01ZuqM\n+zrqJeRWQR+nwDx3cDVgZdKrW18Afg9yhZg67yOHYYK9OWrQmYozHB0/kcq2nlyl\nBlxNZOZWYTJSpXLdy7dmGG7JeQBv0FU5wP9UoELGO+/PaBCan2f1vALd8M0AZNwU\noL/P6IX2HN+XSccYKCsikz4FWVKf8kCvqw8sFlYduNuyIhY0D9/9pUDvUs/a9HId\n9ik5elTvkl+0rFMjG7S/plYAGEUh/NMX/gEWzzps8QFreHmod8SrK0zDgIJ9+OGL\nBASdBbEDVW9IKQ705r9e73da6/8lrUqs7Zn145K78uaGda3xgOTgnvHKfGgxPTj0\nl8fehv1ZBY8GB8LT+JwPZJp8hTVarWph6cqReqXEVuy3djrvFEF1u6l+GvFYGqB8\nC0cgXRcQ1f5JxuNLN+RvKZnOHEpf2AccqOs9UzYYDdOVSNXWy5/PHpr8xTa/drFp\nXOPm3QHQwqoP50HpJlCk20wi1Wdpy2HdrY3+9Obqlkq1PWqliQ57lQ9ePUKGd0cl\nv/M4ROFgnpuqUkOollazeTq+KwLXbBPL9PIc2P8YGrGVeRo98QGVRXjEtoadVs3p\n5w5rHB5xKjZr2p2UjVTS/5BX2+4qpaoOwF16OauNaw0fMRr5hBWpU/aIHQ+4GU+Y\nFO1uwXTG1pdbAqtkeMK030SGyixlGvwtFLM9Wnm/NdUSStnADkzcIrm4/Kha992L\nnSlDTelzHtDiH5zs0o9gS7B1Qv7b5GWGeI26MdqGWl1qcUNEKYosJgC6c0CsB0H0\n197Qn7dyMkv138KensBaqgYJxHpTvuLV+6Zy4/4uAKcpiighio2qZ/nazZ9MEFWG\ntjAQdGB2Ycb4HTUZX9BP9YgVM93Ml+qXpGFPwSueRqxYNRmKKeNnxw==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-UTmCE9sCFHp3KY7r9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-UTmCE9sCFHp3KY7r9', '--output', '/tmp/tmpj4uxocs3.xml', '/tmp/tmplzjz8j7d.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmplzjz8j7d.xml" output= ____________________ TestClientNonAsciiAva.test_response_4 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=83e3a9eabdfa9b5992154d78a08ae55827448ba05745ec70adf4dcba5f16c205urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==xb9tIcq2CC3JgGnEIZVySyM+bt5Yht9Ud1WxlGV//oBLspZO5J3DabWmBWnNpkdZ\nW69Ex643K9vv1O2j6w+12HR0lKXRsvtIJh4PafxJrLA5bhYKSHr+DCE4ZuoIquzV\ncbCuL79gJsq+hV0qbdlP/u9oSugx1Ft3aFuICzKMGkY=P+Vqctjz/d3xeuFmt45vYKSpD6t5oe5uttR8qOOL3X+8H8AGCCQyPZqXi7wD+6rt\nlvl/aeOHAb/QgzhpBFuS/huVqAhy5HrF6ODWEGczWyEibCa9i5eWU7c2qK9ssZA5\nGVU5io7CVW5Orj+e6Leipo4ATO2gv3Xzvn3PTuOmjLWH8OdL4ElbOYLIWAVWoFmr\nIHLvL0HIqqNhoEcs0A4a+Iu+0fU83pqA58fvEuycvjv3mn+9mrtrfCMEDNP7T34/\npxLQRUfHJbPTg27woFiqQE4pyyzFiBDxOHCIpS1EPcvRuDH3TgELWv6aWDtxCosh\nuZmzDNoAvXGbOfUppeHKJi4EuAyUguflqxVn/cey/q3yfy1kSP298Fpiz1PrRTfw\njahpLO2bjVkOETzrW5vyvuvhzY/KKbpdc786Ffsvgj2Wau3xuxPR6X+2jJJT+lPh\n0SblTuvIEChSSmxPy2aIgLnL3Hu+ZBNactMOhpUEqaL15YUBGXF9H7g1Nv0AEFWL\n2n1gKM6odutaE8gj+iHdBBd8BYeejKXJpgDSgb4Od/g/l/i0YVGhFasiPDsDK4Zw\nIud4khv9fgJNRbWAvTGLu+TQA7A56UUgX20EiEBg1ZSuGtRZp+gqJm0iGio3rf1d\noHXrYMaoWnDBgfKFrb2PQguHT7vMldvdaxK9xiQgI63wad1NUmfwahZUjcHgt3qQ\ns9FviBT/uQmnCq9076m+P3eo8mv3Ol6qGuv1JMeIUpyP+wmkWjBcX1PGZckxzrOR\nhGQhrzGdOSLTMgXGr4pmjsv4YdMkb7lR7Hpx13aMxSejL2yV+YkHGgJzyRM8TB4n\nkvDytXiqwsrm7ZedVVVeAMfh8MN4VwZ+e0zH2ok/p9KSVRFulR1MaCiqfXBIXeo0\nkSnV3yj3M7nTtbdQjcR97OrXI+n6kw/GNJEFNRORTQWBX34gY2zsu2Hb8qLf3ClD\nmLOZJGImIT/uEYLhrTqvS+kyBxZDJ8Y6GzFqbj/SMAR5GyyXtjjEN5GptCtkEutg\nvtn2Nx+T1/PX6o0aOZWPDBj79dT2y5uDYXxStEP+hLi32y6ucDegzj97OBkIFnf1\nZR2gDM3m6JEiZExMvTmGlFA0H8L+MsASDxGQHdfBPTuGdoIZvO2MgmWlju+fsroa\nO3S7j33S/jAXXiiAFsLL3fxGqwLe04trdra/n6dmFxK+Mcfjn8e0OYzhoomcpspO\njA+gGnrHr9y8fzpaxnp45Q40nEOzovOxEABYO/3tXzinNcGyNEHdHXpJMkKvfxxZ\noK2jXQiwQMij65lZnNTVPmxx43eJqkkJJgqngIm6ucKrztdtqAKwzndvuaxJOrZj\nHM9k7Fzv6YaZZOe1NoEFCORD9YkSChQcRAcDbSASGLr73zfPmrTfucRhXsbDBcm7\n3Dp0VcSZwUX5dFNK/M3geCzrFvAGFBu4D/EIbf1lYoFGMFBg+Di3jaaHvMiHh/4G\nu6an0y36qGMUfmkiXvwPeXE4x7VZIAHRcAlLB2iSmgf5ATuppdbuq6wYeSXVs4zs\nQPa8riBPgf0mtqhgR4+FJgwVQSKJ9mesoSCSRYaQsSR81wPsUFwVP4Yq8dp9kwEU\nfEDaKAqtaAzc2kEsju78mU/hXUEk0vSBbq4SuNOuh10YFT7C0Cm/SwuN6QxrI5ZO\nfU57MPAdfoTshD0uU88iPzi2n6/pLL1D3jxOcUidBYVHthbgMKOH5r2oxfFB8fx9\nXlyR9TeH9x9rTSgC2EAK/l6OWYFDEotrhbNBiaBpsRrAp/emBrIDPozH/FbVTvOh\nwMdiVq3CN2+qMrOjvHa+ghxSNIvT71cFbQMce4HL9I9anVuDtX/xih+QrTI6JS+z\nlBaQNcnkp78fHifHBSGWlwLFaJRCvIzjmWXwMNRgFV3VK2QxApcwBK4wo59djXtl\ny2B4xRpqace2nMN/BVTDwG/1YgnurnCW6W5yqzQPWJiQJ+5bIcTnKyrWwtbiTNtM\nwY6VmM7f81VUIBBIhSqhMWqKvuHDNhP/qUpk6mx2QOHuGcWehHxPz2jUyyGJrM5L\np/52eQrEGNVdWlp4ISWIiYFYlomj4rGbBEdXNjulmbqg3n96tzN4O7ZKMHEJnOEH\nzzs9aFzEF/XCREHwwNZIZ7d1+zRk09c8HHZSYpJZW7QhdKiluM1W/E0cR9NeR3Sb\nr0IEcfsuDN1KMfiNjnSHDIldP2DEi/VLC+Aa2UEJkalN/JZJzOlX8ECWU6i+TDr1\nXvxlGsROhMcqGhw2jGVToIyc8rlgdBQwLPHF2QTpf2h58WsJQwT8CGUopIZK/lX3\nk7wlLEHEBwOU8SPYFQWD++Xz4qBvwSMFf+Bm5Ctffv/rdwdpwMVPSfsKcM1XsJji\nBlsaZAH1Xr0inH2u/Oh50LMIVoamh10odeSIIi9MQhhwSkEmbZS1pA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-IWxSXXfvOaR7agBtr' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpd0bxxivd.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpd0bxxivd.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_4(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:2215: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=83e3a9eabdfa9b5992154d78a08ae55827448ba05745ec70adf4dcba5f16c205urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==xb9tIcq2CC3JgGnEIZVySyM+bt5Yht9Ud1WxlGV//oBLspZO5J3DabWmBWnNpkdZ\nW69Ex643K9vv1O2j6w+12HR0lKXRsvtIJh4PafxJrLA5bhYKSHr+DCE4ZuoIquzV\ncbCuL79gJsq+hV0qbdlP/u9oSugx1Ft3aFuICzKMGkY=P+Vqctjz/d3xeuFmt45vYKSpD6t5oe5uttR8qOOL3X+8H8AGCCQyPZqXi7wD+6rt\nlvl/aeOHAb/QgzhpBFuS/huVqAhy5HrF6ODWEGczWyEibCa9i5eWU7c2qK9ssZA5\nGVU5io7CVW5Orj+e6Leipo4ATO2gv3Xzvn3PTuOmjLWH8OdL4ElbOYLIWAVWoFmr\nIHLvL0HIqqNhoEcs0A4a+Iu+0fU83pqA58fvEuycvjv3mn+9mrtrfCMEDNP7T34/\npxLQRUfHJbPTg27woFiqQE4pyyzFiBDxOHCIpS1EPcvRuDH3TgELWv6aWDtxCosh\nuZmzDNoAvXGbOfUppeHKJi4EuAyUguflqxVn/cey/q3yfy1kSP298Fpiz1PrRTfw\njahpLO2bjVkOETzrW5vyvuvhzY/KKbpdc786Ffsvgj2Wau3xuxPR6X+2jJJT+lPh\n0SblTuvIEChSSmxPy2aIgLnL3Hu+ZBNactMOhpUEqaL15YUBGXF9H7g1Nv0AEFWL\n2n1gKM6odutaE8gj+iHdBBd8BYeejKXJpgDSgb4Od/g/l/i0YVGhFasiPDsDK4Zw\nIud4khv9fgJNRbWAvTGLu+TQA7A56UUgX20EiEBg1ZSuGtRZp+gqJm0iGio3rf1d\noHXrYMaoWnDBgfKFrb2PQguHT7vMldvdaxK9xiQgI63wad1NUmfwahZUjcHgt3qQ\ns9FviBT/uQmnCq9076m+P3eo8mv3Ol6qGuv1JMeIUpyP+wmkWjBcX1PGZckxzrOR\nhGQhrzGdOSLTMgXGr4pmjsv4YdMkb7lR7Hpx13aMxSejL2yV+YkHGgJzyRM8TB4n\nkvDytXiqwsrm7ZedVVVeAMfh8MN4VwZ+e0zH2ok/p9KSVRFulR1MaCiqfXBIXeo0\nkSnV3yj3M7nTtbdQjcR97OrXI+n6kw/GNJEFNRORTQWBX34gY2zsu2Hb8qLf3ClD\nmLOZJGImIT/uEYLhrTqvS+kyBxZDJ8Y6GzFqbj/SMAR5GyyXtjjEN5GptCtkEutg\nvtn2Nx+T1/PX6o0aOZWPDBj79dT2y5uDYXxStEP+hLi32y6ucDegzj97OBkIFnf1\nZR2gDM3m6JEiZExMvTmGlFA0H8L+MsASDxGQHdfBPTuGdoIZvO2MgmWlju+fsroa\nO3S7j33S/jAXXiiAFsLL3fxGqwLe04trdra/n6dmFxK+Mcfjn8e0OYzhoomcpspO\njA+gGnrHr9y8fzpaxnp45Q40nEOzovOxEABYO/3tXzinNcGyNEHdHXpJMkKvfxxZ\noK2jXQiwQMij65lZnNTVPmxx43eJqkkJJgqngIm6ucKrztdtqAKwzndvuaxJOrZj\nHM9k7Fzv6YaZZOe1NoEFCORD9YkSChQcRAcDbSASGLr73zfPmrTfucRhXsbDBcm7\n3Dp0VcSZwUX5dFNK/M3geCzrFvAGFBu4D/EIbf1lYoFGMFBg+Di3jaaHvMiHh/4G\nu6an0y36qGMUfmkiXvwPeXE4x7VZIAHRcAlLB2iSmgf5ATuppdbuq6wYeSXVs4zs\nQPa8riBPgf0mtqhgR4+FJgwVQSKJ9mesoSCSRYaQsSR81wPsUFwVP4Yq8dp9kwEU\nfEDaKAqtaAzc2kEsju78mU/hXUEk0vSBbq4SuNOuh10YFT7C0Cm/SwuN6QxrI5ZO\nfU57MPAdfoTshD0uU88iPzi2n6/pLL1D3jxOcUidBYVHthbgMKOH5r2oxfFB8fx9\nXlyR9TeH9x9rTSgC2EAK/l6OWYFDEotrhbNBiaBpsRrAp/emBrIDPozH/FbVTvOh\nwMdiVq3CN2+qMrOjvHa+ghxSNIvT71cFbQMce4HL9I9anVuDtX/xih+QrTI6JS+z\nlBaQNcnkp78fHifHBSGWlwLFaJRCvIzjmWXwMNRgFV3VK2QxApcwBK4wo59djXtl\ny2B4xRpqace2nMN/BVTDwG/1YgnurnCW6W5yqzQPWJiQJ+5bIcTnKyrWwtbiTNtM\nwY6VmM7f81VUIBBIhSqhMWqKvuHDNhP/qUpk6mx2QOHuGcWehHxPz2jUyyGJrM5L\np/52eQrEGNVdWlp4ISWIiYFYlomj4rGbBEdXNjulmbqg3n96tzN4O7ZKMHEJnOEH\nzzs9aFzEF/XCREHwwNZIZ7d1+zRk09c8HHZSYpJZW7QhdKiluM1W/E0cR9NeR3Sb\nr0IEcfsuDN1KMfiNjnSHDIldP2DEi/VLC+Aa2UEJkalN/JZJzOlX8ECWU6i+TDr1\nXvxlGsROhMcqGhw2jGVToIyc8rlgdBQwLPHF2QTpf2h58WsJQwT8CGUopIZK/lX3\nk7wlLEHEBwOU8SPYFQWD++Xz4qBvwSMFf+Bm5Ctffv/rdwdpwMVPSfsKcM1XsJji\nBlsaZAH1Xr0inH2u/Oh50LMIVoamh10odeSIIi9MQhhwSkEmbZS1pA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-IWxSXXfvOaR7agBtr' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-IWxSXXfvOaR7agBtr', '--output', '/tmp/tmp4jpw2k9h.xml', '/tmp/tmpd0bxxivd.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpd0bxxivd.xml" output= ____________________ TestClientNonAsciiAva.test_response_5 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=c2d82781a0698ab018bd756cada1f5d7dbd978bc0c444529ee34f6e139001ab1urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==SePkUxhxb8j2m4KfG8+W/oM1hWMWYjNlT6n2IFqmFkXyeSffzBGEYv7cWf9dJ68/\nVK6rZ22SbKYdsO9zD6zy6EavAxZfXQ5/Oq7JQQAJy/EA4TlbAA+O5Zz0tWrJ7WcI\nWnvPLq3apo9/wmlOwHuqiKZlObx6eK7OSK2vRGEL3Sg=TVFo6psH1maAx/HO2hXmU2ysEf+8xFubZEcE6vWpn3FTSwd6SqEo/TTj1GQTlT26\nxH8GkVdX9ciXquDq8pYIhFamKw7dS97cXemwXB3AokgFPdp+l1FcYjB9j9fiAyuM\noxGMqU8m7uNqAFY6n5c+q0LgOIowtpfm7yK7OoydMjthpcdqTN8/h8Nxtrl48BEV\nJHQ71iVks5NfLmskoDNbsWhkXsCVndUa+q7dLhRw01Xxnv6x2U9NyEuz1oVJ9MWV\naxIG9FfewUzVBJ5mE1EIDdiKXjG2NzTaM2HkpRNmsH2REkBGUF17ZD7w7g5T55lF\nyAiLSK42Kcl2CuFpMUMUTFnVW2ZJuJNgX9MCBjyYUQov2xHWKsgppvp4VrJ8P+Ns\nBA9UziLyTYl/U/YxWIc+/LoZ2avtdAipfj0zgi6bu7FO1HFyHdCx32UR2Vy6ous7\nteh6Q6reASeBQjaaUGzBlfljY3dpB7jYPfYgxx6/jNFxwQ/3Xw6Vu/4bSM+p3Fps\numrk247inmvf75GWd17vMIwXti2ZGbmOMQPilU63L8M34XMvIxKc9H8Ax13B9r1k\nQfWRlFPM+8fNkxriWzL76LEfXj6MWy+0GUyCQLRxPYfZq5BVC6caNE+bmrbN21SX\nC3iM3MWB0LU7WPRTN8D5kGvf+PdnCpjTmIEyOW/H2OHNzk9qzYbRfi3iXfLWyrsI\n2So5mnjo27znvSpkF+LplPVxrCh/aLHCevZaiavMxWmpPgR2wAzDYj1ili9mVMG0\nd+wRnS6jdOR/RKwJdaBrh9Y/7/o7l2qLIk1xFYB5VPv1pOXy4WwdXaG2Qf0Vbfwy\nH7nLjTedDkZo1ZQDJK6vT9kWazLdLQUGlQONGGM8BEFaGQ5uJAxugwDWhyyGD3jo\nvY634rxh7L2+VbmVlAWIzdjcFQrA4rWYnOrNTZEOLgVPUnDJtfQoT+3O29Ieep50\n05YuyG0giFikLgmt2pPsYHxOt3E/kY8mgcF1ckmkq6EpEfxsX3ACLapOIyHQxxEv\nHYLXu1hjSl7ddSi6YO8HAw4qhA6so7tJXYKH82n/G5frsKdoLIPagNevHfPndIIs\nLlK9plG6fm1Zfs7NQQlCf/HA69xZZ9JKQZGEg7YuPA9KUGecI0KoZvdpW3ND0Qqj\nfmWxcFMkXmGhZxkhalWhJLq5Toq8Hcp4RYek4nPX2AmwU+B3+6pgclTk6rppjNXE\nawnNUfx9/kaGeKmdCIJERahY1qKarjkvlvsv/XVKPqvbKpnhFpSmM7AMnXdxjB9P\nUaqoLlXoEMKKGLpdlHLdfyxFfmxyZFaekGus6Z37eq7LedgEpZYhudbQ2VCruDEA\n3k+jXGz/df+5vAr+wS0vMraf4wIYd7utvIqV3FgIe32KaxgvyblrreTHoLRYuA+u\nD65RHu36on3KWlfIxnPcSre1v/cumVeXlwRPEWJRnBZpr9Kh5/NetwCsim6DfxMn\nPvQo4v3d66zZYZZhnl+55j0tbEByWthYXBDg4fsIZkBkgawjn4sCnR1CeH7tY9WS\nsdSKj5YOSS+Q3UFp4lEtNXFoU37Ux6qQmIJHh0UqGBRHs8ZaelKDhx7SeWGwgExd\nVJBUeEd5mFaSqaGDG7yMnKHPQR6FpvSUA/RZf0sRxD/6uRFOQv8Qp5ZaeFgfyc0g\np+rBSqpuNqJo+jO6mdNYIx0Ccm/ReMV/IvjJy5he7KeUkJfawvXYFoPDtDS+/VON\ntNAF+KYNDPFF/O8E1MHSZWtkwk0KwVNdgAFPVt4Tfb4bw/uZ9MTdfjFP8Klimpws\nemPHlNMJK8s8ECvnYQyBeMQfz/NWXqXkZtAKxkaTsBHtwQe924sNcQDTp59O6Bd1\nTFiDp100dfQ5T+j+8CJvDFnyKDlFd2RT3MMZwF7X4u+w5Pg4EpwCQYE4IUBR//cy\ncVwM2M1579qw1LR+ojbGMbqNA+ZE5Ggpr8rBwFw5pTV6Lj+8/xcXNp/f96xE4lLQ\nurOzveoFdPq2HDdaPHlMljNQvOPtYe+f147atCsyCnQDJgP/vgTUWU8gt4B38fu7\nQ3i+dU8OhkVOs7Ig18VybkI+HD66fsSwiEmODu3IwW3LOhpez0hrgzEkL8fbShrM\nUqQdylI/MKKnm0sJJhzhBnLWtnx6hfLNP2vUb1ZqN/kLyYGAjLjl/ms3by8j6gNy\nqeXe5OFh4dN5EQb6hnoNRmIKyi7qi/Tle7oD09dUtt5GrX/A1TPQG2to+BOJy99t\nCPOrbVIhRZ1fETUaKnJMygYjJal4dQoJe6CxpoXdQG4KXRA4nK18/YJj2EQ/FY/i\nB2ew1qs+iDB3iuddbO7vrM18pyOgHMs82Q7idN/EqEQn21xySHC2FdM8qTMjWwzt\nawcwQFkIjt/hwp+O4df5aTlxLySpJ1o9YwNilJau/7rRhp1QIp7L9Q==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-M8J47CQf18wucfbTR' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpcwlzmif7.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpcwlzmif7.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_5(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:2253: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=c2d82781a0698ab018bd756cada1f5d7dbd978bc0c444529ee34f6e139001ab1urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==SePkUxhxb8j2m4KfG8+W/oM1hWMWYjNlT6n2IFqmFkXyeSffzBGEYv7cWf9dJ68/\nVK6rZ22SbKYdsO9zD6zy6EavAxZfXQ5/Oq7JQQAJy/EA4TlbAA+O5Zz0tWrJ7WcI\nWnvPLq3apo9/wmlOwHuqiKZlObx6eK7OSK2vRGEL3Sg=TVFo6psH1maAx/HO2hXmU2ysEf+8xFubZEcE6vWpn3FTSwd6SqEo/TTj1GQTlT26\nxH8GkVdX9ciXquDq8pYIhFamKw7dS97cXemwXB3AokgFPdp+l1FcYjB9j9fiAyuM\noxGMqU8m7uNqAFY6n5c+q0LgOIowtpfm7yK7OoydMjthpcdqTN8/h8Nxtrl48BEV\nJHQ71iVks5NfLmskoDNbsWhkXsCVndUa+q7dLhRw01Xxnv6x2U9NyEuz1oVJ9MWV\naxIG9FfewUzVBJ5mE1EIDdiKXjG2NzTaM2HkpRNmsH2REkBGUF17ZD7w7g5T55lF\nyAiLSK42Kcl2CuFpMUMUTFnVW2ZJuJNgX9MCBjyYUQov2xHWKsgppvp4VrJ8P+Ns\nBA9UziLyTYl/U/YxWIc+/LoZ2avtdAipfj0zgi6bu7FO1HFyHdCx32UR2Vy6ous7\nteh6Q6reASeBQjaaUGzBlfljY3dpB7jYPfYgxx6/jNFxwQ/3Xw6Vu/4bSM+p3Fps\numrk247inmvf75GWd17vMIwXti2ZGbmOMQPilU63L8M34XMvIxKc9H8Ax13B9r1k\nQfWRlFPM+8fNkxriWzL76LEfXj6MWy+0GUyCQLRxPYfZq5BVC6caNE+bmrbN21SX\nC3iM3MWB0LU7WPRTN8D5kGvf+PdnCpjTmIEyOW/H2OHNzk9qzYbRfi3iXfLWyrsI\n2So5mnjo27znvSpkF+LplPVxrCh/aLHCevZaiavMxWmpPgR2wAzDYj1ili9mVMG0\nd+wRnS6jdOR/RKwJdaBrh9Y/7/o7l2qLIk1xFYB5VPv1pOXy4WwdXaG2Qf0Vbfwy\nH7nLjTedDkZo1ZQDJK6vT9kWazLdLQUGlQONGGM8BEFaGQ5uJAxugwDWhyyGD3jo\nvY634rxh7L2+VbmVlAWIzdjcFQrA4rWYnOrNTZEOLgVPUnDJtfQoT+3O29Ieep50\n05YuyG0giFikLgmt2pPsYHxOt3E/kY8mgcF1ckmkq6EpEfxsX3ACLapOIyHQxxEv\nHYLXu1hjSl7ddSi6YO8HAw4qhA6so7tJXYKH82n/G5frsKdoLIPagNevHfPndIIs\nLlK9plG6fm1Zfs7NQQlCf/HA69xZZ9JKQZGEg7YuPA9KUGecI0KoZvdpW3ND0Qqj\nfmWxcFMkXmGhZxkhalWhJLq5Toq8Hcp4RYek4nPX2AmwU+B3+6pgclTk6rppjNXE\nawnNUfx9/kaGeKmdCIJERahY1qKarjkvlvsv/XVKPqvbKpnhFpSmM7AMnXdxjB9P\nUaqoLlXoEMKKGLpdlHLdfyxFfmxyZFaekGus6Z37eq7LedgEpZYhudbQ2VCruDEA\n3k+jXGz/df+5vAr+wS0vMraf4wIYd7utvIqV3FgIe32KaxgvyblrreTHoLRYuA+u\nD65RHu36on3KWlfIxnPcSre1v/cumVeXlwRPEWJRnBZpr9Kh5/NetwCsim6DfxMn\nPvQo4v3d66zZYZZhnl+55j0tbEByWthYXBDg4fsIZkBkgawjn4sCnR1CeH7tY9WS\nsdSKj5YOSS+Q3UFp4lEtNXFoU37Ux6qQmIJHh0UqGBRHs8ZaelKDhx7SeWGwgExd\nVJBUeEd5mFaSqaGDG7yMnKHPQR6FpvSUA/RZf0sRxD/6uRFOQv8Qp5ZaeFgfyc0g\np+rBSqpuNqJo+jO6mdNYIx0Ccm/ReMV/IvjJy5he7KeUkJfawvXYFoPDtDS+/VON\ntNAF+KYNDPFF/O8E1MHSZWtkwk0KwVNdgAFPVt4Tfb4bw/uZ9MTdfjFP8Klimpws\nemPHlNMJK8s8ECvnYQyBeMQfz/NWXqXkZtAKxkaTsBHtwQe924sNcQDTp59O6Bd1\nTFiDp100dfQ5T+j+8CJvDFnyKDlFd2RT3MMZwF7X4u+w5Pg4EpwCQYE4IUBR//cy\ncVwM2M1579qw1LR+ojbGMbqNA+ZE5Ggpr8rBwFw5pTV6Lj+8/xcXNp/f96xE4lLQ\nurOzveoFdPq2HDdaPHlMljNQvOPtYe+f147atCsyCnQDJgP/vgTUWU8gt4B38fu7\nQ3i+dU8OhkVOs7Ig18VybkI+HD66fsSwiEmODu3IwW3LOhpez0hrgzEkL8fbShrM\nUqQdylI/MKKnm0sJJhzhBnLWtnx6hfLNP2vUb1ZqN/kLyYGAjLjl/ms3by8j6gNy\nqeXe5OFh4dN5EQb6hnoNRmIKyi7qi/Tle7oD09dUtt5GrX/A1TPQG2to+BOJy99t\nCPOrbVIhRZ1fETUaKnJMygYjJal4dQoJe6CxpoXdQG4KXRA4nK18/YJj2EQ/FY/i\nB2ew1qs+iDB3iuddbO7vrM18pyOgHMs82Q7idN/EqEQn21xySHC2FdM8qTMjWwzt\nawcwQFkIjt/hwp+O4df5aTlxLySpJ1o9YwNilJau/7rRhp1QIp7L9Q==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-M8J47CQf18wucfbTR' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-M8J47CQf18wucfbTR', '--output', '/tmp/tmpp_1sw47m.xml', '/tmp/tmpcwlzmif7.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpcwlzmif7.xml" output= ____________________ TestClientNonAsciiAva.test_response_6 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=c1d70dec319e7512c588146d1394c6b74ffb8668d180bb3f1c3173db65eb5c98urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTM1WhcNMzUwNzIzMjIzOTM1WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEArYNzWECMrzoFVDX9wARmnyESJJIJ3slV1r2E0woXbfcfor5wZabjALop\nNSEBLtJCLxKTUcO0TR+alg7NkBOFCi/Rb8zCKw/W1wRDxZqHDfmusWXy4p69kYXM\nwfzZKi9nx2yZRQYK7aQiNx/Tq86k8AcNlXpVVw1DTV2rsiquGQqnMKdYu6fGb++M\nxL6Mz4J90P78xOfFYOSJLymkhQBfLcw1sO9BMj9h+AePgP5fAjAL8plEp+OCNrKz\nRxHc0ZZ7/XCHLtJpX/5p4TsCw7nlPJId35riqmmRD6p4+2yAeXN795xJKMJODoNr\ngIeBjv7gUBCesaxW1eQmCMz9uwZpBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAH7I\nPmMUHHa9HyYePYsWsPqOjyGYm7c0auUba4CqRkiH88h26wb5MUe7E0pR2Ss73pcS\nU5ppEflOeqAfEaaXKg0cTjWw/nqz9gFPPZcqdE4rrRAKvbxYWsz6tUyfxF1k7FUI\ncsQ9M3hT8bo2j3m7fBIZ972gYwrNr9towY2NQm7Sa6Ucdca7AhIXBUd+dOfQEAUzjqnosGyxNKC+dTMV+3tpGV5BmjfnLREPbB6M33cs\n3judt9EMhwUFXFMr2KAWxoEsuh0yTZJW9YoSHkwA/L3KNuUc77fPIxdtT63oEGjt\nnMWO8xzoi4+sNZ4QP5Y/jE/DwOEQFWwBsg2ju5WzPa1jfx0PRZY58sd32W6j7RvM\ncTPOnLIGpoODJF/yryMsRIWRCYQV8UK3Lja7iUskt368uX8ALVvRn2AtkFiPHeFr\nJcxwSe7i+mAsayqe3HH2cNEfgC38oD48EWLDpXj759l5aK82ScqX+8qkGw9pJ0Wp\nNu4MRFoTUctBu47nmNceLQ==T0idD5VOEq/O97FuQ7J3uPbeixON1Xf4MPCVwilvvVIj7ZQD5v7cN6aFoK/nAeP3\nRM/GPVpvu4h3EM1/pYG1vBaXy96qLDNKGBrlCI/Trifr/WroM0VaBc7aTW/TEY5K\na+WwhNC2SciG5ByJWKth2svkBXOvTvkf1RKyVBOT69rinhN4NbE/mGK9skhW9GIi\nFIvZtEbjJ+qk/XoiG2TO+K8dRp+LPtkPJ3zHSQMNh1+YaXXZw4s9Aw9fQTl1E7i3\njqomFNEPPD/4FWpTHd2p7orRxQHfA9gfMv5Oo1lBUhvY7NraN2SQp9tQA221M7qW\nNYf2bMppUm7qBhnd5EyoDBDtehyQx9iasI5xs6Cmi8K1eOjPqIz05SXYX979SIgA\naW4Gbm0UWUKQMvCeXP231o3n6O7tXA3e2WdySlr6Mmdjqj7wbTYo9/tOJlMKCtMU\nDjeX8OcZWPDQ/Lmi+9rndiHvgfNRkpIjoDVbXTV/U11gSoJ/HCMOq56/7cbQ5K66\n8bRjNjkDGX4OcayATebuZDoIHUgYa1k/+bx37j3JcvVt9Trdgm3c1z8IkSMyVife\ndFlxR8Wrrqa7gAeXABaejPxX1ZwCpLf9ElzpbsOIoOrSqokfduOWwMX/UmM9caUm\nIERWCox8XwXe+u+YRktRb6GlDxgPE720S/FABS88DQIarECiZgrukwsm/yRj2RTU\nKajMwwN5GZMmlwd1dY4JpdE2VmOp+P6mZ0r4+BZQG0AZ19T2cno3XykdtawPg3RA\nUw8y23h7koFFeOh72s6W+TTxkkrzy0iBdOkE6aY0z9NncNrHpo0VWc9CHn5AtSQq\nVgV0qUca1H6qCBisFSCFL9LSyT3Xqg1NTp2RAqh2uf0ymaMECSiO1oYikDJcrR6M\ntvqe/7sCt6s3uscdPcoTRxLRooRYfkafllph1FMMRbGfGaQ9WYUIapO27Iw6ztEV\n6Il+BzitRHelmEI94wyegAxVE4QpjJhTm9ZT6S2ve54YE72w09v4VvpMawoMyw/9\njWwICQfgEh76R1ToAlvLDv4TD85YKYyXQRex8ctEzpnPXtwrnfXk8OD9V25vw16O\nEae4ltBWO85clcOHrrdV3GIYIfMf+R6IK3k8ymUg2FlWTaPh3I75q1i167rpxQnB\nG1VaiQFoir2k2s5x3YN1vQGetNg2+zF/OO7zJMskRQiz3wr8IDFC0jqYN64qU5Vx\nBEo/TYQRxV6+Id7JtnA3N+1jfBvH3GmekaSXj5txJT0baZScSA6zjVIdW5w87eaz\nW0jZGESqa8VFxCvKOjxb6HjPijj6fvG3R1IbdyA5BlSyIu9M6TlbvWsRQVzY7aYU\nuKsLrNkledN4ifnl1AJXJa/dv2cUYx7qyIUjsH3MokJ+3x3vTKh+4TmI9bkveyQl\n/zsb+dkgdNCMuW7T1wKP8GCBR6f8LBVLm2Qf4y2E8xf6TMY3g8U78hUjPK0NRUg1\nzgK8sRHRe3X97A6M/zz9ttvi8Db+ge6UoGzliTASVMp3UnY5T4pmKbQUU08OOqhC\nb4x7LgEcsQyF3haI916qu4bKj+xNaUcsToQiPdr31BSylbgrcJj3BlS+aRRSnl6G\nrL4hzts+Hv+0IO+j/4aMsoQCyHTwWaP1SfeX0f5VUFGdUIYZdjeYA4VhRe0bUiRT\n5g7fCvYZqnROz0JGUXh4o0kOAiaLW8qjrj6VulIUjucUGW4QTCjiLqDqleszD+/P\neiowdAGe/j1qMcm5hKAqDEtbnx0AD/l0X1+3GHY7Rswd4dufc6eG1iKZT9CQyJkB\nbmnFI0gQMgnwz1m7EsY0lI93FkxxnvXeSpLQYEG/i5VKPgfxR/T0LzqfNJgy4+UB\nKLHxs3e8iraGyUg7Ah+8n7RFF+RiaBmQsDx7Cb+tX8IWgfEcCgS4j1Isuu6j7WmT\nH8UGYW2Lbi8JHJcTBn6YNaIkO6c+KDJWMPkyDIi5oB/XEcFpO3P4NFQbhRMyJ5S1\nsCWUtCtQhf6gklbNFt15jto74GBRR36WLMojzUdV/n4ENcuS2MSqfGckrMuolJGH\ng2Y2s2XW146ekkNr9xtHgjMvQgh38CeRfKzPVfDP113Yrj0u4qHI7zDMiK14QE+h\nQmGzpk4lyKFHsjdbafIXSVdNrSwEsiXSwS6YpIAvx/ck8633T5p1KGIAqXOWrlB3\nx2ELrTOyIR72oEyCve3y9o+zNDYbKHDy7dDdrMI4tUwkkZSZZa4km8Gb7nMucWbF\ngPfxLsbJcGXlEcQSS7qboDHPP/MZa9GLxAsE5EElX726VgqV73QkeSyTYdTPpnVC\nMJw+cxZvwnpG6NvmEex8cViY7FxW24+RSw3qFmz6WdNcbOBXIgKt+m/tniJvqJyZ\ncnd7ps34FFQba1ILO2UrJ5Z19VqW4f59Eubath5UTc80TzVW8Ys6rg==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-c9kKeiJVo6g7MxeEH' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpijt3yfy8.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpijt3yfy8.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_6(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_assertion_str, cert_key_assertion_str = generate_cert() cert_assertion = {"cert": cert_assertion_str, "key": cert_key_assertion_str} cert_advice_str, cert_key_advice_str = generate_cert() cert_advice = {"cert": cert_advice_str, "key": cert_key_advice_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_assertion_str, encrypt_cert_advice=cert_advice_str, ) tests/test_51_client.py:2296: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=c1d70dec319e7512c588146d1394c6b74ffb8668d180bb3f1c3173db65eb5c98urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjUw\nNzI1MjIzOTM1WhcNMzUwNzIzMjIzOTM1WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEArYNzWECMrzoFVDX9wARmnyESJJIJ3slV1r2E0woXbfcfor5wZabjALop\nNSEBLtJCLxKTUcO0TR+alg7NkBOFCi/Rb8zCKw/W1wRDxZqHDfmusWXy4p69kYXM\nwfzZKi9nx2yZRQYK7aQiNx/Tq86k8AcNlXpVVw1DTV2rsiquGQqnMKdYu6fGb++M\nxL6Mz4J90P78xOfFYOSJLymkhQBfLcw1sO9BMj9h+AePgP5fAjAL8plEp+OCNrKz\nRxHc0ZZ7/XCHLtJpX/5p4TsCw7nlPJId35riqmmRD6p4+2yAeXN795xJKMJODoNr\ngIeBjv7gUBCesaxW1eQmCMz9uwZpBQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAH7I\nPmMUHHa9HyYePYsWsPqOjyGYm7c0auUba4CqRkiH88h26wb5MUe7E0pR2Ss73pcS\nU5ppEflOeqAfEaaXKg0cTjWw/nqz9gFPPZcqdE4rrRAKvbxYWsz6tUyfxF1k7FUI\ncsQ9M3hT8bo2j3m7fBIZ972gYwrNr9towY2NQm7Sa6Ucdca7AhIXBUd+dOfQEAUzjqnosGyxNKC+dTMV+3tpGV5BmjfnLREPbB6M33cs\n3judt9EMhwUFXFMr2KAWxoEsuh0yTZJW9YoSHkwA/L3KNuUc77fPIxdtT63oEGjt\nnMWO8xzoi4+sNZ4QP5Y/jE/DwOEQFWwBsg2ju5WzPa1jfx0PRZY58sd32W6j7RvM\ncTPOnLIGpoODJF/yryMsRIWRCYQV8UK3Lja7iUskt368uX8ALVvRn2AtkFiPHeFr\nJcxwSe7i+mAsayqe3HH2cNEfgC38oD48EWLDpXj759l5aK82ScqX+8qkGw9pJ0Wp\nNu4MRFoTUctBu47nmNceLQ==T0idD5VOEq/O97FuQ7J3uPbeixON1Xf4MPCVwilvvVIj7ZQD5v7cN6aFoK/nAeP3\nRM/GPVpvu4h3EM1/pYG1vBaXy96qLDNKGBrlCI/Trifr/WroM0VaBc7aTW/TEY5K\na+WwhNC2SciG5ByJWKth2svkBXOvTvkf1RKyVBOT69rinhN4NbE/mGK9skhW9GIi\nFIvZtEbjJ+qk/XoiG2TO+K8dRp+LPtkPJ3zHSQMNh1+YaXXZw4s9Aw9fQTl1E7i3\njqomFNEPPD/4FWpTHd2p7orRxQHfA9gfMv5Oo1lBUhvY7NraN2SQp9tQA221M7qW\nNYf2bMppUm7qBhnd5EyoDBDtehyQx9iasI5xs6Cmi8K1eOjPqIz05SXYX979SIgA\naW4Gbm0UWUKQMvCeXP231o3n6O7tXA3e2WdySlr6Mmdjqj7wbTYo9/tOJlMKCtMU\nDjeX8OcZWPDQ/Lmi+9rndiHvgfNRkpIjoDVbXTV/U11gSoJ/HCMOq56/7cbQ5K66\n8bRjNjkDGX4OcayATebuZDoIHUgYa1k/+bx37j3JcvVt9Trdgm3c1z8IkSMyVife\ndFlxR8Wrrqa7gAeXABaejPxX1ZwCpLf9ElzpbsOIoOrSqokfduOWwMX/UmM9caUm\nIERWCox8XwXe+u+YRktRb6GlDxgPE720S/FABS88DQIarECiZgrukwsm/yRj2RTU\nKajMwwN5GZMmlwd1dY4JpdE2VmOp+P6mZ0r4+BZQG0AZ19T2cno3XykdtawPg3RA\nUw8y23h7koFFeOh72s6W+TTxkkrzy0iBdOkE6aY0z9NncNrHpo0VWc9CHn5AtSQq\nVgV0qUca1H6qCBisFSCFL9LSyT3Xqg1NTp2RAqh2uf0ymaMECSiO1oYikDJcrR6M\ntvqe/7sCt6s3uscdPcoTRxLRooRYfkafllph1FMMRbGfGaQ9WYUIapO27Iw6ztEV\n6Il+BzitRHelmEI94wyegAxVE4QpjJhTm9ZT6S2ve54YE72w09v4VvpMawoMyw/9\njWwICQfgEh76R1ToAlvLDv4TD85YKYyXQRex8ctEzpnPXtwrnfXk8OD9V25vw16O\nEae4ltBWO85clcOHrrdV3GIYIfMf+R6IK3k8ymUg2FlWTaPh3I75q1i167rpxQnB\nG1VaiQFoir2k2s5x3YN1vQGetNg2+zF/OO7zJMskRQiz3wr8IDFC0jqYN64qU5Vx\nBEo/TYQRxV6+Id7JtnA3N+1jfBvH3GmekaSXj5txJT0baZScSA6zjVIdW5w87eaz\nW0jZGESqa8VFxCvKOjxb6HjPijj6fvG3R1IbdyA5BlSyIu9M6TlbvWsRQVzY7aYU\nuKsLrNkledN4ifnl1AJXJa/dv2cUYx7qyIUjsH3MokJ+3x3vTKh+4TmI9bkveyQl\n/zsb+dkgdNCMuW7T1wKP8GCBR6f8LBVLm2Qf4y2E8xf6TMY3g8U78hUjPK0NRUg1\nzgK8sRHRe3X97A6M/zz9ttvi8Db+ge6UoGzliTASVMp3UnY5T4pmKbQUU08OOqhC\nb4x7LgEcsQyF3haI916qu4bKj+xNaUcsToQiPdr31BSylbgrcJj3BlS+aRRSnl6G\nrL4hzts+Hv+0IO+j/4aMsoQCyHTwWaP1SfeX0f5VUFGdUIYZdjeYA4VhRe0bUiRT\n5g7fCvYZqnROz0JGUXh4o0kOAiaLW8qjrj6VulIUjucUGW4QTCjiLqDqleszD+/P\neiowdAGe/j1qMcm5hKAqDEtbnx0AD/l0X1+3GHY7Rswd4dufc6eG1iKZT9CQyJkB\nbmnFI0gQMgnwz1m7EsY0lI93FkxxnvXeSpLQYEG/i5VKPgfxR/T0LzqfNJgy4+UB\nKLHxs3e8iraGyUg7Ah+8n7RFF+RiaBmQsDx7Cb+tX8IWgfEcCgS4j1Isuu6j7WmT\nH8UGYW2Lbi8JHJcTBn6YNaIkO6c+KDJWMPkyDIi5oB/XEcFpO3P4NFQbhRMyJ5S1\nsCWUtCtQhf6gklbNFt15jto74GBRR36WLMojzUdV/n4ENcuS2MSqfGckrMuolJGH\ng2Y2s2XW146ekkNr9xtHgjMvQgh38CeRfKzPVfDP113Yrj0u4qHI7zDMiK14QE+h\nQmGzpk4lyKFHsjdbafIXSVdNrSwEsiXSwS6YpIAvx/ck8633T5p1KGIAqXOWrlB3\nx2ELrTOyIR72oEyCve3y9o+zNDYbKHDy7dDdrMI4tUwkkZSZZa4km8Gb7nMucWbF\ngPfxLsbJcGXlEcQSS7qboDHPP/MZa9GLxAsE5EElX726VgqV73QkeSyTYdTPpnVC\nMJw+cxZvwnpG6NvmEex8cViY7FxW24+RSw3qFmz6WdNcbOBXIgKt+m/tniJvqJyZ\ncnd7ps34FFQba1ILO2UrJ5Z19VqW4f59Eubath5UTc80TzVW8Ys6rg==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-c9kKeiJVo6g7MxeEH' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-c9kKeiJVo6g7MxeEH', '--output', '/tmp/tmps1x2zkxr.xml', '/tmp/tmpijt3yfy8.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpijt3yfy8.xml" output= ____________________ TestClientNonAsciiAva.test_response_7 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=9dd8e6e913b87c84d03d5a6655e91c15f9079b69e748478bd691984017212844urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-oWHKyGPFiv3YYO3lw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmputgomqfs.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmputgomqfs.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_7(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypted_advice_attributes=True, ) tests/test_51_client.py:2335: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=9dd8e6e913b87c84d03d5a6655e91c15f9079b69e748478bd691984017212844urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-oWHKyGPFiv3YYO3lw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-oWHKyGPFiv3YYO3lw', '--output', '/tmp/tmpk56qcgsy.xml', '/tmp/tmputgomqfs.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmputgomqfs.xml" output= ____________________ TestClientNonAsciiAva.test_response_8 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ed7bcfd94ff41fcb4436760d70d3669dde171f1a80bb8c6dfa96a731a4308b4urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-OAaoUvD8PKhsQ7Wtt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpvnaexchf.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpvnaexchf.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_8(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:2373: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6ed7bcfd94ff41fcb4436760d70d3669dde171f1a80bb8c6dfa96a731a4308b4urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-OAaoUvD8PKhsQ7Wtt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-OAaoUvD8PKhsQ7Wtt', '--output', '/tmp/tmpq0qqekvv.xml', '/tmp/tmpvnaexchf.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpvnaexchf.xml" output= ____________ TestClientNonAsciiAva.test_sign_then_encrypt_assertion ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-OOoNr3UMsAs7h0qKy' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp91nu0agx.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp91nu0agx.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion(self): # Begin with the IdPs side _sec = self.server.sec assertion = s_utils.assertion_factory( subject=factory(saml.Subject, text="_aaa", name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)), attribute_statement=do_attribute_statement( { ("", "", "sn"): ("Jeter", ""), ("", "", "givenName"): ("Derek", ""), } ), issuer=self.server._issuer(), ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id ) tests/test_51_client.py:2557: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-OOoNr3UMsAs7h0qKy' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-OOoNr3UMsAs7h0qKy', '--output', '/tmp/tmp3bxqeznp.xml', '/tmp/tmp91nu0agx.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp91nu0agx.xml" output= ___________ TestClientNonAsciiAva.test_sign_then_encrypt_assertion2 ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-FkOPyAEcerZNgaZRb' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpd8uiww8g.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpd8uiww8g.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Dave", "sn": "Concepción"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=self.client.sec.key_file, node_id=assertion.id ) tests/test_51_client.py:2628: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-FkOPyAEcerZNgaZRb' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-FkOPyAEcerZNgaZRb', '--output', '/tmp/tmpwxghocux.xml', '/tmp/tmpd8uiww8g.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpd8uiww8g.xml" output= _______ TestClientNonAsciiAva.test_sign_then_encrypt_assertion_advice_1 ________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-BozpNcNGXBeYxexd6' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmph0xzd86c.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmph0xzd86c.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_1(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Dave", "sn": "Concepción"}) subject_confirmation_specs = { "recipient": "http://lingon.catalogix.se:8087/", "in_response_to": "_012345", "subject_confirmation_method": saml.SCM_BEARER, } name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), name_id=name_id, authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"}) a_assertion = a_asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion.signature = sigver.pre_signature_part(a_assertion.id, _sec.my_cert, 1) assertion.advice = Advice() assertion.advice.encrypted_assertion = [] assertion.advice.encrypted_assertion.append(EncryptedAssertion()) assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion.append(assertion) > response = _sec.sign_statement( f"{response}", class_name(a_assertion), key_file=self.client.sec.key_file, node_id=a_assertion.id ) tests/test_51_client.py:2730: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-BozpNcNGXBeYxexd6' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-BozpNcNGXBeYxexd6', '--output', '/tmp/tmpchwcqt5s.xml', '/tmp/tmph0xzd86c.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmph0xzd86c.xml" output= _______ TestClientNonAsciiAva.test_sign_then_encrypt_assertion_advice_2 ________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDave' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-9pvAw8VJkutzP082Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpa6exo78w.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpa6exo78w.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_2(self): # Begin with the IdPs side _sec = self.server.sec asser_1 = Assertion({"givenName": "Dave"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) assertion_1 = asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) asser_2 = Assertion({"sn": "Concepción"}) assertion_2 = asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_1 = Assertion({"uid": "test01"}) a_assertion_1 = a_asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_2 = Assertion({"email": "test.testsson@test.se"}) a_assertion_2 = a_asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_3 = Assertion({"street": "street"}) a_assertion_3 = a_asser_3.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_4 = Assertion({"title": "title"}) a_assertion_4 = a_asser_4.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion_1.signature = sigver.pre_signature_part(a_assertion_1.id, _sec.my_cert, 1) a_assertion_2.signature = sigver.pre_signature_part(a_assertion_2.id, _sec.my_cert, 1) a_assertion_3.signature = sigver.pre_signature_part(a_assertion_3.id, _sec.my_cert, 1) a_assertion_4.signature = sigver.pre_signature_part(a_assertion_4.id, _sec.my_cert, 1) assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1) assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion = assertion_1 response.assertion.advice = Advice() response.assertion.advice.encrypted_assertion = [] response.assertion.advice.encrypted_assertion.append(EncryptedAssertion()) response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1) advice_tag = response.assertion.advice._to_element_tree().tag assertion_tag = a_assertion_1._to_element_tree().tag response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion( assertion_tag, advice_tag ) > response = _sec.sign_statement( f"{response}", class_name(a_assertion_1), key_file=self.server.sec.key_file, node_id=a_assertion_1.id ) tests/test_51_client.py:2890: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDave' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-9pvAw8VJkutzP082Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-9pvAw8VJkutzP082Y', '--output', '/tmp/tmpuhtfzb7c.xml', '/tmp/tmpa6exo78w.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpa6exo78w.xml" output= _____________ TestClientNonAsciiAva.test_do_logout_signed_redirect _____________ self = def test_do_logout_signed_redirect(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT ) tests/test_51_client.py:3066: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVJLS8NAEP4ry97TxG36cGgDxVII1ha1iHhb0old2OzUnUmp%2F14SexCFHjwNDN9zmFngDNb0Tq084UeLLOrc%2BMAQOJvrNgYgy44h2AYZpILnxcMazCCDYyShiry%2BENg2%2FjrDMmMUR0GrcjnXbp%2Fkd%2Bb1dKoxr%2B8Pk5UxotULRnYU5toMMq1K5hbLwGKDzLXJzCjJJokZ7YyB4S0Mx29aLZHFBSs96yByhDT1VFl%2FIBaYZtNpyp60ekLLHWTnIu612pBswzYuasH4WzrPe%2Bli1pWCPkRUK4qNlesVu43bJ3UPBQzi5FMXHaOxFQKebXP0OKio6e8FkbwNe%2BDjLP1hdfHd2AbLperGY2u9q12XtCbS%2F8gi0QZ2GEQXN2aYj8YXx2%2BTYpb%2BeYTiCw%3D%3D&RelayState=id-4C2Xvvfe4fKh7F22t%7C1753483176%7C0a40b0f411972049840c9013ae0df0dff987486a&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm __________________ TestClientNonAsciiAva.test_do_logout_post ___________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-CCqOQDrY70wgW6SOt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmp7qgm4842.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp7qgm4842.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_post(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:3102: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-CCqOQDrY70wgW6SOt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-CCqOQDrY70wgW6SOt', '--output', '/tmp/tmp_vyr6ijc.xml', '/tmp/tmp7qgm4842.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp7qgm4842.xml" output= _____________ TestClientNonAsciiAva.test_do_logout_session_expired _____________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-03BZ33J4Ep9tW8yNK' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmpjz7g0a6g.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpjz7g0a6g.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_session_expired(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": a_while_ago(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:3127: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-03BZ33J4Ep9tW8yNK' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-03BZ33J4Ep9tW8yNK', '--output', '/tmp/tmpf_ezobdn.xml', '/tmp/tmpjz7g0a6g.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpjz7g0a6g.xml" output= ___________________ TestSignedResponse.test_signed_response ____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3cfd83a230cf09fcfd5ccfb2da1ddc6dfd91ea7ed1378cd97050f38d0a6d0705urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-keNeKh7vO97oTwsGI' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpox2zwgcy.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpox2zwgcy.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): print(ds.DefaultSignature().get_digest_alg()) name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_52_default_sign_alg.py:70: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3cfd83a230cf09fcfd5ccfb2da1ddc6dfd91ea7ed1378cd97050f38d0a6d0705urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-keNeKh7vO97oTwsGI' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-keNeKh7vO97oTwsGI', '--output', '/tmp/tmp4hquan8r.xml', '/tmp/tmpox2zwgcy.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- http://www.w3.org/2000/09/xmldsig#sha1 ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpox2zwgcy.xml" output= __________________ TestSignedResponse.test_signed_response_1 ___________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5ed247e501aad0434b4926deb4970cea8bfd275dd9ff27e401347832c7322822urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Zs4nEN9kTNq27VzDr' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmphh_fk68h.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmphh_fk68h.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_52_default_sign_alg.py:87: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5ed247e501aad0434b4926deb4970cea8bfd275dd9ff27e401347832c7322822urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Zs4nEN9kTNq27VzDr' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Zs4nEN9kTNq27VzDr', '--output', '/tmp/tmpp5415tok.xml', '/tmp/tmphh_fk68h.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmphh_fk68h.xml" output= _____________________________________ test _____________________________________ def test(): with closing(Server(config_file=dotname("idp_all_conf"))) as idp: conf = SPConfig() conf.load_file(dotname("servera_conf")) sp = Saml2Client(conf) srvs = sp.metadata.single_sign_on_service(idp.config.entityid, BINDING_HTTP_REDIRECT) destination = srvs[0]["location"] req_id, req = sp.create_authn_request(destination, id="id1") > info = http_redirect_message( req, destination, relay_state="RS", typ="SAMLRequest", sigalg=SIG_RSA_SHA1, sign=True, backend=sp.sec.sec_backend, ) tests/test_70_redirect_signing.py:33: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=pZNfb9MwFMW%2FSuT3%2FCHTWLHaSCUTotNgVRtA4s3Yd60hvjf43m7Zt0fJMtEHiJB4tc%2F1%2Bfn4eIlc6PVJjriDnydgSfrQImvkYqVOETUZ9qzRBGAtVu%2FXH251mRW6iyRkqVXTAJvQzk8YZojiCVWyuV4p79KuLV49ugZv6vXNdxe%2B3KnkM0T2hCtVZoVKNswn2CCLQVmpsigv0%2BIqLS%2BbstQXb%2FTF668quQYWj0bGqaNIp%2FO8JWvaI7HoRbFY5MyUR3A%2BghWVbCfytx6dx8M89LdnEev3TbNNt3f7RiXrl4vUhHwKEPcQH7yFT7vb3wQeD4SZNWJaOvg%2BYxhYrvLR%2F8E7iB9NgGfzYCxo6E3oWsgshTFMHak16DR3qlqOC2MaMXlHMRiZxx5WvEvvR6kGFC9PqvoHr2V%2BZlUth3ZMxQA31qQmFOglqSl0JnoeUofeWHmhPFfVrWHewX012wur7aAD1lvD%2FEjRDU8EVsA10SB3FGXi%2BuPh%2F%2B%2Fb%2BAD7J7QN%2FQCctcr%2Fmsi0d%2F6Xql8%3D&RelayState=RS&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm ______________ TestGenerateCertificates.test_validate_cert_chains ______________ self = def test_validate_cert_chains(self): cert_info_ca = { "cn": "qwerty", "country_code": "qw", "state": "qwerty", "city": "qwerty", "organization": "qwerty", "organization_unit": "qwerty", } cert_intermediate_1_info = { "cn": "intermediate_1", "country_code": "as", "state": "asdfgh", "city": "asdfgh", "organization": "asdfgh", "organization_unit": "asdfg", } cert_intermediate_2_info = { "cn": "intermediate_2", "country_code": "as", "state": "asdfgh", "city": "asdfgh", "organization": "asdfgh", "organization_unit": "asdfg", } cert_client_cert_info = { "cn": "intermediate_1", "country_code": "as", "state": "asdfgh", "city": "asdfgh", "organization": "asdfgh", "organization_unit": "asdfg", } osw = OpenSSLWrapper() ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca, request=False) req_cert_str, intermediate_1_key_str = osw.create_certificate(cert_intermediate_1_info, request=True) intermediate_cert_1_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str) req_cert_str, intermediate_2_key_str = osw.create_certificate(cert_intermediate_2_info, request=True) intermediate_cert_2_str = osw.create_cert_signed_certificate( intermediate_cert_1_str, intermediate_1_key_str, req_cert_str ) req_cert_str, client_key_str = osw.create_certificate(cert_client_cert_info, request=True) client_cert_str = osw.create_cert_signed_certificate( intermediate_cert_2_str, intermediate_2_key_str, req_cert_str ) cert_chain = [intermediate_cert_2_str, intermediate_cert_1_str, ca_cert_str] valid, mess = osw.verify_chain(cert_chain, client_cert_str) > self.assertTrue(valid) E AssertionError: False is not true tests/test_81_certificates.py:131: AssertionError ____________ TestGenerateCertificates.test_validate_with_root_cert _____________ self = def test_validate_with_root_cert(self): cert_info_ca = { "cn": "qwerty", "country_code": "qw", "state": "qwerty", "city": "qwerty", "organization": "qwerty", "organization_unit": "qwerty", } cert_info = { "cn": "asdfgh", "country_code": "as", "state": "asdfgh", "city": "asdfgh", "organization": "asdfgh", "organization_unit": "asdfg", } osw = OpenSSLWrapper() ca_cert, ca_key = osw.create_certificate( cert_info_ca, request=False, write_to_file=True, cert_dir=f"{os.path.dirname(os.path.abspath(__file__))}/pki", ) req_cert_str, req_key_str = osw.create_certificate(cert_info, request=True) ca_cert_str = osw.read_str_from_file(ca_cert) ca_key_str = osw.read_str_from_file(ca_key) cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str) valid, mess = osw.verify(ca_cert_str, cert_str) > self.assertTrue(valid) E AssertionError: False is not true tests/test_81_certificates.py:50: AssertionError _ TestAuthnResponse.test_signed_assertion_with_random_embedded_cert_should_be_ignored _ self = mock_validate_on_or_after = @patch("saml2.response.validate_on_or_after", return_value=True) def test_signed_assertion_with_random_embedded_cert_should_be_ignored(self, mock_validate_on_or_after): """ if the embedded cert is not ignored then verification will fail """ conf = config_factory("sp", dotname("server_conf")) ar = authn_response(conf, return_addrs="https://51.15.251.81.xip.io/acs/post") ar.issue_instant_ok = Mock(return_value=True) with open(SIGNED_ASSERTION_RANDOM_EMBEDDED_CERT) as fp: xml_response = fp.read() ar.outstanding_queries = {"id-abc": "http://localhost:8088/sso"} ar.timeslack = 10000 # .loads does not check the assertion, only the response signature # use .verify to verify the contents of the response assert ar.loads(xml_response, decode=False) > assert ar.verify() tests/test_xmlsec1_key_data.py:78: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:1026: in verify if self.parse_assertion(keys): ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:918: in parse_assertion if not self._assertion(assertion, False): ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:791: in _assertion self.sec.check_signature(assertion, class_name(assertion), self.xmlstr) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1538: in check_signature return self._check_signature( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = decoded_xml = '\n\n urn:mace:example.com:saml:roland:idp\n \n \n \n \n urn:mace:example.com:saml:roland:idp\n \n \n \n \n \n \n \n \n \n \n NHB0WhPWj5OyRz9N52fZrEBWK3dXT2pVVT54f4kg1tM=\n \n \n Mo4ZheAEDvdPQwWvT5SOYZZ2IBELwtmBpdsn+Th+IvsanychWQ6JHYKTI8hl+3DigbqQwdsqet8n9sfdvr+D+Q7XozjVaFPdzUGC9d96Mn/vrc+JIP/ESoDjDUQEsoSBhUFlrbu7tPJDJehPgd/maIwd/GqEHWXFlm1ZWVCmaH8=\n \n \n MIIFLDCCBBSgAwIBAgISA3UxXAgBWRS1D74GOLiAjky6MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTAxMTcyMDIxNTNaFw0yMTA0MTcyMDIxNTNaMB4xHDAaBgNVBAMTEzUxLjE1LjI1MS44MS54aXAuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkjSN9vZDOwE1m7g1vyiwBsKBKNItyy05BcHUkM8fabBcsavugT8uE4wYz5aeZrnKb5dbDLHaZe6Dl5GHgRO8s7REwSJ/BHT3/eMaEakLwIGE5/6QSWuBjOawPfmYarW5IqoITjSt/o/jxu3haouqbr7XYf1WOuZmc6iwGnEgm0+cVB4CA0VGnnLYfsjp9iMt3pFI8a8ipdwp5lfzZU+j8JMVEn6SZhNjjTAjcakBQmZv4Q5/yU6yqfGjG47DO62xB/PPbDy78hDorER2v8UkoDTGV4aZrZaNltHBUxNohIiQnkhuakMmbf0NhA2ExBJw6KTCCxfYkyUX3CgYzaAnxAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHD7gcF0sNITPqhwcUlFyOBrkxRFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEzUxLjE1LjI1MS44MS54aXAuaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXcSOcqvAAAEAwBGMEQCIFhvPWYY+2VO55bHO1Sa9zJQk7B1kvCi7sfDCxAYp7mEAiBTKx6XD0GkfNGhji0LGuelvfD7gZOUSzURlJW1ahYcgQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdxI5yq4AAAQDAEgwRgIhAONNwcNZ66IxsWcUNDS0B9KV8Kk4VS9b/wUFNBHAQl3SAiEAxO5GwgaK3glL/6L/J7qpiedJBAs3h5406MWC0v4uYZ8wDQYJKoZIhvcNAQELBQADggEBAAZgbgfOb4+uI9kMGF4fMiompHeUFDXGyIND6y4FsfWHJG4Fn3aG+VQN/UtHeO8UusjS13/2yw3O+PeNTstBl+q6Ssega8zTYx2j3h3RFqM9JR8SWa83B0UTgyaxX3PTmfegV4/RZxC7KQ8pqjcLwKJSTgZF6W40Jo16tKVoi0VQY/2Gre6E9D1tPVw//mDGJST/5IcbFvtr79uft76IA+T674qNgAriBKxWncSbGzE42w2QsYsGMHHJn3vKbNl7alll9eJBqvdi1Q7ay86oI7NDQ0PPwjnB0/i4BOO0qQBcBSUIPPEChcrooEqN9PwM20aoyIjje0rtDGSxnEQRrg0=\n MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==\n \n \n \n \n attack-name-id\n \n \n \n \n \n \n urn:mace:example.com:saml:roland:sp\n \n \n \n \n urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified\n \n \n \n\n' item = node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' origdoc = '\n\n urn:mace:example.com:saml:roland:idp\n \n \n \n \n urn:mace:example.com:saml:roland:idp\n \n \n \n \n \n \n \n \n \n \n NHB0WhPWj5OyRz9N52fZrEBWK3dXT2pVVT54f4kg1tM=\n \n \n Mo4ZheAEDvdPQwWvT5SOYZZ2IBELwtmBpdsn+Th+IvsanychWQ6JHYKTI8hl+3DigbqQwdsqet8n9sfdvr+D+Q7XozjVaFPdzUGC9d96Mn/vrc+JIP/ESoDjDUQEsoSBhUFlrbu7tPJDJehPgd/maIwd/GqEHWXFlm1ZWVCmaH8=\n \n \n MIIFLDCCBBSgAwIBAgISA3UxXAgBWRS1D74GOLiAjky6MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTAxMTcyMDIxNTNaFw0yMTA0MTcyMDIxNTNaMB4xHDAaBgNVBAMTEzUxLjE1LjI1MS44MS54aXAuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkjSN9vZDOwE1m7g1vyiwBsKBKNItyy05BcHUkM8fabBcsavugT8uE4wYz5aeZrnKb5dbDLHaZe6Dl5GHgRO8s7REwSJ/BHT3/eMaEakLwIGE5/6QSWuBjOawPfmYarW5IqoITjSt/o/jxu3haouqbr7XYf1WOuZmc6iwGnEgm0+cVB4CA0VGnnLYfsjp9iMt3pFI8a8ipdwp5lfzZU+j8JMVEn6SZhNjjTAjcakBQmZv4Q5/yU6yqfGjG47DO62xB/PPbDy78hDorER2v8UkoDTGV4aZrZaNltHBUxNohIiQnkhuakMmbf0NhA2ExBJw6KTCCxfYkyUX3CgYzaAnxAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHD7gcF0sNITPqhwcUlFyOBrkxRFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEzUxLjE1LjI1MS44MS54aXAuaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXcSOcqvAAAEAwBGMEQCIFhvPWYY+2VO55bHO1Sa9zJQk7B1kvCi7sfDCxAYp7mEAiBTKx6XD0GkfNGhji0LGuelvfD7gZOUSzURlJW1ahYcgQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdxI5yq4AAAQDAEgwRgIhAONNwcNZ66IxsWcUNDS0B9KV8Kk4VS9b/wUFNBHAQl3SAiEAxO5GwgaK3glL/6L/J7qpiedJBAs3h5406MWC0v4uYZ8wDQYJKoZIhvcNAQELBQADggEBAAZgbgfOb4+uI9kMGF4fMiompHeUFDXGyIND6y4FsfWHJG4Fn3aG+VQN/UtHeO8UusjS13/2yw3O+PeNTstBl+q6Ssega8zTYx2j3h3RFqM9JR8SWa83B0UTgyaxX3PTmfegV4/RZxC7KQ8pqjcLwKJSTgZF6W40Jo16tKVoi0VQY/2Gre6E9D1tPVw//mDGJST/5IcbFvtr79uft76IA+T674qNgAriBKxWncSbGzE42w2QsYsGMHHJn3vKbNl7alll9eJBqvdi1Q7ay86oI7NDQ0PPwjnB0/i4BOO0qQBcBSUIPPEChcrooEqN9PwM20aoyIjje0rtDGSxnEQRrg0=\n MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==\n \n \n \n \n attack-name-id\n \n \n \n \n \n \n urn:mace:example.com:saml:roland:sp\n \n \n \n \n urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified\n \n \n \n\n' must = False, only_valid_cert = False, issuer = None def _check_signature( self, decoded_xml, item, node_name=NODE_NAME, origdoc=None, must=False, only_valid_cert=False, issuer=None ): try: _issuer = item.issuer.text.strip() except AttributeError: _issuer = None if _issuer is None: try: _issuer = issuer.text.strip() except AttributeError: _issuer = None # More trust in certs from metadata then certs in the XML document if self.metadata: try: _certs = self.metadata.certs(_issuer, "any", "signing") except KeyError: _certs = [] certs = [] for cert_name, cert in _certs: if isinstance(cert, str): content = pem_format(cert) tmp = make_temp(content, suffix=".pem", decode=False, delete_tmpfiles=self.delete_tmpfiles) certs.append(tmp) else: certs.append(cert) else: certs = [] if not certs and not self.only_use_keys_in_metadata: logger.debug("==== Certs from instance ====") certs = [ make_temp(content=pem_format(cert), suffix=".pem", decode=False, delete_tmpfiles=self.delete_tmpfiles) for cert in cert_from_instance(item) ] else: logger.debug("==== Certs from metadata ==== %s: %s ====", _issuer, certs) if not certs: raise MissingKey(_issuer) try: validate_doc_with_schema(str(item)) except XMLSchemaError as e: error_context = { "message": "Signature verification failed. Invalid document format.", "reason": str(e), "ID": item.id, "issuer": _issuer, "type": node_name, "document": decoded_xml, } raise SignatureError(error_context) from e # saml-core section "5.4 XML Signature Profile" defines constrains on the # xmldsig-core facilities. It explicitly dictates that enveloped signatures # are the only signatures allowed. This means that: # * Assertion/RequestType/ResponseType elements must have an ID attribute # * signatures must have a single Reference element # * the Reference element must have a URI attribute # * the URI attribute contains an anchor # * the anchor points to the enclosing element's ID attribute signed_info = item.signature.signed_info references = signed_info.reference signatures_must_have_a_single_reference_element = len(references) == 1 the_Reference_element_must_have_a_URI_attribute = signatures_must_have_a_single_reference_element and hasattr( references[0], "uri" ) the_URI_attribute_contains_an_anchor = ( the_Reference_element_must_have_a_URI_attribute and references[0].uri.startswith("#") and len(references[0].uri) > 1 ) the_anchor_points_to_the_enclosing_element_ID_attribute = ( the_URI_attribute_contains_an_anchor and references[0].uri == f"#{item.id}" ) # SAML implementations SHOULD use Exclusive Canonicalization, # with or without comments canonicalization_method_is_c14n = signed_info.canonicalization_method.algorithm in ALLOWED_CANONICALIZATIONS # Signatures in SAML messages SHOULD NOT contain transforms other than the # - enveloped signature transform # (with the identifier http://www.w3.org/2000/09/xmldsig#enveloped-signature) # - or the exclusive canonicalization transforms # (with the identifier http://www.w3.org/2001/10/xml-exc-c14n# # or http://www.w3.org/2001/10/xml-exc-c14n#WithComments). transform_algos = [transform.algorithm for transform in references[0].transforms.transform] tranform_algos_valid = ALLOWED_TRANSFORMS.intersection(transform_algos) transform_algos_n = len(transform_algos) tranform_algos_valid_n = len(tranform_algos_valid) the_number_of_transforms_is_one_or_two = ( signatures_must_have_a_single_reference_element and 1 <= transform_algos_n <= 2 ) all_transform_algs_are_allowed = ( the_number_of_transforms_is_one_or_two and transform_algos_n == tranform_algos_valid_n ) the_enveloped_signature_transform_is_defined = ( the_number_of_transforms_is_one_or_two and TRANSFORM_ENVELOPED in transform_algos ) # The element is not defined for use with SAML signatures, # and SHOULD NOT be present. # Since it can be used in service of an attacker by carrying unsigned data, # verifiers SHOULD reject signatures that contain a element. object_element_is_not_present = not item.signature.object validators = { "signatures must have a single reference element": (signatures_must_have_a_single_reference_element), "the Reference element must have a URI attribute": (the_Reference_element_must_have_a_URI_attribute), "the URI attribute contains an anchor": (the_URI_attribute_contains_an_anchor), "the anchor points to the enclosing element ID attribute": ( the_anchor_points_to_the_enclosing_element_ID_attribute ), "canonicalization method is c14n": canonicalization_method_is_c14n, "the number of transforms is one or two": (the_number_of_transforms_is_one_or_two), "all transform algs are allowed": all_transform_algs_are_allowed, "the enveloped signature transform is defined": (the_enveloped_signature_transform_is_defined), "object element is not present": object_element_is_not_present, } if not all(validators.values()): error_context = { "message": "Signature failed to meet constraints on xmldsig", "validators": validators, "item ID": item.id, "reference URI": item.signature.signed_info.reference[0].uri, "issuer": _issuer, "node name": node_name, "xml document": decoded_xml, } raise SignatureError(error_context) verified = False last_pem_file = None for pem_fd in certs: try: last_pem_file = pem_fd.name if self.verify_signature( decoded_xml, pem_fd.name, node_name=node_name, node_id=item.id, ): verified = True break except XmlsecError as exc: logger.error("check_sig: %s", str(exc)) except Exception as exc: logger.error("check_sig: %s", str(exc)) raise if verified or only_valid_cert: if not self.cert_handler.verify_cert(last_pem_file): raise CertificateError("Invalid certificate!") else: > raise SignatureError("Failed to verify signature") E saml2.sigver.SignatureError: Failed to verify signature ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1525: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLEvpSignatureVerify:file=evp_signatures.c:line=449:obj=rsa-sha1:subj=EVP_VerifyFinal_ex:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformVerifyNodeContent:file=transforms.c:line=1544:obj=rsa-sha1:subj=xmlSecTransformVerify:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=367:obj=unknown:subj=xmlSecTransformVerifyNodeContent:error=1:xmlsec library function failed: Error: signature failed ERROR SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 Error: failed to verify file "/tmp/tmpqz23l4ou.xml" output= ERROR saml2.sigver:sigver.py:1516 check_sig: ['/usr/bin/xmlsec1', '--verify', '--enabled-reference-uris', 'empty,same-doc', '--enabled-key-data', 'raw-x509-cert', '--pubkey-cert-pem', '/tmp/tmpyinktw10.pem', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'the-assertion-id', '--output', '/tmp/tmpeoyeb0sl.xml', '/tmp/tmpqz23l4ou.xml'] ERROR saml2.response:response.py:793 correctly_signed_response: Failed to verify signature =============================== warnings summary =============================== tests/test_10_time_util.py: 2 warnings tests/test_20_assertion.py: 6 warnings tests/test_32_cache.py: 5 warnings tests/test_34_population.py: 4 warnings tests/test_41_response.py: 4 warnings tests/test_42_enc.py: 6 warnings tests/test_44_authnresp.py: 4 warnings tests/test_50_server.py: 152 warnings tests/test_51_client.py: 145 warnings tests/test_52_default_sign_alg.py: 6 warnings tests/test_62_vo.py: 2 warnings tests/test_63_ecp.py: 5 warnings tests/test_64_artifact.py: 4 warnings tests/test_65_authn_query.py: 7 warnings tests/test_66_name_id_mapping.py: 2 warnings tests/test_67_manage_name_id.py: 3 warnings tests/test_68_assertion_id.py: 4 warnings tests/test_89_http_post_relay_state.py: 2 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/time_util.py:177: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). return datetime.utcnow() + delta tests/test_50_server.py: 7 warnings tests/test_51_client.py: 27 warnings tests/test_63_ecp.py: 3 warnings tests/test_64_artifact.py: 2 warnings tests/test_65_authn_query.py: 5 warnings tests/test_66_name_id_mapping.py: 2 warnings tests/test_67_manage_name_id.py: 3 warnings tests/test_68_assertion_id.py: 2 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/time_util.py:187: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). return datetime.utcnow() - delta tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 10 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:141: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. cert = crypto.X509Req() tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 10 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:161: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. tmp_cert = crypto.dump_certificate_request(crypto.FILETYPE_PEM, cert) tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 10 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:246: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. req_cert = crypto.load_certificate_request(crypto.FILETYPE_PEM, request_cert_str) tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 10 warnings /usr/lib/python3.13/site-packages/OpenSSL/crypto.py:2434: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. x509req = X509Req.__new__(X509Req) tests/test_50_server.py: 4 warnings tests/test_81_certificates.py: 11 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:281: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). now = pytz.UTC.localize(datetime.datetime.utcnow()) tests/test_92_aes.py: 35 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/symmetric.py:124: DeprecationWarning: AESCipher type is deprecated. It will be removed in the next version. Use saml2.cryptography.symmetric.Default or saml2.cryptography.symmetric.Fernet instead. _warn(_deprecation_msg, DeprecationWarning) -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html =========================== short test summary info ============================ SKIPPED [1] tests/test_37_entity_categories.py:296: Temporarily disabled SKIPPED [1] tests/test_37_entity_categories.py:325: Temporarily disabled SKIPPED [1] tests/test_37_entity_categories.py:358: Temporarily disabled SKIPPED [1] tests/test_40_sigver.py:101: pyasn1 is not installed SKIPPED [1] tests/test_60_sp.py:59: s2repoze dependencies not installed SKIPPED [1] tests/test_60_sp.py:62: s2repoze dependencies not installed ERROR tests/test_41_response.py::TestResponse::test_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-a56jqVB2oYqPnsWxn', '--output', '/tmp/tmp8it0oqbe.xml', '/tmp/tmp6rfyrqcj.xml'] ERROR tests/test_41_response.py::TestResponse::test_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-a56jqVB2oYqPnsWxn', '--output', '/tmp/tmp8it0oqbe.xml', '/tmp/tmp6rfyrqcj.xml'] ERROR tests/test_41_response.py::TestResponse::test_issuer_none - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-a56jqVB2oYqPnsWxn', '--output', '/tmp/tmp8it0oqbe.xml', '/tmp/tmp6rfyrqcj.xml'] ERROR tests/test_41_response.py::TestResponse::test_false_sign - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-a56jqVB2oYqPnsWxn', '--output', '/tmp/tmp8it0oqbe.xml', '/tmp/tmp6rfyrqcj.xml'] ERROR tests/test_41_response.py::TestResponse::test_other_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-a56jqVB2oYqPnsWxn', '--output', '/tmp/tmp8it0oqbe.xml', '/tmp/tmp6rfyrqcj.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_signed_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_parse_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_w_authn - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_unpack_nested_eptid - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_multiple_attribute_statement - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wpPD9IBdh8wzVt5eS', '--output', '/tmp/tmpm_6yz78c.xml', '/tmp/tmpiuscum3p.xml'] FAILED tests/test_39_metadata.py::test_signed_metadata_proper_str_bytes_handling - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', '--output', '/tmp/tmpir29z2wh.xml', '/tmp/tmplpts6aka.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp02h8s6kh.xml', '/tmp/tmp3cn2yp6l.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpuo9o3u_g.xml', '/tmp/tmpthbyfyx6.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpjk09dcrw.xml', '/tmp/tmpln072_77.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp2xsd5ohh.xml', '/tmp/tmp7op93lv9.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmpfi1y29a8.xml', '/tmp/tmpp3ro3hap.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpbyv5xtn8.xml', '/tmp/tmpilmcrqi3.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp8308zsk5.xml', '/tmp/tmpvwfn5rf8.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify_assertion_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmpeao6f8zr.xml', '/tmp/tmpfi61dray.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_exception_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpr1asx37q.xml', '/tmp/tmpccrzyfra.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp11q03uz8.xml', '/tmp/tmp05olme9m.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpu900l1t2.xml', '/tmp/tmpfv87pfts.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp05af4j0m.xml', '/tmp/tmpr88kck2e.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp_dg45xeb.xml', '/tmp/tmpd7qixgkp.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmptzpff8nv.xml', '/tmp/tmpkrqxkwvi.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpvcc0wucd.xml', '/tmp/tmp1xzkjhox.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpj0zm29_u.xml', '/tmp/tmpok7klwxi.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_assertion_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmp7i7985ej.xml', '/tmp/tmpb07znuuz.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_exception_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmp62welwyi.xml', '/tmp/tmp4wtwky5x.xml'] FAILED tests/test_40_sigver.py::test_xbox - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp9xgt15ym.xml', '/tmp/tmplgt9d6hm.xml'] FAILED tests/test_40_sigver.py::test_xbox_non_ascii_ava - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp78cj_wwh.xml', '/tmp/tmpwfsxky4y.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-oZBQjXfWmsjJyW6As', '--output', '/tmp/tmp4c3wqkq9.xml', '/tmp/tmppeh2yuew.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-svhyf2auuT6HlCLjm', '--output', '/tmp/tmp8jk34hcv.xml', '/tmp/tmpuohp16we.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-Rqh6HioWjsvfNBPIW', '--output', '/tmp/tmpcsdw3v6n.xml', '/tmp/tmpcvd_z3o7.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ALcEsObOvCqWguSHV', '--output', '/tmp/tmpxqg6m6vp.xml', '/tmp/tmpue7og562.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-iCXdJIApgjlE6rdcG', '--output', '/tmp/tmp5s9ab2oc.xml', '/tmp/tmp3_fywy5i.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-KKSSnY8NkFX96ckRY', '--output', '/tmp/tmpx82i8_rv.xml', '/tmp/tmp5fvshh0s.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-VBt3mcapw4LDebl5P', '--output', '/tmp/tmpi74kz9ew.xml', '/tmp/tmpt5276gd4.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-gg5fKVihR0YnhGv1i', '--output', '/tmp/tmpzn6m50bg.xml', '/tmp/tmpkw32fmiy.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_response_6 - saml2.cert.CertificateError: Invalid certificate for encryption! FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-3EdKRFni7L62wN43s', '--output', '/tmp/tmp9zchheec.xml', '/tmp/tmpw0i4afad.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XUXbPUWppHsdi7e6Z', '--output', '/tmp/tmpv3_lr2hi.xml', '/tmp/tmpi2r84lu2.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-DmrN3cFYCZfAcKWr2', '--output', '/tmp/tmphfbkwkxq.xml', '/tmp/tmpcw3nbglj.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-2foi3YyVKw65VtWWZ', '--output', '/tmp/tmp2c1vmq_5.xml', '/tmp/tmp0mi1tu_3.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-RJrL0sgY8ta2j5lVu', '--output', '/tmp/tmpjwqtyj7l.xml', '/tmp/tmptuq2ig7c.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-sYjkdS65Kb8JReyrT', '--output', '/tmp/tmpg1y_detz.xml', '/tmp/tmpl691c9ws.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-dFDfyuETDwrfc2sXH', '--output', '/tmp/tmpom9xf0v3.xml', '/tmp/tmpl_h77bx6.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-onfc3qodKQhjVcqaV', '--output', '/tmp/tmp1f3m5eec.xml', '/tmp/tmpmnek5cv6.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 - saml2.cert.CertificateError: Invalid certificate for encryption! FAILED tests/test_51_client.py::TestClient::test_sign_auth_request_0 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmp8j1ziwzd.xml', '/tmp/tmp4v6h6pro.xml'] FAILED tests/test_51_client.py::TestClient::test_logout_response - saml2.SAMLError: {'message': 'No supported bindings found to create LogoutResponse', 'issuer': 'urn:mace:example.com:saml:roland:idp', 'response_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']} FAILED tests/test_51_client.py::TestClient::test_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-gESekWUWQSUUnqaZ6', '--output', '/tmp/tmpobsdb0d5.xml', '/tmp/tmpi4e_gvja.xml'] FAILED tests/test_51_client.py::TestClient::test_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-HZDXzeRSXpaEXkMWy', '--output', '/tmp/tmpuho7aj7p.xml', '/tmp/tmpe349laot.xml'] FAILED tests/test_51_client.py::TestClient::test_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-6QSax0maUpBKz272m', '--output', '/tmp/tmplugvglj5.xml', '/tmp/tmpbafwlzjg.xml'] FAILED tests/test_51_client.py::TestClient::test_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-GsVc4Hhqql4eorqXm', '--output', '/tmp/tmphvxvnz8v.xml', '/tmp/tmp25fs0aa4.xml'] FAILED tests/test_51_client.py::TestClient::test_response_5 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-4SBGgbLjHLSqktxGS', '--output', '/tmp/tmpiakmops9.xml', '/tmp/tmpok9rvfv3.xml'] FAILED tests/test_51_client.py::TestClient::test_response_6 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KWp2NyYKgp5oXXXYL', '--output', '/tmp/tmpd7lini4a.xml', '/tmp/tmpo926y96b.xml'] FAILED tests/test_51_client.py::TestClient::test_response_7 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-6Em6ZyXvPqkUFECjt', '--output', '/tmp/tmpnxmoo3tj.xml', '/tmp/tmpv_9k1m49.xml'] FAILED tests/test_51_client.py::TestClient::test_response_8 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Uf7adB3SldbuVYaBR', '--output', '/tmp/tmp9_1cfnsb.xml', '/tmp/tmp0uiq5nn8.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-bU47IInyiWU7nkn4y', '--output', '/tmp/tmpk71h881l.xml', '/tmp/tmpguvs3ox8.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XTeZK40zbm9ftJgn9', '--output', '/tmp/tmp7drc5b85.xml', '/tmp/tmpcfuohikq.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-BPDLzBHAZ9KzCCKdq', '--output', '/tmp/tmpqqcraboa.xml', '/tmp/tmp6nl16ajy.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-JvtJzSG8b3VjqCFBt', '--output', '/tmp/tmp5u7dajq3.xml', '/tmp/tmpt_f5qv_z.xml'] FAILED tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_signed_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_post - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-6Ipy6TzGNYl3o17se', '--output', '/tmp/tmp9qlr4mx2.xml', '/tmp/tmp7m8c2g9v.xml'] FAILED tests/test_51_client.py::TestClient::test_do_logout_session_expired - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-X7IIZPETMlP99EQdw', '--output', '/tmp/tmp30hp7qdb.xml', '/tmp/tmphl3momru.xml'] FAILED tests/test_51_client.py::TestClient::test_signature_wants - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-PJFPNPJs3t0AnuyD0', '--output', '/tmp/tmp58kaovye.xml', '/tmp/tmp1wey_isi.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpac9n_sq2.xml', '/tmp/tmp_qor4d_9.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-UiVAUMbNsFmYGYg3F', '--output', '/tmp/tmpqs9nhcys.xml', '/tmp/tmp_mkt4hr9.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-IndtBQRhX6EqiInCx', '--output', '/tmp/tmp3o9133ji.xml', '/tmp/tmp42livriw.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-UTmCE9sCFHp3KY7r9', '--output', '/tmp/tmpj4uxocs3.xml', '/tmp/tmplzjz8j7d.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-IWxSXXfvOaR7agBtr', '--output', '/tmp/tmp4jpw2k9h.xml', '/tmp/tmpd0bxxivd.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-M8J47CQf18wucfbTR', '--output', '/tmp/tmpp_1sw47m.xml', '/tmp/tmpcwlzmif7.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-c9kKeiJVo6g7MxeEH', '--output', '/tmp/tmps1x2zkxr.xml', '/tmp/tmpijt3yfy8.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-oWHKyGPFiv3YYO3lw', '--output', '/tmp/tmpk56qcgsy.xml', '/tmp/tmputgomqfs.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-OAaoUvD8PKhsQ7Wtt', '--output', '/tmp/tmpq0qqekvv.xml', '/tmp/tmpvnaexchf.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-OOoNr3UMsAs7h0qKy', '--output', '/tmp/tmp3bxqeznp.xml', '/tmp/tmp91nu0agx.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-FkOPyAEcerZNgaZRb', '--output', '/tmp/tmpwxghocux.xml', '/tmp/tmpd8uiww8g.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-BozpNcNGXBeYxexd6', '--output', '/tmp/tmpchwcqt5s.xml', '/tmp/tmph0xzd86c.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-9pvAw8VJkutzP082Y', '--output', '/tmp/tmpuhtfzb7c.xml', '/tmp/tmpa6exo78w.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-CCqOQDrY70wgW6SOt', '--output', '/tmp/tmp_vyr6ijc.xml', '/tmp/tmp7qgm4842.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-03BZ33J4Ep9tW8yNK', '--output', '/tmp/tmpf_ezobdn.xml', '/tmp/tmpjz7g0a6g.xml'] FAILED tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-keNeKh7vO97oTwsGI', '--output', '/tmp/tmp4hquan8r.xml', '/tmp/tmpox2zwgcy.xml'] FAILED tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Zs4nEN9kTNq27VzDr', '--output', '/tmp/tmpp5415tok.xml', '/tmp/tmphh_fk68h.xml'] FAILED tests/test_70_redirect_signing.py::test - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains - AssertionError: False is not true FAILED tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert - AssertionError: False is not true FAILED tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored - saml2.sigver.SignatureError: Failed to verify signature = 81 failed, 687 passed, 6 skipped, 616 warnings, 11 errors in 156.22s (0:02:36) = error: Bad exit status from /var/tmp/rpm-tmp.YOMX1h (%check) Bad exit status from /var/tmp/rpm-tmp.YOMX1h (%check) RPM build errors: Finish: rpmbuild python-pysaml2-7.4.2-9.fc42.src.rpm Finish: build phase for python-pysaml2-7.4.2-9.fc42.src.rpm INFO: chroot_scan: 1 files copied to /var/lib/copr-rpmbuild/results/chroot_scan INFO: /var/lib/mock/fedora-42-x86_64-1753483085.760719/root/var/log/dnf5.log INFO: chroot_scan: creating tarball /var/lib/copr-rpmbuild/results/chroot_scan.tar.gz /bin/tar: Removing leading `/' from member names ERROR: Exception(/var/lib/copr-rpmbuild/results/python-pysaml2-7.4.2-9.fc42.src.rpm) Config(fedora-42-x86_64) 2 minutes 58 seconds INFO: Results and/or logs in: /var/lib/copr-rpmbuild/results INFO: Cleaning up build root ('cleanup_on_failure=True') Start: clean chroot INFO: unmounting tmpfs. Finish: clean chroot ERROR: Command failed: # /usr/bin/systemd-nspawn -q -M 08602671435b412789f826a47f9da38d -D /var/lib/mock/fedora-42-x86_64-1753483085.760719/root -a -u mockbuild --capability=cap_ipc_lock --rlimit=RLIMIT_NOFILE=10240 --capability=cap_ipc_lock --bind=/tmp/mock-resolv.pot3ygyw:/etc/resolv.conf --bind=/dev/btrfs-control --bind=/dev/mapper/control --bind=/dev/fuse --bind=/dev/loop-control --bind=/dev/loop0 --bind=/dev/loop1 --bind=/dev/loop2 --bind=/dev/loop3 --bind=/dev/loop4 --bind=/dev/loop5 --bind=/dev/loop6 --bind=/dev/loop7 --bind=/dev/loop8 --bind=/dev/loop9 --bind=/dev/loop10 --bind=/dev/loop11 --console=pipe --setenv=TERM=vt100 --setenv=SHELL=/bin/bash --setenv=HOME=/builddir --setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin '--setenv=PROMPT_COMMAND=printf "\033]0;\007"' '--setenv=PS1= \s-\v\$ ' --setenv=LANG=C.UTF-8 --resolv-conf=off bash --login -c '/usr/bin/rpmbuild -ba --noprep --target x86_64 /builddir/build/originals/python-pysaml2.spec' Copr build error: Build failed