Warning: Permanently added '2620:52:3:1:dead:beef:cafe:c1d8' (ED25519) to the list of known hosts.

You can reproduce this build on your computer by running:

  sudo dnf install copr-rpmbuild
  /usr/bin/copr-rpmbuild --verbose --drop-resultdir --task-url https://copr.fedorainfracloud.org/backend/get-build-task/8012994-fedora-rawhide-x86_64 --chroot fedora-rawhide-x86_64


Version: 0.73
PID: 10204
Logging PID: 10205
Task:
{'allow_user_ssh': False,
 'appstream': False,
 'background': True,
 'build_id': 8012994,
 'buildroot_pkgs': [],
 'chroot': 'fedora-rawhide-x86_64',
 'enable_net': False,
 'fedora_review': False,
 'git_hash': 'cc963c1afb736bb5ee974b2eab8d0c417e879989',
 'git_repo': 'https://copr-dist-git.fedorainfracloud.org/git/thrnciar/pytest-8.3.3/python-pysaml2',
 'isolation': 'default',
 'memory_reqs': 2048,
 'package_name': 'python-pysaml2',
 'package_version': '7.4.2-6',
 'project_dirname': 'pytest-8.3.3',
 'project_name': 'pytest-8.3.3',
 'project_owner': 'thrnciar',
 'repo_priority': None,
 'repos': [{'baseurl': 'https://download.copr.fedorainfracloud.org/results/thrnciar/pytest-8.3.3/fedora-rawhide-x86_64/',
            'id': 'copr_base',
            'name': 'Copr repository',
            'priority': None}],
 'sandbox': 'thrnciar/pytest-8.3.3--thrnciar',
 'source_json': {},
 'source_type': None,
 'ssh_public_keys': None,
 'submitter': 'thrnciar',
 'tags': [],
 'task_id': '8012994-fedora-rawhide-x86_64',
 'timeout': None,
 'uses_devel_repo': False,
 'with_opts': [],
 'without_opts': []}

Running: git clone https://copr-dist-git.fedorainfracloud.org/git/thrnciar/pytest-8.3.3/python-pysaml2 /var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2 --depth 500 --no-single-branch --recursive

cmd: ['git', 'clone', 'https://copr-dist-git.fedorainfracloud.org/git/thrnciar/pytest-8.3.3/python-pysaml2', '/var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2', '--depth', '500', '--no-single-branch', '--recursive']
cwd: .
rc: 0
stdout: 
stderr: Cloning into '/var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2'...

Running: git checkout cc963c1afb736bb5ee974b2eab8d0c417e879989 --

cmd: ['git', 'checkout', 'cc963c1afb736bb5ee974b2eab8d0c417e879989', '--']
cwd: /var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2
rc: 0
stdout: 
stderr: Note: switching to 'cc963c1afb736bb5ee974b2eab8d0c417e879989'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:

  git switch -c <new-branch-name>

Or undo this operation with:

  git switch -

Turn off this advice by setting config variable advice.detachedHead to false

HEAD is now at cc963c1 automatic import of python-pysaml2

Running: copr-distgit-client sources
/usr/bin/tail: /var/lib/copr-rpmbuild/main.log: file truncated

cmd: ['copr-distgit-client', 'sources']
cwd: /var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2
rc: 0
stdout: 
stderr: INFO: Reading stdout from command: git rev-parse --abbrev-ref HEAD
INFO: Reading stdout from command: git rev-parse HEAD
INFO: Reading sources specification file: sources
INFO: Downloading pysaml2-7.4.2.tar.gz
INFO: Reading stdout from command: curl --help all
INFO: Calling: curl -H Pragma: -o pysaml2-7.4.2.tar.gz --location --connect-timeout 60 --retry 3 --retry-delay 10 --remote-time --show-error --fail --retry-all-errors https://copr-dist-git.fedorainfracloud.org/repo/pkgs/thrnciar/pytest-8.3.3/python-pysaml2/pysaml2-7.4.2.tar.gz/md5/e08e8ce0672215a509bd714b030c741a/pysaml2-7.4.2.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 5917k  100 5917k    0     0  39.8M      0 --:--:-- --:--:-- --:--:-- 40.1M
INFO: Reading stdout from command: md5sum pysaml2-7.4.2.tar.gz

Running (timeout=None): unbuffer mock --spec /var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2/python-pysaml2.spec --sources /var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2 --resultdir /var/lib/copr-rpmbuild/results --uniqueext 1726143099.876957 -r /var/lib/copr-rpmbuild/results/configs/child.cfg
INFO: mock.py version 5.6 starting (python version = 3.12.1, NVR = mock-5.6-1.fc39), args: /usr/libexec/mock/mock --spec /var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2/python-pysaml2.spec --sources /var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2 --resultdir /var/lib/copr-rpmbuild/results --uniqueext 1726143099.876957 -r /var/lib/copr-rpmbuild/results/configs/child.cfg
Start(bootstrap): init plugins
INFO: tmpfs initialized
INFO: selinux enabled
INFO: chroot_scan: initialized
INFO: compress_logs: initialized
Finish(bootstrap): init plugins
Start: init plugins
INFO: tmpfs initialized
INFO: selinux enabled
INFO: chroot_scan: initialized
INFO: compress_logs: initialized
Finish: init plugins
INFO: Signal handler active
Start: run
INFO: Start(/var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2/python-pysaml2.spec)  Config(fedora-rawhide-x86_64)
Start: clean chroot
Finish: clean chroot
Mock Version: 5.6
INFO: Mock Version: 5.6
Start(bootstrap): chroot init
INFO: mounting tmpfs at /var/lib/mock/fedora-rawhide-x86_64-bootstrap-1726143099.876957/root.
INFO: calling preinit hooks
INFO: enabled root cache
INFO: enabled package manager cache
Start(bootstrap): cleaning package manager metadata
Finish(bootstrap): cleaning package manager metadata
INFO: Guessed host environment type: unknown
INFO: Using bootstrap image: registry.fedoraproject.org/fedora:rawhide
INFO: Pulling image: registry.fedoraproject.org/fedora:rawhide
INFO: Copy content of container registry.fedoraproject.org/fedora:rawhide to /var/lib/mock/fedora-rawhide-x86_64-bootstrap-1726143099.876957/root
INFO: Checking that registry.fedoraproject.org/fedora:rawhide image matches host's architecture
INFO: mounting registry.fedoraproject.org/fedora:rawhide with podman image mount
INFO: image registry.fedoraproject.org/fedora:rawhide as /var/lib/containers/storage/overlay/d3c513cc9c079daa4915dff871501a2918b9936f70c4e817aef7ba20374f3661/merged
INFO: umounting image registry.fedoraproject.org/fedora:rawhide (/var/lib/containers/storage/overlay/d3c513cc9c079daa4915dff871501a2918b9936f70c4e817aef7ba20374f3661/merged) with podman image umount
INFO: Package manager dnf5 detected and used (fallback)
INFO: Not updating bootstrap chroot, bootstrap_image_ready=True
Start(bootstrap): creating root cache
Finish(bootstrap): creating root cache
Finish(bootstrap): chroot init
Start: chroot init
INFO: mounting tmpfs at /var/lib/mock/fedora-rawhide-x86_64-1726143099.876957/root.
INFO: calling preinit hooks
INFO: enabled root cache
INFO: enabled package manager cache
Start: cleaning package manager metadata
Finish: cleaning package manager metadata
INFO: enabled HW Info plugin
INFO: Package manager dnf5 detected and used (direct choice)
INFO: Buildroot is handled by package management downloaded with a bootstrap image:
  rpm-4.19.92-6.fc41.x86_64
  rpm-sequoia-1.7.0-2.fc41.x86_64
  dnf5-5.2.5.0-2.fc41.x86_64
  dnf5-plugins-5.2.5.0-2.fc41.x86_64
Start: installing minimal buildroot with dnf5
Updating and loading repositories:
 fedora                                 100% | 237.5 KiB/s |   5.2 KiB |  00m00s
 Copr repository                        100% |  42.6 KiB/s |   1.5 KiB |  00m00s
 Copr repository                        100% |   8.9 MiB/s |   1.0 MiB |  00m00s
Repositories loaded.
Package                            Arch   Version                    Repository      Size
Installing group/module packages:
 bash                              x86_64 5.2.32-2.fc42              fedora       8.2 MiB
 bzip2                             x86_64 1.0.8-19.fc41              fedora      95.7 KiB
 coreutils                         x86_64 9.5-9.fc42                 fedora       5.7 MiB
 cpio                              x86_64 2.15-2.fc41                fedora       1.1 MiB
 diffutils                         x86_64 3.10-8.fc41                fedora       1.6 MiB
 fedora-release-common             noarch 42-0.3                     fedora      19.4 KiB
 findutils                         x86_64 1:4.10.0-4.fc41            fedora       1.8 MiB
 gawk                              x86_64 5.3.0-4.fc41               fedora       1.7 MiB
 glibc-minimal-langpack            x86_64 2.40.9000-1.fc42           fedora       0.0   B
 grep                              x86_64 3.11-9.fc41                fedora       1.0 MiB
 gzip                              x86_64 1.13-2.fc41                fedora     389.0 KiB
 info                              x86_64 7.1.1-1.fc42               fedora     361.9 KiB
 patch                             x86_64 2.7.6-25.fc41              fedora     266.7 KiB
 redhat-rpm-config                 noarch 295-1.fc42                 fedora     186.6 KiB
 rpm-build                         x86_64 4.19.94-1.fc42             fedora     194.3 KiB
 sed                               x86_64 4.9-3.fc41                 fedora     861.5 KiB
 shadow-utils                      x86_64 2:4.16.0-2.fc42            fedora       4.1 MiB
 tar                               x86_64 2:1.35-4.fc41              fedora       2.9 MiB
 unzip                             x86_64 6.0-64.fc41                fedora     386.8 KiB
 util-linux                        x86_64 2.40.2-8.fc42              fedora       3.7 MiB
 which                             x86_64 2.21-42.fc41               fedora      80.2 KiB
 xz                                x86_64 1:5.6.2-2.fc41             fedora       1.2 MiB
Installing dependencies:
 add-determinism                   x86_64 0.3.6-1.fc41               fedora       2.2 MiB
 alternatives                      x86_64 1.30-1.fc41                fedora      66.3 KiB
 ansible-srpm-macros               noarch 1-16.fc41                  fedora      35.7 KiB
 audit-libs                        x86_64 4.0.2-1.fc41               fedora     331.3 KiB
 authselect                        x86_64 1.5.0-7.fc41               fedora     153.5 KiB
 authselect-libs                   x86_64 1.5.0-7.fc41               fedora     818.3 KiB
 basesystem                        noarch 11-21.fc41                 fedora       0.0   B
 binutils                          x86_64 2.43.1-1.fc42              fedora      27.5 MiB
 build-reproducibility-srpm-macros noarch 0.3.6-1.fc41               fedora     735.0   B
 bzip2-libs                        x86_64 1.0.8-19.fc41              fedora      80.7 KiB
 ca-certificates                   noarch 2024.2.68_v8.0.302-3.fc41  fedora       2.3 MiB
 coreutils-common                  x86_64 9.5-9.fc42                 fedora      11.2 MiB
 cracklib                          x86_64 2.9.11-6.fc41              fedora     238.9 KiB
 crypto-policies                   noarch 20240828-1.git5f66e81.fc42 copr_base  136.9 KiB
 curl                              x86_64 8.9.1-3.fc42               fedora     796.2 KiB
 cyrus-sasl-lib                    x86_64 2.1.28-27.fc41             fedora       2.3 MiB
 debugedit                         x86_64 5.0-17.fc41                fedora     199.3 KiB
 dwz                               x86_64 0.15-7.fc41                fedora     290.9 KiB
 ed                                x86_64 1.20.2-2.fc41              fedora     146.9 KiB
 efi-srpm-macros                   noarch 5-12.fc41                  fedora      40.1 KiB
 elfutils                          x86_64 0.191-8.fc41               fedora       2.6 MiB
 elfutils-debuginfod-client        x86_64 0.191-8.fc41               fedora      64.9 KiB
 elfutils-default-yama-scope       noarch 0.191-8.fc41               fedora       1.8 KiB
 elfutils-libelf                   x86_64 0.191-8.fc41               fedora       1.2 MiB
 elfutils-libs                     x86_64 0.191-8.fc41               fedora     646.2 KiB
 fedora-gpg-keys                   noarch 42-0.1                     fedora     126.4 KiB
 fedora-release                    noarch 42-0.3                     fedora       0.0   B
 fedora-release-identity-basic     noarch 42-0.3                     fedora     694.0   B
 fedora-repos                      noarch 42-0.1                     fedora       4.9 KiB
 fedora-repos-rawhide              noarch 42-0.1                     fedora       2.2 KiB
 file                              x86_64 5.45-7.fc41                fedora     103.5 KiB
 file-libs                         x86_64 5.45-7.fc41                fedora       9.9 MiB
 filesystem                        x86_64 3.18-23.fc41               fedora     106.0   B
 fonts-srpm-macros                 noarch 1:2.0.5-17.fc41            fedora      55.8 KiB
 forge-srpm-macros                 noarch 0.3.2-1.fc42               copr_base   39.0 KiB
 fpc-srpm-macros                   noarch 1.3-13.fc41                fedora     144.0   B
 gdb-minimal                       x86_64 15.1-2.fc42                fedora      13.0 MiB
 gdbm                              x86_64 1:1.23-7.fc41              fedora     460.9 KiB
 gdbm-libs                         x86_64 1:1.23-7.fc41              fedora     121.9 KiB
 ghc-srpm-macros                   noarch 1.9.1-2.fc41               fedora     747.0   B
 glibc                             x86_64 2.40.9000-1.fc42           fedora       6.7 MiB
 glibc-common                      x86_64 2.40.9000-1.fc42           fedora       1.0 MiB
 glibc-gconv-extra                 x86_64 2.40.9000-1.fc42           fedora       8.1 MiB
 gmp                               x86_64 1:6.3.0-2.fc41             fedora     811.4 KiB
 gnat-srpm-macros                  noarch 6-6.fc41                   fedora       1.0 KiB
 go-srpm-macros                    noarch 3.6.0-3.fc41               fedora      60.8 KiB
 jansson                           x86_64 2.13.1-10.fc41             fedora      88.3 KiB
 kernel-srpm-macros                noarch 1.0-24.fc41                fedora       1.9 KiB
 keyutils-libs                     x86_64 1.6.3-4.fc41               fedora      54.4 KiB
 krb5-libs                         x86_64 1.21.3-2.fc41              fedora       2.3 MiB
 libacl                            x86_64 2.3.2-2.fc41               fedora      40.0 KiB
 libarchive                        x86_64 3.7.4-3.fc41               fedora     922.6 KiB
 libattr                           x86_64 2.5.2-4.fc41               fedora      28.5 KiB
 libblkid                          x86_64 2.40.2-8.fc42              fedora     262.5 KiB
 libbrotli                         x86_64 1.1.0-5.fc41               fedora     837.6 KiB
 libcap                            x86_64 2.70-4.fc41                fedora     220.2 KiB
 libcap-ng                         x86_64 0.8.5-3.fc41               fedora      69.2 KiB
 libcom_err                        x86_64 1.47.1-3.fc41              fedora      67.2 KiB
 libcurl                           x86_64 8.9.1-3.fc42               fedora     818.1 KiB
 libeconf                          x86_64 0.6.2-3.fc41               fedora      58.0 KiB
 libevent                          x86_64 2.1.12-14.fc41             fedora     895.7 KiB
 libfdisk                          x86_64 2.40.2-8.fc42              fedora     362.9 KiB
 libffi                            x86_64 3.4.6-3.fc42               fedora      86.4 KiB
 libgcc                            x86_64 14.2.1-2.fc42              fedora     274.6 KiB
 libgomp                           x86_64 14.2.1-2.fc42              fedora     523.4 KiB
 libidn2                           x86_64 2.3.7-2.fc41               fedora     329.1 KiB
 libmount                          x86_64 2.40.2-8.fc42              fedora     355.8 KiB
 libnghttp2                        x86_64 1.63.0-1.fc42              fedora     170.1 KiB
 libnsl2                           x86_64 2.0.1-2.fc41               fedora      57.9 KiB
 libpkgconf                        x86_64 2.3.0-1.fc42               fedora      78.2 KiB
 libpsl                            x86_64 0.21.5-4.fc41              fedora      80.5 KiB
 libpwquality                      x86_64 1.4.5-11.fc41              fedora     417.8 KiB
 libselinux                        x86_64 3.7-6.fc42                 fedora     181.1 KiB
 libsemanage                       x86_64 3.7-2.fc41                 fedora     293.5 KiB
 libsepol                          x86_64 3.7-3.fc42                 fedora     818.0 KiB
 libsmartcols                      x86_64 2.40.2-8.fc42              fedora     180.4 KiB
 libssh                            x86_64 0.11.1-1.fc42              fedora     569.6 KiB
 libssh-config                     noarch 0.11.1-1.fc42              fedora     277.0   B
 libstdc++                         x86_64 14.2.1-2.fc42              fedora       2.8 MiB
 libtasn1                          x86_64 4.19.0-9.fc41              fedora     175.7 KiB
 libtirpc                          x86_64 1.3.5-0.fc41               fedora     202.7 KiB
 libtool-ltdl                      x86_64 2.4.7-12.fc41              fedora      66.2 KiB
 libunistring                      x86_64 1.1-8.fc41                 fedora       1.7 MiB
 libuuid                           x86_64 2.40.2-8.fc42              fedora      41.4 KiB
 libverto                          x86_64 0.3.2-9.fc41               fedora      29.5 KiB
 libxcrypt                         x86_64 4.4.36-7.fc41              fedora     266.8 KiB
 libxml2                           x86_64 2.12.8-2.fc41              fedora       1.7 MiB
 libzstd                           x86_64 1.5.6-2.fc41               fedora     795.9 KiB
 lua-libs                          x86_64 5.4.6-6.fc41               fedora     285.0 KiB
 lua-srpm-macros                   noarch 1-14.fc41                  fedora       1.3 KiB
 lz4-libs                          x86_64 1.10.0-1.fc41              fedora     145.5 KiB
 mpfr                              x86_64 4.2.1-5.fc41               fedora     832.1 KiB
 ncurses-base                      noarch 6.5-2.20240629.fc41        fedora     326.3 KiB
 ncurses-libs                      x86_64 6.5-2.20240629.fc41        fedora     975.2 KiB
 ocaml-srpm-macros                 noarch 10-3.fc41                  fedora       1.9 KiB
 openblas-srpm-macros              noarch 2-18.fc41                  fedora     112.0   B
 openldap                          x86_64 2.6.8-5.fc41               fedora     644.2 KiB
 openssl-libs                      x86_64 1:3.2.2-5.fc41             fedora       7.8 MiB
 p11-kit                           x86_64 0.25.5-3.fc41              fedora       2.2 MiB
 p11-kit-trust                     x86_64 0.25.5-3.fc41              fedora     391.4 KiB
 package-notes-srpm-macros         noarch 0.5-12.fc41                fedora       1.6 KiB
 pam                               x86_64 1.6.1-6.fc42               fedora       1.8 MiB
 pam-libs                          x86_64 1.6.1-6.fc42               fedora     139.0 KiB
 pcre2                             x86_64 10.44-1.fc41.1             fedora     653.5 KiB
 pcre2-syntax                      noarch 10.44-1.fc41.1             fedora     251.6 KiB
 perl-srpm-macros                  noarch 1-56.fc41                  fedora     861.0   B
 pkgconf                           x86_64 2.3.0-1.fc42               fedora      88.6 KiB
 pkgconf-m4                        noarch 2.3.0-1.fc42               fedora      14.4 KiB
 pkgconf-pkg-config                x86_64 2.3.0-1.fc42               fedora     989.0   B
 popt                              x86_64 1.19-7.fc41                fedora     136.9 KiB
 publicsuffix-list-dafsa           noarch 20240107-4.fc41            fedora      67.5 KiB
 pyproject-srpm-macros             noarch 1.14.0-1.fc42              copr_base    1.9 KiB
 python-srpm-macros                noarch 3.13-3.fc41                fedora      51.0 KiB
 qt5-srpm-macros                   noarch 5.15.15-1.fc42             fedora     500.0   B
 qt6-srpm-macros                   noarch 6.7.2-3.fc41               fedora     456.0   B
 readline                          x86_64 8.2-11.fc42                fedora     493.1 KiB
 rpm                               x86_64 4.19.94-1.fc42             fedora       3.1 MiB
 rpm-build-libs                    x86_64 4.19.94-1.fc42             fedora     206.7 KiB
 rpm-libs                          x86_64 4.19.94-1.fc42             fedora     722.1 KiB
 rpm-sequoia                       x86_64 1.7.0-2.fc41               fedora       2.4 MiB
 rust-srpm-macros                  noarch 26.3-3.fc42                fedora       4.8 KiB
 setup                             noarch 2.15.0-5.fc41              fedora     720.7 KiB
 sqlite-libs                       x86_64 3.46.0-4.fc41              fedora       1.4 MiB
 systemd-libs                      x86_64 256.6-1.fc42               copr_base    2.0 MiB
 util-linux-core                   x86_64 2.40.2-8.fc42              fedora       1.5 MiB
 xxhash-libs                       x86_64 0.8.2-3.fc41               fedora      88.5 KiB
 xz-libs                           x86_64 1:5.6.2-2.fc41             fedora     214.4 KiB
 zig-srpm-macros                   noarch 1-3.fc41                   fedora       1.1 KiB
 zip                               x86_64 3.0-41.fc41                fedora     703.2 KiB
 zlib-ng-compat                    x86_64 2.1.7-2.fc41               fedora     134.0 KiB
 zstd                              x86_64 1.5.6-2.fc41               fedora       1.7 MiB
Installing groups:
 Buildsystem building group                                                              

Transaction Summary:
 Installing:      153 packages

Total size of inbound packages is 53 MiB. Need to download 0 B.
After this operation 180 MiB will be used (install 180 MiB, remove 0 B).
[  1/153] tar-2:1.35-4.fc41.x86_64      100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[  2/153] bzip2-0:1.0.8-19.fc41.x86_64  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[  3/153] redhat-rpm-config-0:295-1.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[  4/153] rpm-build-0:4.19.94-1.fc42.x8 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[  5/153] unzip-0:6.0-64.fc41.x86_64    100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[  6/153] cpio-0:2.15-2.fc41.x86_64     100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[  7/153] which-0:2.21-42.fc41.x86_64   100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[  8/153] bash-0:5.2.32-2.fc42.x86_64   100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[  9/153] coreutils-0:9.5-9.fc42.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 10/153] grep-0:3.11-9.fc41.x86_64     100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 11/153] patch-0:2.7.6-25.fc41.x86_64  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 12/153] sed-0:4.9-3.fc41.x86_64       100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 13/153] shadow-utils-2:4.16.0-2.fc42. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 14/153] diffutils-0:3.10-8.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 15/153] fedora-release-common-0:42-0. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 16/153] findutils-1:4.10.0-4.fc41.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 17/153] glibc-minimal-langpack-0:2.40 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 18/153] gzip-0:1.13-2.fc41.x86_64     100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 19/153] info-0:7.1.1-1.fc42.x86_64    100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 20/153] xz-1:5.6.2-2.fc41.x86_64      100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 21/153] util-linux-0:2.40.2-8.fc42.x8 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 22/153] gawk-0:5.3.0-4.fc41.x86_64    100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 23/153] glibc-0:2.40.9000-1.fc42.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 24/153] libacl-0:2.3.2-2.fc41.x86_64  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 25/153] libselinux-0:3.7-6.fc42.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 26/153] bzip2-libs-0:1.0.8-19.fc41.x8 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 27/153] ansible-srpm-macros-0:1-16.fc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 28/153] build-reproducibility-srpm-ma 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 29/153] dwz-0:0.15-7.fc41.x86_64      100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 30/153] efi-srpm-macros-0:5-12.fc41.n 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 31/153] file-0:5.45-7.fc41.x86_64     100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 32/153] fonts-srpm-macros-1:2.0.5-17. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 33/153] fpc-srpm-macros-0:1.3-13.fc41 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 34/153] ghc-srpm-macros-0:1.9.1-2.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 35/153] gnat-srpm-macros-0:6-6.fc41.n 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 36/153] go-srpm-macros-0:3.6.0-3.fc41 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 37/153] kernel-srpm-macros-0:1.0-24.f 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 38/153] lua-srpm-macros-0:1-14.fc41.n 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 39/153] ocaml-srpm-macros-0:10-3.fc41 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 40/153] openblas-srpm-macros-0:2-18.f 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 41/153] package-notes-srpm-macros-0:0 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 42/153] perl-srpm-macros-0:1-56.fc41. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 43/153] python-srpm-macros-0:3.13-3.f 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 44/153] qt5-srpm-macros-0:5.15.15-1.f 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 45/153] qt6-srpm-macros-0:6.7.2-3.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 46/153] rpm-0:4.19.94-1.fc42.x86_64   100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 47/153] rust-srpm-macros-0:26.3-3.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 48/153] zig-srpm-macros-0:1-3.fc41.no 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 49/153] zip-0:3.0-41.fc41.x86_64      100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 50/153] debugedit-0:5.0-17.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 51/153] elfutils-0:0.191-8.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 52/153] elfutils-libelf-0:0.191-8.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 53/153] libarchive-0:3.7.4-3.fc41.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 54/153] popt-0:1.19-7.fc41.x86_64     100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 55/153] readline-0:8.2-11.fc42.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 56/153] rpm-build-libs-0:4.19.94-1.fc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 57/153] rpm-libs-0:4.19.94-1.fc42.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 58/153] zstd-0:1.5.6-2.fc41.x86_64    100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 59/153] filesystem-0:3.18-23.fc41.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 60/153] ncurses-libs-0:6.5-2.20240629 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 61/153] coreutils-common-0:9.5-9.fc42 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 62/153] gmp-1:6.3.0-2.fc41.x86_64     100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 63/153] libattr-0:2.5.2-4.fc41.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 64/153] libcap-0:2.70-4.fc41.x86_64   100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 65/153] openssl-libs-1:3.2.2-5.fc41.x 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 66/153] pcre2-0:10.44-1.fc41.1.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 67/153] ed-0:1.20.2-2.fc41.x86_64     100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 68/153] audit-libs-0:4.0.2-1.fc41.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 69/153] libeconf-0:0.6.2-3.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 70/153] libsemanage-0:3.7-2.fc41.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 71/153] libxcrypt-0:4.4.36-7.fc41.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 72/153] pam-libs-0:1.6.1-6.fc42.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 73/153] setup-0:2.15.0-5.fc41.noarch  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 74/153] fedora-repos-0:42-0.1.noarch  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 75/153] glibc-common-0:2.40.9000-1.fc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 76/153] xz-libs-1:5.6.2-2.fc41.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 77/153] libblkid-0:2.40.2-8.fc42.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 78/153] libcap-ng-0:0.8.5-3.fc41.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 79/153] libfdisk-0:2.40.2-8.fc42.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 80/153] libmount-0:2.40.2-8.fc42.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 81/153] libsmartcols-0:2.40.2-8.fc42. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 82/153] libuuid-0:2.40.2-8.fc42.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 83/153] util-linux-core-0:2.40.2-8.fc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 84/153] zlib-ng-compat-0:2.1.7-2.fc41 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 85/153] mpfr-0:4.2.1-5.fc41.x86_64    100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 86/153] glibc-gconv-extra-0:2.40.9000 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 87/153] basesystem-0:11-21.fc41.noarc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 88/153] libgcc-0:14.2.1-2.fc42.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 89/153] libsepol-0:3.7-3.fc42.x86_64  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 90/153] add-determinism-0:0.3.6-1.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 91/153] file-libs-0:5.45-7.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 92/153] curl-0:8.9.1-3.fc42.x86_64    100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 93/153] elfutils-libs-0:0.191-8.fc41. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 94/153] elfutils-debuginfod-client-0: 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 95/153] libstdc++-0:14.2.1-2.fc42.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 96/153] libzstd-0:1.5.6-2.fc41.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 97/153] libxml2-0:2.12.8-2.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 98/153] lz4-libs-0:1.10.0-1.fc41.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 99/153] libgomp-0:14.2.1-2.fc42.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[100/153] lua-libs-0:5.4.6-6.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[101/153] rpm-sequoia-0:1.7.0-2.fc41.x8 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[102/153] sqlite-libs-0:3.46.0-4.fc41.x 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[103/153] ncurses-base-0:6.5-2.20240629 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[104/153] ca-certificates-0:2024.2.68_v 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[105/153] pcre2-syntax-0:10.44-1.fc41.1 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[106/153] fedora-gpg-keys-0:42-0.1.noar 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[107/153] fedora-repos-rawhide-0:42-0.1 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[108/153] elfutils-default-yama-scope-0 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[109/153] systemd-libs-0:256.6-1.fc42.x 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[110/153] authselect-libs-0:1.5.0-7.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[111/153] pam-0:1.6.1-6.fc42.x86_64     100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[112/153] authselect-0:1.5.0-7.fc41.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[113/153] gdbm-libs-1:1.23-7.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[114/153] libnsl2-0:2.0.1-2.fc41.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[115/153] libpwquality-0:1.4.5-11.fc41. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[116/153] libtirpc-0:1.3.5-0.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[117/153] cracklib-0:2.9.11-6.fc41.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[118/153] krb5-libs-0:1.21.3-2.fc41.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[119/153] libcom_err-0:1.47.1-3.fc41.x8 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[120/153] keyutils-libs-0:1.6.3-4.fc41. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[121/153] libverto-0:0.3.2-9.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[122/153] binutils-0:2.43.1-1.fc42.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[123/153] alternatives-0:1.30-1.fc41.x8 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[124/153] jansson-0:2.13.1-10.fc41.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[125/153] pkgconf-pkg-config-0:2.3.0-1. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[126/153] pkgconf-0:2.3.0-1.fc42.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[127/153] pkgconf-m4-0:2.3.0-1.fc42.noa 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[128/153] libpkgconf-0:2.3.0-1.fc42.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[129/153] forge-srpm-macros-0:0.3.2-1.f 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[130/153] pyproject-srpm-macros-0:1.14. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[131/153] gdbm-1:1.23-7.fc41.x86_64     100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[132/153] crypto-policies-0:20240828-1. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[133/153] p11-kit-0:0.25.5-3.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[134/153] libffi-0:3.4.6-3.fc42.x86_64  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[135/153] libtasn1-0:4.19.0-9.fc41.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[136/153] p11-kit-trust-0:0.25.5-3.fc41 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[137/153] fedora-release-0:42-0.3.noarc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[138/153] gdb-minimal-0:15.1-2.fc42.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[139/153] xxhash-libs-0:0.8.2-3.fc41.x8 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[140/153] fedora-release-identity-basic 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[141/153] libcurl-0:8.9.1-3.fc42.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[142/153] libbrotli-0:1.1.0-5.fc41.x86_ 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[143/153] libidn2-0:2.3.7-2.fc41.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[144/153] libnghttp2-0:1.63.0-1.fc42.x8 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[145/153] libpsl-0:0.21.5-4.fc41.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[146/153] libssh-0:0.11.1-1.fc42.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[147/153] openldap-0:2.6.8-5.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[148/153] libunistring-0:1.1-8.fc41.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[149/153] publicsuffix-list-dafsa-0:202 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[150/153] libssh-config-0:0.11.1-1.fc42 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[151/153] cyrus-sasl-lib-0:2.1.28-27.fc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[152/153] libevent-0:2.1.12-14.fc41.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[153/153] libtool-ltdl-0:2.4.7-12.fc41. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
--------------------------------------------------------------------------------
[153/153] Total                         100% |   0.0   B/s |   0.0   B |  00m00s
Running transaction
Importing PGP key 0x105EF944:
 Userid     : "Fedora (42) <fedora-42-primary@fedoraproject.org>"
 Fingerprint: B0F4950458F69E1150C6C5EDC8AC4916105EF944
 From       : file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-42-primary
The key was successfully imported.
Importing PGP key 0x105EF944:
 Userid     : "Fedora (42) <fedora-42-primary@fedoraproject.org>"
 Fingerprint: B0F4950458F69E1150C6C5EDC8AC4916105EF944
 From       : file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-42-primary
The key was successfully imported.
Importing PGP key 0xE99D6AD1:
 Userid     : "Fedora (41) <fedora-41-primary@fedoraproject.org>"
 Fingerprint: 466CF2D8B60BC3057AA9453ED0622462E99D6AD1
 From       : file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-41-primary
The key was successfully imported.
Importing PGP key 0x31645531:
 Userid     : "Fedora (43) <fedora-43-primary@fedoraproject.org>"
 Fingerprint: C6E7F081CF80E13146676E88829B606631645531
 From       : file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-43-primary
The key was successfully imported.
[  1/155] Verify package files          100% | 761.0   B/s | 153.0   B |  00m00s
>>> Running pre-transaction scriptlet: filesystem-0:3.18-23.fc41.x86_64
>>> Stop pre-transaction scriptlet: filesystem-0:3.18-23.fc41.x86_64
[  2/155] Prepare transaction           100% |   1.9 KiB/s | 153.0   B |  00m00s
[  3/155] Installing libgcc-0:14.2.1-2. 100% | 134.9 MiB/s | 276.3 KiB |  00m00s
>>> Running post-install scriptlet: libgcc-0:14.2.1-2.fc42.x86_64
>>> Stop post-install scriptlet: libgcc-0:14.2.1-2.fc42.x86_64
[  4/155] Installing libssh-config-0:0. 100% |   0.0   B/s | 816.0   B |  00m00s
[  5/155] Installing publicsuffix-list- 100% |  66.7 MiB/s |  68.3 KiB |  00m00s
[  6/155] Installing fedora-release-ide 100% | 929.7 KiB/s | 952.0   B |  00m00s
[  7/155] Installing fedora-gpg-keys-0: 100% |  21.0 MiB/s | 172.2 KiB |  00m00s
[  8/155] Installing fedora-repos-rawhi 100% |   0.0   B/s |   2.4 KiB |  00m00s
[  9/155] Installing fedora-repos-0:42- 100% |   0.0   B/s |   5.7 KiB |  00m00s
[ 10/155] Installing fedora-release-com 100% |  11.6 MiB/s |  23.7 KiB |  00m00s
[ 11/155] Installing fedora-release-0:4 100% |   0.0   B/s | 124.0   B |  00m00s
[ 12/155] Installing setup-0:2.15.0-5.f 100% |  47.3 MiB/s | 726.1 KiB |  00m00s
>>> Running post-install scriptlet: setup-0:2.15.0-5.fc41.noarch
>>> Stop post-install scriptlet: setup-0:2.15.0-5.fc41.noarch
[ 13/155] Installing filesystem-0:3.18- 100% |   1.7 MiB/s | 212.5 KiB |  00m00s
[ 14/155] Installing basesystem-0:11-21 100% |   0.0   B/s | 124.0   B |  00m00s
[ 15/155] Installing pkgconf-m4-0:2.3.0 100% |   0.0   B/s |  14.8 KiB |  00m00s
[ 16/155] Installing pcre2-syntax-0:10. 100% | 124.1 MiB/s | 254.1 KiB |  00m00s
[ 17/155] Installing ncurses-base-0:6.5 100% |  38.2 MiB/s | 351.7 KiB |  00m00s
[ 18/155] Installing glibc-minimal-lang 100% |   0.0   B/s | 124.0   B |  00m00s
[ 19/155] Installing ncurses-libs-0:6.5 100% | 137.0 MiB/s | 981.8 KiB |  00m00s
>>> Running pre-install scriptlet: glibc-0:2.40.9000-1.fc42.x86_64
>>> Stop pre-install scriptlet: glibc-0:2.40.9000-1.fc42.x86_64
warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
[ 20/155] Installing glibc-0:2.40.9000- 100% | 136.8 MiB/s |   6.7 MiB |  00m00s
>>> Running post-install scriptlet: glibc-0:2.40.9000-1.fc42.x86_64
>>> Stop post-install scriptlet: glibc-0:2.40.9000-1.fc42.x86_64
[ 21/155] Installing bash-0:5.2.32-2.fc 100% | 263.5 MiB/s |   8.2 MiB |  00m00s
>>> Running post-install scriptlet: bash-0:5.2.32-2.fc42.x86_64
>>> Stop post-install scriptlet: bash-0:5.2.32-2.fc42.x86_64
[ 22/155] Installing glibc-common-0:2.4 100% | 130.9 MiB/s |   1.0 MiB |  00m00s
warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
[ 23/155] Installing glibc-gconv-extra- 100% | 141.6 MiB/s |   8.2 MiB |  00m00s
>>> Running post-install scriptlet: glibc-gconv-extra-0:2.40.9000-1.fc42.x86_64
>>> Stop post-install scriptlet: glibc-gconv-extra-0:2.40.9000-1.fc42.x86_64
[ 24/155] Installing zlib-ng-compat-0:2 100% | 131.7 MiB/s | 134.8 KiB |  00m00s
[ 25/155] Installing bzip2-libs-0:1.0.8 100% |  79.9 MiB/s |  81.8 KiB |  00m00s
[ 26/155] Installing xz-libs-1:5.6.2-2. 100% | 210.4 MiB/s | 215.5 KiB |  00m00s
[ 27/155] Installing popt-0:1.19-7.fc41 100% |  35.0 MiB/s | 143.5 KiB |  00m00s
[ 28/155] Installing readline-0:8.2-11. 100% | 241.8 MiB/s | 495.3 KiB |  00m00s
[ 29/155] Installing libuuid-0:2.40.2-8 100% |  41.5 MiB/s |  42.5 KiB |  00m00s
[ 30/155] Installing libblkid-0:2.40.2- 100% | 257.5 MiB/s | 263.6 KiB |  00m00s
[ 31/155] Installing gmp-1:6.3.0-2.fc41 100% | 198.6 MiB/s | 813.7 KiB |  00m00s
[ 32/155] Installing libattr-0:2.5.2-4. 100% |  28.8 MiB/s |  29.5 KiB |  00m00s
[ 33/155] Installing libacl-0:2.3.2-2.f 100% |  39.8 MiB/s |  40.7 KiB |  00m00s
[ 34/155] Installing libxcrypt-0:4.4.36 100% | 131.6 MiB/s | 269.5 KiB |  00m00s
[ 35/155] Installing libstdc++-0:14.2.1 100% | 251.8 MiB/s |   2.8 MiB |  00m00s
[ 36/155] Installing libzstd-0:1.5.6-2. 100% | 259.5 MiB/s | 797.2 KiB |  00m00s
[ 37/155] Installing elfutils-libelf-0: 100% | 233.8 MiB/s |   1.2 MiB |  00m00s
[ 38/155] Installing libeconf-0:0.6.2-3 100% |  58.3 MiB/s |  59.7 KiB |  00m00s
[ 39/155] Installing gdbm-libs-1:1.23-7 100% | 120.7 MiB/s | 123.6 KiB |  00m00s
[ 40/155] Installing dwz-0:0.15-7.fc41. 100% | 142.7 MiB/s | 292.3 KiB |  00m00s
[ 41/155] Installing mpfr-0:4.2.1-5.fc4 100% | 203.5 MiB/s | 833.7 KiB |  00m00s
[ 42/155] Installing gawk-0:5.3.0-4.fc4 100% | 173.2 MiB/s |   1.7 MiB |  00m00s
[ 43/155] Installing unzip-0:6.0-64.fc4 100% | 127.0 MiB/s | 390.3 KiB |  00m00s
[ 44/155] Installing file-libs-0:5.45-7 100% | 473.0 MiB/s |   9.9 MiB |  00m00s
[ 45/155] Installing file-0:5.45-7.fc41 100% |  10.3 MiB/s | 105.0 KiB |  00m00s
>>> Running pre-install scriptlet: crypto-policies-0:20240828-1.git5f66e81.fc42.
>>> Stop pre-install scriptlet: crypto-policies-0:20240828-1.git5f66e81.fc42.noa
[ 46/155] Installing crypto-policies-0: 100% |  15.9 MiB/s | 163.2 KiB |  00m00s
>>> Running post-install scriptlet: crypto-policies-0:20240828-1.git5f66e81.fc42
>>> Stop post-install scriptlet: crypto-policies-0:20240828-1.git5f66e81.fc42.no
[ 47/155] Installing pcre2-0:10.44-1.fc 100% | 213.2 MiB/s | 654.9 KiB |  00m00s
[ 48/155] Installing grep-0:3.11-9.fc41 100% | 125.4 MiB/s |   1.0 MiB |  00m00s
[ 49/155] Installing xz-1:5.6.2-2.fc41. 100% | 120.5 MiB/s |   1.2 MiB |  00m00s
[ 50/155] Installing libcap-ng-0:0.8.5- 100% |  69.4 MiB/s |  71.0 KiB |  00m00s
[ 51/155] Installing audit-libs-0:4.0.2 100% | 162.8 MiB/s | 333.4 KiB |  00m00s
[ 52/155] Installing pam-libs-0:1.6.1-6 100% | 138.0 MiB/s | 141.3 KiB |  00m00s
[ 53/155] Installing libcap-0:2.70-4.fc 100% |  73.3 MiB/s | 225.2 KiB |  00m00s
[ 54/155] Installing systemd-libs-0:256 100% | 226.4 MiB/s |   2.0 MiB |  00m00s
[ 55/155] Installing libsmartcols-0:2.4 100% | 177.1 MiB/s | 181.4 KiB |  00m00s
[ 56/155] Installing libsepol-0:3.7-3.f 100% | 266.6 MiB/s | 819.0 KiB |  00m00s
[ 57/155] Installing libselinux-0:3.7-6 100% |  89.0 MiB/s | 182.3 KiB |  00m00s
[ 58/155] Installing sed-0:4.9-3.fc41.x 100% | 121.3 MiB/s | 869.7 KiB |  00m00s
[ 59/155] Installing findutils-1:4.10.0 100% | 185.8 MiB/s |   1.9 MiB |  00m00s
[ 60/155] Installing libmount-0:2.40.2- 100% | 174.3 MiB/s | 356.9 KiB |  00m00s
[ 61/155] Installing lz4-libs-0:1.10.0- 100% | 143.1 MiB/s | 146.6 KiB |  00m00s
[ 62/155] Installing lua-libs-0:5.4.6-6 100% | 139.8 MiB/s | 286.2 KiB |  00m00s
[ 63/155] Installing libcom_err-0:1.47. 100% |  66.7 MiB/s |  68.3 KiB |  00m00s
[ 64/155] Installing alternatives-0:1.3 100% |  66.3 MiB/s |  67.9 KiB |  00m00s
[ 65/155] Installing libtasn1-0:4.19.0- 100% | 173.3 MiB/s | 177.5 KiB |  00m00s
[ 66/155] Installing libunistring-0:1.1 100% | 247.2 MiB/s |   1.7 MiB |  00m00s
[ 67/155] Installing libidn2-0:2.3.7-2. 100% |  65.4 MiB/s | 335.1 KiB |  00m00s
[ 68/155] Installing libpsl-0:0.21.5-4. 100% |  79.7 MiB/s |  81.7 KiB |  00m00s
[ 69/155] Installing zstd-0:1.5.6-2.fc4 100% | 241.6 MiB/s |   1.7 MiB |  00m00s
[ 70/155] Installing util-linux-core-0: 100% | 138.9 MiB/s |   1.5 MiB |  00m00s
[ 71/155] Installing tar-2:1.35-4.fc41. 100% | 211.3 MiB/s |   3.0 MiB |  00m00s
[ 72/155] Installing libsemanage-0:3.7- 100% |  96.1 MiB/s | 295.2 KiB |  00m00s
[ 73/155] Installing shadow-utils-2:4.1 100% | 126.3 MiB/s |   4.2 MiB |  00m00s
[ 74/155] Installing zip-0:3.0-41.fc41. 100% | 172.6 MiB/s | 707.1 KiB |  00m00s
[ 75/155] Installing gdbm-1:1.23-7.fc41 100% | 113.7 MiB/s | 465.8 KiB |  00m00s
[ 76/155] Installing cyrus-sasl-lib-0:2 100% | 256.2 MiB/s |   2.3 MiB |  00m00s
[ 77/155] Installing libfdisk-0:2.40.2- 100% | 177.7 MiB/s | 364.0 KiB |  00m00s
[ 78/155] Installing libxml2-0:2.12.8-2 100% | 244.6 MiB/s |   1.7 MiB |  00m00s
[ 79/155] Installing bzip2-0:1.0.8-19.f 100% |  48.9 MiB/s | 100.2 KiB |  00m00s
[ 80/155] Installing add-determinism-0: 100% | 280.7 MiB/s |   2.2 MiB |  00m00s
[ 81/155] Installing build-reproducibil 100% |   0.0   B/s |   1.0 KiB |  00m00s
[ 82/155] Installing sqlite-libs-0:3.46 100% | 285.9 MiB/s |   1.4 MiB |  00m00s
[ 83/155] Installing ed-0:1.20.2-2.fc41 100% |  72.8 MiB/s | 149.2 KiB |  00m00s
[ 84/155] Installing patch-0:2.7.6-25.f 100% | 131.0 MiB/s | 268.2 KiB |  00m00s
[ 85/155] Installing elfutils-default-y 100% | 185.7 KiB/s |   2.0 KiB |  00m00s
>>> Running post-install scriptlet: elfutils-default-yama-scope-0:0.191-8.fc41.n
>>> Stop post-install scriptlet: elfutils-default-yama-scope-0:0.191-8.fc41.noar
[ 86/155] Installing elfutils-libs-0:0. 100% | 158.2 MiB/s | 648.0 KiB |  00m00s
[ 87/155] Installing cpio-0:2.15-2.fc41 100% | 157.1 MiB/s |   1.1 MiB |  00m00s
[ 88/155] Installing diffutils-0:3.10-8 100% | 159.0 MiB/s |   1.6 MiB |  00m00s
[ 89/155] Installing libgomp-0:14.2.1-2 100% | 256.3 MiB/s | 524.8 KiB |  00m00s
[ 90/155] Installing keyutils-libs-0:1. 100% |  54.5 MiB/s |  55.8 KiB |  00m00s
[ 91/155] Installing libverto-0:0.3.2-9 100% |  30.5 MiB/s |  31.3 KiB |  00m00s
[ 92/155] Installing jansson-0:2.13.1-1 100% |  87.6 MiB/s |  89.7 KiB |  00m00s
[ 93/155] Installing libpkgconf-0:2.3.0 100% |  77.5 MiB/s |  79.3 KiB |  00m00s
[ 94/155] Installing pkgconf-0:2.3.0-1. 100% |  44.5 MiB/s |  91.1 KiB |  00m00s
[ 95/155] Installing pkgconf-pkg-config 100% |   1.7 MiB/s |   1.8 KiB |  00m00s
[ 96/155] Installing libffi-0:3.4.6-3.f 100% |  85.7 MiB/s |  87.8 KiB |  00m00s
[ 97/155] Installing p11-kit-0:0.25.5-3 100% | 147.2 MiB/s |   2.2 MiB |  00m00s
[ 98/155] Installing p11-kit-trust-0:0. 100% |  27.4 MiB/s | 393.1 KiB |  00m00s
>>> Running post-install scriptlet: p11-kit-trust-0:0.25.5-3.fc41.x86_64
>>> Stop post-install scriptlet: p11-kit-trust-0:0.25.5-3.fc41.x86_64
[ 99/155] Installing xxhash-libs-0:0.8. 100% |  87.8 MiB/s |  89.9 KiB |  00m00s
[100/155] Installing libbrotli-0:1.1.0- 100% | 205.0 MiB/s | 839.9 KiB |  00m00s
[101/155] Installing libnghttp2-0:1.63. 100% | 167.2 MiB/s | 171.2 KiB |  00m00s
[102/155] Installing libtool-ltdl-0:2.4 100% |  65.7 MiB/s |  67.3 KiB |  00m00s
[103/155] Installing coreutils-common-0 100% | 254.3 MiB/s |  11.2 MiB |  00m00s
[104/155] Installing openssl-libs-1:3.2 100% | 313.0 MiB/s |   7.8 MiB |  00m00s
[105/155] Installing coreutils-0:9.5-9. 100% | 154.6 MiB/s |   5.7 MiB |  00m00s
>>> Running pre-install scriptlet: ca-certificates-0:2024.2.68_v8.0.302-3.fc41.n
>>> Stop pre-install scriptlet: ca-certificates-0:2024.2.68_v8.0.302-3.fc41.noar
[106/155] Installing ca-certificates-0: 100% |   2.4 MiB/s |   2.4 MiB |  00m01s
>>> Running post-install scriptlet: ca-certificates-0:2024.2.68_v8.0.302-3.fc41.
>>> Stop post-install scriptlet: ca-certificates-0:2024.2.68_v8.0.302-3.fc41.noa
[107/155] Installing krb5-libs-0:1.21.3 100% | 191.6 MiB/s |   2.3 MiB |  00m00s
[108/155] Installing libarchive-0:3.7.4 100% | 225.7 MiB/s | 924.6 KiB |  00m00s
[109/155] Installing libtirpc-0:1.3.5-0 100% |  99.8 MiB/s | 204.5 KiB |  00m00s
[110/155] Installing gzip-0:1.13-2.fc41 100% |  96.3 MiB/s | 394.6 KiB |  00m00s
[111/155] Installing authselect-libs-0: 100% |  90.4 MiB/s | 833.2 KiB |  00m00s
[112/155] Installing cracklib-0:2.9.11- 100% |  34.9 MiB/s | 250.3 KiB |  00m00s
[113/155] Installing libpwquality-0:1.4 100% |  52.5 MiB/s | 430.1 KiB |  00m00s
[114/155] Installing libnsl2-0:2.0.1-2. 100% |  28.8 MiB/s |  59.1 KiB |  00m00s
[115/155] Installing pam-0:1.6.1-6.fc42 100% |  81.6 MiB/s |   1.9 MiB |  00m00s
[116/155] Installing libssh-0:0.11.1-1. 100% | 186.1 MiB/s | 571.7 KiB |  00m00s
[117/155] Installing rpm-sequoia-0:1.7. 100% | 295.9 MiB/s |   2.4 MiB |  00m00s
[118/155] Installing rpm-libs-0:4.19.94 100% | 235.6 MiB/s | 723.6 KiB |  00m00s
[119/155] Installing rpm-build-libs-0:4 100% | 101.3 MiB/s | 207.5 KiB |  00m00s
[120/155] Installing libevent-0:2.1.12- 100% | 219.6 MiB/s | 899.5 KiB |  00m00s
[121/155] Installing openldap-0:2.6.8-5 100% | 158.2 MiB/s | 648.0 KiB |  00m00s
[122/155] Installing libcurl-0:8.9.1-3. 100% | 200.0 MiB/s | 819.2 KiB |  00m00s
[123/155] Installing elfutils-debuginfo 100% |  32.7 MiB/s |  66.9 KiB |  00m00s
[124/155] Installing elfutils-0:0.191-8 100% | 232.7 MiB/s |   2.6 MiB |  00m00s
[125/155] Installing binutils-0:2.43.1- 100% | 283.9 MiB/s |  27.5 MiB |  00m00s
>>> Running post-install scriptlet: binutils-0:2.43.1-1.fc42.x86_64
>>> Stop post-install scriptlet: binutils-0:2.43.1-1.fc42.x86_64
[126/155] Installing gdb-minimal-0:15.1 100% | 309.4 MiB/s |  13.0 MiB |  00m00s
[127/155] Installing debugedit-0:5.0-17 100% |  98.6 MiB/s | 202.0 KiB |  00m00s
[128/155] Installing curl-0:8.9.1-3.fc4 100% |  39.0 MiB/s | 798.6 KiB |  00m00s
>>> Running pre-install scriptlet: rpm-0:4.19.94-1.fc42.x86_64
>>> Stop pre-install scriptlet: rpm-0:4.19.94-1.fc42.x86_64
[129/155] Installing rpm-0:4.19.94-1.fc 100% |  89.5 MiB/s |   2.5 MiB |  00m00s
[130/155] Installing efi-srpm-macros-0: 100% |  40.2 MiB/s |  41.2 KiB |  00m00s
[131/155] Installing lua-srpm-macros-0: 100% |   0.0   B/s |   1.9 KiB |  00m00s
[132/155] Installing zig-srpm-macros-0: 100% |   0.0   B/s |   1.7 KiB |  00m00s
[133/155] Installing rust-srpm-macros-0 100% |   0.0   B/s |   5.6 KiB |  00m00s
[134/155] Installing qt6-srpm-macros-0: 100% |   0.0   B/s | 732.0   B |  00m00s
[135/155] Installing qt5-srpm-macros-0: 100% |   0.0   B/s | 776.0   B |  00m00s
[136/155] Installing perl-srpm-macros-0 100% |   0.0   B/s |   1.1 KiB |  00m00s
[137/155] Installing package-notes-srpm 100% |   0.0   B/s |   2.0 KiB |  00m00s
[138/155] Installing openblas-srpm-macr 100% |   0.0   B/s | 392.0   B |  00m00s
[139/155] Installing ocaml-srpm-macros- 100% |   0.0   B/s |   2.2 KiB |  00m00s
[140/155] Installing kernel-srpm-macros 100% |   0.0   B/s |   2.3 KiB |  00m00s
[141/155] Installing gnat-srpm-macros-0 100% |   0.0   B/s |   1.3 KiB |  00m00s
[142/155] Installing ghc-srpm-macros-0: 100% |   0.0   B/s |   1.0 KiB |  00m00s
[143/155] Installing fpc-srpm-macros-0: 100% |   0.0   B/s | 420.0   B |  00m00s
[144/155] Installing ansible-srpm-macro 100% |  35.4 MiB/s |  36.2 KiB |  00m00s
[145/155] Installing python-srpm-macros 100% |  50.9 MiB/s |  52.2 KiB |  00m00s
[146/155] Installing fonts-srpm-macros- 100% |  55.7 MiB/s |  57.0 KiB |  00m00s
[147/155] Installing go-srpm-macros-0:3 100% |  60.5 MiB/s |  62.0 KiB |  00m00s
[148/155] Installing forge-srpm-macros- 100% |  39.4 MiB/s |  40.4 KiB |  00m00s
[149/155] Installing redhat-rpm-config- 100% |  62.9 MiB/s | 193.2 KiB |  00m00s
[150/155] Installing rpm-build-0:4.19.9 100% |  49.5 MiB/s | 202.9 KiB |  00m00s
[151/155] Installing pyproject-srpm-mac 100% | 499.2 KiB/s |   2.5 KiB |  00m00s
[152/155] Installing util-linux-0:2.40. 100% |  97.8 MiB/s |   3.7 MiB |  00m00s
>>> Running post-install scriptlet: util-linux-0:2.40.2-8.fc42.x86_64
>>> Stop post-install scriptlet: util-linux-0:2.40.2-8.fc42.x86_64
[153/155] Installing authselect-0:1.5.0 100% |  38.6 MiB/s | 157.9 KiB |  00m00s
[154/155] Installing which-0:2.21-42.fc 100% |  80.5 MiB/s |  82.4 KiB |  00m00s
warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
[155/155] Installing info-0:7.1.1-1.fc4 100% | 275.9 KiB/s | 362.3 KiB |  00m01s
>>> Running post-transaction scriptlet: filesystem-0:3.18-23.fc41.x86_64
>>> Stop post-transaction scriptlet: filesystem-0:3.18-23.fc41.x86_64
>>> Running post-transaction scriptlet: ca-certificates-0:2024.2.68_v8.0.302-3.f
>>> Stop post-transaction scriptlet: ca-certificates-0:2024.2.68_v8.0.302-3.fc41
>>> Running post-transaction scriptlet: authselect-libs-0:1.5.0-7.fc41.x86_64
>>> Stop post-transaction scriptlet: authselect-libs-0:1.5.0-7.fc41.x86_64
>>> Running post-transaction scriptlet: rpm-0:4.19.94-1.fc42.x86_64
>>> Stop post-transaction scriptlet: rpm-0:4.19.94-1.fc42.x86_64
>>> Running trigger-install scriptlet: glibc-common-0:2.40.9000-1.fc42.x86_64
>>> Stop trigger-install scriptlet: glibc-common-0:2.40.9000-1.fc42.x86_64
>>> Running trigger-install scriptlet: info-0:7.1.1-1.fc42.x86_64
>>> Stop trigger-install scriptlet: info-0:7.1.1-1.fc42.x86_64
Complete!
Warning: skipped PGP checks for 4 packages from repository: copr_base
Finish: installing minimal buildroot with dnf5
Start: creating root cache
Finish: creating root cache
Finish: chroot init
INFO: Installed packages:
INFO: add-determinism-0.3.6-1.fc41.x86_64
alternatives-1.30-1.fc41.x86_64
ansible-srpm-macros-1-16.fc41.noarch
audit-libs-4.0.2-1.fc41.x86_64
authselect-1.5.0-7.fc41.x86_64
authselect-libs-1.5.0-7.fc41.x86_64
basesystem-11-21.fc41.noarch
bash-5.2.32-2.fc42.x86_64
binutils-2.43.1-1.fc42.x86_64
build-reproducibility-srpm-macros-0.3.6-1.fc41.noarch
bzip2-1.0.8-19.fc41.x86_64
bzip2-libs-1.0.8-19.fc41.x86_64
ca-certificates-2024.2.68_v8.0.302-3.fc41.noarch
coreutils-9.5-9.fc42.x86_64
coreutils-common-9.5-9.fc42.x86_64
cpio-2.15-2.fc41.x86_64
cracklib-2.9.11-6.fc41.x86_64
crypto-policies-20240828-1.git5f66e81.fc42.noarch
curl-8.9.1-3.fc42.x86_64
cyrus-sasl-lib-2.1.28-27.fc41.x86_64
debugedit-5.0-17.fc41.x86_64
diffutils-3.10-8.fc41.x86_64
dwz-0.15-7.fc41.x86_64
ed-1.20.2-2.fc41.x86_64
efi-srpm-macros-5-12.fc41.noarch
elfutils-0.191-8.fc41.x86_64
elfutils-debuginfod-client-0.191-8.fc41.x86_64
elfutils-default-yama-scope-0.191-8.fc41.noarch
elfutils-libelf-0.191-8.fc41.x86_64
elfutils-libs-0.191-8.fc41.x86_64
fedora-gpg-keys-42-0.1.noarch
fedora-release-42-0.3.noarch
fedora-release-common-42-0.3.noarch
fedora-release-identity-basic-42-0.3.noarch
fedora-repos-42-0.1.noarch
fedora-repos-rawhide-42-0.1.noarch
file-5.45-7.fc41.x86_64
file-libs-5.45-7.fc41.x86_64
filesystem-3.18-23.fc41.x86_64
findutils-4.10.0-4.fc41.x86_64
fonts-srpm-macros-2.0.5-17.fc41.noarch
forge-srpm-macros-0.3.2-1.fc42.noarch
fpc-srpm-macros-1.3-13.fc41.noarch
gawk-5.3.0-4.fc41.x86_64
gdb-minimal-15.1-2.fc42.x86_64
gdbm-1.23-7.fc41.x86_64
gdbm-libs-1.23-7.fc41.x86_64
ghc-srpm-macros-1.9.1-2.fc41.noarch
glibc-2.40.9000-1.fc42.x86_64
glibc-common-2.40.9000-1.fc42.x86_64
glibc-gconv-extra-2.40.9000-1.fc42.x86_64
glibc-minimal-langpack-2.40.9000-1.fc42.x86_64
gmp-6.3.0-2.fc41.x86_64
gnat-srpm-macros-6-6.fc41.noarch
go-srpm-macros-3.6.0-3.fc41.noarch
gpg-pubkey-105ef944-65ca83d1
gpg-pubkey-31645531-66b6dccf
gpg-pubkey-e99d6ad1-64d2612c
grep-3.11-9.fc41.x86_64
gzip-1.13-2.fc41.x86_64
info-7.1.1-1.fc42.x86_64
jansson-2.13.1-10.fc41.x86_64
kernel-srpm-macros-1.0-24.fc41.noarch
keyutils-libs-1.6.3-4.fc41.x86_64
krb5-libs-1.21.3-2.fc41.x86_64
libacl-2.3.2-2.fc41.x86_64
libarchive-3.7.4-3.fc41.x86_64
libattr-2.5.2-4.fc41.x86_64
libblkid-2.40.2-8.fc42.x86_64
libbrotli-1.1.0-5.fc41.x86_64
libcap-2.70-4.fc41.x86_64
libcap-ng-0.8.5-3.fc41.x86_64
libcom_err-1.47.1-3.fc41.x86_64
libcurl-8.9.1-3.fc42.x86_64
libeconf-0.6.2-3.fc41.x86_64
libevent-2.1.12-14.fc41.x86_64
libfdisk-2.40.2-8.fc42.x86_64
libffi-3.4.6-3.fc42.x86_64
libgcc-14.2.1-2.fc42.x86_64
libgomp-14.2.1-2.fc42.x86_64
libidn2-2.3.7-2.fc41.x86_64
libmount-2.40.2-8.fc42.x86_64
libnghttp2-1.63.0-1.fc42.x86_64
libnsl2-2.0.1-2.fc41.x86_64
libpkgconf-2.3.0-1.fc42.x86_64
libpsl-0.21.5-4.fc41.x86_64
libpwquality-1.4.5-11.fc41.x86_64
libselinux-3.7-6.fc42.x86_64
libsemanage-3.7-2.fc41.x86_64
libsepol-3.7-3.fc42.x86_64
libsmartcols-2.40.2-8.fc42.x86_64
libssh-0.11.1-1.fc42.x86_64
libssh-config-0.11.1-1.fc42.noarch
libstdc++-14.2.1-2.fc42.x86_64
libtasn1-4.19.0-9.fc41.x86_64
libtirpc-1.3.5-0.fc41.x86_64
libtool-ltdl-2.4.7-12.fc41.x86_64
libunistring-1.1-8.fc41.x86_64
libuuid-2.40.2-8.fc42.x86_64
libverto-0.3.2-9.fc41.x86_64
libxcrypt-4.4.36-7.fc41.x86_64
libxml2-2.12.8-2.fc41.x86_64
libzstd-1.5.6-2.fc41.x86_64
lua-libs-5.4.6-6.fc41.x86_64
lua-srpm-macros-1-14.fc41.noarch
lz4-libs-1.10.0-1.fc41.x86_64
mpfr-4.2.1-5.fc41.x86_64
ncurses-base-6.5-2.20240629.fc41.noarch
ncurses-libs-6.5-2.20240629.fc41.x86_64
ocaml-srpm-macros-10-3.fc41.noarch
openblas-srpm-macros-2-18.fc41.noarch
openldap-2.6.8-5.fc41.x86_64
openssl-libs-3.2.2-5.fc41.x86_64
p11-kit-0.25.5-3.fc41.x86_64
p11-kit-trust-0.25.5-3.fc41.x86_64
package-notes-srpm-macros-0.5-12.fc41.noarch
pam-1.6.1-6.fc42.x86_64
pam-libs-1.6.1-6.fc42.x86_64
patch-2.7.6-25.fc41.x86_64
pcre2-10.44-1.fc41.1.x86_64
pcre2-syntax-10.44-1.fc41.1.noarch
perl-srpm-macros-1-56.fc41.noarch
pkgconf-2.3.0-1.fc42.x86_64
pkgconf-m4-2.3.0-1.fc42.noarch
pkgconf-pkg-config-2.3.0-1.fc42.x86_64
popt-1.19-7.fc41.x86_64
publicsuffix-list-dafsa-20240107-4.fc41.noarch
pyproject-srpm-macros-1.14.0-1.fc42.noarch
python-srpm-macros-3.13-3.fc41.noarch
qt5-srpm-macros-5.15.15-1.fc42.noarch
qt6-srpm-macros-6.7.2-3.fc41.noarch
readline-8.2-11.fc42.x86_64
redhat-rpm-config-295-1.fc42.noarch
rpm-4.19.94-1.fc42.x86_64
rpm-build-4.19.94-1.fc42.x86_64
rpm-build-libs-4.19.94-1.fc42.x86_64
rpm-libs-4.19.94-1.fc42.x86_64
rpm-sequoia-1.7.0-2.fc41.x86_64
rust-srpm-macros-26.3-3.fc42.noarch
sed-4.9-3.fc41.x86_64
setup-2.15.0-5.fc41.noarch
shadow-utils-4.16.0-2.fc42.x86_64
sqlite-libs-3.46.0-4.fc41.x86_64
systemd-libs-256.6-1.fc42.x86_64
tar-1.35-4.fc41.x86_64
unzip-6.0-64.fc41.x86_64
util-linux-2.40.2-8.fc42.x86_64
util-linux-core-2.40.2-8.fc42.x86_64
which-2.21-42.fc41.x86_64
xxhash-libs-0.8.2-3.fc41.x86_64
xz-5.6.2-2.fc41.x86_64
xz-libs-5.6.2-2.fc41.x86_64
zig-srpm-macros-1-3.fc41.noarch
zip-3.0-41.fc41.x86_64
zlib-ng-compat-2.1.7-2.fc41.x86_64
zstd-1.5.6-2.fc41.x86_64
Start: buildsrpm
Start: rpmbuild -bs
Building target platforms: x86_64
Building for target x86_64
setting SOURCE_DATE_EPOCH=1721347200
Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.src.rpm
Finish: rpmbuild -bs
cp: preserving permissions for ‘/var/lib/copr-rpmbuild/results/chroot_scan/var/lib/mock/fedora-rawhide-x86_64-1726143099.876957/root/var/log’: No such file or directory
INFO: chroot_scan: 1 files copied to /var/lib/copr-rpmbuild/results/chroot_scan
INFO: /var/lib/mock/fedora-rawhide-x86_64-1726143099.876957/root/var/log/dnf5.log
Finish: buildsrpm
INFO: Done(/var/lib/copr-rpmbuild/workspace/workdir-nfvty1_9/python-pysaml2/python-pysaml2.spec) Config(child) 0 minutes 18 seconds
INFO: Results and/or logs in: /var/lib/copr-rpmbuild/results
INFO: Cleaning up build root ('cleanup_on_success=True')
Start: clean chroot
INFO: unmounting tmpfs.
Finish: clean chroot
INFO: Start(/var/lib/copr-rpmbuild/results/python-pysaml2-7.4.2-6.fc42.src.rpm)  Config(fedora-rawhide-x86_64)
Start(bootstrap): chroot init
INFO: mounting tmpfs at /var/lib/mock/fedora-rawhide-x86_64-bootstrap-1726143099.876957/root.
INFO: reusing tmpfs at /var/lib/mock/fedora-rawhide-x86_64-bootstrap-1726143099.876957/root.
INFO: calling preinit hooks
INFO: enabled root cache
INFO: enabled package manager cache
Start(bootstrap): cleaning package manager metadata
Finish(bootstrap): cleaning package manager metadata
Finish(bootstrap): chroot init
Start: chroot init
INFO: mounting tmpfs at /var/lib/mock/fedora-rawhide-x86_64-1726143099.876957/root.
INFO: calling preinit hooks
INFO: enabled root cache
Start: unpacking root cache
Finish: unpacking root cache
INFO: enabled package manager cache
Start: cleaning package manager metadata
Finish: cleaning package manager metadata
INFO: enabled HW Info plugin
INFO: Buildroot is handled by package management downloaded with a bootstrap image:
  rpm-4.19.92-6.fc41.x86_64
  rpm-sequoia-1.7.0-2.fc41.x86_64
  dnf5-5.2.5.0-2.fc41.x86_64
  dnf5-plugins-5.2.5.0-2.fc41.x86_64
Finish: chroot init
Start: build phase for python-pysaml2-7.4.2-6.fc42.src.rpm
Start: build setup for python-pysaml2-7.4.2-6.fc42.src.rpm
Building target platforms: x86_64
Building for target x86_64
setting SOURCE_DATE_EPOCH=1721347200
Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.src.rpm
Updating and loading repositories:
 Copr repository                        100% |  43.8 KiB/s |   1.5 KiB |  00m00s
 fedora                                 100% | 227.1 KiB/s |   5.2 KiB |  00m00s
 Copr repository                        100% |   9.4 MiB/s |   1.0 MiB |  00m00s
Repositories loaded.
Package                         Arch   Version                 Repository      Size
Installing:
 git-core                       x86_64 2.46.0-1.fc41           fedora      22.1 MiB
 pyproject-rpm-macros           noarch 1.14.0-1.fc42           copr_base  105.7 KiB
 python3-devel                  x86_64 3.13.0~rc2-1.fc42       fedora       1.8 MiB
 python3-pymongo                x86_64 4.2.0-8.fc41            fedora       2.5 MiB
 python3-pytest                 noarch 8.3.3-1.fc42            copr_base   20.8 MiB
 python3-responses              noarch 0.25.3-2.fc41           fedora     288.6 KiB
 python3-sphinx                 noarch 1:7.3.7-2.fc41          fedora      10.8 MiB
 xmlsec1                        x86_64 1:1.2.39-4.fc41         fedora     551.3 KiB
 xmlsec1-openssl                x86_64 1:1.2.39-4.fc41         fedora     277.1 KiB
Installing dependencies:
 expat                          x86_64 2.6.3-1.fc42            fedora     291.5 KiB
 less                           x86_64 661-2.fc41              fedora     405.3 KiB
 libb2                          x86_64 0.98.1-12.fc41          fedora      42.2 KiB
 libcbor                        x86_64 0.11.0-2.fc41           fedora      73.9 KiB
 libedit                        x86_64 3.1-53.20240808cvs.fc41 fedora     244.1 KiB
 libfido2                       x86_64 1.15.0-2.fc41           fedora     238.2 KiB
 libxslt                        x86_64 1.1.42-2.fc41           fedora     483.1 KiB
 libyaml                        x86_64 0.2.5-15.fc41           fedora     134.4 KiB
 mpdecimal                      x86_64 2.5.1-16.fc41           fedora     204.9 KiB
 openssh                        x86_64 9.8p1-4.fc42            fedora       1.8 MiB
 openssh-clients                x86_64 9.8p1-4.fc42            fedora       2.6 MiB
 python-pip-wheel               noarch 24.2-1.fc42             copr_base    1.2 MiB
 python-rpm-macros              noarch 3.13-3.fc41             fedora      22.1 KiB
 python3                        x86_64 3.13.0~rc2-1.fc42       fedora      31.8 KiB
 python3-babel                  noarch 2.16.0-1.fc42           copr_base   28.3 MiB
 python3-bson                   x86_64 4.2.0-8.fc41            fedora     470.1 KiB
 python3-charset-normalizer     noarch 3.3.2-6.fc42            copr_base  314.8 KiB
 python3-docutils               noarch 0.20.1-6.fc41           fedora       4.8 MiB
 python3-idna                   noarch 3.8-1.fc42              copr_base  596.4 KiB
 python3-imagesize              noarch 1.4.1-9.fc42            copr_base   35.3 KiB
 python3-iniconfig              noarch 1.1.1-24.fc42           copr_base   20.6 KiB
 python3-jinja2                 noarch 3.1.4-5.fc42            copr_base    2.9 MiB
 python3-libs                   x86_64 3.13.0~rc2-1.fc42       fedora      40.3 MiB
 python3-markupsafe             x86_64 2.1.5-4.fc42            copr_base   61.5 KiB
 python3-packaging              noarch 24.1-2.fc42             copr_base  422.2 KiB
 python3-pluggy                 noarch 1.5.0-1.fc42            copr_base  193.2 KiB
 python3-pygments               noarch 2.18.0-3.fc42           copr_base   10.6 MiB
 python3-pyyaml                 x86_64 6.0.1-18.fc41           fedora     791.1 KiB
 python3-requests               noarch 2.32.3-3.fc41           fedora     485.9 KiB
 python3-rpm-generators         noarch 14-11.fc41              fedora      81.7 KiB
 python3-rpm-macros             noarch 3.13-3.fc41             fedora       6.4 KiB
 python3-snowballstemmer        noarch 2.2.0-13.fc41           fedora       1.7 MiB
 python3-sphinx-theme-alabaster noarch 0.7.16-6.fc41           fedora      41.9 KiB
 python3-urllib3                noarch 2.2.2-1.fc42            fedora     959.3 KiB
 tzdata                         noarch 2024a-9.fc41            fedora       1.7 MiB

Transaction Summary:
 Installing:       44 packages

Total size of inbound packages is 36 MiB. Need to download 1 MiB.
After this operation 162 MiB will be used (install 162 MiB, remove 0 B).
[ 1/44] git-core-0:2.46.0-1.fc41.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 2/44] python3-sphinx-1:7.3.7-2.fc41.n 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 3/44] pyproject-rpm-macros-0:1.14.0-1 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 4/44] python3-devel-0:3.13.0~rc2-1.fc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 5/44] expat-0:2.6.3-1.fc42.x86_64     100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 6/44] less-0:661-2.fc41.x86_64        100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 7/44] openssh-clients-0:9.8p1-4.fc42. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 8/44] python3-pyyaml-0:6.0.1-18.fc41. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 9/44] python3-requests-0:2.32.3-3.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[10/44] python3-urllib3-0:2.2.2-1.fc42. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[11/44] python3-docutils-0:0.20.1-6.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[12/44] python3-snowballstemmer-0:2.2.0 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[13/44] python3-sphinx-theme-alabaster- 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[14/44] python-rpm-macros-0:3.13-3.fc41 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[15/44] python3-rpm-macros-0:3.13-3.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[16/44] python3-libs-0:3.13.0~rc2-1.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[17/44] libxslt-0:1.1.42-2.fc41.x86_64  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[18/44] libedit-0:3.1-53.20240808cvs.fc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[19/44] libfido2-0:1.15.0-2.fc41.x86_64 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[20/44] openssh-0:9.8p1-4.fc42.x86_64   100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[21/44] libyaml-0:0.2.5-15.fc41.x86_64  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[22/44] libb2-0:0.98.1-12.fc41.x86_64   100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[23/44] mpdecimal-0:2.5.1-16.fc41.x86_6 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[24/44] tzdata-0:2024a-9.fc41.noarch    100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[25/44] libcbor-0:0.11.0-2.fc41.x86_64  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[26/44] python3-pytest-0:8.3.3-1.fc42.n 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[27/44] python3-rpm-generators-0:14-11. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[28/44] python3-0:3.13.0~rc2-1.fc42.x86 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[29/44] python3-iniconfig-0:1.1.1-24.fc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[30/44] python3-packaging-0:24.1-2.fc42 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[31/44] python3-pluggy-0:1.5.0-1.fc42.n 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[32/44] python3-idna-0:3.8-1.fc42.noarc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[33/44] python3-babel-0:2.16.0-1.fc42.n 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[34/44] python3-imagesize-0:1.4.1-9.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[35/44] python3-jinja2-0:3.1.4-5.fc42.n 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[36/44] python3-pygments-0:2.18.0-3.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[37/44] python3-charset-normalizer-0:3. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[38/44] python-pip-wheel-0:24.2-1.fc42. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[39/44] python3-markupsafe-0:2.1.5-4.fc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[40/44] python3-responses-0:0.25.3-2.fc 100% | 385.5 KiB/s |  68.2 KiB |  00m00s
[41/44] xmlsec1-1:1.2.39-4.fc41.x86_64  100% | 860.8 KiB/s | 185.1 KiB |  00m00s
[42/44] python3-pymongo-0:4.2.0-8.fc41. 100% |   2.2 MiB/s | 522.6 KiB |  00m00s
[43/44] xmlsec1-openssl-1:1.2.39-4.fc41 100% |   1.3 MiB/s |  91.3 KiB |  00m00s
[44/44] python3-bson-0:4.2.0-8.fc41.x86 100% |   2.0 MiB/s | 144.9 KiB |  00m00s
--------------------------------------------------------------------------------
[44/44] Total                           100% |   3.1 MiB/s |   1.0 MiB |  00m00s
Running transaction
[ 1/46] Verify package files            100% | 341.0   B/s |  44.0   B |  00m00s
[ 2/46] Prepare transaction             100% | 483.0   B/s |  44.0   B |  00m00s
[ 3/46] Installing python-rpm-macros-0: 100% |  22.3 MiB/s |  22.8 KiB |  00m00s
[ 4/46] Installing python3-rpm-macros-0 100% |   0.0   B/s |   6.7 KiB |  00m00s
[ 5/46] Installing libxslt-0:1.1.42-2.f 100% | 118.7 MiB/s | 486.2 KiB |  00m00s
[ 6/46] Installing expat-0:2.6.3-1.fc42 100% | 143.3 MiB/s | 293.6 KiB |  00m00s
[ 7/46] Installing xmlsec1-1:1.2.39-4.f 100% | 180.2 MiB/s | 553.4 KiB |  00m00s
[ 8/46] Installing pyproject-rpm-macros 100% | 105.1 MiB/s | 107.7 KiB |  00m00s
[ 9/46] Installing python-pip-wheel-0:2 100% | 413.9 MiB/s |   1.2 MiB |  00m00s
[10/46] Installing libcbor-0:0.11.0-2.f 100% |  73.5 MiB/s |  75.3 KiB |  00m00s
[11/46] Installing libfido2-0:1.15.0-2. 100% |  39.0 MiB/s | 239.7 KiB |  00m00s
[12/46] Installing tzdata-0:2024a-9.fc4 100% |  27.3 MiB/s |   1.9 MiB |  00m00s
[13/46] Installing mpdecimal-0:2.5.1-16 100% | 100.6 MiB/s | 206.0 KiB |  00m00s
[14/46] Installing libb2-0:0.98.1-12.fc 100% |   7.0 MiB/s |  43.3 KiB |  00m00s
[15/46] Installing python3-libs-0:3.13. 100% | 207.7 MiB/s |  40.7 MiB |  00m00s
[16/46] Installing python3-0:3.13.0~rc2 100% |  32.8 MiB/s |  33.6 KiB |  00m00s
[17/46] Installing python3-packaging-0: 100% | 105.7 MiB/s | 433.0 KiB |  00m00s
[18/46] Installing python3-idna-0:3.8-1 100% | 147.1 MiB/s | 602.7 KiB |  00m00s
[19/46] Installing python3-urllib3-0:2. 100% | 119.8 MiB/s | 981.7 KiB |  00m00s
[20/46] Installing python3-rpm-generato 100% |  81.0 MiB/s |  82.9 KiB |  00m00s
[21/46] Installing python3-bson-0:4.2.0 100% |  78.4 MiB/s | 481.8 KiB |  00m00s
[22/46] Installing python3-docutils-0:0 100% | 136.4 MiB/s |   4.9 MiB |  00m00s
[23/46] Installing python3-snowballstem 100% | 193.8 MiB/s |   1.7 MiB |  00m00s
[24/46] Installing python3-sphinx-theme 100% |  22.7 MiB/s |  46.4 KiB |  00m00s
[25/46] Installing python3-iniconfig-0: 100% |  23.0 MiB/s |  23.5 KiB |  00m00s
[26/46] Installing python3-pluggy-0:1.5 100% |  48.7 MiB/s | 199.4 KiB |  00m00s
[27/46] Installing python3-babel-0:2.16 100% | 224.4 MiB/s |  28.5 MiB |  00m00s
[28/46] Installing python3-imagesize-0: 100% |  12.5 MiB/s |  38.3 KiB |  00m00s
[29/46] Installing python3-pygments-0:2 100% | 174.9 MiB/s |  10.8 MiB |  00m00s
[30/46] Installing python3-charset-norm 100% |  79.3 MiB/s | 324.7 KiB |  00m00s
[31/46] Installing python3-requests-0:2 100% | 121.6 MiB/s | 498.0 KiB |  00m00s
[32/46] Installing python3-markupsafe-0 100% |  32.0 MiB/s |  65.5 KiB |  00m00s
[33/46] Installing python3-jinja2-0:3.1 100% | 223.5 MiB/s |   2.9 MiB |  00m00s
[34/46] Installing libyaml-0:0.2.5-15.f 100% | 132.6 MiB/s | 135.8 KiB |  00m00s
[35/46] Installing python3-pyyaml-0:6.0 100% | 131.0 MiB/s | 804.9 KiB |  00m00s
[36/46] Installing openssh-0:9.8p1-4.fc 100% | 254.1 MiB/s |   1.8 MiB |  00m00s
[37/46] Installing libedit-0:3.1-53.202 100% | 120.0 MiB/s | 245.8 KiB |  00m00s
[38/46] Installing openssh-clients-0:9. 100% | 136.8 MiB/s |   2.6 MiB |  00m00s
>>> Running post-install scriptlet: openssh-clients-0:9.8p1-4.fc42.x86_64
>>> Stop post-install scriptlet: openssh-clients-0:9.8p1-4.fc42.x86_64
[39/46] Installing less-0:661-2.fc41.x8 100% |  99.8 MiB/s | 408.6 KiB |  00m00s
[40/46] Installing git-core-0:2.46.0-1. 100% | 321.2 MiB/s |  22.2 MiB |  00m00s
[41/46] Installing python3-responses-0: 100% |  57.2 MiB/s | 292.8 KiB |  00m00s
[42/46] Installing python3-sphinx-1:7.3 100% | 126.8 MiB/s |  11.0 MiB |  00m00s
[43/46] Installing python3-pytest-0:8.3 100% | 262.3 MiB/s |  21.0 MiB |  00m00s
[44/46] Installing python3-pymongo-0:4. 100% | 184.0 MiB/s |   2.6 MiB |  00m00s
[45/46] Installing python3-devel-0:3.13 100% | 113.4 MiB/s |   1.8 MiB |  00m00s
warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
[46/46] Installing xmlsec1-openssl-1:1. 100% |   5.4 MiB/s | 278.1 KiB |  00m00s
>>> Running trigger-install scriptlet: glibc-common-0:2.40.9000-1.fc42.x86_64
>>> Stop trigger-install scriptlet: glibc-common-0:2.40.9000-1.fc42.x86_64
Complete!
Warning: skipped PGP checks for 13 packages from repository: copr_base
Finish: build setup for python-pysaml2-7.4.2-6.fc42.src.rpm
Start: rpmbuild python-pysaml2-7.4.2-6.fc42.src.rpm
Building target platforms: x86_64
Building for target x86_64
setting SOURCE_DATE_EPOCH=1721347200
Executing(%mkbuilddir): /bin/sh -e /var/tmp/rpm-tmp.JT4Jli
+ umask 022
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ test -d /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ /usr/bin/rm -rf /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ /usr/bin/mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ /usr/bin/mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/SPECPARTS
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.eYnTOz
+ umask 022
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ rm -rf pysaml2-7.4.2
+ /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/pysaml2-7.4.2.tar.gz
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd pysaml2-7.4.2
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ /usr/bin/git init -q
+ /usr/bin/git config user.name rpm-build
+ /usr/bin/git config user.email '<rpm-build>'
+ /usr/bin/git config gc.auto 0
+ /usr/bin/git add --force .
+ GIT_COMMITTER_DATE=@1721347200
+ GIT_AUTHOR_DATE=@1721347200
+ /usr/bin/git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m 'python-pysaml2-7.4.2 base'
+ /usr/bin/git checkout --track -b rpm-build
Switched to a new branch 'rpm-build'
branch 'rpm-build' set up to track 'master'.
+ /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/0001-Remove-utility-from-packaging.patch
+ /usr/bin/git apply --index --reject -
Checking patch pyproject.toml...
Applied patch pyproject.toml cleanly.
+ GIT_COMMITTER_DATE=@1721347200
+ GIT_AUTHOR_DATE=@1721347200
+ /usr/bin/git commit -q -m 0001-Remove-utility-from-packaging.patch --author 'rpm-build <rpm-build>'
+ sed -i 's|f"""#!/usr/bin/env python|f"""|' src/saml2/tools/parse_xsd2.py
+ find src -name '*.py'
+ read source
+ head -n1 src/saml2/__init__.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/__init__.py src/saml2/__init__.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/__init__.py
+ touch --ref=src/saml2/__init__.py.ts src/saml2/__init__.py
+ rm src/saml2/__init__.py.ts
+ read source
+ head -n1 src/saml2/algsupport.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/argtree.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/assertion.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/assertion.py src/saml2/assertion.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/assertion.py
+ touch --ref=src/saml2/assertion.py.ts src/saml2/assertion.py
+ rm src/saml2/assertion.py.ts
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2/attribute_converter.py
#!/usr/bin/env python
+ touch --ref=src/saml2/attribute_converter.py src/saml2/attribute_converter.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/attribute_converter.py
+ touch --ref=src/saml2/attribute_converter.py.ts src/saml2/attribute_converter.py
+ rm src/saml2/attribute_converter.py.ts
+ read source
+ head -n1 src/saml2/attribute_resolver.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/attribute_resolver.py src/saml2/attribute_resolver.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/attribute_resolver.py
+ touch --ref=src/saml2/attribute_resolver.py.ts src/saml2/attribute_resolver.py
+ rm src/saml2/attribute_resolver.py.ts
+ read source
+ head -n1 src/saml2/attributemaps/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/attributemaps/adfs_v1x.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/attributemaps/adfs_v20.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/attributemaps/basic.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/attributemaps/saml_uri.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/attributemaps/shibboleth_uri.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/authn.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/authn_context/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/authn_context/ippword.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/authn_context/ippword.py src/saml2/authn_context/ippword.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/ippword.py
+ touch --ref=src/saml2/authn_context/ippword.py.ts src/saml2/authn_context/ippword.py
+ rm src/saml2/authn_context/ippword.py.ts
+ read source
+ head -n1 src/saml2/authn_context/mobiletwofactor.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/authn_context/mobiletwofactor.py src/saml2/authn_context/mobiletwofactor.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/mobiletwofactor.py
+ touch --ref=src/saml2/authn_context/mobiletwofactor.py.ts src/saml2/authn_context/mobiletwofactor.py
+ rm src/saml2/authn_context/mobiletwofactor.py.ts
+ read source
+ head -n1 src/saml2/authn_context/ppt.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/authn_context/ppt.py src/saml2/authn_context/ppt.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/ppt.py
+ touch --ref=src/saml2/authn_context/ppt.py.ts src/saml2/authn_context/ppt.py
+ rm src/saml2/authn_context/ppt.py.ts
+ read source
+ head -n1 src/saml2/authn_context/pword.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/authn_context/pword.py src/saml2/authn_context/pword.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/pword.py
+ touch --ref=src/saml2/authn_context/pword.py.ts src/saml2/authn_context/pword.py
+ rm src/saml2/authn_context/pword.py.ts
+ read source
#!/usr/bin/env python
+ grep -F /usr/bin/env
+ head -n1 src/saml2/authn_context/sslcert.py
+ touch --ref=src/saml2/authn_context/sslcert.py src/saml2/authn_context/sslcert.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/sslcert.py
+ touch --ref=src/saml2/authn_context/sslcert.py.ts src/saml2/authn_context/sslcert.py
+ rm src/saml2/authn_context/sslcert.py.ts
+ read source
+ head -n1 src/saml2/authn_context/timesync.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/authn_context/timesync.py src/saml2/authn_context/timesync.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/timesync.py
+ touch --ref=src/saml2/authn_context/timesync.py.ts src/saml2/authn_context/timesync.py
+ rm src/saml2/authn_context/timesync.py.ts
+ read source
+ head -n1 src/saml2/cache.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/cache.py src/saml2/cache.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/cache.py
+ touch --ref=src/saml2/cache.py.ts src/saml2/cache.py
+ rm src/saml2/cache.py.ts
+ read source
+ head -n1 src/saml2/cert.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/client.py
+ grep -F /usr/bin/env
# !/usr/bin/env python
+ touch --ref=src/saml2/client.py src/saml2/client.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/client.py
+ touch --ref=src/saml2/client.py.ts src/saml2/client.py
+ rm src/saml2/client.py.ts
+ read source
+ head -n1 src/saml2/client_base.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/client_base.py src/saml2/client_base.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/client_base.py
+ touch --ref=src/saml2/client_base.py.ts src/saml2/client_base.py
+ rm src/saml2/client_base.py.ts
+ read source
+ head -n1 src/saml2/config.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/country_codes.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/country_codes.py src/saml2/country_codes.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/country_codes.py
+ touch --ref=src/saml2/country_codes.py.ts src/saml2/country_codes.py
+ rm src/saml2/country_codes.py.ts
+ read source
+ head -n1 src/saml2/cryptography/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/cryptography/asymmetric.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/cryptography/errors.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/cryptography/pki.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/cryptography/symmetric.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/data/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/data/schemas/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/data/templates/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/discovery.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/ecp.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/ecp.py src/saml2/ecp.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ecp.py
+ touch --ref=src/saml2/ecp.py.ts src/saml2/ecp.py
+ rm src/saml2/ecp.py.ts
+ read source
+ head -n1 src/saml2/ecp_client.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/ecp_client.py src/saml2/ecp_client.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ecp_client.py
+ touch --ref=src/saml2/ecp_client.py.ts src/saml2/ecp_client.py
+ rm src/saml2/ecp_client.py.ts
+ read source
+ head -n1 src/saml2/entity.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/entity_category/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/entity_category/at_egov_pvp2.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/entity_category/edugain.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/entity_category/incommon.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/entity_category/refeds.py
+ grep -F /usr/bin/env
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2/entity_category/swamid.py
+ read source
+ head -n1 src/saml2/eptid.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/extension/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/extension/algsupport.py
#!/usr/bin/env python
+ grep -F /usr/bin/env
+ touch --ref=src/saml2/extension/algsupport.py src/saml2/extension/algsupport.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/algsupport.py
+ touch --ref=src/saml2/extension/algsupport.py.ts src/saml2/extension/algsupport.py
+ rm src/saml2/extension/algsupport.py.ts
+ read source
+ head -n1 src/saml2/extension/dri.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/extension/dri.py src/saml2/extension/dri.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/dri.py
+ touch --ref=src/saml2/extension/dri.py.ts src/saml2/extension/dri.py
+ rm src/saml2/extension/dri.py.ts
+ read source
+ head -n1 src/saml2/extension/idpdisc.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/extension/idpdisc.py src/saml2/extension/idpdisc.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/idpdisc.py
+ touch --ref=src/saml2/extension/idpdisc.py.ts src/saml2/extension/idpdisc.py
+ rm src/saml2/extension/idpdisc.py.ts
+ read source
+ head -n1 src/saml2/extension/mdattr.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/extension/mdattr.py src/saml2/extension/mdattr.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdattr.py
+ touch --ref=src/saml2/extension/mdattr.py.ts src/saml2/extension/mdattr.py
+ rm src/saml2/extension/mdattr.py.ts
+ read source
+ head -n1 src/saml2/extension/mdrpi.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/extension/mdrpi.py src/saml2/extension/mdrpi.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdrpi.py
+ touch --ref=src/saml2/extension/mdrpi.py.ts src/saml2/extension/mdrpi.py
+ rm src/saml2/extension/mdrpi.py.ts
+ read source
+ head -n1 src/saml2/extension/mdui.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/extension/mdui.py src/saml2/extension/mdui.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdui.py
+ touch --ref=src/saml2/extension/mdui.py.ts src/saml2/extension/mdui.py
+ rm src/saml2/extension/mdui.py.ts
+ read source
+ head -n1 src/saml2/extension/pefim.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/extension/pefim.py src/saml2/extension/pefim.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/pefim.py
+ touch --ref=src/saml2/extension/pefim.py.ts src/saml2/extension/pefim.py
+ rm src/saml2/extension/pefim.py.ts
+ read source
+ head -n1 src/saml2/extension/reqinit.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/extension/reqinit.py src/saml2/extension/reqinit.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/reqinit.py
+ touch --ref=src/saml2/extension/reqinit.py.ts src/saml2/extension/reqinit.py
+ rm src/saml2/extension/reqinit.py.ts
+ read source
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ head -n1 src/saml2/extension/requested_attributes.py
+ touch --ref=src/saml2/extension/requested_attributes.py src/saml2/extension/requested_attributes.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/requested_attributes.py
+ touch --ref=src/saml2/extension/requested_attributes.py.ts src/saml2/extension/requested_attributes.py
+ rm src/saml2/extension/requested_attributes.py.ts
+ read source
+ head -n1 src/saml2/extension/shibmd.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/extension/shibmd.py src/saml2/extension/shibmd.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/shibmd.py
+ touch --ref=src/saml2/extension/shibmd.py.ts src/saml2/extension/shibmd.py
+ rm src/saml2/extension/shibmd.py.ts
+ read source
+ head -n1 src/saml2/extension/sp_type.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/extension/sp_type.py src/saml2/extension/sp_type.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/sp_type.py
+ touch --ref=src/saml2/extension/sp_type.py.ts src/saml2/extension/sp_type.py
+ rm src/saml2/extension/sp_type.py.ts
+ read source
+ head -n1 src/saml2/filter.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/httpbase.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/httputil.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/ident.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/mcache.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/mcache.py src/saml2/mcache.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mcache.py
+ touch --ref=src/saml2/mcache.py.ts src/saml2/mcache.py
+ rm src/saml2/mcache.py.ts
+ read source
+ head -n1 src/saml2/md.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/md.py src/saml2/md.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/md.py
+ touch --ref=src/saml2/md.py.ts src/saml2/md.py
+ rm src/saml2/md.py.ts
+ read source
+ head -n1 src/saml2/mdbcache.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/mdbcache.py src/saml2/mdbcache.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mdbcache.py
+ touch --ref=src/saml2/mdbcache.py.ts src/saml2/mdbcache.py
+ rm src/saml2/mdbcache.py.ts
+ read source
+ head -n1 src/saml2/mdie.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/mdie.py src/saml2/mdie.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mdie.py
+ touch --ref=src/saml2/mdie.py.ts src/saml2/mdie.py
+ rm src/saml2/mdie.py.ts
+ read source
+ head -n1 src/saml2/mdstore.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/metadata.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/metadata.py src/saml2/metadata.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/metadata.py
+ touch --ref=src/saml2/metadata.py.ts src/saml2/metadata.py
+ rm src/saml2/metadata.py.ts
+ read source
+ head -n1 src/saml2/mongo_store.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/pack.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/population.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/profile/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/profile/ecp.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/profile/ecp.py src/saml2/profile/ecp.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/profile/ecp.py
+ touch --ref=src/saml2/profile/ecp.py.ts src/saml2/profile/ecp.py
+ rm src/saml2/profile/ecp.py.ts
+ read source
+ head -n1 src/saml2/profile/paos.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/profile/paos.py src/saml2/profile/paos.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/profile/paos.py
+ touch --ref=src/saml2/profile/paos.py.ts src/saml2/profile/paos.py
+ rm src/saml2/profile/paos.py.ts
+ read source
+ head -n1 src/saml2/profile/samlec.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/request.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/response.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/response.py src/saml2/response.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/response.py
+ touch --ref=src/saml2/response.py.ts src/saml2/response.py
+ rm src/saml2/response.py.ts
+ read source
+ head -n1 src/saml2/s2repoze/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/s2repoze/plugins/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/s2repoze/plugins/challenge_decider.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/s2repoze/plugins/entitlement.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/s2repoze/plugins/entitlement.py src/saml2/s2repoze/plugins/entitlement.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/s2repoze/plugins/entitlement.py
+ touch --ref=src/saml2/s2repoze/plugins/entitlement.py.ts src/saml2/s2repoze/plugins/entitlement.py
+ rm src/saml2/s2repoze/plugins/entitlement.py.ts
+ read source
+ head -n1 src/saml2/s2repoze/plugins/formswithhidden.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/s2repoze/plugins/ini.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/s2repoze/plugins/sp.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/s_utils.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/s_utils.py src/saml2/s_utils.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/s_utils.py
+ touch --ref=src/saml2/s_utils.py.ts src/saml2/s_utils.py
+ rm src/saml2/s_utils.py.ts
+ read source
+ head -n1 src/saml2/saml.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/saml.py src/saml2/saml.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/saml.py
+ touch --ref=src/saml2/saml.py.ts src/saml2/saml.py
+ rm src/saml2/saml.py.ts
+ read source
+ head -n1 src/saml2/samlp.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/samlp.py src/saml2/samlp.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/samlp.py
+ touch --ref=src/saml2/samlp.py.ts src/saml2/samlp.py
+ rm src/saml2/samlp.py.ts
+ read source
+ head -n1 src/saml2/schema/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/schema/soap.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/schema/soap.py src/saml2/schema/soap.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/soap.py
+ touch --ref=src/saml2/schema/soap.py.ts src/saml2/schema/soap.py
+ rm src/saml2/schema/soap.py.ts
+ read source
+ head -n1 src/saml2/schema/soapenv.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/schema/soapenv.py src/saml2/schema/soapenv.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/soapenv.py
+ touch --ref=src/saml2/schema/soapenv.py.ts src/saml2/schema/soapenv.py
+ rm src/saml2/schema/soapenv.py.ts
+ read source
+ head -n1 src/saml2/schema/wsdl.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/schema/wsdl.py src/saml2/schema/wsdl.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/wsdl.py
+ touch --ref=src/saml2/schema/wsdl.py.ts src/saml2/schema/wsdl.py
+ rm src/saml2/schema/wsdl.py.ts
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2/sdb.py
+ read source
+ head -n1 src/saml2/server.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/server.py src/saml2/server.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/server.py
+ touch --ref=src/saml2/server.py.ts src/saml2/server.py
+ rm src/saml2/server.py.ts
+ read source
+ head -n1 src/saml2/sigver.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/soap.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/soap.py src/saml2/soap.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/soap.py
+ touch --ref=src/saml2/soap.py.ts src/saml2/soap.py
+ rm src/saml2/soap.py.ts
+ read source
+ head -n1 src/saml2/time_util.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/time_util.py src/saml2/time_util.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/time_util.py
+ touch --ref=src/saml2/time_util.py.ts src/saml2/time_util.py
+ rm src/saml2/time_util.py.ts
+ read source
+ head -n1 src/saml2/tools/make_metadata.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/tools/make_metadata.py src/saml2/tools/make_metadata.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/make_metadata.py
+ touch --ref=src/saml2/tools/make_metadata.py.ts src/saml2/tools/make_metadata.py
+ rm src/saml2/tools/make_metadata.py.ts
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2/tools/mdexport.py
#!/usr/bin/env python
+ touch --ref=src/saml2/tools/mdexport.py src/saml2/tools/mdexport.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdexport.py
+ touch --ref=src/saml2/tools/mdexport.py.ts src/saml2/tools/mdexport.py
+ rm src/saml2/tools/mdexport.py.ts
+ read source
+ head -n1 src/saml2/tools/mdexport_test.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/tools/mdexport_test.py src/saml2/tools/mdexport_test.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdexport_test.py
+ touch --ref=src/saml2/tools/mdexport_test.py.ts src/saml2/tools/mdexport_test.py
+ rm src/saml2/tools/mdexport_test.py.ts
+ read source
+ head -n1 src/saml2/tools/mdimport.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/tools/mdimport.py src/saml2/tools/mdimport.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdimport.py
+ touch --ref=src/saml2/tools/mdimport.py.ts src/saml2/tools/mdimport.py
+ rm src/saml2/tools/mdimport.py.ts
+ read source
#!/usr/bin/env python
+ head -n1 src/saml2/tools/merge_metadata.py
+ grep -F /usr/bin/env
+ touch --ref=src/saml2/tools/merge_metadata.py src/saml2/tools/merge_metadata.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/merge_metadata.py
+ touch --ref=src/saml2/tools/merge_metadata.py.ts src/saml2/tools/merge_metadata.py
+ rm src/saml2/tools/merge_metadata.py.ts
+ read source
+ head -n1 src/saml2/tools/sync_attrmaps.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/tools/sync_attrmaps.py src/saml2/tools/sync_attrmaps.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/sync_attrmaps.py
+ touch --ref=src/saml2/tools/sync_attrmaps.py.ts src/saml2/tools/sync_attrmaps.py
+ rm src/saml2/tools/sync_attrmaps.py.ts
+ read source
#!/usr/bin/env python
+ head -n1 src/saml2/tools/verify_metadata.py
+ grep -F /usr/bin/env
+ touch --ref=src/saml2/tools/verify_metadata.py src/saml2/tools/verify_metadata.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/verify_metadata.py
+ touch --ref=src/saml2/tools/verify_metadata.py.ts src/saml2/tools/verify_metadata.py
+ rm src/saml2/tools/verify_metadata.py.ts
+ read source
+ head -n1 src/saml2/tools/parse_xsd2.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/tools/parse_xsd2.py src/saml2/tools/parse_xsd2.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/parse_xsd2.py
+ touch --ref=src/saml2/tools/parse_xsd2.py.ts src/saml2/tools/parse_xsd2.py
+ rm src/saml2/tools/parse_xsd2.py.ts
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2/userinfo/__init__.py
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2/userinfo/ldapinfo.py
+ read source
+ head -n1 src/saml2/validate.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/version.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/virtual_org.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/ws/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2/ws/wsaddr.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/ws/wsaddr.py src/saml2/ws/wsaddr.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wsaddr.py
+ touch --ref=src/saml2/ws/wsaddr.py.ts src/saml2/ws/wsaddr.py
+ rm src/saml2/ws/wsaddr.py.ts
+ read source
#!/usr/bin/env python
+ grep -F /usr/bin/env
+ head -n1 src/saml2/ws/wspol.py
+ touch --ref=src/saml2/ws/wspol.py src/saml2/ws/wspol.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wspol.py
+ touch --ref=src/saml2/ws/wspol.py.ts src/saml2/ws/wspol.py
+ rm src/saml2/ws/wspol.py.ts
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2/ws/wssec.py
#!/usr/bin/env python
+ touch --ref=src/saml2/ws/wssec.py src/saml2/ws/wssec.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wssec.py
+ touch --ref=src/saml2/ws/wssec.py.ts src/saml2/ws/wssec.py
+ rm src/saml2/ws/wssec.py.ts
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2/ws/wstrust.py
#!/usr/bin/env python
+ touch --ref=src/saml2/ws/wstrust.py src/saml2/ws/wstrust.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wstrust.py
+ touch --ref=src/saml2/ws/wstrust.py.ts src/saml2/ws/wstrust.py
+ rm src/saml2/ws/wstrust.py.ts
+ read source
#!/usr/bin/env python
+ grep -F /usr/bin/env
+ head -n1 src/saml2/ws/wsutil.py
+ touch --ref=src/saml2/ws/wsutil.py src/saml2/ws/wsutil.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wsutil.py
+ touch --ref=src/saml2/ws/wsutil.py.ts src/saml2/ws/wsutil.py
+ rm src/saml2/ws/wsutil.py.ts
+ read source
+ head -n1 src/saml2/xml/__init__.py
+ grep -F /usr/bin/env
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2/xml/schema/__init__.py
+ read source
+ head -n1 src/saml2/xmldsig/__init__.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/xmldsig/__init__.py src/saml2/xmldsig/__init__.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/xmldsig/__init__.py
+ touch --ref=src/saml2/xmldsig/__init__.py.ts src/saml2/xmldsig/__init__.py
+ rm src/saml2/xmldsig/__init__.py.ts
+ read source
+ head -n1 src/saml2/xmlenc/__init__.py
+ grep -F /usr/bin/env
#!/usr/bin/env python
+ touch --ref=src/saml2/xmlenc/__init__.py src/saml2/xmlenc/__init__.py.ts
+ sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/xmlenc/__init__.py
+ touch --ref=src/saml2/xmlenc/__init__.py.ts src/saml2/xmlenc/__init__.py
+ rm src/saml2/xmlenc/__init__.py.ts
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2test/__init__.py
+ read source
+ grep -F /usr/bin/env
+ head -n1 src/saml2test/check.py
+ read source
+ head -n1 src/saml2test/interaction.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2test/opfunc.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2test/status.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/saml2test/tool.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/utility/__init__.py
+ grep -F /usr/bin/env
+ read source
+ head -n1 src/utility/metadata.py
+ grep -F /usr/bin/env
+ read source
+ source=src/saml2/schema/wsdl.py
+ touch --ref=src/saml2/schema/wsdl.py src/saml2/schema/wsdl.py.ts
+ sed -i '1,3{d;q}' src/saml2/schema/wsdl.py
+ touch --ref=src/saml2/schema/wsdl.py.ts src/saml2/schema/wsdl.py
+ rm src/saml2/schema/wsdl.py.ts
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.KeU822
+ umask 022
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ cd pysaml2-7.4.2
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib64:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ echo pyproject-rpm-macros
+ echo python3-devel
+ echo 'python3dist(pip) >= 19'
+ echo 'python3dist(packaging)'
+ '[' -f pyproject.toml ']'
+ echo '(python3dist(tomli) if python3-devel < 3.11)'
+ rm -rfv '*.dist-info/'
+ '[' -f /usr/bin/python3 ']'
+ mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir
+ echo -n
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir
+ RPM_TOXENV=py313
+ HOSTNAME=rpmbuild
+ /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires -t
Handling poetry_core>=1.0.0 from build-system.requires
Requirement not satisfied: poetry_core>=1.0.0
Exiting dependency generation pass: build backend
+ cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires
+ rm -rfv '*.dist-info/'
+ RPM_EC=0
++ jobs -p
+ exit 0
Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.buildreqs.nosrc.rpm
INFO: Going to install missing dynamic buildrequires
Updating and loading repositories:
 fedora                                 100% | 227.2 KiB/s |   5.2 KiB |  00m00s
 Copr repository                        100% |  46.4 KiB/s |   1.5 KiB |  00m00s
 Copr repository                        100% |   8.8 MiB/s |   1.0 MiB |  00m00s
Repositories loaded.
Package "git-core-2.46.0-1.fc41.x86_64" is already installed.
Package "pyproject-rpm-macros-1.14.0-1.fc42.noarch" is already installed.
Package "python3-devel-3.13.0~rc2-1.fc42.x86_64" is already installed.
Package "python3-pymongo-4.2.0-8.fc41.x86_64" is already installed.
Package "python3-pytest-8.3.3-1.fc42.noarch" is already installed.
Package "python3-responses-0.25.3-2.fc41.noarch" is already installed.
Package "python3-sphinx-1:7.3.7-2.fc41.noarch" is already installed.
Package "python3-packaging-24.1-2.fc42.noarch" is already installed.
Package "xmlsec1-1:1.2.39-4.fc41.x86_64" is already installed.
Package "xmlsec1-openssl-1:1.2.39-4.fc41.x86_64" is already installed.

Package                 Arch   Version       Repository      Size
Installing:
 python3-pip            noarch 24.2-1.fc42   copr_base   11.4 MiB
 python3-poetry-core    noarch 1.9.0-3.fc41  fedora       1.0 MiB
Installing dependencies:
 python3-fastjsonschema noarch 2.20.0-1.fc42 copr_base  189.5 KiB
 python3-lark           noarch 1.1.9-5.fc41  fedora       1.3 MiB

Transaction Summary:
 Installing:        4 packages

Total size of inbound packages is 3 MiB. Need to download 746 KiB.
After this operation 14 MiB will be used (install 14 MiB, remove 0 B).
[1/4] python3-pip-0:24.2-1.fc42.noarch  100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[2/4] python3-fastjsonschema-0:2.20.0-1 100% |   1.5 MiB/s |  58.5 KiB |  00m00s
[3/4] python3-poetry-core-0:1.9.0-3.fc4 100% |   3.9 MiB/s | 298.9 KiB |  00m00s
[4/4] python3-lark-0:1.1.9-5.fc41.noarc 100% |   5.0 MiB/s | 388.8 KiB |  00m00s
--------------------------------------------------------------------------------
[4/4] Total                             100% |   7.2 MiB/s | 746.3 KiB |  00m00s
Running transaction
[1/6] Verify package files              100% | 307.0   B/s |   4.0   B |  00m00s
[2/6] Prepare transaction               100% | 137.0   B/s |   4.0   B |  00m00s
[3/6] Installing python3-fastjsonschema 100% |  48.2 MiB/s | 197.5 KiB |  00m00s
[4/6] Installing python3-lark-0:1.1.9-5 100% | 121.1 MiB/s |   1.3 MiB |  00m00s
[5/6] Installing python3-poetry-core-0: 100% |  53.4 MiB/s |   1.1 MiB |  00m00s
warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
[6/6] Installing python3-pip-0:24.2-1.f 100% |  94.8 MiB/s |  11.7 MiB |  00m00s
>>> Running trigger-install scriptlet: glibc-common-0:2.40.9000-1.fc42.x86_64
>>> Stop trigger-install scriptlet: glibc-common-0:2.40.9000-1.fc42.x86_64
Complete!
Warning: skipped PGP checks for 2 packages from repository: copr_base
Building target platforms: x86_64
Building for target x86_64
setting SOURCE_DATE_EPOCH=1721347200
Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.8kuKG2
+ umask 022
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ cd pysaml2-7.4.2
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib64:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ echo pyproject-rpm-macros
+ echo python3-devel
+ echo 'python3dist(pip) >= 19'
+ echo 'python3dist(packaging)'
+ '[' -f pyproject.toml ']'
+ echo '(python3dist(tomli) if python3-devel < 3.11)'
+ rm -rfv '*.dist-info/'
+ '[' -f /usr/bin/python3 ']'
+ mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir
+ echo -n
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir
+ RPM_TOXENV=py313
+ HOSTNAME=rpmbuild
+ /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires -t
Handling poetry_core>=1.0.0 from build-system.requires
Requirement satisfied: poetry_core>=1.0.0
   (installed: poetry_core 1.9.0)
Handling tox-current-env >= 0.0.6 from tox itself
Requirement not satisfied: tox-current-env >= 0.0.6
Exiting dependency generation pass: tox itself
+ cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires
+ rm -rfv '*.dist-info/'
+ RPM_EC=0
++ jobs -p
+ exit 0
Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.buildreqs.nosrc.rpm
INFO: Going to install missing dynamic buildrequires
Updating and loading repositories:
 fedora                                 100% | 168.5 KiB/s |   5.2 KiB |  00m00s
 Copr repository                        100% |  49.4 KiB/s |   1.5 KiB |  00m00s
Repositories loaded.
Package "git-core-2.46.0-1.fc41.x86_64" is already installed.
Package "pyproject-rpm-macros-1.14.0-1.fc42.noarch" is already installed.
Package "python3-devel-3.13.0~rc2-1.fc42.x86_64" is already installed.
Package "python3-pymongo-4.2.0-8.fc41.x86_64" is already installed.
Package "python3-pytest-8.3.3-1.fc42.noarch" is already installed.
Package "python3-responses-0.25.3-2.fc41.noarch" is already installed.
Package "python3-sphinx-1:7.3.7-2.fc41.noarch" is already installed.
Package "python3-packaging-24.1-2.fc42.noarch" is already installed.
Package "python3-pip-24.2-1.fc42.noarch" is already installed.
Package "python3-poetry-core-1.9.0-3.fc41.noarch" is already installed.
Package "xmlsec1-1:1.2.39-4.fc41.x86_64" is already installed.
Package "xmlsec1-openssl-1:1.2.39-4.fc41.x86_64" is already installed.

Package                  Arch   Version         Repository      Size
Installing:
 python3-tox-current-env noarch 0.0.12-1.fc42   fedora      71.7 KiB
Installing dependencies:
 python-setuptools-wheel noarch 69.2.0-8.fc41   fedora     750.4 KiB
 python-wheel-wheel      noarch 1:0.43.0-4.fc41 fedora      65.1 KiB
 python3-cachetools      noarch 5.4.0-6.fc42    copr_base  138.1 KiB
 python3-chardet         noarch 5.2.0-14.fc41   fedora       2.1 MiB
 python3-colorama        noarch 0.4.6-9.fc42    copr_base  191.2 KiB
 python3-distlib         noarch 0.3.8-4.fc42    copr_base    1.2 MiB
 python3-filelock        noarch 3.15.4-3.fc42   copr_base   90.1 KiB
 python3-platformdirs    noarch 4.2.2-2.fc42    copr_base  168.4 KiB
 python3-pyproject-api   noarch 1.6.1-5.fc42    copr_base   80.5 KiB
 python3-virtualenv      noarch 20.21.1-22.fc41 fedora     694.8 KiB
 tox                     noarch 4.16.0-2.fc41   fedora       1.1 MiB

Transaction Summary:
 Installing:       12 packages

Total size of inbound packages is 2 MiB. Need to download 38 KiB.
After this operation 7 MiB will be used (install 7 MiB, remove 0 B).
[ 1/12] python3-tox-current-env-0:0.0.1 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 2/12] tox-0:4.16.0-2.fc41.noarch      100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 3/12] python3-chardet-0:5.2.0-14.fc41 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 4/12] python3-virtualenv-0:20.21.1-22 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 5/12] python-setuptools-wheel-0:69.2. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 6/12] python-wheel-wheel-1:0.43.0-4.f 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 7/12] python3-cachetools-0:5.4.0-6.fc 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 8/12] python3-colorama-0:0.4.6-9.fc42 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 9/12] python3-filelock-0:3.15.4-3.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[10/12] python3-platformdirs-0:4.2.2-2. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[11/12] python3-distlib-0:0.3.8-4.fc42. 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[12/12] python3-pyproject-api-0:1.6.1-5 100% | 990.8 KiB/s |  37.6 KiB |  00m00s
--------------------------------------------------------------------------------
[12/12] Total                           100% | 941.2 KiB/s |  37.6 KiB |  00m00s
Running transaction
[ 1/14] Verify package files            100% |   1.5 KiB/s |  12.0   B |  00m00s
[ 2/14] Prepare transaction             100% | 600.0   B/s |  12.0   B |  00m00s
[ 3/14] Installing python3-platformdirs 100% |  56.9 MiB/s | 174.9 KiB |  00m00s
[ 4/14] Installing python3-filelock-0:3 100% |  31.6 MiB/s |  97.0 KiB |  00m00s
[ 5/14] Installing python3-distlib-0:0. 100% | 236.0 MiB/s |   1.2 MiB |  00m00s
[ 6/14] Installing python3-pyproject-ap 100% |  42.3 MiB/s |  86.7 KiB |  00m00s
[ 7/14] Installing python3-colorama-0:0 100% |  65.5 MiB/s | 201.1 KiB |  00m00s
[ 8/14] Installing python3-cachetools-0 100% |  69.2 MiB/s | 141.7 KiB |  00m00s
[ 9/14] Installing python-wheel-wheel-1 100% |  64.3 MiB/s |  65.8 KiB |  00m00s
[10/14] Installing python-setuptools-wh 100% | 366.8 MiB/s | 751.1 KiB |  00m00s
[11/14] Installing python3-virtualenv-0 100% |  35.7 MiB/s | 767.1 KiB |  00m00s
[12/14] Installing python3-chardet-0:5. 100% | 161.2 MiB/s |   2.1 MiB |  00m00s
[13/14] Installing tox-0:4.16.0-2.fc41. 100% |  60.5 MiB/s |   1.2 MiB |  00m00s
warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
[14/14] Installing python3-tox-current- 100% |   2.9 MiB/s |  76.0 KiB |  00m00s
>>> Running trigger-install scriptlet: glibc-common-0:2.40.9000-1.fc42.x86_64
>>> Stop trigger-install scriptlet: glibc-common-0:2.40.9000-1.fc42.x86_64
Complete!
Warning: skipped PGP checks for 6 packages from repository: copr_base
Building target platforms: x86_64
Building for target x86_64
setting SOURCE_DATE_EPOCH=1721347200
Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.4akCXn
+ umask 022
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ cd pysaml2-7.4.2
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib64:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ echo pyproject-rpm-macros
+ echo python3-devel
+ echo 'python3dist(pip) >= 19'
+ echo 'python3dist(packaging)'
+ '[' -f pyproject.toml ']'
+ echo '(python3dist(tomli) if python3-devel < 3.11)'
+ rm -rfv '*.dist-info/'
+ '[' -f /usr/bin/python3 ']'
+ mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir
+ echo -n
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir
+ RPM_TOXENV=py313
+ HOSTNAME=rpmbuild
+ /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires -t
Handling poetry_core>=1.0.0 from build-system.requires
Requirement satisfied: poetry_core>=1.0.0
   (installed: poetry_core 1.9.0)
Handling tox-current-env >= 0.0.6 from tox itself
Requirement satisfied: tox-current-env >= 0.0.6
   (installed: tox-current-env 0.0.12)
  py313: OK (0.00 seconds)
  congratulations :) (0.06 seconds)
Handling tox from tox --print-deps-only: py313
Requirement satisfied: tox
   (installed: tox 4.16.0)
Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2)
Requirement not satisfied: cryptography (>=3.1)
Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2)
Requirement not satisfied: defusedxml
Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8"
Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: importlib-resources ; python_version < "3.9"
Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: paste ; extra == "s2repoze"
Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2)
Requirement not satisfied: pyopenssl
Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2)
Requirement not satisfied: python-dateutil
Handling pytz from hook generated metadata: Requires-Dist (pysaml2)
Requirement not satisfied: pytz
Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: repoze.who ; extra == "s2repoze"
Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: requests (>=2,<3)
   (installed: requests 2.32.3)
Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2)
Requirement not satisfied: xmlschema (>=1.2.1)
Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: zope.interface ; extra == "s2repoze"
+ cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires
+ rm -rfv pysaml2-7.4.2.dist-info/
removed 'pysaml2-7.4.2.dist-info/entry_points.txt'
removed 'pysaml2-7.4.2.dist-info/WHEEL'
removed 'pysaml2-7.4.2.dist-info/METADATA'
removed 'pysaml2-7.4.2.dist-info/LICENSE'
removed directory 'pysaml2-7.4.2.dist-info/'
+ RPM_EC=0
++ jobs -p
+ exit 0
Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.buildreqs.nosrc.rpm
INFO: Going to install missing dynamic buildrequires
Updating and loading repositories:
 fedora                                 100% | 227.1 KiB/s |   5.2 KiB |  00m00s
 Copr repository                        100% |  37.4 KiB/s |   1.5 KiB |  00m00s
Repositories loaded.
Package "git-core-2.46.0-1.fc41.x86_64" is already installed.
Package "pyproject-rpm-macros-1.14.0-1.fc42.noarch" is already installed.
Package "python3-devel-3.13.0~rc2-1.fc42.x86_64" is already installed.
Package "python3-pymongo-4.2.0-8.fc41.x86_64" is already installed.
Package "python3-pytest-8.3.3-1.fc42.noarch" is already installed.
Package "python3-responses-0.25.3-2.fc41.noarch" is already installed.
Package "python3-sphinx-1:7.3.7-2.fc41.noarch" is already installed.
Package "python3-packaging-24.1-2.fc42.noarch" is already installed.
Package "python3-pip-24.2-1.fc42.noarch" is already installed.
Package "python3-poetry-core-1.9.0-3.fc41.noarch" is already installed.
Package "tox-4.16.0-2.fc41.noarch" is already installed.
Package "python3-tox-current-env-0.0.12-1.fc42.noarch" is already installed.
Package "xmlsec1-1:1.2.39-4.fc41.x86_64" is already installed.
Package "xmlsec1-openssl-1:1.2.39-4.fc41.x86_64" is already installed.

Package               Arch   Version         Repository      Size
Installing:
 python3-cryptography x86_64 43.0.0-3.fc42   copr_base    4.7 MiB
 python3-dateutil     noarch 1:2.8.2-16.fc42 copr_base  878.7 KiB
 python3-defusedxml   noarch 0.7.1-15.fc41   fedora     198.2 KiB
 python3-pyOpenSSL    noarch 24.2.1-1.fc42   copr_base  747.0 KiB
 python3-pytz         noarch 2024.2-1.fc42   fedora     223.7 KiB
 python3-xmlschema    noarch 3.2.1-3.fc41    fedora       3.9 MiB
Installing dependencies:
 python3-cffi         x86_64 1.17.1-1.fc42   copr_base    1.3 MiB
 python3-elementpath  noarch 4.4.0-6.fc41    fedora       2.6 MiB
 python3-ply          noarch 3.11-25.fc41    fedora     568.2 KiB
 python3-pycparser    noarch 2.20-18.fc41    fedora     821.0 KiB
 python3-six          noarch 1.16.0-23.fc41  fedora     118.3 KiB

Transaction Summary:
 Installing:       11 packages

Total size of inbound packages is 4 MiB. Need to download 2 MiB.
After this operation 16 MiB will be used (install 16 MiB, remove 0 B).
[ 1/11] python3-cryptography-0:43.0.0-3 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 2/11] python3-six-0:1.16.0-23.fc41.no 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 3/11] python3-cffi-0:1.17.1-1.fc42.x8 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 4/11] python3-pycparser-0:2.20-18.fc4 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 5/11] python3-ply-0:3.11-25.fc41.noar 100% |   0.0   B/s |   0.0   B |  00m00s
>>> Already downloaded
[ 6/11] python3-defusedxml-0:0.7.1-15.f 100% | 453.1 KiB/s |  58.9 KiB |  00m00s
[ 7/11] python3-pytz-0:2024.2-1.fc42.no 100% | 407.4 KiB/s |  64.4 KiB |  00m00s
[ 8/11] python3-pyOpenSSL-0:24.2.1-1.fc 100% |   2.0 MiB/s | 125.5 KiB |  00m00s
[ 9/11] python3-dateutil-1:2.8.2-16.fc4 100% |   5.6 MiB/s | 349.5 KiB |  00m00s
[10/11] python3-xmlschema-0:3.2.1-3.fc4 100% |   2.5 MiB/s | 667.9 KiB |  00m00s
[11/11] python3-elementpath-0:4.4.0-6.f 100% |   3.0 MiB/s | 551.3 KiB |  00m00s
--------------------------------------------------------------------------------
[11/11] Total                           100% |   4.5 MiB/s |   1.8 MiB |  00m00s
Running transaction
[ 1/13] Verify package files            100% | 785.0   B/s |  11.0   B |  00m00s
[ 2/13] Prepare transaction             100% | 297.0   B/s |  11.0   B |  00m00s
[ 3/13] Installing python3-ply-0:3.11-2 100% | 140.0 MiB/s | 573.4 KiB |  00m00s
[ 4/13] Installing python3-pycparser-0: 100% | 135.5 MiB/s | 832.5 KiB |  00m00s
[ 5/13] Installing python3-cffi-0:1.17. 100% | 167.1 MiB/s |   1.3 MiB |  00m00s
[ 6/13] Installing python3-cryptography 100% | 133.8 MiB/s |   4.8 MiB |  00m00s
[ 7/13] Installing python3-six-0:1.16.0 100% |  58.9 MiB/s | 120.7 KiB |  00m00s
[ 8/13] Installing python3-elementpath- 100% | 164.9 MiB/s |   2.6 MiB |  00m00s
[ 9/13] Installing python3-xmlschema-0: 100% | 178.9 MiB/s |   3.9 MiB |  00m00s
[10/13] Installing python3-dateutil-1:2 100% | 124.5 MiB/s | 892.4 KiB |  00m00s
[11/13] Installing python3-pyOpenSSL-0: 100% | 183.8 MiB/s | 753.0 KiB |  00m00s
[12/13] Installing python3-pytz-0:2024. 100% |  37.3 MiB/s | 229.0 KiB |  00m00s
warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.execute() instead
[13/13] Installing python3-defusedxml-0 100% |   7.0 MiB/s | 206.5 KiB |  00m00s
>>> Running trigger-install scriptlet: glibc-common-0:2.40.9000-1.fc42.x86_64
>>> Stop trigger-install scriptlet: glibc-common-0:2.40.9000-1.fc42.x86_64
Complete!
Warning: skipped PGP checks for 4 packages from repository: copr_base
Building target platforms: x86_64
Building for target x86_64
setting SOURCE_DATE_EPOCH=1721347200
Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.YPUOxn
+ umask 022
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ cd pysaml2-7.4.2
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib64:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ echo pyproject-rpm-macros
+ echo python3-devel
+ echo 'python3dist(pip) >= 19'
+ echo 'python3dist(packaging)'
+ '[' -f pyproject.toml ']'
+ echo '(python3dist(tomli) if python3-devel < 3.11)'
+ rm -rfv '*.dist-info/'
+ '[' -f /usr/bin/python3 ']'
+ mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir
+ echo -n
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir
+ RPM_TOXENV=py313
+ HOSTNAME=rpmbuild
+ /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires -t
Handling poetry_core>=1.0.0 from build-system.requires
Requirement satisfied: poetry_core>=1.0.0
   (installed: poetry_core 1.9.0)
Handling tox-current-env >= 0.0.6 from tox itself
Requirement satisfied: tox-current-env >= 0.0.6
   (installed: tox-current-env 0.0.12)
  py313: OK (0.00 seconds)
  congratulations :) (0.06 seconds)
Handling tox from tox --print-deps-only: py313
Requirement satisfied: tox
   (installed: tox 4.16.0)
Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: cryptography (>=3.1)
   (installed: cryptography 43.0.0)
Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: defusedxml
   (installed: defusedxml 0.7.1)
Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8"
Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: importlib-resources ; python_version < "3.9"
Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: paste ; extra == "s2repoze"
Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: pyopenssl
   (installed: pyopenssl 24.2.1)
Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: python-dateutil
   (installed: python-dateutil 2.8.2)
Handling pytz from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: pytz
   (installed: pytz 2024.2)
Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: repoze.who ; extra == "s2repoze"
Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: requests (>=2,<3)
   (installed: requests 2.32.3)
Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: xmlschema (>=1.2.1)
   (installed: xmlschema 3.2.1)
Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: zope.interface ; extra == "s2repoze"
+ cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires
+ rm -rfv pysaml2-7.4.2.dist-info/
removed 'pysaml2-7.4.2.dist-info/entry_points.txt'
removed 'pysaml2-7.4.2.dist-info/WHEEL'
removed 'pysaml2-7.4.2.dist-info/METADATA'
removed 'pysaml2-7.4.2.dist-info/LICENSE'
removed directory 'pysaml2-7.4.2.dist-info/'
+ RPM_EC=0
++ jobs -p
+ exit 0
Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.buildreqs.nosrc.rpm
INFO: Going to install missing dynamic buildrequires
Updating and loading repositories:
 fedora                                 100% | 237.5 KiB/s |   5.2 KiB |  00m00s
 Copr repository                        100% |  43.8 KiB/s |   1.5 KiB |  00m00s
 Copr repository                        100% |   5.0 MiB/s |   1.0 MiB |  00m00s
Repositories loaded.
Package "git-core-2.46.0-1.fc41.x86_64" is already installed.
Package "pyproject-rpm-macros-1.14.0-1.fc42.noarch" is already installed.
Package "python3-devel-3.13.0~rc2-1.fc42.x86_64" is already installed.
Package "python3-pymongo-4.2.0-8.fc41.x86_64" is already installed.
Package "python3-pytest-8.3.3-1.fc42.noarch" is already installed.
Package "python3-responses-0.25.3-2.fc41.noarch" is already installed.
Package "python3-sphinx-1:7.3.7-2.fc41.noarch" is already installed.
Package "python3-cryptography-43.0.0-3.fc42.x86_64" is already installed.
Package "python3-defusedxml-0.7.1-15.fc41.noarch" is already installed.
Package "python3-packaging-24.1-2.fc42.noarch" is already installed.
Package "python3-pip-24.2-1.fc42.noarch" is already installed.
Package "python3-poetry-core-1.9.0-3.fc41.noarch" is already installed.
Package "python3-pyOpenSSL-24.2.1-1.fc42.noarch" is already installed.
Package "python3-dateutil-1:2.8.2-16.fc42.noarch" is already installed.
Package "python3-pytz-2024.2-1.fc42.noarch" is already installed.
Package "tox-4.16.0-2.fc41.noarch" is already installed.
Package "python3-tox-current-env-0.0.12-1.fc42.noarch" is already installed.
Package "python3-xmlschema-3.2.1-3.fc41.noarch" is already installed.
Package "xmlsec1-1:1.2.39-4.fc41.x86_64" is already installed.
Package "xmlsec1-openssl-1:1.2.39-4.fc41.x86_64" is already installed.

Nothing to do.
Building target platforms: x86_64
Building for target x86_64
setting SOURCE_DATE_EPOCH=1721347200
Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.ydT5tu
+ umask 022
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ cd pysaml2-7.4.2
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib64:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ echo pyproject-rpm-macros
+ echo python3-devel
+ echo 'python3dist(pip) >= 19'
+ echo 'python3dist(packaging)'
+ '[' -f pyproject.toml ']'
+ echo '(python3dist(tomli) if python3-devel < 3.11)'
+ rm -rfv '*.dist-info/'
+ '[' -f /usr/bin/python3 ']'
+ mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir
+ echo -n
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir
+ RPM_TOXENV=py313
+ HOSTNAME=rpmbuild
+ /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires -t
Handling poetry_core>=1.0.0 from build-system.requires
Requirement satisfied: poetry_core>=1.0.0
   (installed: poetry_core 1.9.0)
Handling tox-current-env >= 0.0.6 from tox itself
Requirement satisfied: tox-current-env >= 0.0.6
   (installed: tox-current-env 0.0.12)
  py313: OK (0.00 seconds)
  congratulations :) (0.06 seconds)
Handling tox from tox --print-deps-only: py313
Requirement satisfied: tox
   (installed: tox 4.16.0)
Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: cryptography (>=3.1)
   (installed: cryptography 43.0.0)
Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: defusedxml
   (installed: defusedxml 0.7.1)
Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8"
Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: importlib-resources ; python_version < "3.9"
Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: paste ; extra == "s2repoze"
Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: pyopenssl
   (installed: pyopenssl 24.2.1)
Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: python-dateutil
   (installed: python-dateutil 2.8.2)
Handling pytz from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: pytz
   (installed: pytz 2024.2)
Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: repoze.who ; extra == "s2repoze"
Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: requests (>=2,<3)
   (installed: requests 2.32.3)
Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2)
Requirement satisfied: xmlschema (>=1.2.1)
   (installed: xmlschema 3.2.1)
Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2)
Ignoring alien requirement: zope.interface ; extra == "s2repoze"
+ cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires
+ rm -rfv pysaml2-7.4.2.dist-info/
removed 'pysaml2-7.4.2.dist-info/entry_points.txt'
removed 'pysaml2-7.4.2.dist-info/WHEEL'
removed 'pysaml2-7.4.2.dist-info/METADATA'
removed 'pysaml2-7.4.2.dist-info/LICENSE'
removed directory 'pysaml2-7.4.2.dist-info/'
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.sJWEYn
+ umask 022
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib64:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ cd pysaml2-7.4.2
+ mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes '
+ TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir
+ /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_wheel.py /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir
Processing /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2
  Preparing metadata (pyproject.toml): started
  Running command Preparing metadata (pyproject.toml)
  Preparing metadata (pyproject.toml): finished with status 'done'
Building wheels for collected packages: pysaml2
  Building wheel for pysaml2 (pyproject.toml): started
  Running command Building wheel for pysaml2 (pyproject.toml)
  Building wheel for pysaml2 (pyproject.toml): finished with status 'done'
  Created wheel for pysaml2: filename=pysaml2-7.4.2-py3-none-any.whl size=417773 sha256=cbaf636775fca25b472af65bcaeedd1fe655a3d57efae9d46c6e0498b0ec8461
  Stored in directory: /builddir/.cache/pip/wheels/01/b9/eb/75f72f6a4448fdc07c5ffc8f00ad2896051c69eedccbfbb041
Successfully built pysaml2
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.iM7WAq
+ umask 022
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ '[' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT '!=' / ']'
+ rm -rf /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT
++ dirname /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT
+ mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ mkdir /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib64:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ cd pysaml2-7.4.2
++ ls /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir/pysaml2-7.4.2-py3-none-any.whl
++ sed -E 's/([^-]+)-([^-]+)-.+\.whl/\1==\2/'
++ xargs basename --multiple
+ specifier=pysaml2==7.4.2
+ '[' -z pysaml2==7.4.2 ']'
+ TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir
+ /usr/bin/python3 -m pip install --root /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --prefix /usr --no-deps --disable-pip-version-check --progress-bar off --verbose --ignore-installed --no-warn-script-location --no-index --no-cache-dir --find-links /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir pysaml2==7.4.2
Using pip 24.2 from /usr/lib/python3.13/site-packages/pip (python 3.13)
Looking in links: /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir
Processing ./pyproject-wheeldir/pysaml2-7.4.2-py3-none-any.whl
Installing collected packages: pysaml2
  Creating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin
  changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata to 755
  changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport to 755
  changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata to 755
  changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2 to 755
Successfully installed pysaml2-7.4.2
+ '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin ']'
+ '[' -z sP ']'
+ shebang_flags=-kasP
+ /usr/bin/python3 -B /usr/lib/rpm/redhat/pathfix.py -pni /usr/bin/python3 -kasP /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata: updating
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport: updating
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata: updating
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2: updating
+ rm -rfv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/__pycache__
+ rm -f /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-ghost-distinfo
+ site_dirs=()
+ '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages ']'
+ site_dirs+=("/usr/lib/python3.13/site-packages")
+ '[' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages '!=' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages ']'
+ '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages ']'
+ for site_dir in ${site_dirs[@]}
+ for distinfo in /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT$site_dir/*.dist-info
+ echo '%ghost /usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info'
+ sed -i s/pip/rpm/ /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/INSTALLER
+ PYTHONPATH=/usr/lib/rpm/redhat
+ /usr/bin/python3 -B /usr/lib/rpm/redhat/pyproject_preprocess_record.py --buildroot /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --record /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-record
+ rm -fv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD
removed '/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD'
+ rm -fv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/REQUESTED
removed '/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/REQUESTED'
++ wc -l /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-ghost-distinfo
++ cut -f1 '-d '
+ lines=1
+ '[' 1 -ne 1 ']'
+ RPM_FILES_ESCAPE=4.19
+ /usr/bin/python3 /usr/lib/rpm/redhat/pyproject_save_files.py --output-files /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-files --output-modules /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-modules --buildroot /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --sitelib /usr/lib/python3.13/site-packages --sitearch /usr/lib64/python3.13/site-packages --python-version 3.13 --pyproject-record /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-record --prefix /usr saml2 saml2test
+ for bin in parse_xsd2 make_metadata mdexport merge_metadata
+ ln -s parse_xsd2 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/parse_xsd2.py
+ for bin in parse_xsd2 make_metadata mdexport merge_metadata
+ ln -s make_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/make_metadata.py
+ for bin in parse_xsd2 make_metadata mdexport merge_metadata
+ ln -s mdexport /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/mdexport.py
+ for bin in parse_xsd2 make_metadata mdexport merge_metadata
+ ln -s merge_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/merge_metadata.py
+ sed -i /alabaster/d docs/conf.py
+ export PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/lib/python3.13/site-packages
+ PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/lib/python3.13/site-packages
+ sphinx-build-3 docs html
Running Sphinx v7.3.7
making output directory... done
building [mo]: targets for 0 po files that are out of date
writing output... 
building [html]: targets for 8 source files that are out of date
updating environment: [new config] 8 added, 0 changed, 0 removed
reading sources... [ 12%] examples/idp
reading sources... [ 25%] examples/index
reading sources... [ 38%] examples/sp
reading sources... [ 50%] howto/config
reading sources... [ 62%] howto/index
reading sources... [ 75%] index
reading sources... [ 88%] install
reading sources... [100%] sp_test/internal

looking for now-outdated files... none found
pickling environment... done
checking consistency... done
preparing documents... done
copying assets... copying static files... done
copying extra files... done
done
writing output... [ 12%] examples/idp
writing output... [ 25%] examples/index
writing output... [ 38%] examples/sp
writing output... [ 50%] howto/config
writing output... [ 62%] howto/index
writing output... [ 75%] index
writing output... [ 88%] install
writing output... [100%] sp_test/internal

generating indices... genindex done
writing additional pages... search done
dumping search index in English (code: en)... done
dumping object inventory... done
build succeeded.

The HTML pages are in html.
+ rm -rf html/.doctrees html/.buildinfo
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-ldconfig
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/brp-strip /usr/bin/strip
+ /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/check-rpaths
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
*** WARNING: ./usr/lib/python3.13/site-packages/saml2/authn_context/timesync.py is executable but has no shebang, removing executable bit
mangling shebang in /usr/lib/python3.13/site-packages/saml2/tools/update_metadata.sh from /bin/sh to #!/usr/bin/sh
+ /usr/lib/rpm/brp-remove-la-files
+ env /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0 -j2
Bytecompiling .py files below /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13 using python3.13
+ /usr/lib/rpm/redhat/brp-python-hardlink
+ /usr/bin/add-determinism --brp -j2 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/adfs_v1x.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/adfs_v20.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/basic.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/shibboleth_uri.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/saml_uri.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/mobiletwofactor.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/ippword.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/timesync.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/ppt.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/pword.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/sslcert.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/asymmetric.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/errors.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/pki.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/symmetric.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/schemas/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/templates/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/at_egov_pvp2.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/edugain.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/incommon.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/swamid.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/refeds.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/algsupport.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/dri.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/idpdisc.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdattr.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdrpi.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdui.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/shibmd.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/pefim.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/sp_type.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/reqinit.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/requested_attributes.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/ecp.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/paos.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/samlec.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/entitlement.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/ini.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/challenge_decider.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/sp.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/formswithhidden.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/soapenv.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/soap.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/make_metadata.cpython-313.pyc: replacing with normalized version
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/make_metadata.cpython-313.opt-1.pyc: replacing with normalized version
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdexport.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/wsdl.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdexport_test.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdimport.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/merge_metadata.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/verify_metadata.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/sync_attrmaps.cpython-313.pyc: replacing with normalized version
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/sync_attrmaps.cpython-313.opt-1.pyc: replacing with normalized version
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/userinfo/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/userinfo/__pycache__/ldapinfo.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/parse_xsd2.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wspol.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wssec.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wstrust.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wsutil.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xml/schema/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xml/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xmldsig/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xmlenc/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wsaddr.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/assertion.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/algsupport.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/argtree.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/attribute_converter.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/attribute_resolver.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/cache.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/authn.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/cert.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/client.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/client_base.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/config.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/country_codes.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/discovery.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ecp.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ecp_client.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/eptid.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/entity.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/filter.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/httpbase.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdbcache.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/httputil.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ident.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdie.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mcache.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdstore.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/md.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mongo_store.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/pack.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/population.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/request.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/response.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/s_utils.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/saml.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/sdb.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/server.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/samlp.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/metadata.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/sigver.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/soap.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/time_util.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/version.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/validate.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/virtual_org.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/check.cpython-313.pyc: replacing with normalized version
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/check.cpython-313.opt-1.pyc: replacing with normalized version
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/status.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/tool.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/opfunc.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/interaction.cpython-313.pyc: rewriting with normalized contents
Scanned 49 directories and 434 files,
               processed 127 inodes,
               127 modified (6 replaced + 121 rewritten),
               0 unsupported format, 0 errors
Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.359rJA
+ umask 022
+ cd /builddir/build/BUILD/python-pysaml2-7.4.2-build
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib64:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ cd pysaml2-7.4.2
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer '
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed  -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes '
+ PATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin
+ PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages:/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages
+ PYTHONDONTWRITEBYTECODE=1
+ PYTEST_ADDOPTS=' --ignore=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir'
+ PYTEST_XDIST_AUTO_NUM_WORKERS=2
+ /usr/bin/pytest
============================= test session starts ==============================
platform linux -- Python 3.13.0rc2, pytest-8.3.3, pluggy-1.5.0 -- /usr/bin/python3
cachedir: .pytest_cache
rootdir: /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2
configfile: pyproject.toml
testpaths: tests
collecting ... collected 785 items

tests/test_00_xmldsig.py::TestObject::testAccessors PASSED               [  0%]
tests/test_00_xmldsig.py::TestObject::testUsingTestData PASSED           [  0%]
tests/test_00_xmldsig.py::TestMgmtData::testAccessors PASSED             [  0%]
tests/test_00_xmldsig.py::TestMgmtData::testUsingTestData PASSED         [  0%]
tests/test_00_xmldsig.py::TestSPKISexp::testAccessors PASSED             [  0%]
tests/test_00_xmldsig.py::TestSPKISexp::testUsingTestData PASSED         [  0%]
tests/test_00_xmldsig.py::TestSPKIData::testAccessors PASSED             [  0%]
tests/test_00_xmldsig.py::TestSPKIData::testUsingTestData PASSED         [  1%]
tests/test_00_xmldsig.py::TestPGPData::testAccessors PASSED              [  1%]
tests/test_00_xmldsig.py::TestPGPData::testUsingTestData PASSED          [  1%]
tests/test_00_xmldsig.py::TestX509IssuerSerial::testAccessors PASSED     [  1%]
tests/test_00_xmldsig.py::TestX509IssuerSerial::testUsingTestData PASSED [  1%]
tests/test_00_xmldsig.py::TestX509Data::testAccessors PASSED             [  1%]
tests/test_00_xmldsig.py::TestX509Data::testUsingTestData PASSED         [  1%]
tests/test_00_xmldsig.py::TestTransform::testAccessors PASSED            [  1%]
tests/test_00_xmldsig.py::TestTransform::testUsingTestData PASSED        [  2%]
tests/test_00_xmldsig.py::TestTransforms::testAccessors PASSED           [  2%]
tests/test_00_xmldsig.py::TestTransforms::testUsingTestData PASSED       [  2%]
tests/test_00_xmldsig.py::TestRetrievalMethod::testAccessors PASSED      [  2%]
tests/test_00_xmldsig.py::TestRetrievalMethod::testUsingTestData PASSED  [  2%]
tests/test_00_xmldsig.py::TestRSAKeyValue::testAccessors PASSED          [  2%]
tests/test_00_xmldsig.py::TestRSAKeyValue::testUsingTestData PASSED      [  2%]
tests/test_00_xmldsig.py::TestDSAKeyValue::testAccessors PASSED          [  2%]
tests/test_00_xmldsig.py::TestDSAKeyValue::testUsingTestData PASSED      [  3%]
tests/test_00_xmldsig.py::TestKeyValue::testAccessors PASSED             [  3%]
tests/test_00_xmldsig.py::TestKeyValue::testUsingTestData PASSED         [  3%]
tests/test_00_xmldsig.py::TestKeyName::testAccessors PASSED              [  3%]
tests/test_00_xmldsig.py::TestKeyName::testUsingTestData PASSED          [  3%]
tests/test_00_xmldsig.py::TestKeyInfo::testAccessors PASSED              [  3%]
tests/test_00_xmldsig.py::TestKeyInfo::testUsingTestData PASSED          [  3%]
tests/test_00_xmldsig.py::TestDigestValue::testAccessors PASSED          [  3%]
tests/test_00_xmldsig.py::TestDigestValue::testUsingTestData PASSED      [  4%]
tests/test_00_xmldsig.py::TestDigestMethod::testAccessors PASSED         [  4%]
tests/test_00_xmldsig.py::TestDigestMethod::testUsingTestData PASSED     [  4%]
tests/test_00_xmldsig.py::TestReference::testAccessors PASSED            [  4%]
tests/test_00_xmldsig.py::TestReference::testUsingTestData PASSED        [  4%]
tests/test_00_xmldsig.py::TestSignatureMethod::testAccessors PASSED      [  4%]
tests/test_00_xmldsig.py::TestSignatureMethod::testUsingTestData PASSED  [  4%]
tests/test_00_xmldsig.py::TestCanonicalizationMethod::testAccessors PASSED [  4%]
tests/test_00_xmldsig.py::TestCanonicalizationMethod::testUsingTestData PASSED [  5%]
tests/test_00_xmldsig.py::TestSignedInfo::testAccessors PASSED           [  5%]
tests/test_00_xmldsig.py::TestSignedInfo::testUsingTestData PASSED       [  5%]
tests/test_00_xmldsig.py::TestSignatureValue::testAccessors PASSED       [  5%]
tests/test_00_xmldsig.py::TestSignatureValue::testUsingTestData PASSED   [  5%]
tests/test_00_xmldsig.py::TestSignature::testAccessors PASSED            [  5%]
tests/test_00_xmldsig.py::TestSignature::testUsingTestData PASSED        [  5%]
tests/test_01_xmlenc.py::test_1 PASSED                                   [  5%]
tests/test_01_xmlenc.py::test_2 PASSED                                   [  6%]
tests/test_01_xmlenc.py::test_3 PASSED                                   [  6%]
tests/test_01_xmlenc.py::test_4 PASSED                                   [  6%]
tests/test_01_xmlenc.py::test_5 PASSED                                   [  6%]
tests/test_01_xmlenc.py::test_6 PASSED                                   [  6%]
tests/test_02_saml.py::TestExtensionElement::test_loadd PASSED           [  6%]
tests/test_02_saml.py::TestExtensionElement::test_find_children PASSED   [  6%]
tests/test_02_saml.py::TestExtensionContainer::test_find_extensions PASSED [  7%]
tests/test_02_saml.py::TestExtensionContainer::test_add_extension_elements PASSED [  7%]
tests/test_02_saml.py::TestExtensionContainer::test_add_extension_attribute PASSED [  7%]
tests/test_02_saml.py::TestSAMLBase::test_make_vals_dict PASSED          [  7%]
tests/test_02_saml.py::TestSAMLBase::test_make_vals_str PASSED           [  7%]
tests/test_02_saml.py::TestSAMLBase::test_make_vals_multi_dict PASSED    [  7%]
tests/test_02_saml.py::TestSAMLBase::test_to_string_nspair PASSED        [  7%]
tests/test_02_saml.py::TestSAMLBase::test_set_text_empty PASSED          [  7%]
tests/test_02_saml.py::TestSAMLBase::test_set_text_value PASSED          [  8%]
tests/test_02_saml.py::TestSAMLBase::test_set_text_update_same_type PASSED [  8%]
tests/test_02_saml.py::TestSAMLBase::test_set_text_cannot_change_value_type PASSED [  8%]
tests/test_02_saml.py::TestSAMLBase::test_set_xs_type_anytype_unchanged_value PASSED [  8%]
tests/test_02_saml.py::TestSAMLBase::test_set_xs_type_date PASSED        [  8%]
tests/test_02_saml.py::TestSAMLBase::test_treat_invalid_types_as_string PASSED [  8%]
tests/test_02_saml.py::TestSAMLBase::test_make_vals_div PASSED           [  8%]
tests/test_02_saml.py::TestNameID::testEmptyExtensionsList PASSED        [  8%]
tests/test_02_saml.py::TestNameID::testFormatAttribute PASSED            [  9%]
tests/test_02_saml.py::TestNameID::testNameIDText PASSED                 [  9%]
tests/test_02_saml.py::TestNameID::testSPProvidedID PASSED               [  9%]
tests/test_02_saml.py::TestNameID::testEmptyNameIDToAndFromStringMatch PASSED [  9%]
tests/test_02_saml.py::TestNameID::testNameIDToAndFromStringMatch PASSED [  9%]
tests/test_02_saml.py::TestNameID::testExtensionAttributes PASSED        [  9%]
tests/test_02_saml.py::TestNameID::testname_id_from_string PASSED        [  9%]
tests/test_02_saml.py::TestIssuer::testIssuerToAndFromString PASSED      [  9%]
tests/test_02_saml.py::TestIssuer::testUsingTestData PASSED              [ 10%]
tests/test_02_saml.py::TestSubjectLocality::testAccessors PASSED         [ 10%]
tests/test_02_saml.py::TestSubjectLocality::testUsingTestData PASSED     [ 10%]
tests/test_02_saml.py::TestAuthnContextClassRef::testAccessors PASSED    [ 10%]
tests/test_02_saml.py::TestAuthnContextClassRef::testUsingTestData PASSED [ 10%]
tests/test_02_saml.py::TestAuthnContextDeclRef::testAccessors PASSED     [ 10%]
tests/test_02_saml.py::TestAuthnContextDeclRef::testUsingTestData PASSED [ 10%]
tests/test_02_saml.py::TestAuthnContextDecl::testAccessors PASSED        [ 10%]
tests/test_02_saml.py::TestAuthnContextDecl::testUsingTestData PASSED    [ 11%]
tests/test_02_saml.py::TestAuthenticatingAuthority::testAccessors PASSED [ 11%]
tests/test_02_saml.py::TestAuthenticatingAuthority::testUsingTestData PASSED [ 11%]
tests/test_02_saml.py::TestAuthnContext::testAccessors PASSED            [ 11%]
tests/test_02_saml.py::TestAuthnContext::testUsingTestData PASSED        [ 11%]
tests/test_02_saml.py::TestAuthnStatement::testAccessors PASSED          [ 11%]
tests/test_02_saml.py::TestAuthnStatement::testUsingTestData PASSED      [ 11%]
tests/test_02_saml.py::TestAttributeValue::testAccessors PASSED          [ 11%]
tests/test_02_saml.py::TestAttributeValue::testUsingTestData PASSED      [ 12%]
tests/test_02_saml.py::TestAttribute::testAccessors PASSED               [ 12%]
tests/test_02_saml.py::TestAttribute::testUsingTestData PASSED           [ 12%]
tests/test_02_saml.py::TestAttribute::test_basic_str PASSED              [ 12%]
tests/test_02_saml.py::TestAttribute::test_basic_int PASSED              [ 12%]
tests/test_02_saml.py::TestAttribute::test_basic_base64 PASSED           [ 12%]
tests/test_02_saml.py::TestAttribute::test_basic_boolean_true PASSED     [ 12%]
tests/test_02_saml.py::TestAttribute::test_basic_boolean_false PASSED    [ 12%]
tests/test_02_saml.py::TestAttributeStatement::testAccessors PASSED      [ 13%]
tests/test_02_saml.py::TestAttributeStatement::testUsingTestData PASSED  [ 13%]
tests/test_02_saml.py::TestSubjectConfirmationData::testAccessors PASSED [ 13%]
tests/test_02_saml.py::TestSubjectConfirmationData::testUsingTestData PASSED [ 13%]
tests/test_02_saml.py::TestSubjectConfirmation::testAccessors PASSED     [ 13%]
tests/test_02_saml.py::TestSubjectConfirmation::testBearerUsingTestData PASSED [ 13%]
tests/test_02_saml.py::TestSubjectConfirmation::testHolderOfKeyUsingTestData PASSED [ 13%]
tests/test_02_saml.py::TestSubject::testAccessors PASSED                 [ 14%]
tests/test_02_saml.py::TestSubject::testUsingTestData PASSED             [ 14%]
tests/test_02_saml.py::TestCondition::testAccessors PASSED               [ 14%]
tests/test_02_saml.py::TestCondition::testUsingTestData PASSED           [ 14%]
tests/test_02_saml.py::TestAudience::testAccessors PASSED                [ 14%]
tests/test_02_saml.py::TestAudience::testUsingTestData PASSED            [ 14%]
tests/test_02_saml.py::TestAudienceRestriction::testAccessors PASSED     [ 14%]
tests/test_02_saml.py::TestAudienceRestriction::testUsingTestData PASSED [ 14%]
tests/test_02_saml.py::TestOneTimeUse::testAccessors PASSED              [ 15%]
tests/test_02_saml.py::TestOneTimeUse::testUsingTestData PASSED          [ 15%]
tests/test_02_saml.py::TestProxyRestriction::testAccessors PASSED        [ 15%]
tests/test_02_saml.py::TestProxyRestriction::testUsingTestData PASSED    [ 15%]
tests/test_02_saml.py::TestConditions::testAccessors PASSED              [ 15%]
tests/test_02_saml.py::TestConditions::testUsingTestData PASSED          [ 15%]
tests/test_02_saml.py::TestAssertionIDRef::testAccessors PASSED          [ 15%]
tests/test_02_saml.py::TestAssertionIDRef::testUsingTestData PASSED      [ 15%]
tests/test_02_saml.py::TestAssertionURIRef::testAccessors PASSED         [ 16%]
tests/test_02_saml.py::TestAssertionURIRef::testUsingTestData PASSED     [ 16%]
tests/test_02_saml.py::TestAction::testAccessors PASSED                  [ 16%]
tests/test_02_saml.py::TestAction::testUsingTestData PASSED              [ 16%]
tests/test_02_saml.py::TestEvidence::testAccessors PASSED                [ 16%]
tests/test_02_saml.py::TestEvidence::testUsingTestData PASSED            [ 16%]
tests/test_02_saml.py::TestAuthzDecisionStatement::testAccessors PASSED  [ 16%]
tests/test_02_saml.py::TestAuthzDecisionStatement::testUsingTestData PASSED [ 16%]
tests/test_02_saml.py::TestAdvice::testAccessors PASSED                  [ 17%]
tests/test_02_saml.py::TestAdvice::testUsingTestData PASSED              [ 17%]
tests/test_02_saml.py::TestAssertion::testAccessors PASSED               [ 17%]
tests/test_02_saml.py::TestAssertion::testUsingTestData PASSED           [ 17%]
tests/test_03_saml2.py::test_create_class_from_xml_string_nameid PASSED  [ 17%]
tests/test_03_saml2.py::test_create_class_from_xml_string_issuer PASSED  [ 17%]
tests/test_03_saml2.py::test_create_class_from_xml_string_subject_locality PASSED [ 17%]
tests/test_03_saml2.py::test_create_class_from_xml_string_subject_confirmation_data PASSED [ 17%]
tests/test_03_saml2.py::test_create_class_from_xml_string_subject_confirmation PASSED [ 18%]
tests/test_03_saml2.py::test_create_class_from_xml_string_wrong_class_spec PASSED [ 18%]
tests/test_03_saml2.py::test_create_class_from_xml_string_xxe PASSED     [ 18%]
tests/test_03_saml2.py::test_ee_1 PASSED                                 [ 18%]
tests/test_03_saml2.py::test_ee_2 PASSED                                 [ 18%]
tests/test_03_saml2.py::test_ee_3 PASSED                                 [ 18%]
tests/test_03_saml2.py::test_ee_4 PASSED                                 [ 18%]
tests/test_03_saml2.py::test_ee_5 PASSED                                 [ 18%]
tests/test_03_saml2.py::test_ee_6 PASSED                                 [ 19%]
tests/test_03_saml2.py::test_nameid_with_extension PASSED                [ 19%]
tests/test_03_saml2.py::test_subject_confirmation_with_extension PASSED  [ 19%]
tests/test_03_saml2.py::test_to_fro_string_1 PASSED                      [ 19%]
tests/test_03_saml2.py::test_make_vals_str PASSED                        [ 19%]
tests/test_03_saml2.py::test_make_vals_list_of_strs PASSED               [ 19%]
tests/test_03_saml2.py::test_attribute_element_to_extension_element PASSED [ 19%]
tests/test_03_saml2.py::test_ee_7 PASSED                                 [ 20%]
tests/test_03_saml2.py::test_ee_xxe PASSED                               [ 20%]
tests/test_03_saml2.py::test_extension_element_loadd PASSED              [ 20%]
tests/test_03_saml2.py::test_extensions_loadd PASSED                     [ 20%]
tests/test_04_samlp.py::TestStatusDetail::testAccessors PASSED           [ 20%]
tests/test_04_samlp.py::TestStatusMessage::testAccessors PASSED          [ 20%]
tests/test_04_samlp.py::TestStatusCode::testAccessors PASSED             [ 20%]
tests/test_04_samlp.py::TestStatusCode::testUsingTestData PASSED         [ 20%]
tests/test_04_samlp.py::TestStatus::testAccessors PASSED                 [ 21%]
tests/test_04_samlp.py::TestStatus::testUsingTestData PASSED             [ 21%]
tests/test_04_samlp.py::TestResponse::testAccessors PASSED               [ 21%]
tests/test_04_samlp.py::TestResponse::testUsingTestData PASSED           [ 21%]
tests/test_04_samlp.py::TestNameIDPolicy::testAccessors PASSED           [ 21%]
tests/test_04_samlp.py::TestNameIDPolicy::testUsingTestData PASSED       [ 21%]
tests/test_04_samlp.py::TestIDPEntry::testAccessors PASSED               [ 21%]
tests/test_04_samlp.py::TestIDPEntry::testUsingTestData PASSED           [ 21%]
tests/test_04_samlp.py::TestIDPList::testAccessors PASSED                [ 22%]
tests/test_04_samlp.py::TestIDPList::testUsingTestData PASSED            [ 22%]
tests/test_04_samlp.py::TestScoping::testAccessors PASSED                [ 22%]
tests/test_04_samlp.py::TestScoping::testUsingTestData PASSED            [ 22%]
tests/test_04_samlp.py::TestRequestedAuthnContext::testAccessors PASSED  [ 22%]
tests/test_04_samlp.py::TestRequestedAuthnContext::testUsingTestData PASSED [ 22%]
tests/test_04_samlp.py::TestAuthnRequest::testAccessors PASSED           [ 22%]
tests/test_04_samlp.py::TestAuthnRequest::testUsingTestData PASSED       [ 22%]
tests/test_04_samlp.py::TestLogoutRequest::testAccessors PASSED          [ 23%]
tests/test_04_samlp.py::TestLogoutRequest::testUsingTestData PASSED      [ 23%]
tests/test_04_samlp.py::TestLogoutResponse::testAccessors PASSED         [ 23%]
tests/test_04_samlp.py::TestLogoutResponse::testUsingTestData PASSED     [ 23%]
tests/test_05_md.py::TestEndpointType::testAccessors PASSED              [ 23%]
tests/test_05_md.py::TestEndpointType::testUsingTestData PASSED          [ 23%]
tests/test_05_md.py::TestIndexedEndpointType::testAccessors PASSED       [ 23%]
tests/test_05_md.py::TestIndexedEndpointType::testUsingTestData PASSED   [ 23%]
tests/test_05_md.py::TestExtensions::testAccessors PASSED                [ 24%]
tests/test_05_md.py::TestOrganizationName::testAccessors PASSED          [ 24%]
tests/test_05_md.py::TestOrganizationName::testUsingTestData PASSED      [ 24%]
tests/test_05_md.py::TestOrganizationDisplayName::testAccessors PASSED   [ 24%]
tests/test_05_md.py::TestOrganizationDisplayName::testUsingTestData PASSED [ 24%]
tests/test_05_md.py::TestOrganizationURL::testAccessors PASSED           [ 24%]
tests/test_05_md.py::TestOrganizationURL::testUsingTestData PASSED       [ 24%]
tests/test_05_md.py::TestOrganization::testAccessors PASSED              [ 24%]
tests/test_05_md.py::TestOrganization::testUsingTestData PASSED          [ 25%]
tests/test_05_md.py::TestContactPerson::testAccessors PASSED             [ 25%]
tests/test_05_md.py::TestContactPerson::testUsingTestData PASSED         [ 25%]
tests/test_05_md.py::TestAdditionalMetadataLocation::testAccessors PASSED [ 25%]
tests/test_05_md.py::TestAdditionalMetadataLocation::testUsingTestData PASSED [ 25%]
tests/test_05_md.py::TestEncryptionMethod::testAccessors PASSED          [ 25%]
tests/test_05_md.py::TestEncryptionMethod::testUsingTestData PASSED      [ 25%]
tests/test_05_md.py::TestKeyDescriptor::testAccessors PASSED             [ 25%]
tests/test_05_md.py::TestKeyDescriptor::testUsingTestData PASSED         [ 26%]
tests/test_05_md.py::TestRoleDescriptor::testAccessors PASSED            [ 26%]
tests/test_05_md.py::TestRoleDescriptor::testUsingTestData PASSED        [ 26%]
tests/test_05_md.py::TestArtifactResolutionService::testAccessors PASSED [ 26%]
tests/test_05_md.py::TestArtifactResolutionService::testUsingTestData PASSED [ 26%]
tests/test_05_md.py::TestSingleLogout::testAccessors PASSED              [ 26%]
tests/test_05_md.py::TestSingleLogout::testUsingTestData PASSED          [ 26%]
tests/test_05_md.py::TestManageNameIDService::testAccessors PASSED       [ 27%]
tests/test_05_md.py::TestManageNameIDService::testUsingTestData PASSED   [ 27%]
tests/test_05_md.py::TestNameIDFormat::testAccessors PASSED              [ 27%]
tests/test_05_md.py::TestNameIDFormat::testUsingTestData PASSED          [ 27%]
tests/test_05_md.py::TestSingleSignOnService::testAccessors PASSED       [ 27%]
tests/test_05_md.py::TestSingleSignOnService::testUsingTestData PASSED   [ 27%]
tests/test_05_md.py::TestNameIDMappingService::testAccessors PASSED      [ 27%]
tests/test_05_md.py::TestNameIDMappingService::testUsingTestData PASSED  [ 27%]
tests/test_05_md.py::TestAssertionIDRequestService::testAccessors PASSED [ 28%]
tests/test_05_md.py::TestAssertionIDRequestService::testUsingTestData PASSED [ 28%]
tests/test_05_md.py::TestAttributeProfile::testAccessors PASSED          [ 28%]
tests/test_05_md.py::TestAttributeProfile::testUsingTestData PASSED      [ 28%]
tests/test_05_md.py::TestIDPSSODescriptor::testAccessors PASSED          [ 28%]
tests/test_05_md.py::TestIDPSSODescriptor::testUsingTestData PASSED      [ 28%]
tests/test_05_md.py::TestIDPSSODescriptor::testUsingScope PASSED         [ 28%]
tests/test_05_md.py::TestAssertionConsumerService::testAccessors PASSED  [ 28%]
tests/test_05_md.py::TestAssertionConsumerService::testUsingTestData PASSED [ 29%]
tests/test_05_md.py::TestRequestedAttribute::testAccessors PASSED        [ 29%]
tests/test_05_md.py::TestRequestedAttribute::testUsingTestData PASSED    [ 29%]
tests/test_05_md.py::TestServiceName::testAccessors PASSED               [ 29%]
tests/test_05_md.py::TestServiceName::testUsingTestData PASSED           [ 29%]
tests/test_05_md.py::TestServiceDescription::testAccessors PASSED        [ 29%]
tests/test_05_md.py::TestServiceDescription::testUsingTestData PASSED    [ 29%]
tests/test_05_md.py::TestAttributeConsumingService::testAccessors PASSED [ 29%]
tests/test_05_md.py::TestAttributeConsumingService::testUsingTestData PASSED [ 30%]
tests/test_05_md.py::TestSPSSODescriptor::testAccessors PASSED           [ 30%]
tests/test_05_md.py::TestSPSSODescriptor::testUsingTestData PASSED       [ 30%]
tests/test_05_md.py::TestEntityDescriptor::testAccessors PASSED          [ 30%]
tests/test_05_md.py::TestEntityDescriptor::testUsingTestData PASSED      [ 30%]
tests/test_05_md.py::TestEntitiesDescriptor::testAccessors PASSED        [ 30%]
tests/test_05_md.py::TestEntitiesDescriptor::testUsingTestData PASSED    [ 30%]
tests/test_06_setarg.py::test_path PASSED                                [ 30%]
tests/test_06_setarg.py::test_set_arg PASSED                             [ 31%]
tests/test_06_setarg.py::test_multi PASSED                               [ 31%]
tests/test_06_setarg.py::test_is_set PASSED                              [ 31%]
tests/test_10_time_util.py::test_f_quotient PASSED                       [ 31%]
tests/test_10_time_util.py::test_modulo PASSED                           [ 31%]
tests/test_10_time_util.py::test_f_quotient_2 PASSED                     [ 31%]
tests/test_10_time_util.py::test_modulo_2 PASSED                         [ 31%]
tests/test_10_time_util.py::test_parse_duration PASSED                   [ 31%]
tests/test_10_time_util.py::test_parse_duration2 PASSED                  [ 32%]
tests/test_10_time_util.py::test_parse_duration_n PASSED                 [ 32%]
tests/test_10_time_util.py::test_add_duration_1 PASSED                   [ 32%]
tests/test_10_time_util.py::test_add_duration_2 PASSED                   [ 32%]
tests/test_10_time_util.py::test_str_to_time PASSED                      [ 32%]
tests/test_10_time_util.py::test_instant PASSED                          [ 32%]
tests/test_10_time_util.py::test_valid PASSED                            [ 32%]
tests/test_10_time_util.py::test_timeout PASSED                          [ 32%]
tests/test_10_time_util.py::test_before PASSED                           [ 33%]
tests/test_10_time_util.py::test_after PASSED                            [ 33%]
tests/test_10_time_util.py::test_not_before PASSED                       [ 33%]
tests/test_10_time_util.py::test_not_on_or_after PASSED                  [ 33%]
tests/test_12_s_utils.py::test_inflate_then_deflate PASSED               [ 33%]
tests/test_12_s_utils.py::test_status_success PASSED                     [ 33%]
tests/test_12_s_utils.py::test_error_status PASSED                       [ 33%]
tests/test_12_s_utils.py::test_status_from_exception PASSED              [ 34%]
tests/test_12_s_utils.py::test_status_from_tuple PASSED                  [ 34%]
tests/test_12_s_utils.py::test_status_from_tuple_empty_message PASSED    [ 34%]
tests/test_12_s_utils.py::test_attribute_sn PASSED                       [ 34%]
tests/test_12_s_utils.py::test_attribute_age PASSED                      [ 34%]
tests/test_12_s_utils.py::test_attribute_onoff PASSED                    [ 34%]
tests/test_12_s_utils.py::test_attribute_base64 PASSED                   [ 34%]
tests/test_12_s_utils.py::test_attribute_statement PASSED                [ 34%]
tests/test_12_s_utils.py::test_audience PASSED                           [ 35%]
tests/test_12_s_utils.py::test_conditions PASSED                         [ 35%]
tests/test_12_s_utils.py::test_value_1 PASSED                            [ 35%]
tests/test_12_s_utils.py::test_value_2 PASSED                            [ 35%]
tests/test_12_s_utils.py::test_value_3 PASSED                            [ 35%]
tests/test_12_s_utils.py::test_value_4 PASSED                            [ 35%]
tests/test_12_s_utils.py::test_do_attribute_statement_0 PASSED           [ 35%]
tests/test_12_s_utils.py::test_do_attribute_statement PASSED             [ 35%]
tests/test_12_s_utils.py::test_do_attribute_statement_multi PASSED       [ 36%]
tests/test_12_s_utils.py::test_subject PASSED                            [ 36%]
tests/test_12_s_utils.py::test_parse_attribute_map PASSED                [ 36%]
tests/test_12_s_utils.py::test_identity_attribute_0 PASSED               [ 36%]
tests/test_12_s_utils.py::test_identity_attribute_1 PASSED               [ 36%]
tests/test_12_s_utils.py::test_identity_attribute_2 PASSED               [ 36%]
tests/test_12_s_utils.py::test_identity_attribute_3 PASSED               [ 36%]
tests/test_12_s_utils.py::test_identity_attribute_4 PASSED               [ 36%]
tests/test_12_s_utils.py::test_nameformat_email PASSED                   [ 37%]
tests/test_12_s_utils.py::test_attribute PASSED                          [ 37%]
tests/test_12_s_utils.py::test_attribute_statement_2 PASSED              [ 37%]
tests/test_12_s_utils.py::test_subject_confirmation_data PASSED          [ 37%]
tests/test_12_s_utils.py::test_subject_confirmation PASSED               [ 37%]
tests/test_12_s_utils.py::test_authn_context_class_ref PASSED            [ 37%]
tests/test_12_s_utils.py::test_authn_context PASSED                      [ 37%]
tests/test_12_s_utils.py::test_authn_statement PASSED                    [ 37%]
tests/test_12_s_utils.py::test_signature PASSED                          [ 38%]
tests/test_12_s_utils.py::test_complex_factory PASSED                    [ 38%]
tests/test_13_validate.py::test_duration PASSED                          [ 38%]
tests/test_13_validate.py::test_unsigned_short PASSED                    [ 38%]
tests/test_13_validate.py::test_valid_non_negative_integer PASSED        [ 38%]
tests/test_13_validate.py::test_valid_string PASSED                      [ 38%]
tests/test_13_validate.py::test_valid_anyuri PASSED                      [ 38%]
tests/test_13_validate.py::test_valid_instance PASSED                    [ 38%]
tests/test_13_validate.py::test_valid_anytype PASSED                     [ 39%]
tests/test_13_validate.py::test_valid_address PASSED                     [ 39%]
tests/test_19_attribute_converter.py::test_default PASSED                [ 39%]
tests/test_19_attribute_converter.py::TestAC::test_setup PASSED          [ 39%]
tests/test_19_attribute_converter.py::TestAC::test_ava_fro_1 PASSED      [ 39%]
tests/test_19_attribute_converter.py::TestAC::test_ava_fro_2 PASSED      [ 39%]
tests/test_19_attribute_converter.py::TestAC::test_to_attrstat_1 PASSED  [ 39%]
tests/test_19_attribute_converter.py::TestAC::test_to_attrstat_2 PASSED  [ 40%]
tests/test_19_attribute_converter.py::TestAC::test_to_local_name PASSED  [ 40%]
tests/test_19_attribute_converter.py::TestAC::test_to_local_name_from_unspecified PASSED [ 40%]
tests/test_19_attribute_converter.py::TestAC::test_to_local_name_from_basic PASSED [ 40%]
tests/test_19_attribute_converter.py::TestAC::test_to_and_for PASSED     [ 40%]
tests/test_19_attribute_converter.py::TestAC::test_unspecified_name_format PASSED [ 40%]
tests/test_19_attribute_converter.py::TestAC::test_mixed_attributes_1 PASSED [ 40%]
tests/test_19_attribute_converter.py::TestAC::test_adjust_with_only_from_defined PASSED [ 40%]
tests/test_19_attribute_converter.py::TestAC::test_adjust_with_only_to_defined PASSED [ 41%]
tests/test_19_attribute_converter.py::TestAC::test_adjust_with_no_mapping_defined PASSED [ 41%]
tests/test_19_attribute_converter.py::TestAC::test_from_local_nest_eduPersonTargetedID_in_NameID PASSED [ 41%]
tests/test_19_attribute_converter.py::TestAC::test_from_local_eduPersonTargetedID_with_qualifiers PASSED [ 41%]
tests/test_19_attribute_converter.py::test_noop_attribute_conversion PASSED [ 41%]
tests/test_19_attribute_converter.py::TestSchac::test PASSED             [ 41%]
tests/test_19_attribute_converter.py::TestEIDAS::test PASSED             [ 41%]
tests/test_20_assertion.py::test_filter_on_attributes_0 PASSED           [ 41%]
tests/test_20_assertion.py::test_filter_on_attributes_1 PASSED           [ 42%]
tests/test_20_assertion.py::test_filter_on_attributes_2 PASSED           [ 42%]
tests/test_20_assertion.py::test_filter_on_attributes_without_friendly_name PASSED [ 42%]
tests/test_20_assertion.py::test_filter_on_attributes_with_missing_required_attribute PASSED [ 42%]
tests/test_20_assertion.py::test_filter_on_attributes_with_missing_optional_attribute PASSED [ 42%]
tests/test_20_assertion.py::test_filter_on_attributes_with_missing_name_format PASSED [ 42%]
tests/test_20_assertion.py::test_lifetime_1 PASSED                       [ 42%]
tests/test_20_assertion.py::test_lifetime_2 PASSED                       [ 42%]
tests/test_20_assertion.py::test_ava_filter_1 PASSED                     [ 43%]
tests/test_20_assertion.py::test_ava_filter_2 PASSED                     [ 43%]
tests/test_20_assertion.py::test_ava_filter_dont_fail PASSED             [ 43%]
tests/test_20_assertion.py::test_filter_attribute_value_assertions_0 PASSED [ 43%]
tests/test_20_assertion.py::test_filter_attribute_value_assertions_1 PASSED [ 43%]
tests/test_20_assertion.py::test_filter_attribute_value_assertions_2 PASSED [ 43%]
tests/test_20_assertion.py::test_assertion_1 PASSED                      [ 43%]
tests/test_20_assertion.py::test_assertion_2 PASSED                      [ 43%]
tests/test_20_assertion.py::test_filter_values_req_2 PASSED              [ 44%]
tests/test_20_assertion.py::test_filter_values_req_3 PASSED              [ 44%]
tests/test_20_assertion.py::test_filter_values_req_4 PASSED              [ 44%]
tests/test_20_assertion.py::test_filter_values_req_5 PASSED              [ 44%]
tests/test_20_assertion.py::test_filter_values_req_6 PASSED              [ 44%]
tests/test_20_assertion.py::test_filter_values_req_opt_0 PASSED          [ 44%]
tests/test_20_assertion.py::test_filter_values_req_opt_1 PASSED          [ 44%]
tests/test_20_assertion.py::test_filter_values_req_opt_2 PASSED          [ 44%]
tests/test_20_assertion.py::test_filter_values_req_opt_4 PASSED          [ 45%]
tests/test_20_assertion.py::test_filter_ava_0 PASSED                     [ 45%]
tests/test_20_assertion.py::test_filter_ava_1 PASSED                     [ 45%]
tests/test_20_assertion.py::test_filter_ava_2 PASSED                     [ 45%]
tests/test_20_assertion.py::test_filter_ava_3 PASSED                     [ 45%]
tests/test_20_assertion.py::test_filter_ava_4 PASSED                     [ 45%]
tests/test_20_assertion.py::test_req_opt PASSED                          [ 45%]
tests/test_20_assertion.py::test_filter_on_wire_representation_1 PASSED  [ 45%]
tests/test_20_assertion.py::test_filter_on_wire_representation_2 PASSED  [ 46%]
tests/test_20_assertion.py::test_assertion_with_noop_attribute_conv PASSED [ 46%]
tests/test_20_assertion.py::test_filter_ava_5 PASSED                     [ 46%]
tests/test_20_assertion.py::test_filter_ava_registration_authority_1 PASSED [ 46%]
tests/test_20_assertion.py::test_assertion_with_zero_attributes PASSED   [ 46%]
tests/test_20_assertion.py::test_assertion_with_authn_instant PASSED     [ 46%]
tests/test_20_assertion.py::test_attribute_producer_should_default_to_uri PASSED [ 46%]
tests/test_20_assertion.py::test_attribute_consumer_should_default_to_unspecified PASSED [ 47%]
tests/test_22_mdie.py::test_construct_contact PASSED                     [ 47%]
tests/test_30_mdstore.py::test_invalid_metadata PASSED                   [ 47%]
tests/test_30_mdstore.py::test_empty_metadata PASSED                     [ 47%]
tests/test_30_mdstore.py::test_swami_1 PASSED                            [ 47%]
tests/test_30_mdstore.py::test_incommon_1 PASSED                         [ 47%]
tests/test_30_mdstore.py::test_ext_2 PASSED                              [ 47%]
tests/test_30_mdstore.py::test_example PASSED                            [ 47%]
tests/test_30_mdstore.py::test_switch_1 PASSED                           [ 48%]
tests/test_30_mdstore.py::test_metadata_file PASSED                      [ 48%]
tests/test_30_mdstore.py::test_mdx_service PASSED                        [ 48%]
tests/test_30_mdstore.py::test_mdx_service_request_timeout PASSED        [ 48%]
tests/test_30_mdstore.py::test_mdx_single_sign_on_service PASSED         [ 48%]
tests/test_30_mdstore.py::test_mdx_metadata_freshness_period_not_expired PASSED [ 48%]
tests/test_30_mdstore.py::test_mdx_metadata_freshness_period_expired PASSED [ 48%]
tests/test_30_mdstore.py::test_load_local_dir PASSED                     [ 48%]
tests/test_30_mdstore.py::test_load_extern_incommon PASSED               [ 49%]
tests/test_30_mdstore.py::test_load_local PASSED                         [ 49%]
tests/test_30_mdstore.py::test_load_remote_encoding PASSED               [ 49%]
tests/test_30_mdstore.py::test_load_string PASSED                        [ 49%]
tests/test_30_mdstore.py::test_get_certs_from_metadata PASSED            [ 49%]
tests/test_30_mdstore.py::test_get_unnamed_certs_from_metadata PASSED    [ 49%]
tests/test_30_mdstore.py::test_get_named_certs_from_metadata PASSED      [ 49%]
tests/test_30_mdstore.py::test_get_certs_from_metadata_without_keydescriptor PASSED [ 49%]
tests/test_30_mdstore.py::test_metadata_extension_algsupport PASSED      [ 50%]
tests/test_30_mdstore.py::test_supported_algorithms PASSED               [ 50%]
tests/test_30_mdstore.py::test_registration_info PASSED                  [ 50%]
tests/test_30_mdstore.py::test_registration_info_no_policy PASSED        [ 50%]
tests/test_30_mdstore.py::test_subject_id_requirement PASSED             [ 50%]
tests/test_30_mdstore.py::test_extension PASSED                          [ 50%]
tests/test_30_mdstore.py::test_shibmd_scope_no_regex_no_descriptor_type PASSED [ 50%]
tests/test_30_mdstore.py::test_shibmd_scope_no_regex_all_descriptors PASSED [ 50%]
tests/test_30_mdstore_old.py::test_swami_1 PASSED                        [ 51%]
tests/test_30_mdstore_old.py::test_incommon_1 PASSED                     [ 51%]
tests/test_30_mdstore_old.py::test_ext_2 PASSED                          [ 51%]
tests/test_30_mdstore_old.py::test_example PASSED                        [ 51%]
tests/test_30_mdstore_old.py::test_switch_1 PASSED                       [ 51%]
tests/test_30_mdstore_old.py::test_metadata_file PASSED                  [ 51%]
tests/test_30_mdstore_old.py::test_load_local_dir PASSED                 [ 51%]
tests/test_30_mdstore_old.py::test_load_external PASSED                  [ 51%]
tests/test_30_mdstore_old.py::test_load_string PASSED                    [ 52%]
tests/test_31_config.py::test_1 PASSED                                   [ 52%]
tests/test_31_config.py::test_2 PASSED                                   [ 52%]
tests/test_31_config.py::test_minimum PASSED                             [ 52%]
tests/test_31_config.py::test_idp_1 PASSED                               [ 52%]
tests/test_31_config.py::test_idp_2 PASSED                               [ 52%]
tests/test_31_config.py::test_wayf PASSED                                [ 52%]
tests/test_31_config.py::test_conf_syslog PASSED                         [ 52%]
tests/test_31_config.py::test_3 PASSED                                   [ 53%]
tests/test_31_config.py::test_sp PASSED                                  [ 53%]
tests/test_31_config.py::test_dual PASSED                                [ 53%]
tests/test_31_config.py::test_ecp PASSED                                 [ 53%]
tests/test_31_config.py::test_assertion_consumer_service PASSED          [ 53%]
tests/test_31_config.py::test_crypto_backend PASSED                      [ 53%]
tests/test_31_config.py::test_unset_force_authn PASSED                   [ 53%]
tests/test_31_config.py::test_set_force_authn PASSED                     [ 54%]
tests/test_32_cache.py::TestClass::test_set PASSED                       [ 54%]
tests/test_32_cache.py::TestClass::test_add_ava_info PASSED              [ 54%]
tests/test_32_cache.py::TestClass::test_from_one_target_source PASSED    [ 54%]
tests/test_32_cache.py::TestClass::test_entities PASSED                  [ 54%]
tests/test_32_cache.py::TestClass::test_remove_info PASSED               [ 54%]
tests/test_32_cache.py::TestClass::test_active PASSED                    [ 54%]
tests/test_32_cache.py::TestClass::test_subjects PASSED                  [ 54%]
tests/test_32_cache.py::TestClass::test_second_subject PASSED            [ 55%]
tests/test_32_cache.py::TestClass::test_receivers PASSED                 [ 55%]
tests/test_32_cache.py::TestClass::test_timeout PASSED                   [ 55%]
tests/test_33_identifier.py::TestIdentifier::test_persistent_1 PASSED    [ 55%]
tests/test_33_identifier.py::TestIdentifier::test_persistent_2 PASSED    [ 55%]
tests/test_33_identifier.py::TestIdentifier::test_transient_1 PASSED     [ 55%]
tests/test_33_identifier.py::TestIdentifier::test_vo_1 PASSED            [ 55%]
tests/test_33_identifier.py::TestIdentifier::test_vo_2 PASSED            [ 55%]
tests/test_33_identifier.py::TestIdentifier::test_persistent_nameid PASSED [ 56%]
tests/test_33_identifier.py::TestIdentifier::test_transient_nameid PASSED [ 56%]
tests/test_34_population.py::TestPopulationMemoryBased::test_add_person PASSED [ 56%]
tests/test_34_population.py::TestPopulationMemoryBased::test_extend_person PASSED [ 56%]
tests/test_34_population.py::TestPopulationMemoryBased::test_add_another_person PASSED [ 56%]
tests/test_34_population.py::TestPopulationMemoryBased::test_modify_person PASSED [ 56%]
tests/test_36_mdbcache.py::TestMongoDBCache::test_set_get_1 PASSED       [ 56%]
tests/test_36_mdbcache.py::TestMongoDBCache::test_set_get_2 PASSED       [ 56%]
tests/test_36_mdbcache.py::TestMongoDBCache::test_remove PASSED          [ 57%]
tests/test_36_mdbcache.py::TestMongoDBCache::test_subjects PASSED        [ 57%]
tests/test_36_mdbcache.py::TestMongoDBCache::test_identity PASSED        [ 57%]
tests/test_36_mdbcache.py::TestMongoDBCache::test_remove_2 PASSED        [ 57%]
tests/test_37_entity_categories.py::test_filter_ava PASSED               [ 57%]
tests/test_37_entity_categories.py::test_filter_ava2 PASSED              [ 57%]
tests/test_37_entity_categories.py::test_filter_ava3 PASSED              [ 57%]
tests/test_37_entity_categories.py::test_filter_ava4 PASSED              [ 57%]
tests/test_37_entity_categories.py::test_filter_ava5 PASSED              [ 58%]
tests/test_37_entity_categories.py::test_idp_policy_filter PASSED        [ 58%]
tests/test_37_entity_categories.py::test_entity_category_import_from_path PASSED [ 58%]
tests/test_37_entity_categories.py::test_filter_ava_required_attributes_with_no_friendly_name PASSED [ 58%]
tests/test_37_entity_categories.py::test_filter_ava_esi_coco PASSED      [ 58%]
tests/test_37_entity_categories.py::test_filter_ava_refeds_anonymous_access SKIPPED [ 58%]
tests/test_37_entity_categories.py::test_filter_ava_refeds_pseudonymous_access SKIPPED [ 58%]
tests/test_37_entity_categories.py::test_filter_ava_refeds_personalized_access SKIPPED [ 58%]
tests/test_38_metadata_filter.py::test_swamid_sp PASSED                  [ 59%]
tests/test_38_metadata_filter.py::test_swamid_idp PASSED                 [ 59%]
tests/test_39_metadata.py::test_requested_attribute_name_format PASSED   [ 59%]
tests/test_39_metadata.py::test_signed_metadata_proper_str_bytes_handling FAILED [ 59%]
tests/test_39_metadata.py::test_cert_trailing_newlines_ignored PASSED    [ 59%]
tests/test_39_metadata.py::test_invalid_cert_raises_error PASSED         [ 59%]
tests/test_40_sigver.py::test_cert_from_instance_1 PASSED                [ 59%]
tests/test_40_sigver.py::test_cert_from_instance_ssp SKIPPED (pyasn1 is
not installed)                                                           [ 60%]
tests/test_40_sigver.py::TestSecurity::test_verify_1 PASSED              [ 60%]
tests/test_40_sigver.py::TestSecurity::test_non_verify_1 PASSED          [ 60%]
tests/test_40_sigver.py::TestSecurity::test_sign_assertion FAILED        [ 60%]
tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_assertion FAILED [ 60%]
tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_response FAILED [ 60%]
tests/test_40_sigver.py::TestSecurity::test_sign_response FAILED         [ 60%]
tests/test_40_sigver.py::TestSecurity::test_sign_response_2 FAILED       [ 60%]
tests/test_40_sigver.py::TestSecurity::test_sign_verify FAILED           [ 61%]
tests/test_40_sigver.py::TestSecurity::test_sign_verify_with_cert_from_instance FAILED [ 61%]
tests/test_40_sigver.py::TestSecurity::test_sign_verify_assertion_with_cert_from_instance FAILED [ 61%]
tests/test_40_sigver.py::TestSecurity::test_exception_sign_verify_with_cert_from_instance FAILED [ 61%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_verify_1 PASSED   [ 61%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_non_verify_1 PASSED [ 61%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_assertion FAILED [ 61%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_assertion FAILED [ 61%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_response FAILED [ 62%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response FAILED [ 62%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response_2 FAILED [ 62%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify FAILED [ 62%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_with_cert_from_instance FAILED [ 62%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_assertion_with_cert_from_instance FAILED [ 62%]
tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_exception_sign_verify_with_cert_from_instance FAILED [ 62%]
tests/test_40_sigver.py::test_xbox FAILED                                [ 62%]
tests/test_40_sigver.py::test_xbox_non_ascii_ava FAILED                  [ 63%]
tests/test_40_sigver.py::test_okta PASSED                                [ 63%]
tests/test_40_sigver.py::test_xmlsec_err PASSED                          [ 63%]
tests/test_40_sigver.py::test_xmlsec_err_non_ascii_ava PASSED            [ 63%]
tests/test_40_sigver.py::test_sha256_signing PASSED                      [ 63%]
tests/test_40_sigver.py::test_sha256_signing_non_ascii_ava PASSED        [ 63%]
tests/test_40_sigver.py::test_xmlsec_output_line_parsing PASSED          [ 63%]
tests/test_40_sigver.py::test_xmlsec_v1_3_x_output_line_parsing PASSED   [ 63%]
tests/test_40_sigver.py::test_cert_trailing_newlines_ignored PASSED      [ 64%]
tests/test_40_sigver.py::test_invalid_cert_raises_error PASSED           [ 64%]
tests/test_40_sigver.py::test_der_certificate_loading PASSED             [ 64%]
tests/test_41_response.py::TestResponse::test_1 ERROR                    [ 64%]
tests/test_41_response.py::TestResponse::test_2 ERROR                    [ 64%]
tests/test_41_response.py::TestResponse::test_issuer_none ERROR          [ 64%]
tests/test_41_response.py::TestResponse::test_false_sign ERROR           [ 64%]
tests/test_41_response.py::TestResponse::test_other_response ERROR       [ 64%]
tests/test_42_enc.py::test_pre_enc_key_format PASSED                     [ 65%]
tests/test_42_enc.py::test_pre_enc_with_pregenerated_key PASSED          [ 65%]
tests/test_42_enc.py::test_pre_enc_with_generated_key PASSED             [ 65%]
tests/test_42_enc.py::test_pre_enc_with_named_key PASSED                 [ 65%]
tests/test_42_enc.py::test_reshuffle_response PASSED                     [ 65%]
tests/test_42_enc.py::test_enc1 PASSED                                   [ 65%]
tests/test_42_enc.py::test_enc2 PASSED                                   [ 65%]
tests/test_43_soap.py::test_parse_soap_envelope PASSED                   [ 65%]
tests/test_43_soap.py::test_make_soap_envelope PASSED                    [ 66%]
tests/test_43_soap.py::test_parse_soap_enveloped_saml_thingy_xxe PASSED  [ 66%]
tests/test_43_soap.py::test_class_instances_from_soap_enveloped_saml_thingies_xxe PASSED [ 66%]
tests/test_43_soap.py::test_open_soap_envelope_xxe PASSED                [ 66%]
tests/test_44_authnresp.py::TestAuthnResponse::test_verify_1 ERROR       [ 66%]
tests/test_44_authnresp.py::TestAuthnResponse::test_verify_signed_1 ERROR [ 66%]
tests/test_44_authnresp.py::TestAuthnResponse::test_parse_2 ERROR        [ 66%]
tests/test_44_authnresp.py::TestAuthnResponse::test_verify_w_authn ERROR [ 67%]
tests/test_44_authnresp.py::TestAuthnResponse::test_unpack_nested_eptid ERROR [ 67%]
tests/test_44_authnresp.py::TestAuthnResponse::test_multiple_attribute_statement ERROR [ 67%]
tests/test_50_server.py::TestServer1::test_issuer PASSED                 [ 67%]
tests/test_50_server.py::TestServer1::test_assertion PASSED              [ 67%]
tests/test_50_server.py::TestServer1::test_response PASSED               [ 67%]
tests/test_50_server.py::TestServer1::test_parse_faulty_request PASSED   [ 67%]
tests/test_50_server.py::TestServer1::test_parse_faulty_request_to_err_status PASSED [ 67%]
tests/test_50_server.py::TestServer1::test_parse_ok_request PASSED       [ 68%]
tests/test_50_server.py::TestServer1::test_sso_response_with_identity PASSED [ 68%]
tests/test_50_server.py::TestServer1::test_sso_response_without_identity PASSED [ 68%]
tests/test_50_server.py::TestServer1::test_sso_response_specific_instant PASSED [ 68%]
tests/test_50_server.py::TestServer1::test_sso_failure_response PASSED   [ 68%]
tests/test_50_server.py::TestServer1::test_authn_response_0 PASSED       [ 68%]
tests/test_50_server.py::TestServer1::test_signed_response FAILED        [ 68%]
tests/test_50_server.py::TestServer1::test_signed_response_1 FAILED      [ 68%]
tests/test_50_server.py::TestServer1::test_signed_response_2 FAILED      [ 69%]
tests/test_50_server.py::TestServer1::test_signed_response_3 FAILED      [ 69%]
tests/test_50_server.py::TestServer1::test_encrypted_signed_response_1 FAILED [ 69%]
tests/test_50_server.py::TestServer1::test_encrypted_signed_response_2 FAILED [ 69%]
tests/test_50_server.py::TestServer1::test_encrypted_signed_response_3 FAILED [ 69%]
tests/test_50_server.py::TestServer1::test_encrypted_signed_response_4 FAILED [ 69%]
tests/test_50_server.py::TestServer1::test_encrypted_response_1 PASSED   [ 69%]
tests/test_50_server.py::TestServer1::test_encrypted_response_2 PASSED   [ 69%]
tests/test_50_server.py::TestServer1::test_encrypted_response_3 PASSED   [ 70%]
tests/test_50_server.py::TestServer1::test_encrypted_response_4 PASSED   [ 70%]
tests/test_50_server.py::TestServer1::test_encrypted_response_5 PASSED   [ 70%]
tests/test_50_server.py::TestServer1::test_encrypted_response_6 PASSED   [ 70%]
tests/test_50_server.py::TestServer1::test_encrypted_response_7 PASSED   [ 70%]
tests/test_50_server.py::TestServer1::test_encrypted_response_8 PASSED   [ 70%]
tests/test_50_server.py::TestServer1::test_encrypted_response_9 PASSED   [ 70%]
tests/test_50_server.py::TestServer1::test_slo_http_post PASSED          [ 70%]
tests/test_50_server.py::TestServer1::test_slo_soap PASSED               [ 71%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_issuer PASSED      [ 71%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_assertion PASSED   [ 71%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_response PASSED    [ 71%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_faulty_request PASSED [ 71%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_faulty_request_to_err_status PASSED [ 71%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_ok_request PASSED [ 71%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_with_identity PASSED [ 71%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_without_identity PASSED [ 72%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_specific_instant PASSED [ 72%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_failure_response PASSED [ 72%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_authn_response_0 PASSED [ 72%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response FAILED [ 72%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_1 FAILED [ 72%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_2 FAILED [ 72%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_3 FAILED [ 72%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_1 FAILED [ 73%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_2 FAILED [ 73%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_3 FAILED [ 73%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_4 FAILED [ 73%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_1 PASSED [ 73%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_2 PASSED [ 73%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_3 PASSED [ 73%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_4 PASSED [ 74%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_5 PASSED [ 74%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 PASSED [ 74%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_7 PASSED [ 74%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_8 PASSED [ 74%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_9 PASSED [ 74%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_http_post PASSED [ 74%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_soap PASSED    [ 74%]
tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_soap_signed PASSED [ 75%]
tests/test_50_server.py::TestServer2::test_do_attribute_reponse PASSED   [ 75%]
tests/test_50_server.py::TestServerLogout::test_1 PASSED                 [ 75%]
tests/test_50_server.py::TestServerLogout::test_2 PASSED                 [ 75%]
tests/test_51_client.py::TestClient::test_create_attribute_query1 PASSED [ 75%]
tests/test_51_client.py::TestClient::test_create_attribute_query2 PASSED [ 75%]
tests/test_51_client.py::TestClient::test_create_attribute_query_3 PASSED [ 75%]
tests/test_51_client.py::TestClient::test_create_auth_request_0 PASSED   [ 75%]
tests/test_51_client.py::TestClient::test_create_auth_request_requested_attributes PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_unset_force_authn_by_default PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_not_true_or_1 PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_true PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_1 PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_nameid_policy_allow_create PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_vo PASSED  [ 76%]
tests/test_51_client.py::TestClient::test_sign_auth_request_0 FAILED     [ 76%]
tests/test_51_client.py::TestClient::test_logout_response FAILED         [ 77%]
tests/test_51_client.py::TestClient::test_create_logout_request PASSED   [ 77%]
tests/test_51_client.py::TestClient::test_response_1 FAILED              [ 77%]
tests/test_51_client.py::TestClient::test_response_2 FAILED              [ 77%]
tests/test_51_client.py::TestClient::test_response_3 FAILED              [ 77%]
tests/test_51_client.py::TestClient::test_response_4 FAILED              [ 77%]
tests/test_51_client.py::TestClient::test_response_5 FAILED              [ 77%]
tests/test_51_client.py::TestClient::test_response_6 FAILED              [ 77%]
tests/test_51_client.py::TestClient::test_response_7 FAILED              [ 78%]
tests/test_51_client.py::TestClient::test_response_8 FAILED              [ 78%]
tests/test_51_client.py::TestClient::test_response_no_name_id PASSED     [ 78%]
tests/test_51_client.py::TestClient::test_init_values PASSED             [ 78%]
tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion FAILED [ 78%]
tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 FAILED [ 78%]
tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 FAILED [ 78%]
tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 FAILED [ 78%]
tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect FAILED [ 79%]
tests/test_51_client.py::TestClient::test_signed_redirect PASSED         [ 79%]
tests/test_51_client.py::TestClient::test_signed_redirect_passes_if_needs_signed_requests PASSED [ 79%]
tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_received_unsigned PASSED [ 79%]
tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_sigalg_not_matches PASSED [ 79%]
tests/test_51_client.py::TestClient::test_do_logout_signed_redirect FAILED [ 79%]
tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid FAILED [ 79%]
tests/test_51_client.py::TestClient::test_do_logout_post FAILED          [ 80%]
tests/test_51_client.py::TestClient::test_do_logout_redirect_no_cache PASSED [ 80%]
tests/test_51_client.py::TestClient::test_do_logout_session_expired FAILED [ 80%]
tests/test_51_client.py::TestClient::test_signature_wants FAILED         [ 80%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query1 PASSED [ 80%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query2 PASSED [ 80%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query_3 PASSED [ 80%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_0 PASSED [ 80%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_unset_force_authn PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_set_force_authn PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_nameid_policy_allow_create PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_vo PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 FAILED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_logout_request PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 FAILED   [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 FAILED   [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 FAILED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 FAILED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 FAILED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 FAILED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 FAILED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 FAILED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_no_name_id PASSED [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status PASSED [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status_non_standard_status_code PASSED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_init_values PASSED  [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion FAILED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2 FAILED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1 FAILED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2 FAILED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_signed_redirect PASSED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect FAILED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post FAILED [ 84%]
tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired FAILED [ 84%]
tests/test_51_client.py::TestClientWithDummy::test_do_authn PASSED       [ 84%]
tests/test_51_client.py::TestClientWithDummy::test_do_negotiated_authn PASSED [ 84%]
tests/test_51_client.py::TestClientWithDummy::test_do_attribute_query PASSED [ 84%]
tests/test_51_client.py::TestClientWithDummy::test_logout_1 PASSED       [ 84%]
tests/test_51_client.py::TestClientWithDummy::test_post_sso PASSED       [ 84%]
tests/test_51_client.py::TestClientWithDummy::test_negotiated_post_sso PASSED [ 84%]
tests/test_51_client.py::TestClientNoConfigContext::test_logout_1 PASSED [ 85%]
tests/test_51_client.py::test_parse_soap_enveloped_saml_xxe PASSED       [ 85%]
tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response FAILED [ 85%]
tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 FAILED [ 85%]
tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_2 PASSED [ 85%]
tests/test_60_sp.py::TestSP::test_setup SKIPPED (s2repoze dependencies
not installed)                                                           [ 85%]
tests/test_60_sp.py::TestSP::test_identify SKIPPED (s2repoze
dependencies not installed)                                              [ 85%]
tests/test_62_vo.py::TestVirtualOrg::test_mta PASSED                     [ 85%]
tests/test_62_vo.py::TestVirtualOrg::test_unknown_subject PASSED         [ 86%]
tests/test_62_vo.py::TestVirtualOrg::test_id PASSED                      [ 86%]
tests/test_62_vo.py::TestVirtualOrg::test_id_unknown PASSED              [ 86%]
tests/test_62_vo.py::TestVirtualOrg_2::test_mta PASSED                   [ 86%]
tests/test_62_vo.py::TestVirtualOrg_2::test_unknown_subject PASSED       [ 86%]
tests/test_62_vo.py::TestVirtualOrg_2::test_id PASSED                    [ 86%]
tests/test_62_vo.py::TestVirtualOrg_2::test_id_unknown PASSED            [ 86%]
tests/test_63_ecp.py::test_complete_flow PASSED                          [ 87%]
tests/test_64_artifact.py::test_create_artifact PASSED                   [ 87%]
tests/test_64_artifact.py::test_create_artifact_resolve PASSED           [ 87%]
tests/test_64_artifact.py::test_artifact_flow PASSED                     [ 87%]
tests/test_65_authn_query.py::test_basic PASSED                          [ 87%]
tests/test_65_authn_query.py::test_flow PASSED                           [ 87%]
tests/test_66_name_id_mapping.py::test_base_request PASSED               [ 87%]
tests/test_66_name_id_mapping.py::test_request_response PASSED           [ 87%]
tests/test_67_manage_name_id.py::test_basic PASSED                       [ 88%]
tests/test_67_manage_name_id.py::test_flow PASSED                        [ 88%]
tests/test_68_assertion_id.py::test_basic_flow PASSED                    [ 88%]
tests/test_69_discovery.py::test_verify PASSED                           [ 88%]
tests/test_69_discovery.py::test_construct_0 PASSED                      [ 88%]
tests/test_69_discovery.py::test_construct_1 PASSED                      [ 88%]
tests/test_69_discovery.py::test_construct_deconstruct_request PASSED    [ 88%]
tests/test_69_discovery.py::test_construct_deconstruct_response PASSED   [ 88%]
tests/test_70_redirect_signing.py::test FAILED                           [ 89%]
tests/test_71_authn_request.py::test_authn_request_with_acs_by_index PASSED [ 89%]
tests/test_72_eptid.py::test_eptid PASSED                                [ 89%]
tests/test_72_eptid.py::test_eptid_shelve PASSED                         [ 89%]
tests/test_75_mongodb.py::test_flow PASSED                               [ 89%]
tests/test_75_mongodb.py::test_eptid_mongo_db PASSED                     [ 89%]
tests/test_76_metadata_in_mdb.py::test_metadata PASSED                   [ 89%]
tests/test_77_authn_context.py::test_passwd PASSED                       [ 89%]
tests/test_77_authn_context.py::test_factory PASSED                      [ 90%]
tests/test_77_authn_context.py::test_authn_decl_in_authn_context PASSED  [ 90%]
tests/test_77_authn_context.py::test_authn_1 PASSED                      [ 90%]
tests/test_77_authn_context.py::test_authn_2 PASSED                      [ 90%]
tests/test_77_authn_context.py::test_authn_3 PASSED                      [ 90%]
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains PASSED [ 90%]
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_expire PASSED [ 90%]
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_passphrase PASSED [ 90%]
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert PASSED [ 91%]
tests/test_83_md_extensions.py::TestMDExt::test_sp_type_true PASSED      [ 91%]
tests/test_83_md_extensions.py::TestMDExt::test_sp_type_false PASSED     [ 91%]
tests/test_83_md_extensions.py::TestMDExt::test_entity_attributes PASSED [ 91%]
tests/test_88_nsprefix.py::test_nsprefix PASSED                          [ 91%]
tests/test_88_nsprefix.py::test_nsprefix2 PASSED                         [ 91%]
tests/test_89_http_post_relay_state.py::test_relay_state PASSED          [ 91%]
tests/test_92_aes.py::TestAES::test_aes_defaults PASSED                  [ 91%]
tests/test_92_aes.py::TestAES::test_aes_128_cbc PASSED                   [ 92%]
tests/test_92_aes.py::TestAES::test_aes_128_cfb PASSED                   [ 92%]
tests/test_92_aes.py::TestAES::test_aes_192_cbc PASSED                   [ 92%]
tests/test_92_aes.py::TestAES::test_aes_192_cfb PASSED                   [ 92%]
tests/test_92_aes.py::TestAES::test_aes_256_cbc PASSED                   [ 92%]
tests/test_92_aes.py::TestAES::test_aes_256_cfb PASSED                   [ 92%]
tests/test_93_hok.py::TestHolderOfKeyResponse::test_valid_hok_response_is_parsed PASSED [ 92%]
tests/test_93_hok.py::TestHolderOfKeyResponse::test_invalid_hok_response_fails_verification PASSED [ 92%]
tests/test_94_read_cert.py::test_read_single_cert PASSED                 [ 93%]
tests/test_94_read_cert.py::test_read_cert_chain PASSED                  [ 93%]
tests/test_94_read_cert.py::test_read_cert_chain_with_linebreaks PASSED  [ 93%]
tests/test_schema_validator.py::test_invalid_saml_metadata_doc[invalid_metadata_file.xml] PASSED [ 93%]
tests/test_schema_validator.py::test_invalid_saml_metadata_doc[empty_metadata_file.xml] PASSED [ 93%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[InCommon-metadata.xml] PASSED [ 93%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp.xml] PASSED [ 93%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_2.xml] PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_aa.xml] PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_all.xml] PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_example.xml] PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_soap.xml] PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re.xml] PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re_nren.xml] PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_rs.xml] PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_sfs_hei.xml] PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_esi_and_coco_sp.xml] PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_no_friendly_name_sp.xml] PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[extended.xml] PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_slo_redirect.xml] PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_uiinfo.xml] PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.aaitest.xml] PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.xml] PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_cert.xml] PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_example.xml] PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1.xml] PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1_no_encryption.xml] PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_2.xml] PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metasp.xml] PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[pdp_meta.xml] PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[servera.xml] PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp.xml] PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp_slo_redirect.xml] PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[urn-mace-swami.se-swamid-test-1.0-metadata.xml] PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[uu.xml] PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[vo_metadata.xml] PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_response_doc[attribute_response.xml] PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_response_doc[okta_response.xml] PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_response_doc[simplesamlphp_authnresponse.xml] PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml2_response.xml] PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml_false_signed.xml] PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok.xml] PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok_invalid.xml] PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml_signed.xml] PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml_unsigned.xml] PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_partial_doc[encrypted_attribute_statement.xml] PASSED [ 98%]
tests/test_schema_validator.py::test_valid_eidas_saml_response_doc[eidas_response.xml] PASSED [ 98%]
tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_response_with_hmac_should_fail PASSED [ 99%]
tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_hmac_should_fail PASSED [ 99%]
tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored FAILED [ 99%]
tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_wrapper_should_fail PASSED [ 99%]
tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_extensions_should_fail PASSED [ 99%]
tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_assertion_should_fail PASSED [ 99%]
tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_assertion_first_sig_should_fail PASSED [ 99%]
tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_response_first_sig_should_fail PASSED [100%]

==================================== ERRORS ====================================
____________________ ERROR at setup of TestResponse.test_1 _____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-jZ0iE8oITax28C7iH" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:21Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-XyS76nBKaVIKs6hNd" IssueInstant="2024-09-12T12:13:21Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-XyS76nBKaVIKs6hNd"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fe0e09cb3275670f9a87535b5258ec5d5994dd56e7157ce566721edc81d601d8</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:21Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:21Z" NotOnOrAfter="2024-09-12T12:18:21Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-XyS76nBKaVIKs6hNd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpi6fks64s.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpi6fks64s.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_41_response.TestResponse'>

    def setup_class(self):
        with closing(Server("idp_conf")) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                in_response_to="id12",
                destination="http://lingon.catalogix.se:8087/",
                sp_entity_id="urn:mace:example.com:saml:roland:sp",
                name_id=name_id,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                in_response_to="id12",
                destination="http://lingon.catalogix.se:8087/",
                sp_entity_id="urn:mace:example.com:saml:roland:sp",
                name_id=name_id,
                sign_assertion=True,
            )

tests/test_41_response.py:53: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-jZ0iE8oITax28C7iH" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:21Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-XyS76nBKaVIKs6hNd" IssueInstant="2024-09-12T12:13:21Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-XyS76nBKaVIKs6hNd"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fe0e09cb3275670f9a87535b5258ec5d5994dd56e7157ce566721edc81d601d8</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:21Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:21Z" NotOnOrAfter="2024-09-12T12:18:21Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-XyS76nBKaVIKs6hNd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XyS76nBKaVIKs6hNd', '--output', '/tmp/tmp_7e8a6ab.xml', '/tmp/tmpi6fks64s.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log setup ------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpi6fks64s.xml"

output=
____________________ ERROR at setup of TestResponse.test_2 _____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-jZ0iE8oITax28C7iH" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:21Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-XyS76nBKaVIKs6hNd" IssueInstant="2024-09-12T12:13:21Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-XyS76nBKaVIKs6hNd"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fe0e09cb3275670f9a87535b5258ec5d5994dd56e7157ce566721edc81d601d8</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:21Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:21Z" NotOnOrAfter="2024-09-12T12:18:21Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-XyS76nBKaVIKs6hNd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpi6fks64s.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpi6fks64s.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_41_response.TestResponse'>

    def setup_class(self):
        with closing(Server("idp_conf")) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                in_response_to="id12",
                destination="http://lingon.catalogix.se:8087/",
                sp_entity_id="urn:mace:example.com:saml:roland:sp",
                name_id=name_id,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                in_response_to="id12",
                destination="http://lingon.catalogix.se:8087/",
                sp_entity_id="urn:mace:example.com:saml:roland:sp",
                name_id=name_id,
                sign_assertion=True,
            )

tests/test_41_response.py:53: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-jZ0iE8oITax28C7iH" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:21Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-XyS76nBKaVIKs6hNd" IssueInstant="2024-09-12T12:13:21Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-XyS76nBKaVIKs6hNd"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fe0e09cb3275670f9a87535b5258ec5d5994dd56e7157ce566721edc81d601d8</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:21Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:21Z" NotOnOrAfter="2024-09-12T12:18:21Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-XyS76nBKaVIKs6hNd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XyS76nBKaVIKs6hNd', '--output', '/tmp/tmp_7e8a6ab.xml', '/tmp/tmpi6fks64s.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
_______________ ERROR at setup of TestResponse.test_issuer_none ________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-jZ0iE8oITax28C7iH" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:21Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-XyS76nBKaVIKs6hNd" IssueInstant="2024-09-12T12:13:21Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-XyS76nBKaVIKs6hNd"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fe0e09cb3275670f9a87535b5258ec5d5994dd56e7157ce566721edc81d601d8</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:21Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:21Z" NotOnOrAfter="2024-09-12T12:18:21Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-XyS76nBKaVIKs6hNd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpi6fks64s.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpi6fks64s.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_41_response.TestResponse'>

    def setup_class(self):
        with closing(Server("idp_conf")) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                in_response_to="id12",
                destination="http://lingon.catalogix.se:8087/",
                sp_entity_id="urn:mace:example.com:saml:roland:sp",
                name_id=name_id,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                in_response_to="id12",
                destination="http://lingon.catalogix.se:8087/",
                sp_entity_id="urn:mace:example.com:saml:roland:sp",
                name_id=name_id,
                sign_assertion=True,
            )

tests/test_41_response.py:53: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-jZ0iE8oITax28C7iH" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:21Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-XyS76nBKaVIKs6hNd" IssueInstant="2024-09-12T12:13:21Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-XyS76nBKaVIKs6hNd"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fe0e09cb3275670f9a87535b5258ec5d5994dd56e7157ce566721edc81d601d8</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:21Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:21Z" NotOnOrAfter="2024-09-12T12:18:21Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-XyS76nBKaVIKs6hNd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XyS76nBKaVIKs6hNd', '--output', '/tmp/tmp_7e8a6ab.xml', '/tmp/tmpi6fks64s.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
________________ ERROR at setup of TestResponse.test_false_sign ________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-jZ0iE8oITax28C7iH" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:21Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-XyS76nBKaVIKs6hNd" IssueInstant="2024-09-12T12:13:21Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-XyS76nBKaVIKs6hNd"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fe0e09cb3275670f9a87535b5258ec5d5994dd56e7157ce566721edc81d601d8</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:21Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:21Z" NotOnOrAfter="2024-09-12T12:18:21Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-XyS76nBKaVIKs6hNd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpi6fks64s.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpi6fks64s.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_41_response.TestResponse'>

    def setup_class(self):
        with closing(Server("idp_conf")) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                in_response_to="id12",
                destination="http://lingon.catalogix.se:8087/",
                sp_entity_id="urn:mace:example.com:saml:roland:sp",
                name_id=name_id,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                in_response_to="id12",
                destination="http://lingon.catalogix.se:8087/",
                sp_entity_id="urn:mace:example.com:saml:roland:sp",
                name_id=name_id,
                sign_assertion=True,
            )

tests/test_41_response.py:53: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-jZ0iE8oITax28C7iH" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:21Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-XyS76nBKaVIKs6hNd" IssueInstant="2024-09-12T12:13:21Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-XyS76nBKaVIKs6hNd"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fe0e09cb3275670f9a87535b5258ec5d5994dd56e7157ce566721edc81d601d8</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:21Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:21Z" NotOnOrAfter="2024-09-12T12:18:21Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-XyS76nBKaVIKs6hNd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XyS76nBKaVIKs6hNd', '--output', '/tmp/tmp_7e8a6ab.xml', '/tmp/tmpi6fks64s.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
______________ ERROR at setup of TestResponse.test_other_response ______________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-jZ0iE8oITax28C7iH" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:21Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-XyS76nBKaVIKs6hNd" IssueInstant="2024-09-12T12:13:21Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-XyS76nBKaVIKs6hNd"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fe0e09cb3275670f9a87535b5258ec5d5994dd56e7157ce566721edc81d601d8</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:21Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:21Z" NotOnOrAfter="2024-09-12T12:18:21Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-XyS76nBKaVIKs6hNd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpi6fks64s.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpi6fks64s.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_41_response.TestResponse'>

    def setup_class(self):
        with closing(Server("idp_conf")) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                in_response_to="id12",
                destination="http://lingon.catalogix.se:8087/",
                sp_entity_id="urn:mace:example.com:saml:roland:sp",
                name_id=name_id,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                in_response_to="id12",
                destination="http://lingon.catalogix.se:8087/",
                sp_entity_id="urn:mace:example.com:saml:roland:sp",
                name_id=name_id,
                sign_assertion=True,
            )

tests/test_41_response.py:53: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84221414f0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-jZ0iE8oITax28C7iH" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:21Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-XyS76nBKaVIKs6hNd" IssueInstant="2024-09-12T12:13:21Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-XyS76nBKaVIKs6hNd"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fe0e09cb3275670f9a87535b5258ec5d5994dd56e7157ce566721edc81d601d8</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:21Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:21Z" NotOnOrAfter="2024-09-12T12:18:21Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-XyS76nBKaVIKs6hNd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XyS76nBKaVIKs6hNd', '--output', '/tmp/tmp_7e8a6ab.xml', '/tmp/tmpi6fks64s.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
______________ ERROR at setup of TestAuthnResponse.test_verify_1 _______________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpl6lis6nr.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpl6lis6nr.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_44_authnresp.TestAuthnResponse'>

    def setup_class(self):
        with closing(Server(dotname("idp_conf"))) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                authn=AUTHN,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                sign_assertion=True,
                authn=AUTHN,
            )

tests/test_44_authnresp.py:48: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log setup ------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpl6lis6nr.xml"

output=
___________ ERROR at setup of TestAuthnResponse.test_verify_signed_1 ___________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpl6lis6nr.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpl6lis6nr.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_44_authnresp.TestAuthnResponse'>

    def setup_class(self):
        with closing(Server(dotname("idp_conf"))) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                authn=AUTHN,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                sign_assertion=True,
                authn=AUTHN,
            )

tests/test_44_authnresp.py:48: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
_______________ ERROR at setup of TestAuthnResponse.test_parse_2 _______________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpl6lis6nr.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpl6lis6nr.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_44_authnresp.TestAuthnResponse'>

    def setup_class(self):
        with closing(Server(dotname("idp_conf"))) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                authn=AUTHN,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                sign_assertion=True,
                authn=AUTHN,
            )

tests/test_44_authnresp.py:48: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
___________ ERROR at setup of TestAuthnResponse.test_verify_w_authn ____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpl6lis6nr.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpl6lis6nr.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_44_authnresp.TestAuthnResponse'>

    def setup_class(self):
        with closing(Server(dotname("idp_conf"))) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                authn=AUTHN,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                sign_assertion=True,
                authn=AUTHN,
            )

tests/test_44_authnresp.py:48: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
_________ ERROR at setup of TestAuthnResponse.test_unpack_nested_eptid _________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpl6lis6nr.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpl6lis6nr.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_44_authnresp.TestAuthnResponse'>

    def setup_class(self):
        with closing(Server(dotname("idp_conf"))) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                authn=AUTHN,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                sign_assertion=True,
                authn=AUTHN,
            )

tests/test_44_authnresp.py:48: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
____ ERROR at setup of TestAuthnResponse.test_multiple_attribute_statement _____

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpl6lis6nr.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpl6lis6nr.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <class 'test_44_authnresp.TestAuthnResponse'>

    def setup_class(self):
        with closing(Server(dotname("idp_conf"))) as server:
            name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
    
            self._resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                authn=AUTHN,
            )
    
>           self._sign_resp_ = server.create_authn_response(
                IDENTITY,
                "id12",  # in_response_to
                "http://lingon.catalogix.se:8087/",  # consumer_url
                "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
                name_id=name_id,
                sign_assertion=True,
                authn=AUTHN,
            )

tests/test_44_authnresp.py:48: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422125b50>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-iElfNlg6zbpIvLEZ1" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-uULhk7AUPIXICzxmh" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-uULhk7AUPIXICzxmh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">5183c60cfb24f3379853dae3bab4a34641941443cd3d99959667a07c4e69252b</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:22Z" SessionIndex="id-qfL6fGGq1YmLSJJ7p"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonAffiliation"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">staff</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">foo@gmail.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">shortstop</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-uULhk7AUPIXICzxmh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
=================================== FAILURES ===================================
________________ test_signed_metadata_proper_str_bytes_handling ________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842313b9b0>
statement = '<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:ns2="urn:oasis:names:tc:SAML:metadata:algsupport" entityID="urn:mace:umu.se:saml:roland:sp" ID="id-0LWcc0USuz6prdHAI"><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-0LWcc0USuz6prdHAI"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><ns0:Extensions><ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160" /><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224" /><ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" /><ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" /><ns2:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" /><ns2:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160" /><ns2:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" /></ns0:Extensions><ns0:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true"><ns0:KeyDescriptor use="signing"><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://lingon.catalogix.se:8087/" index="1" /><ns0:AttributeConsumingService index="1"><ns0:ServiceName xml:lang="en">Rolands SP</ns0:ServiceName><ns0:RequestedAttribute Name="urn:mace:dir:attribute-def:surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="surName" isRequired="true" /><ns0:RequestedAttribute Name="urn:mace:dir:attribute-def:givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="givenName" isRequired="true" /><ns0:RequestedAttribute Name="urn:mace:dir:attribute-def:mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="mail" isRequired="true" /><ns0:RequestedAttribute Name="urn:mace:dir:attribute-def:title" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="title" isRequired="false" /></ns0:AttributeConsumingService></ns0:SPSSODescriptor></ns0:EntityDescriptor>'
node_name = 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = None

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842313b9b0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', ...]
extra_args = ['/tmp/tmpvnxp6ad3.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpvnxp6ad3.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

    def test_signed_metadata_proper_str_bytes_handling():
        sp_conf_2 = sp_conf.copy()
        sp_conf_2["key_file"] = full_path("test.key")
        sp_conf_2["cert_file"] = full_path("inc-md-cert.pem")
        # requires xmlsec binaries per https://pysaml2.readthedocs.io/en/latest/examples/sp.html
        sp_conf_2["xmlsec_binary"] = sigver.get_xmlsec_binary(["/opt/local/bin"])
        cnf = SPConfig().load(sp_conf_2)
    
        # This will raise TypeError if string/bytes handling is not correct
>       sp_metadata = create_metadata_string("", config=cnf, sign=True)

tests/test_39_metadata.py:66: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/metadata.py:118: in create_metadata_string
    eid, xmldoc = sign_entity_descriptor(eid, mid, secc, sign_alg, digest_alg)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/metadata.py:851: in sign_entity_descriptor
    xmldoc = secc.sign_statement(f"{edesc}", class_name(edesc))
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842313b9b0>
statement = '<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:ns2="urn:oasis:names:tc:SAML:metadata:algsupport" entityID="urn:mace:umu.se:saml:roland:sp" ID="id-0LWcc0USuz6prdHAI"><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-0LWcc0USuz6prdHAI"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><ns0:Extensions><ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160" /><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224" /><ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" /><ns2:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" /><ns2:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" /><ns2:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160" /><ns2:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" /><ns2:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" /></ns0:Extensions><ns0:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="true" WantAssertionsSigned="true"><ns0:KeyDescriptor use="signing"><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://lingon.catalogix.se:8087/" index="1" /><ns0:AttributeConsumingService index="1"><ns0:ServiceName xml:lang="en">Rolands SP</ns0:ServiceName><ns0:RequestedAttribute Name="urn:mace:dir:attribute-def:surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="surName" isRequired="true" /><ns0:RequestedAttribute Name="urn:mace:dir:attribute-def:givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="givenName" isRequired="true" /><ns0:RequestedAttribute Name="urn:mace:dir:attribute-def:mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="mail" isRequired="true" /><ns0:RequestedAttribute Name="urn:mace:dir:attribute-def:title" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="title" isRequired="false" /></ns0:AttributeConsumingService></ns0:SPSSODescriptor></ns0:EntityDescriptor>'
node_name = 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = None

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', '--output', '/tmp/tmpfpz0u690.xml', '/tmp/tmpvnxp6ad3.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpvnxp6ad3.xml"

output=
_______________________ TestSecurity.test_sign_assertion _______________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpco60qsfo.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpco60qsfo.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurity object at 0x7f84239323f0>

    def test_sign_assertion(self):
        ass = self._assertion
        print(ass)
>       sign_ass = self.sec.sign_assertion(f"{ass}", node_id=ass.id)

tests/test_40_sigver.py:186: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1710: in sign_assertion
    return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpeg6m26hv.xml', '/tmp/tmpco60qsfo.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
----------------------------- Captured stdout call -----------------------------
<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpco60qsfo.xml"

output=
_______________ TestSecurity.test_multiple_signatures_assertion ________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpwaadfdey.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpwaadfdey.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurity object at 0x7f8423932190>

    def test_multiple_signatures_assertion(self):
        ass = self._assertion
        # basic test with two of the same
        to_sign = [(ass, ass.id), (ass, ass.id)]
>       sign_ass = self.sec.multiple_signatures(str(ass), to_sign)

tests/test_40_sigver.py:205: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures
    statement = self.sign_statement(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpp1x9crft.xml', '/tmp/tmpwaadfdey.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpwaadfdey.xml"

output=
________________ TestSecurity.test_multiple_signatures_response ________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp56tp8kn8.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp56tp8kn8.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurity object at 0x7f84247a4830>

    def test_multiple_signatures_response(self):
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser"),
            status=success_status_factory(),
            assertion=self._assertion,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22222",
            signature=sigver.pre_signature_part("id-22222", self.sec.my_cert),
        )
    
        # order is important, we can't validate if the signatures are made
        # in the reverse order
        to_sign = [(self._assertion, self._assertion.id), (response, response.id)]
>       s_response = self.sec.multiple_signatures(str(response), to_sign)

tests/test_40_sigver.py:233: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures
    statement = self.sign_statement(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpr7jzgf0r.xml', '/tmp/tmp56tp8kn8.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp56tp8kn8.xml"

output=
_______________________ TestSecurity.test_sign_response ________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp7962nvld.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp7962nvld.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurity object at 0x7f8423f5a580>

    def test_sign_response(self):
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser"),
            status=success_status_factory(),
            assertion=self._assertion,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22222",
            signature=sigver.pre_signature_part("id-22222", self.sec.my_cert),
        )
    
        to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)]
>       s_response = sigver.signed_instance_factory(response, self.sec, to_sign)

tests/test_40_sigver.py:270: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp2md_lu4u.xml', '/tmp/tmp7962nvld.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp7962nvld.xml"

output=
______________________ TestSecurity.test_sign_response_2 _______________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22233" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser-2</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22233"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11122" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer-2</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11122"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Fox</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bear</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11122'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpp6ngmxd6.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpp6ngmxd6.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurity object at 0x7f84239069c0>

    def test_sign_response_2(self):
        assertion2 = factory(
            saml.Assertion,
            version="2.0",
            id="id-11122",
            issuer=saml.Issuer(text="the-issuer-2"),
            issue_instant="2009-10-30T13:20:28Z",
            signature=sigver.pre_signature_part("id-11122", self.sec.my_cert),
            attribute_statement=do_attribute_statement(
                {
                    ("name:surName", "nameformat", "surName"): ("Fox", ""),
                    ("name:givenName", "nameformat", "givenName"): ("Bear", ""),
                }
            ),
        )
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser-2"),
            status=success_status_factory(),
            assertion=assertion2,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22233",
            signature=sigver.pre_signature_part("id-22233", self.sec.my_cert),
        )
    
        to_sign = [(class_name(assertion2), assertion2.id), (class_name(response), response.id)]
    
>       s_response = sigver.signed_instance_factory(response, self.sec, to_sign)

tests/test_40_sigver.py:314: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22233" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser-2</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22233"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11122" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer-2</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11122"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Fox</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bear</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11122'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmpi0qlruoc.xml', '/tmp/tmpp6ngmxd6.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpp6ngmxd6.xml"

output=
________________________ TestSecurity.test_sign_verify _________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22233"><ns1:Signature><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-22233"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpxhil2dkj.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpxhil2dkj.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurity object at 0x7f8425dbe450>

    def test_sign_verify(self):
        response = factory(
            samlp.Response,
            assertion=self._assertion,
            id="id-22233",
            signature=sigver.pre_signature_part("id-22233", self.sec.my_cert),
        )
    
        to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)]
    
>       s_response = sigver.signed_instance_factory(response, self.sec, to_sign)

tests/test_40_sigver.py:341: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22233"><ns1:Signature><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-22233"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp07blw8bh.xml', '/tmp/tmpxhil2dkj.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpxhil2dkj.xml"

output=
____________ TestSecurity.test_sign_verify_with_cert_from_instance _____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpkd_zlm5i.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpkd_zlm5i.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurity object at 0x7f842395d050>

    def test_sign_verify_with_cert_from_instance(self):
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser"),
            status=success_status_factory(),
            assertion=self._assertion,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22222",
            signature=sigver.pre_signature_part("id-22222", self.sec.my_cert),
        )
    
        to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)]
    
>       s_response = sigver.signed_instance_factory(response, self.sec, to_sign)

tests/test_40_sigver.py:363: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpmp1ydnxa.xml', '/tmp/tmpkd_zlm5i.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpkd_zlm5i.xml"

output=
_______ TestSecurity.test_sign_verify_assertion_with_cert_from_instance ________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11100" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11100"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Fox</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bear</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11100'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpdp2u635i.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpdp2u635i.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurity object at 0x7f84255a66c0>

    def test_sign_verify_assertion_with_cert_from_instance(self):
        assertion = factory(
            saml.Assertion,
            version="2.0",
            id="id-11100",
            issuer=saml.Issuer(text="the-issuer"),
            issue_instant="2009-10-30T13:20:28Z",
            signature=sigver.pre_signature_part("id-11100", self.sec.my_cert),
            attribute_statement=do_attribute_statement(
                {
                    ("name:surName", "nameformat", "surName"): ("Fox", ""),
                    ("name:givenName", "nameformat", "givenName"): ("Bear", ""),
                }
            ),
        )
    
        to_sign = [(class_name(assertion), assertion.id)]
>       s_assertion = sigver.signed_instance_factory(assertion, self.sec, to_sign)

tests/test_40_sigver.py:395: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11100" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11100"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Fox</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bear</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11100'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmp1lljq1jn.xml', '/tmp/tmpdp2u635i.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpdp2u635i.xml"

output=
_______ TestSecurity.test_exception_sign_verify_with_cert_from_instance ________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11100" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer-2</saml:Issuer><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-22222'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...]
extra_args = ['/tmp/tmpqyidnx4w.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpqyidnx4w.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurity object at 0x7f8423254aa0>

    def test_exception_sign_verify_with_cert_from_instance(self):
        assertion = factory(
            saml.Assertion,
            version="2.0",
            id="id-11100",
            issuer=saml.Issuer(text="the-issuer-2"),
            issue_instant="2009-10-30T13:20:28Z",
            attribute_statement=do_attribute_statement(
                {
                    ("name:surName", "nameformat", "surName"): ("Foo", ""),
                    ("name:givenName", "nameformat", "givenName"): ("Bar", ""),
                }
            ),
        )
    
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser"),
            status=success_status_factory(),
            assertion=assertion,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22222",
            signature=sigver.pre_signature_part("id-22222", self.sec.my_cert),
        )
    
        to_sign = [(class_name(response), response.id)]
    
>       s_response = sigver.signed_instance_factory(response, self.sec, to_sign)

tests/test_40_sigver.py:436: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84226b7bf0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11100" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer-2</saml:Issuer><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-22222'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpdvuqokfy.xml', '/tmp/tmpqyidnx4w.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpqyidnx4w.xml"

output=
_________________ TestSecurityNonAsciiAva.test_sign_assertion __________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Föö</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bär</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp5_qsnjqj.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp5_qsnjqj.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurityNonAsciiAva object at 0x7f8423932520>

    def test_sign_assertion(self):
        ass = self._assertion
        print(ass)
>       sign_ass = self.sec.sign_assertion(f"{ass}", node_id=ass.id)

tests/test_40_sigver.py:491: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1710: in sign_assertion
    return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Föö</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bär</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpbr0q2w6w.xml', '/tmp/tmp5_qsnjqj.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
----------------------------- Captured stdout call -----------------------------
<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Föö</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bär</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp5_qsnjqj.xml"

output=
__________ TestSecurityNonAsciiAva.test_multiple_signatures_assertion __________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Föö</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bär</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp3n0e9w0_.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp3n0e9w0_.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurityNonAsciiAva object at 0x7f8423932c40>

    def test_multiple_signatures_assertion(self):
        ass = self._assertion
        # basic test with two of the same
        to_sign = [(ass, ass.id), (ass, ass.id)]
>       sign_ass = self.sec.multiple_signatures(str(ass), to_sign)

tests/test_40_sigver.py:511: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures
    statement = self.sign_statement(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Föö</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bär</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp2a55r4rk.xml', '/tmp/tmp3n0e9w0_.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp3n0e9w0_.xml"

output=
__________ TestSecurityNonAsciiAva.test_multiple_signatures_response ___________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Föö</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bär</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp4jecio89.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp4jecio89.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurityNonAsciiAva object at 0x7f84247a6210>

    def test_multiple_signatures_response(self):
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser"),
            status=success_status_factory(),
            assertion=self._assertion,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22222",
            signature=sigver.pre_signature_part("id-22222", self.sec.my_cert),
        )
    
        # order is important, we can't validate if the signatures are made
        # in the reverse order
        to_sign = [(self._assertion, self._assertion.id), (response, response.id)]
>       s_response = self.sec.multiple_signatures(str(response), to_sign)

tests/test_40_sigver.py:539: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures
    statement = self.sign_statement(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Föö</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bär</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpzzrede70.xml', '/tmp/tmp4jecio89.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp4jecio89.xml"

output=
__________________ TestSecurityNonAsciiAva.test_sign_response __________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">F\xc3\xb6\xc3\xb6</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">B\xc3\xa4r</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpps4no7_f.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpps4no7_f.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurityNonAsciiAva object at 0x7f8423906690>

    def test_sign_response(self):
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser"),
            status=success_status_factory(),
            assertion=self._assertion,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22222",
            signature=sigver.pre_signature_part("id-22222", self.sec.my_cert),
        )
    
        to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)]
>       s_response = sigver.signed_instance_factory(response, self.sec, to_sign)

tests/test_40_sigver.py:576: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">F\xc3\xb6\xc3\xb6</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">B\xc3\xa4r</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp7zsxye45.xml', '/tmp/tmpps4no7_f.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpps4no7_f.xml"

output=
_________________ TestSecurityNonAsciiAva.test_sign_response_2 _________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22233" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22233"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11122" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer-2</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11122"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">R\xc3\xa4v</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bj\xc3\xb6rn</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11122'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp0xzci00n.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp0xzci00n.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurityNonAsciiAva object at 0x7f8423906ad0>

    def test_sign_response_2(self):
        assertion2 = factory(
            saml.Assertion,
            version="2.0",
            id="id-11122",
            issuer=saml.Issuer(text="the-issuer-2"),
            issue_instant="2009-10-30T13:20:28Z",
            signature=sigver.pre_signature_part("id-11122", self.sec.my_cert),
            attribute_statement=do_attribute_statement(
                {
                    ("name:surName", "nameformat", "surName"): ("Räv", ""),
                    ("name:givenName", "nameformat", "givenName"): ("Björn", ""),
                }
            ),
        )
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser"),
            status=success_status_factory(),
            assertion=assertion2,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22233",
            signature=sigver.pre_signature_part("id-22233", self.sec.my_cert),
        )
    
        to_sign = [(class_name(assertion2), assertion2.id), (class_name(response), response.id)]
    
>       s_response = sigver.signed_instance_factory(response, self.sec, to_sign)

tests/test_40_sigver.py:620: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22233" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22233"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11122" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer-2</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11122"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">R\xc3\xa4v</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bj\xc3\xb6rn</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11122'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmpwfb_opta.xml', '/tmp/tmp0xzci00n.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp0xzci00n.xml"

output=
___________________ TestSecurityNonAsciiAva.test_sign_verify ___________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22233" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22233"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">F\xc3\xb6\xc3\xb6</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">B\xc3\xa4r</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp60u3r7io.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp60u3r7io.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurityNonAsciiAva object at 0x7f842395d450>

    def test_sign_verify(self):
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser"),
            status=success_status_factory(),
            assertion=self._assertion,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22233",
            signature=sigver.pre_signature_part("id-22233", self.sec.my_cert),
        )
    
        to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)]
    
>       s_response = sigver.signed_instance_factory(response, self.sec, to_sign)

tests/test_40_sigver.py:648: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22233" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22233"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">F\xc3\xb6\xc3\xb6</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">B\xc3\xa4r</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp3is931nq.xml', '/tmp/tmp60u3r7io.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp60u3r7io.xml"

output=
_______ TestSecurityNonAsciiAva.test_sign_verify_with_cert_from_instance _______

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">F\xc3\xb6\xc3\xb6</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">B\xc3\xa4r</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpd3q9gz22.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpd3q9gz22.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurityNonAsciiAva object at 0x7f842395d250>

    def test_sign_verify_with_cert_from_instance(self):
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser"),
            status=success_status_factory(),
            assertion=self._assertion,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22222",
            signature=sigver.pre_signature_part("id-22222", self.sec.my_cert),
        )
    
        to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)]
    
>       s_response = sigver.signed_instance_factory(response, self.sec, to_sign)

tests/test_40_sigver.py:670: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-11111"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">F\xc3\xb6\xc3\xb6</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">B\xc3\xa4r</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpezeamdpt.xml', '/tmp/tmpd3q9gz22.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpd3q9gz22.xml"

output=
__ TestSecurityNonAsciiAva.test_sign_verify_assertion_with_cert_from_instance __

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11100" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11100"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">R\xc3\xa4v</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bj\xc3\xb6rn</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11100'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpthjmlk4p.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpthjmlk4p.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurityNonAsciiAva object at 0x7f8423254b90>

    def test_sign_verify_assertion_with_cert_from_instance(self):
        assertion = factory(
            saml.Assertion,
            version="2.0",
            id="id-11100",
            issuer=saml.Issuer(text="the-issuer"),
            issue_instant="2009-10-30T13:20:28Z",
            signature=sigver.pre_signature_part("id-11100", self.sec.my_cert, 1),
            attribute_statement=do_attribute_statement(
                {
                    ("name:surName", "nameformat", "surName"): ("Räv", ""),
                    ("name:givenName", "nameformat", "givenName"): ("Björn", ""),
                }
            ),
        )
    
        to_sign = [(class_name(assertion), assertion.id)]
>       s_assertion = sigver.signed_instance_factory(assertion, self.sec, to_sign)

tests/test_40_sigver.py:702: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11100" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11100"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">R\xc3\xa4v</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bj\xc3\xb6rn</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11100'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmp_0ap6xwm.xml', '/tmp/tmpthjmlk4p.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpthjmlk4p.xml"

output=
__ TestSecurityNonAsciiAva.test_exception_sign_verify_with_cert_from_instance __

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11100" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">F\xc3\xb6\xc3\xb6</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">B\xc3\xa4r</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-22222'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...]
extra_args = ['/tmp/tmpvoyjpbrv.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpvoyjpbrv.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_40_sigver.TestSecurityNonAsciiAva object at 0x7f84232549b0>

    def test_exception_sign_verify_with_cert_from_instance(self):
        assertion = factory(
            saml.Assertion,
            version="2.0",
            id="id-11100",
            issuer=saml.Issuer(text="the-issuer"),
            issue_instant="2009-10-30T13:20:28Z",
            attribute_statement=do_attribute_statement(
                {
                    ("name:surName", "nameformat", "surName"): ("Föö", ""),
                    ("name:givenName", "nameformat", "givenName"): ("Bär", ""),
                }
            ),
        )
    
        response = factory(
            samlp.Response,
            issuer=saml.Issuer(text="the-isser"),
            status=success_status_factory(),
            assertion=assertion,
            version="2.0",
            issue_instant="2099-10-30T13:20:28Z",
            id="id-22222",
            signature=sigver.pre_signature_part("id-22222", self.sec.my_cert),
        )
    
        to_sign = [(class_name(response), response.id)]
    
>       s_response = sigver.signed_instance_factory(response, self.sec, to_sign)

tests/test_40_sigver.py:743: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422cd2e70>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-22222" Version="2.0" IssueInstant="2099-10-30T13:20:28Z"><saml:Issuer>the-isser</saml:Issuer><ns2:Signature><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-22222"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-11100" IssueInstant="2009-10-30T13:20:28Z"><saml:Issuer>the-issuer</saml:Issuer><saml:AttributeStatement><saml:Attribute Name="name:surName" NameFormat="nameformat" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">F\xc3\xb6\xc3\xb6</saml:AttributeValue></saml:Attribute><saml:Attribute Name="name:givenName" NameFormat="nameformat" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">B\xc3\xa4r</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-22222'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmp0j4rlgb2.xml', '/tmp/tmpvoyjpbrv.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpvoyjpbrv.xml"

output=
__________________________________ test_xbox ___________________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84230a3650>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84230a3650>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp9piz_9ji.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp9piz_9ji.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

    def test_xbox():
        conf = config.SPConfig()
        conf.load_file("server_conf")
        md = MetadataStore([saml, samlp], None, conf)
        md.load("local", IDP_EXAMPLE)
    
        conf.metadata = md
        conf.only_use_keys_in_metadata = False
        sec = sigver.security_context(conf)
    
        assertion = factory(
            saml.Assertion,
            version="2.0",
            id="id-11111",
            issue_instant="2009-10-30T13:20:28Z",
            signature=sigver.pre_signature_part("id-11111", sec.my_cert, 1),
            attribute_statement=do_attribute_statement(
                {
                    ("", "", "surName"): ("Foo", ""),
                    ("", "", "givenName"): ("Bar", ""),
                }
            ),
        )
    
>       sigass = sec.sign_statement(
            assertion,
            class_name(assertion),
            key_file=PRIV_KEY,
            node_id=assertion.id,
        )

tests/test_40_sigver.py:843: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84230a3650>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Foo</saml:AttributeValue></saml:Attribute><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bar</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpzcd19yur.xml', '/tmp/tmp9piz_9ji.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp9piz_9ji.xml"

output=
___________________________ test_xbox_non_ascii_ava ____________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ecbcb90>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Föö</saml:AttributeValue></saml:Attribute><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bär</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ecbcb90>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpfkeessnr.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpfkeessnr.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

    def test_xbox_non_ascii_ava():
        conf = config.SPConfig()
        conf.load_file("server_conf")
        md = MetadataStore([saml, samlp], None, conf)
        md.load("local", IDP_EXAMPLE)
    
        conf.metadata = md
        conf.only_use_keys_in_metadata = False
        sec = sigver.security_context(conf)
    
        assertion = factory(
            saml.Assertion,
            version="2.0",
            id="id-11111",
            issue_instant="2009-10-30T13:20:28Z",
            signature=sigver.pre_signature_part("id-11111", sec.my_cert, 1),
            attribute_statement=do_attribute_statement(
                {
                    ("", "", "surName"): ("Föö", ""),
                    ("", "", "givenName"): ("Bär", ""),
                }
            ),
        )
    
>       sigass = sec.sign_statement(
            assertion,
            class_name(assertion),
            key_file=PRIV_KEY,
            node_id=assertion.id,
        )

tests/test_40_sigver.py:901: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ecbcb90>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-11111" IssueInstant="2009-10-30T13:20:28Z"><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-11111"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:AttributeStatement><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Föö</saml:AttributeValue></saml:Attribute><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Bär</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-11111'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp9xr63_eo.xml', '/tmp/tmpfkeessnr.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpfkeessnr.xml"

output=
_______________________ TestServer1.test_signed_response _______________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-Y9Z7pnc6LlxIvvrZL" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-PVnQgw4fpfmtB53aj" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-PVnQgw4fpfmtB53aj"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">c404a6ce14d668075d3aed311879fa33f57233541a41cdf4cbb161b50d84277c</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-PVnQgw4fpfmtB53aj'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpx2gfruy1.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpx2gfruy1.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1 object at 0x7f84228e6eb0>

    def test_signed_response(self):
        name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
        ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"}
    
>       signed_resp = self.server.create_authn_response(
            ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=name_id,
            sign_assertion=True,
        )

tests/test_50_server.py:441: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-Y9Z7pnc6LlxIvvrZL" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-PVnQgw4fpfmtB53aj" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-PVnQgw4fpfmtB53aj"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">c404a6ce14d668075d3aed311879fa33f57233541a41cdf4cbb161b50d84277c</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-PVnQgw4fpfmtB53aj'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-PVnQgw4fpfmtB53aj', '--output', '/tmp/tmpfe6mn0_e.xml', '/tmp/tmpx2gfruy1.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpx2gfruy1.xml"

output=
______________________ TestServer1.test_signed_response_1 ______________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-VqX47zqkJJboF9ODI" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-VqX47zqkJJboF9ODI"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-QKMtTpLQY2uf3yZOB" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-QKMtTpLQY2uf3yZOB"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-QKMtTpLQY2uf3yZOB'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpg1khr3fy.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpg1khr3fy.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1 object at 0x7f84228e7150>

    def test_signed_response_1(self):
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=True,
        )

tests/test_50_server.py:464: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response
    return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-VqX47zqkJJboF9ODI" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:22Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-VqX47zqkJJboF9ODI"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-QKMtTpLQY2uf3yZOB" IssueInstant="2024-09-12T12:13:22Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-QKMtTpLQY2uf3yZOB"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:22Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:22Z" NotOnOrAfter="2024-09-12T12:18:22Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-QKMtTpLQY2uf3yZOB'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-QKMtTpLQY2uf3yZOB', '--output', '/tmp/tmp50pcf44r.xml', '/tmp/tmpg1khr3fy.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpg1khr3fy.xml"

output=
______________________ TestServer1.test_signed_response_2 ______________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-Q7avCVgkRqkq7lZH7" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-Q7avCVgkRqkq7lZH7"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-2sTBxOwwkeXN36Ets" IssueInstant="2024-09-12T12:13:23Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:23Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:23Z" NotOnOrAfter="2024-09-12T12:18:23Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-Q7avCVgkRqkq7lZH7'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...]
extra_args = ['/tmp/tmpjiri70pu.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpjiri70pu.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1 object at 0x7f84231ca270>

    def test_signed_response_2(self):
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=False,
        )

tests/test_50_server.py:495: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response
    return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-Q7avCVgkRqkq7lZH7" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-Q7avCVgkRqkq7lZH7"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-2sTBxOwwkeXN36Ets" IssueInstant="2024-09-12T12:13:23Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:23Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:23Z" NotOnOrAfter="2024-09-12T12:18:23Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-Q7avCVgkRqkq7lZH7'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-Q7avCVgkRqkq7lZH7', '--output', '/tmp/tmp3k7mzqt4.xml', '/tmp/tmpjiri70pu.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpjiri70pu.xml"

output=
______________________ TestServer1.test_signed_response_3 ______________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-lqIXYyo2G577PG9Yu" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-CFT0KN0NFua7mfoRN" IssueInstant="2024-09-12T12:13:23Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-CFT0KN0NFua7mfoRN"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:23Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:23Z" NotOnOrAfter="2024-09-12T12:18:23Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-CFT0KN0NFua7mfoRN'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp33bj2epz.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp33bj2epz.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1 object at 0x7f8422a85d90>

    def test_signed_response_3(self):
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=False,
            sign_assertion=True,
        )

tests/test_50_server.py:519: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-lqIXYyo2G577PG9Yu" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-CFT0KN0NFua7mfoRN" IssueInstant="2024-09-12T12:13:23Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-CFT0KN0NFua7mfoRN"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:23Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:23Z" NotOnOrAfter="2024-09-12T12:18:23Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-CFT0KN0NFua7mfoRN'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-CFT0KN0NFua7mfoRN', '--output', '/tmp/tmphmzksg32.xml', '/tmp/tmp33bj2epz.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp33bj2epz.xml"

output=
_________________ TestServer1.test_encrypted_signed_response_1 _________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-O21GN8dv8EFP15SJI" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-O21GN8dv8EFP15SJI"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-eBsWdpHr1E8YtMyud" IssueInstant="2024-09-12T12:13:23Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-eBsWdpHr1E8YtMyud"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:23Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:23Z" NotOnOrAfter="2024-09-12T12:18:23Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_4ed8231c-fc41-4cc0-b28b-d5c5cf5086a5" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_39eb72a5-b904-4bb5-a999-80fa3b9b7f4b"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzIzWhcNMzQwOTEwMTIxMzIzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAlyddhEEwbaYYXOzsP2q/8Wfe8gyjkx1s4GjVmlyQHooWg2qlsQ9Ic93R\nxiQ4UI9znsBTe9RmMxWU6VJsqAWRfK7aVH2qvsSzEtGa9/ZVhrFqKbVtsIQYB4hr\ng4/eMlvt/EkIfWh8lYBOivlit0o/Bj4RR8JwDIejLuWDPLfSoqQvvOhQ4zeZHm38\nc4eVdo2DX0ZQLmrA/cDYFx36roGdfVU+BbvgYldQH7L6gru34esfkFXtRm0XOv4I\nr0KTNEFXJAkBP5gjWveFdat6OOLC33xIBiTze/x4maaZXcWnSipF7gEBwkj0MS/g\nBDioObj6CP++jvqDpsAjs1nhOrQT0wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAISW\n1rCeq/MVK8gcurm0VLO6QVrpz/gLDtO/hjWJFl0N7ZM9JhLpLmT7mgE8JTOHvs6F\nKNiz5YFvN08ng+yez0F0SNug/FtWBSraImzmDUjjshTsYeT9NFPu4xQrmakZDQoX\nL+Qj+YZKanGnPLv6vW2CeeTbHoU/1Mz1dpf9zvnQ</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>Gez7tOfx77QK12EGDu/lFFjBG2rSo7iGnA1DRtjWwft2KIREMqBvt9bQYJ/hdTsZ\n2GY9o/l4zj80dTZ0qeOKPzaaYl4XrPkmgncWAvnXqunGea5eV51WXtojaaM/WZOz\nqRbMXHyei/erQmPeqcviT+3LTg4Ef+og92H7tSsldTUJ+JAMYs8crk7KFfloAicO\nqiTqLo+0MNSElwrpy2UdkSS1K9jNogyAYIMs8/sSlVE8dVgr5lrF7FB0Fd2k8aUa\nwQN1p3r+4YYV4jc+gJfuCQ7KnIlvv/yyJP+eTqEp2vpK6b4VQFT7ld05OG1bzaOk\n4NgkY50JVrg/N6BeO1FALA==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>S1+4WWMsDraCdSpocXnM2ws/VyZbn3TT+JQnuuZiyXDnuIWxtzeik3IodOaki8pD\nKuxRtFxknaPB/FF7QmMYGE4DlPQRZ8N00KRqBJKX0XljOi2hao4Qz8qKWfPzKVSZ\nXduVn+VU31n6l8D59ISv41zl0q3teFc5gho7LiJp+/2Vy8eSz7F7LG/9pcu4HJ5S\n1qQp5iQ4i/+LJUW3PNtO1B2kEtqnSuE6XyQNWEuYiQvF9VFvEQtH4fEGU8pOieo5\niAU3qWgjqZo62iqt1/xbXPH3BjNtA7+lCGd//kj5Is+eIfVD3mRMbZ7P+kLLqcui\nzL19bgae+DrGjtzssLBxBr8vqH/D3t9A/ECFGc27IsU3Dj+J3zVrDch2Oz7CTvIR\ndOuQ5UjdVFQ//wV2mqGfO4MQW1248lUCLpWxPPf3ThfXruXcZARjxbGYPUlds81c\nvUmLlvxI1DHmdm5+RiP9w2yw7jj1fAoMzphbiMdApR8f7ygfjP8+mRQI5s7D05As\niokPGJyvgizaSwEBSeqDyy+OvHY9qfPg4+THEeztrPapHSSSNZrbqc34jCshkCmJ\n14A7u0SIPp/Potr9cXtlnKcOAh8V7AMumoeeAWP2WRBU36CjQkgze0vwhtEY/coE\n8TGSpFn11mQZB+0zqGxzGf91DLSD9PCSGZQ9A8FgK8qM+R0UGriS1k52G+Crgn0H\nAAT0WYGEkdnmQxKsjG3uajGuxdhKDVgUtSCWmfDu++h/J2gt6YPmPNclNadIzPk7\nOk314cqTiBG0AbWdgCNF3eklcJ1KL/NgdooC57YGfqJ1Whcro33zFhLP9V4RJDjf\nAP98HWxAR1VOQtsmsj8tqoL20obkP3x8r5Q3y4KZtWa+3mN62h7IOXMRq/Qzle66\n4PGcuXBr9em8wF3nk4VKXJHbWeSTV65FoKeemq3w/OXSv40HKO9oeOlc655Dsh3F\nHScpHIqP6U+IwWRvEEM1RHS5MR6uowSzo+LD/sct3hA+Mfig8sCkE+FDsKGE+s+M\nite1XgsVpjO9fYwI3v32X+zUCVRTKJkZcxJMpWV0+MFXdZLl3QlIEYrDWKWOgoFv\n8oQLGdItS/59s4uB+aUh28ty99Kl9I6qrmPKgr++x6FCXPw3GHendqizKAhK9ajF\n4L2htxLuvqE5zfC9imUxoLQxUfksVZYWLlhuu9hNBoNUnncM+9/D4CCYRHs1St7Q\nH09cxT6oy2GWpXyU1O+7MmM5PqPxprmGPuWfGa6BaubBn8wVAOjex02/F9ydRolJ\nYsx0g+GcJSDYKhZ4gx1+PXqxKTqL06nHQAIQc8/+1/CXS8m7OU/8518wg2hzeT2B\n0oLByiDIP52fTMlLKFJvgx07s1LxhSXsaETY/Gwj6u+aH6r2Y7pYg4/X8r0xXURg\ndaMaxrYlhT2prkWPgL35a2CnNgT3vSAeL6OUzPvY5CHqPbX8mMZnZ13VmVuFlT7W\n/ZXK+UWlBEKiUvzojZXgAtVek1oAW/TTGFVwYrs2LWroETdx4IaIkQ9cHs3aXFeo\nYI9DlHO5dHNP/IlRrrlF4aUR3t6HlGz4tHnRUfeGate/OAmT7iPI2WLyXUUTRJcl\nd/HzkvrcmBH/lt05hwxWrZmD6n1B/SRHihQgZ/S7GtKLMmg5zy3ml+J02eWqN07V\nxjgRt8CGRNvyka3EWf1A9Gu+SJdsHnHmuPRw/CUGN8sXbFVR1T7bYyStV0iTPIjO\n3S5X86skqNOxsoM1jlRahEK53+onZrAn3qCrkjqHw6yHrpuE38OQHGSJ4iUUmPBz\nuIIe2NUs5mgMLDUlPb1BfiZxji4ScEN7aPqagbce9tcchljZlln44g4t0cGPXqiL\npJ9yl9KODKrsU2c4vLmq1ScfGrKWBxvWLuT6j12c3TGPUPjIWjt6z69svcnKykBP\n7yuyKe0XackuSPBst6bfW1jwifkPKB5FhoFn11RvbWJP/0mkM/dUQ/03gNitZjcl\nXi2/Jf/KZV8wROauJNy3jRBL3CuzYVL8DaS7uduGqwbni0Bt1VJ47fVB6DW0UmCX\nCUMLVs9CNjutgUUY1HY7KgyoDyxwyLivjNvJ4+oskZPwM8TpUPr8NWRMvuNNjOGk\nEe0fAzvPlO2UpUORxuvPAtgpfDaNi79BkhmcZMPirhSnulsmz0kQM3ccxDGySy4w\ngqzVmZ08cyXZ3xA+qQNAcFy7AGqHHxAFwaGr+6MHscpZ11GCMg+CLdWsRZC6SVHH\nrPeT0y05n5NpVLZxHNX1U+2ctF0wC4bgyEKmiwbzrUeecPXW3BrnK6g0JtcGoQV6\nr/qlTWP71rvlulNm6ofVloFfyNv923EvNe1CtsZiLvluMSOtqSApZjCru4Tvzy4r\nCAu3sFyG5Z6fZQ7sM9wolSDPK8Oi8iCnjgiFKamxk7sX+Tfmtfpsyw==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-eBsWdpHr1E8YtMyud'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp78mxwcnb.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp78mxwcnb.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1 object at 0x7f8422a86090>

    def test_encrypted_signed_response_1(self):
    
        cert_str, cert_key_str = generate_cert()
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=False,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_advice=cert_str,
        )

tests/test_50_server.py:547: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response
    response = signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-O21GN8dv8EFP15SJI" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-O21GN8dv8EFP15SJI"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-eBsWdpHr1E8YtMyud" IssueInstant="2024-09-12T12:13:23Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-eBsWdpHr1E8YtMyud"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:23Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:23Z" NotOnOrAfter="2024-09-12T12:18:23Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_4ed8231c-fc41-4cc0-b28b-d5c5cf5086a5" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_39eb72a5-b904-4bb5-a999-80fa3b9b7f4b"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzIzWhcNMzQwOTEwMTIxMzIzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAlyddhEEwbaYYXOzsP2q/8Wfe8gyjkx1s4GjVmlyQHooWg2qlsQ9Ic93R\nxiQ4UI9znsBTe9RmMxWU6VJsqAWRfK7aVH2qvsSzEtGa9/ZVhrFqKbVtsIQYB4hr\ng4/eMlvt/EkIfWh8lYBOivlit0o/Bj4RR8JwDIejLuWDPLfSoqQvvOhQ4zeZHm38\nc4eVdo2DX0ZQLmrA/cDYFx36roGdfVU+BbvgYldQH7L6gru34esfkFXtRm0XOv4I\nr0KTNEFXJAkBP5gjWveFdat6OOLC33xIBiTze/x4maaZXcWnSipF7gEBwkj0MS/g\nBDioObj6CP++jvqDpsAjs1nhOrQT0wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAISW\n1rCeq/MVK8gcurm0VLO6QVrpz/gLDtO/hjWJFl0N7ZM9JhLpLmT7mgE8JTOHvs6F\nKNiz5YFvN08ng+yez0F0SNug/FtWBSraImzmDUjjshTsYeT9NFPu4xQrmakZDQoX\nL+Qj+YZKanGnPLv6vW2CeeTbHoU/1Mz1dpf9zvnQ</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>Gez7tOfx77QK12EGDu/lFFjBG2rSo7iGnA1DRtjWwft2KIREMqBvt9bQYJ/hdTsZ\n2GY9o/l4zj80dTZ0qeOKPzaaYl4XrPkmgncWAvnXqunGea5eV51WXtojaaM/WZOz\nqRbMXHyei/erQmPeqcviT+3LTg4Ef+og92H7tSsldTUJ+JAMYs8crk7KFfloAicO\nqiTqLo+0MNSElwrpy2UdkSS1K9jNogyAYIMs8/sSlVE8dVgr5lrF7FB0Fd2k8aUa\nwQN1p3r+4YYV4jc+gJfuCQ7KnIlvv/yyJP+eTqEp2vpK6b4VQFT7ld05OG1bzaOk\n4NgkY50JVrg/N6BeO1FALA==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>S1+4WWMsDraCdSpocXnM2ws/VyZbn3TT+JQnuuZiyXDnuIWxtzeik3IodOaki8pD\nKuxRtFxknaPB/FF7QmMYGE4DlPQRZ8N00KRqBJKX0XljOi2hao4Qz8qKWfPzKVSZ\nXduVn+VU31n6l8D59ISv41zl0q3teFc5gho7LiJp+/2Vy8eSz7F7LG/9pcu4HJ5S\n1qQp5iQ4i/+LJUW3PNtO1B2kEtqnSuE6XyQNWEuYiQvF9VFvEQtH4fEGU8pOieo5\niAU3qWgjqZo62iqt1/xbXPH3BjNtA7+lCGd//kj5Is+eIfVD3mRMbZ7P+kLLqcui\nzL19bgae+DrGjtzssLBxBr8vqH/D3t9A/ECFGc27IsU3Dj+J3zVrDch2Oz7CTvIR\ndOuQ5UjdVFQ//wV2mqGfO4MQW1248lUCLpWxPPf3ThfXruXcZARjxbGYPUlds81c\nvUmLlvxI1DHmdm5+RiP9w2yw7jj1fAoMzphbiMdApR8f7ygfjP8+mRQI5s7D05As\niokPGJyvgizaSwEBSeqDyy+OvHY9qfPg4+THEeztrPapHSSSNZrbqc34jCshkCmJ\n14A7u0SIPp/Potr9cXtlnKcOAh8V7AMumoeeAWP2WRBU36CjQkgze0vwhtEY/coE\n8TGSpFn11mQZB+0zqGxzGf91DLSD9PCSGZQ9A8FgK8qM+R0UGriS1k52G+Crgn0H\nAAT0WYGEkdnmQxKsjG3uajGuxdhKDVgUtSCWmfDu++h/J2gt6YPmPNclNadIzPk7\nOk314cqTiBG0AbWdgCNF3eklcJ1KL/NgdooC57YGfqJ1Whcro33zFhLP9V4RJDjf\nAP98HWxAR1VOQtsmsj8tqoL20obkP3x8r5Q3y4KZtWa+3mN62h7IOXMRq/Qzle66\n4PGcuXBr9em8wF3nk4VKXJHbWeSTV65FoKeemq3w/OXSv40HKO9oeOlc655Dsh3F\nHScpHIqP6U+IwWRvEEM1RHS5MR6uowSzo+LD/sct3hA+Mfig8sCkE+FDsKGE+s+M\nite1XgsVpjO9fYwI3v32X+zUCVRTKJkZcxJMpWV0+MFXdZLl3QlIEYrDWKWOgoFv\n8oQLGdItS/59s4uB+aUh28ty99Kl9I6qrmPKgr++x6FCXPw3GHendqizKAhK9ajF\n4L2htxLuvqE5zfC9imUxoLQxUfksVZYWLlhuu9hNBoNUnncM+9/D4CCYRHs1St7Q\nH09cxT6oy2GWpXyU1O+7MmM5PqPxprmGPuWfGa6BaubBn8wVAOjex02/F9ydRolJ\nYsx0g+GcJSDYKhZ4gx1+PXqxKTqL06nHQAIQc8/+1/CXS8m7OU/8518wg2hzeT2B\n0oLByiDIP52fTMlLKFJvgx07s1LxhSXsaETY/Gwj6u+aH6r2Y7pYg4/X8r0xXURg\ndaMaxrYlhT2prkWPgL35a2CnNgT3vSAeL6OUzPvY5CHqPbX8mMZnZ13VmVuFlT7W\n/ZXK+UWlBEKiUvzojZXgAtVek1oAW/TTGFVwYrs2LWroETdx4IaIkQ9cHs3aXFeo\nYI9DlHO5dHNP/IlRrrlF4aUR3t6HlGz4tHnRUfeGate/OAmT7iPI2WLyXUUTRJcl\nd/HzkvrcmBH/lt05hwxWrZmD6n1B/SRHihQgZ/S7GtKLMmg5zy3ml+J02eWqN07V\nxjgRt8CGRNvyka3EWf1A9Gu+SJdsHnHmuPRw/CUGN8sXbFVR1T7bYyStV0iTPIjO\n3S5X86skqNOxsoM1jlRahEK53+onZrAn3qCrkjqHw6yHrpuE38OQHGSJ4iUUmPBz\nuIIe2NUs5mgMLDUlPb1BfiZxji4ScEN7aPqagbce9tcchljZlln44g4t0cGPXqiL\npJ9yl9KODKrsU2c4vLmq1ScfGrKWBxvWLuT6j12c3TGPUPjIWjt6z69svcnKykBP\n7yuyKe0XackuSPBst6bfW1jwifkPKB5FhoFn11RvbWJP/0mkM/dUQ/03gNitZjcl\nXi2/Jf/KZV8wROauJNy3jRBL3CuzYVL8DaS7uduGqwbni0Bt1VJ47fVB6DW0UmCX\nCUMLVs9CNjutgUUY1HY7KgyoDyxwyLivjNvJ4+oskZPwM8TpUPr8NWRMvuNNjOGk\nEe0fAzvPlO2UpUORxuvPAtgpfDaNi79BkhmcZMPirhSnulsmz0kQM3ccxDGySy4w\ngqzVmZ08cyXZ3xA+qQNAcFy7AGqHHxAFwaGr+6MHscpZ11GCMg+CLdWsRZC6SVHH\nrPeT0y05n5NpVLZxHNX1U+2ctF0wC4bgyEKmiwbzrUeecPXW3BrnK6g0JtcGoQV6\nr/qlTWP71rvlulNm6ofVloFfyNv923EvNe1CtsZiLvluMSOtqSApZjCru4Tvzy4r\nCAu3sFyG5Z6fZQ7sM9wolSDPK8Oi8iCnjgiFKamxk7sX+Tfmtfpsyw==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-eBsWdpHr1E8YtMyud'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-eBsWdpHr1E8YtMyud', '--output', '/tmp/tmpgoekvwgt.xml', '/tmp/tmp78mxwcnb.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp78mxwcnb.xml"

output=
_________________ TestServer1.test_encrypted_signed_response_2 _________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = '<?xml version="1.0"?>\n<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-ENvPwBlJANH6n5dQN" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ns2:Reference URI="#id-ENvPwBlJANH6n5dQN"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ns2:DigestValue/></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue/><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></ns0:Status><saml:EncryptedAssertion><ns0:EncryptedData xmlns:ns0="http://www.w3.org/2001/04/xmlenc#" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" Id="ED_b7ad2fa1-5d53-4ffb-b047-2d2d95081787" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ns1:KeyInfo><ns0:EncryptedKey Id="EK_44bd8a18-ce67-4749-aed6-14f57b253554"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue>jHXT9Fwh8q1j0LMjipFvqEpsM9s2eM84AmR3DC/EZy6Ly+C3UKgq5DfjNB2B7KiK\ns1qlRI1rq7Tf/TqPVG2bqERUnFEehCpOTReWTZXOuWMuil3d0mbUxFBjEMwASBKo\nHj1cc7olId6RRrkGVScIod9WXci3dh3Y5bb8681yXHE=</ns0:CipherValue></ns0:CipherData></ns0:EncryptedKey></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue>dm1TE/BD6J70d2C9ih8OTeL4+TiU/VIog6unj0xCOB5HZTArJ48Jf93l3oBZ80UN\nB8DZymkLPJ3D/cyaHax0Y1FTu3gPdrtyaeR9QURxfCoobePusyW0DLiSLroSUmn3\nQYt3Zo3xwMi+ncj5+eSsgZ7bL9SjlsH8ISQA+tYdX07sWOm+Y/YeQAs4lOdwuVTi\nzJarrCMayXIN4d/9geUhG1xje7w9QMptdo3rA+jg8mPSzvKzpFZaYdgzVzK9gvgo\ndL32AtEb4gLlI47hf1okOZxPC/PPGD4wwFdN8KHMOxYtpHRvRsaLYbptQwxP7HYk\nSUJaStsirIkvSMWzWNDfue2QLE6EQi9iRc12Vtr+CkxEpwjtexpNW8GUR6V5fsR9\nV5TlPheECa1+tfN+FIpN5guKSKRmYaD/iF3keQ1O+G2Wq1T5jmS1CQ1CkEb8ZxrC\nC5v4UO3+8+jHvBVgUecq3POQ9DDkmWTautxHhS7iw69dd8gofoic4rkqW67oYxfl\ngZj033RV6g7EMnawlLL3iz8qHNWm+5JUL3D5v0EpaZIlBbbnmOuiYkiYDqeNPdd7\nmXA1i2HUZ3UjXMRL6JVt8OEfcWPz2bnqj5Cxuepvx7uZrMEBb5xRCPLI870E43vw\nb6MQ8lCIHmnzop5yLLqdiNlm2cIgRau6R2p440v1obVP3L7B8hj3Wu0mmMczn6l5\n9WWWcXj3pJLVG90g+T4EzCMnZ8d9gEZe+3MtHMp4s/C//xG8WWuSBIAD62/O/+em\n2PLkd1Rf8gE1inRl3WZ26iYoRiIcJEsZH9gc6z3ZglM0xug+csJaGuLemVVXzX+P\nqx/kfbzkPZ3zM635p709z6IfLUmiUM2FLfndvhbUoaL7EWVF1IVMXQRO20NjEx1i\n1uQY0d4mxG8ASGN3aExU8fS2RYJaxZgpnx7zk69LtA8f+epPwbp1DYYofJJAzdEc\nlr3s0wAdQle/C0RcQti4IXQIC6oU4an0idtZhS53rXZBc4ukuATiJoWuS7TT6K0U\nCzyT59FNgSA54ex36+fwIG8RfiZmqibRyeTdtef8vkO8bJnk0HRKyNSjyw99NqqH\nb67bJD51WSi2k6DFvAfeVjKd+ALxPkPu8QfkM+7F7LyOymfFdCzRMrJMUzCLjdzd\nTDu8Fb8XH0X1++d+SmM64gEB5f5sU+x7mtcXZ01UFt3av0ugYVB4BlM/njmWqPYa\nvrw8F+O5zQiHCXGKyaXRP0gTQUt9qliGa100DgUjfBGenNSlaUWj5HoSwYh9qvTs\ncyNX73PLg6YByCWFn35YgMYRRrKT9TPzyNLwX5PRRTYlFTbMcVhci2kHkZDr7QGm\nAnjGI6BprxRj3r1VYhIzwvAQIdx35v9KSMJ1v7uvsdj6iGBQd8dI0h+EOpyqOY9d\n5oSoldoCYTWkp0lbvSGr0ZZk6c9YARSe4BhBoSc0oNZdEoEr1rrL6lt6fPkwk5Py\nyhKmX4zvvOgVzCMO2bHJ3VkKO/KSavgwyeiRVBaRrtCk98stQJG4D7fE+lXPz9sa\nNBNMZXhztOpE2QtDpNbtFdYLOvJ5SXvioUL9uZHmrOy0uGB0Z8ChKd8+7r2OCkle\nqR7fTQUdnnSR7wjbkIMfjQeHvZB/p+KXUz1xIMbS7frGwUvohm1TvazCGWPIODlQ\nymfdqXqHowEKHaORnYxnq4E/9SISS0rMTKJmf87SCdhhnAcllY4WV/HGgAllcGoz\nABp87NRDtC9fbWl2GSu8HW5FV8dAae2pewpWHb6ECm/LJurKz8HnG5je4Ocnljqn\nyJ+q/2nwSdgXDtIJldb71neW/bxESMASVSm5ysxArFhfVYSnyS31Vjxe29wMUry5\noDw/sYWppm/YRgdJdK5KkyMImTWddupv/qBiYPK4A0xhWcVYdWlV91mfllxmo3UJ\nwoHazyvr85cwm4Z1O4Q3Y7mk4zy99C3WOdns/0XzLMGHgrsxgem7S9FLc3Dr75P7\nLameqrY3BK2VrBKdSYTJIjRKdpfwBcPRColrRscGhqQzcFEDsmfoMTvMQDzC1iyZ\nI7Pm6TpWTABPTOU+i3asUNn27st8IDUDLD+Nax5aHQl3gdOzPKzxnzHj5RvIOevB\nFsCt9/TuDWRNXN+TSgrLdnizU2ds6VeNp8mw+QahHdKsZRr9921vA30v7BzD2fZ/\nB4TcLW76jG4BXgHgSHKhrnXO/IMMpC5kpr0Q2AIwV/ZzZ3SSJQ4okaxJrtXP/Vd9\nhzNYEcUnNu6Al5TD3VvUy2dO7WwgQnMe3M5luL8+qrOf1LxHNQoWdR0pHn1x6HsC\nMpiPqwzV1bh24AviIswagyGq222M6TJtsfFs4ZPy6/lPPzAcWNekbCyJ20zuZDQE\nn5djDY2t75KtE1Z4DiukHtNuG8S0wU9nistMuLf5RQQ1Vf0THghmjM+0R0WNWdcl\nidT4vs9bOqC+O9TehgAtrjDLxSngTTb2fFu9hxlCmaJY13+Q+IO6DTLVQAnV3aGj\n5+QWI6JuNSvhoD8/mxQG8yqLkqtJ8vHQjtSns2GgcRtkcK87+sI0aP3NBiFlrc7v\nv0xtPP/j9GGYZ/q3m4TV1l/pQTKnhepxknY1DKA2pjbnhacDN1Mn5bE786weF4Rq\n5jaFeLIuIZDyi4Vz11a9Ffme6DvZKPDNjaDRy0mmAq7fBTnkQznQqVL67mRcCYI+\n/4RT2j9OvgyrTPTbL6uHZu6oByprXWCG6QvJhQl5ln0aFbbdrBpFBX7SUt0XPT01\nlxjpftLZZFXMuqIv+UV99dVoEm+KPoBcr28t8ooBDRr9txgx9JWPta25XGOKSTu7\n91JkB6o2RMxROKotBGwLM2ugG0GRmqHCRWhDlMNwR90pIj5/gOtizBwD8z5c71gG\nSBpqPDpXv6po6ZAnSfbdc391aVLGMJTRdjDHgCO9aS4TvlKK8pqWJA==</ns0:CipherValue></ns0:CipherData></ns0:EncryptedData></saml:EncryptedAssertion></ns0:Response>\n'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-ENvPwBlJANH6n5dQN'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...]
extra_args = ['/tmp/tmpss7_g9by.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpss7_g9by.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1 object at 0x7f84235b9e90>

    def test_encrypted_signed_response_2(self):
        cert_str, cert_key_str = generate_cert()
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=False,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
        )

tests/test_50_server.py:605: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:912: in _response
    return signed_instance_factory(response, self.sec, sign_class)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = '<?xml version="1.0"?>\n<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-ENvPwBlJANH6n5dQN" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ns2:Reference URI="#id-ENvPwBlJANH6n5dQN"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ns2:DigestValue/></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue/><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></ns0:Status><saml:EncryptedAssertion><ns0:EncryptedData xmlns:ns0="http://www.w3.org/2001/04/xmlenc#" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" Id="ED_b7ad2fa1-5d53-4ffb-b047-2d2d95081787" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ns1:KeyInfo><ns0:EncryptedKey Id="EK_44bd8a18-ce67-4749-aed6-14f57b253554"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue>jHXT9Fwh8q1j0LMjipFvqEpsM9s2eM84AmR3DC/EZy6Ly+C3UKgq5DfjNB2B7KiK\ns1qlRI1rq7Tf/TqPVG2bqERUnFEehCpOTReWTZXOuWMuil3d0mbUxFBjEMwASBKo\nHj1cc7olId6RRrkGVScIod9WXci3dh3Y5bb8681yXHE=</ns0:CipherValue></ns0:CipherData></ns0:EncryptedKey></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue>dm1TE/BD6J70d2C9ih8OTeL4+TiU/VIog6unj0xCOB5HZTArJ48Jf93l3oBZ80UN\nB8DZymkLPJ3D/cyaHax0Y1FTu3gPdrtyaeR9QURxfCoobePusyW0DLiSLroSUmn3\nQYt3Zo3xwMi+ncj5+eSsgZ7bL9SjlsH8ISQA+tYdX07sWOm+Y/YeQAs4lOdwuVTi\nzJarrCMayXIN4d/9geUhG1xje7w9QMptdo3rA+jg8mPSzvKzpFZaYdgzVzK9gvgo\ndL32AtEb4gLlI47hf1okOZxPC/PPGD4wwFdN8KHMOxYtpHRvRsaLYbptQwxP7HYk\nSUJaStsirIkvSMWzWNDfue2QLE6EQi9iRc12Vtr+CkxEpwjtexpNW8GUR6V5fsR9\nV5TlPheECa1+tfN+FIpN5guKSKRmYaD/iF3keQ1O+G2Wq1T5jmS1CQ1CkEb8ZxrC\nC5v4UO3+8+jHvBVgUecq3POQ9DDkmWTautxHhS7iw69dd8gofoic4rkqW67oYxfl\ngZj033RV6g7EMnawlLL3iz8qHNWm+5JUL3D5v0EpaZIlBbbnmOuiYkiYDqeNPdd7\nmXA1i2HUZ3UjXMRL6JVt8OEfcWPz2bnqj5Cxuepvx7uZrMEBb5xRCPLI870E43vw\nb6MQ8lCIHmnzop5yLLqdiNlm2cIgRau6R2p440v1obVP3L7B8hj3Wu0mmMczn6l5\n9WWWcXj3pJLVG90g+T4EzCMnZ8d9gEZe+3MtHMp4s/C//xG8WWuSBIAD62/O/+em\n2PLkd1Rf8gE1inRl3WZ26iYoRiIcJEsZH9gc6z3ZglM0xug+csJaGuLemVVXzX+P\nqx/kfbzkPZ3zM635p709z6IfLUmiUM2FLfndvhbUoaL7EWVF1IVMXQRO20NjEx1i\n1uQY0d4mxG8ASGN3aExU8fS2RYJaxZgpnx7zk69LtA8f+epPwbp1DYYofJJAzdEc\nlr3s0wAdQle/C0RcQti4IXQIC6oU4an0idtZhS53rXZBc4ukuATiJoWuS7TT6K0U\nCzyT59FNgSA54ex36+fwIG8RfiZmqibRyeTdtef8vkO8bJnk0HRKyNSjyw99NqqH\nb67bJD51WSi2k6DFvAfeVjKd+ALxPkPu8QfkM+7F7LyOymfFdCzRMrJMUzCLjdzd\nTDu8Fb8XH0X1++d+SmM64gEB5f5sU+x7mtcXZ01UFt3av0ugYVB4BlM/njmWqPYa\nvrw8F+O5zQiHCXGKyaXRP0gTQUt9qliGa100DgUjfBGenNSlaUWj5HoSwYh9qvTs\ncyNX73PLg6YByCWFn35YgMYRRrKT9TPzyNLwX5PRRTYlFTbMcVhci2kHkZDr7QGm\nAnjGI6BprxRj3r1VYhIzwvAQIdx35v9KSMJ1v7uvsdj6iGBQd8dI0h+EOpyqOY9d\n5oSoldoCYTWkp0lbvSGr0ZZk6c9YARSe4BhBoSc0oNZdEoEr1rrL6lt6fPkwk5Py\nyhKmX4zvvOgVzCMO2bHJ3VkKO/KSavgwyeiRVBaRrtCk98stQJG4D7fE+lXPz9sa\nNBNMZXhztOpE2QtDpNbtFdYLOvJ5SXvioUL9uZHmrOy0uGB0Z8ChKd8+7r2OCkle\nqR7fTQUdnnSR7wjbkIMfjQeHvZB/p+KXUz1xIMbS7frGwUvohm1TvazCGWPIODlQ\nymfdqXqHowEKHaORnYxnq4E/9SISS0rMTKJmf87SCdhhnAcllY4WV/HGgAllcGoz\nABp87NRDtC9fbWl2GSu8HW5FV8dAae2pewpWHb6ECm/LJurKz8HnG5je4Ocnljqn\nyJ+q/2nwSdgXDtIJldb71neW/bxESMASVSm5ysxArFhfVYSnyS31Vjxe29wMUry5\noDw/sYWppm/YRgdJdK5KkyMImTWddupv/qBiYPK4A0xhWcVYdWlV91mfllxmo3UJ\nwoHazyvr85cwm4Z1O4Q3Y7mk4zy99C3WOdns/0XzLMGHgrsxgem7S9FLc3Dr75P7\nLameqrY3BK2VrBKdSYTJIjRKdpfwBcPRColrRscGhqQzcFEDsmfoMTvMQDzC1iyZ\nI7Pm6TpWTABPTOU+i3asUNn27st8IDUDLD+Nax5aHQl3gdOzPKzxnzHj5RvIOevB\nFsCt9/TuDWRNXN+TSgrLdnizU2ds6VeNp8mw+QahHdKsZRr9921vA30v7BzD2fZ/\nB4TcLW76jG4BXgHgSHKhrnXO/IMMpC5kpr0Q2AIwV/ZzZ3SSJQ4okaxJrtXP/Vd9\nhzNYEcUnNu6Al5TD3VvUy2dO7WwgQnMe3M5luL8+qrOf1LxHNQoWdR0pHn1x6HsC\nMpiPqwzV1bh24AviIswagyGq222M6TJtsfFs4ZPy6/lPPzAcWNekbCyJ20zuZDQE\nn5djDY2t75KtE1Z4DiukHtNuG8S0wU9nistMuLf5RQQ1Vf0THghmjM+0R0WNWdcl\nidT4vs9bOqC+O9TehgAtrjDLxSngTTb2fFu9hxlCmaJY13+Q+IO6DTLVQAnV3aGj\n5+QWI6JuNSvhoD8/mxQG8yqLkqtJ8vHQjtSns2GgcRtkcK87+sI0aP3NBiFlrc7v\nv0xtPP/j9GGYZ/q3m4TV1l/pQTKnhepxknY1DKA2pjbnhacDN1Mn5bE786weF4Rq\n5jaFeLIuIZDyi4Vz11a9Ffme6DvZKPDNjaDRy0mmAq7fBTnkQznQqVL67mRcCYI+\n/4RT2j9OvgyrTPTbL6uHZu6oByprXWCG6QvJhQl5ln0aFbbdrBpFBX7SUt0XPT01\nlxjpftLZZFXMuqIv+UV99dVoEm+KPoBcr28t8ooBDRr9txgx9JWPta25XGOKSTu7\n91JkB6o2RMxROKotBGwLM2ugG0GRmqHCRWhDlMNwR90pIj5/gOtizBwD8z5c71gG\nSBpqPDpXv6po6ZAnSfbdc391aVLGMJTRdjDHgCO9aS4TvlKK8pqWJA==</ns0:CipherValue></ns0:CipherData></ns0:EncryptedData></saml:EncryptedAssertion></ns0:Response>\n'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-ENvPwBlJANH6n5dQN'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-ENvPwBlJANH6n5dQN', '--output', '/tmp/tmp3rfvtug1.xml', '/tmp/tmpss7_g9by.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpss7_g9by.xml"

output=
_________________ TestServer1.test_encrypted_signed_response_3 _________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-r9ZsW8QZFOYec0sFQ" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-r9ZsW8QZFOYec0sFQ"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><saml:Assertion Version="2.0" ID="id-trDBIEyGCd2ZhgF3i" IssueInstant="2024-09-12T12:13:23Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-trDBIEyGCd2ZhgF3i"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:23Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:23Z" NotOnOrAfter="2024-09-12T12:18:23Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-trDBIEyGCd2ZhgF3i'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpzlellem8.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpzlellem8.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1 object at 0x7f84235bb070>

    def test_encrypted_signed_response_3(self):
        cert_str, cert_key_str = generate_cert()
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=False,
            encrypt_cert_assertion=cert_str,
        )

tests/test_50_server.py:650: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-r9ZsW8QZFOYec0sFQ" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-r9ZsW8QZFOYec0sFQ"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><saml:Assertion Version="2.0" ID="id-trDBIEyGCd2ZhgF3i" IssueInstant="2024-09-12T12:13:23Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-trDBIEyGCd2ZhgF3i"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:23Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:23Z" NotOnOrAfter="2024-09-12T12:18:23Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-trDBIEyGCd2ZhgF3i'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-trDBIEyGCd2ZhgF3i', '--output', '/tmp/tmpggm4t67e.xml', '/tmp/tmpzlellem8.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpzlellem8.xml"

output=
_________________ TestServer1.test_encrypted_signed_response_4 _________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-lmT9ISgD3gqe19ZnP" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-lmT9ISgD3gqe19ZnP"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-Xrqu9emF9PJmthdKW" IssueInstant="2024-09-12T12:13:23Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-Xrqu9emF9PJmthdKW"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:23Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:23Z" NotOnOrAfter="2024-09-12T12:18:23Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_b3f10c89-f130-4dc5-8986-e429a679f599" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_36ab8ba8-bb06-46f7-a42e-39ce6208f37d"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzIzWhcNMzQwOTEwMTIxMzIzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAtc2JQrYT1zxWA4mj1FQJf325U4hcXCgib46vON1ZOnMLoSVI3XvEQh6n\nWdWuEvDJa9lbnXW+osYUnA8lg++ysQOWdVls3pQhCYsNSyOmbD2KHZm5lagwxneF\noyBS4xYRPY8j2OcK0+rrQwCmmM+ebxCTFU7Hqv7mOEZLpe+jv2+DMsNy2HIkYgZp\nA6WlHJT7DnGUqtPoB8e2e7vzywNopsReM2+RtK0ifRN/+kAPRrOOJvvNfSWo6F5e\nsfQaBsG6ymHEdZTiL/sB4gTFoiJRER1WDkW+aLDfSBsu/ymGjveriki5Exhb0DRn\nCbInv0gi/Lm6mBw4YKkrR0DWuT8IrwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAH5\nqoJHPVXIunDyMQY6MFV3KpACyThEnIHGYy/73OqdOQ26YeyYce8w8LT0tmpBb/gn\nLNF8FE4w609Pdx15QE9ghR3vhzUd4V1vffSLQsKy/Ja5K495Hq34tTc5zAH+96xw\nwHnwqoaiqOWSqkhJyRrWN3nDENrMLtgX9pXCf+Jy</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>gsTMwaSUWSF/QhhPpnV+X+WtewmzEPvyEVaepH5zJbA7W9+i8mKtXHuIzr/YlrHW\nMpD0uARQoOdOGd4oxGuq9PHfAnRJE0SbYeHRXbnzT7La+TPr9rFNyaG7ilulfBam\n4EX1oTAekyExC/onAp4OP/PdQ/FGDP44/WMPxGOzeld72VnITcI0OXCOC10UZeXo\nuYnKOY5El1CLUM3mqxHNN0pdm6inrb02z24cxp4CGHvF1yDN0cKnGZglsPt1AjLK\nxL3wzY6sULM9vAGkiYq7VGffpUOIP/Gxqwb87Y7kiS0vGFdRn3CcuaHpKtjRQpIU\n6IuUX8xkYe+70AmXGwv1YQ==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>4hq61zBkuscV3guCsoAseesoohWS/OG38Zmdcknv5bCmZAdsMPDipIBHPS0wkXIu\n94345fJD/Z0mrXwpuiSFhC4fbC7foxja7JPodUQp92+4wF64mlu/ynZxG2kRZ90T\np0XmuSNBBSwDT4UD63us5WoS3Lwu3NOviOsao3Z5+xbfu2ye6OyVyfzQfSnsPNHA\nKUlpg7/976auRvmMeaRM4rDm7mDgPh8by8N13PP1dXuS2y8ke1+mUzxuNeqN7Sbt\nhZ/UPfnpsUMGlaDJWSi0AkBAIyP4zCunBcPKoI2n/iW/AgpfmlPuKbUuwUDAY85Q\nWo8oa/TqZf41NkqgV4VsCA61lDR7AppFhqgQLT3tIuUdHVf7WUZ0kEz7+tKdfO/b\nNDKRkwB9csOSYuyLDoTtw5jVQ9giJXc35OmnyMeRgnzcau7XWlAE+SZyXxUwCfEf\nOFA2taIPjkPhWbhFWv8KSeZn3z8OvfFWKX5WfGIYjQju40a0iwW3oF0CXHCIPq4T\nTe2SFl5fbiusfQeZKKT6NH72DKPhCFBQyemo6gyYOBjrTrztEDj8S2Hi2PHb0k1t\nqw+Kq1qPkRjBjgt+qoiYQjCUC/Oj08vMSOzPq3XyJeIPitwh9hq5OGJqtGlhV75A\nDwD3I4XiRSFDa0ur60JBtyrxu82DKmexGbQhg6bgIshk071lifwx38iv7oHsFzNe\nzBkquNNvoHwle165rnlAY0Y3cOx3p4XaSKAGdtcjwBbWtlo2eHWFpMk0x3F03iex\nma5+zp4xqY76f266n2ZEQ62yzQMe0L8u+omn5oiMDrhCyLRZDEB8liunJx1WLT8Q\nVG811zB59/4Pqtu8Hx4tUX5+LoRQcMxL6k7adGU8fiAkmoVOc1W//AGRluhCo/S/\nn2ywygu6lWLIVbgCxIcu8trRuu6Q3OJjI3Ux3ky3LMT0z7Z3wL/CSymFweKQLl8w\nVw6W9GbgE4spzCvyn6t8c9ZaWC9valys1b7COG3xW9tvINrxf9fiTwM2mlNU2qKM\nCGTGfh7k9gd/RrGexVtSzI7y3XOBsEiHnJZauHntjZCamIz40rX7PRilTUGwfZ0y\nND+JO4Jn0Wstp9i74+Cki6Vky7M3uaZGv6MHTrc0wKjiCo+KYf9m33hoI6UkA41w\n4fgntgNM5m+fl7SNkzjAcr2YySp8SAhhX5n54ddFEfJ5CeBkmGC8QHGeWrPwdt3o\nQF+9rTynC3LnaN4DIhGm8WLhXq2BZLuE338OHYO4StUdhwWXgFgrk+VDn1j19YNm\nzKGaCBvvzWvNq/+S2IAoLHiD69CHlRwCqc1NAwQ83cd3xJD+nwsoMN/aYmgb+fNM\n9bAF0GGiTGyNce5tWpMC7WueiLZ7Wp8LCPJd+DMy6qFF8UU+xbP+g4lXYpGPYvkr\nPhRvP0Q7DQxxYtOzKe70215B1o+NuhJdFi4OpeGGs9S/aH9UrLbqfYZqZYDv+Xro\ncq3uZLD5qqoimAQPOSmLh1w5KqfIBdn/oDmCEGNoImA8xwZcfr8zhPJpKJHJh5Vy\nd6+199rGhVwfS1yzJ+myuOtJ8/XPUQFtfqZCsx1QKOPHtjGbLfH+V+g51AeezKl2\nemDRg2p/BnLu97wIUAwgu0Jfd9g251ejUekpmeLM10v1eqRWSjtRt28N/J/nMIF3\nnjWG91iap+D841RESJu12OG0LD7/rStr4nPKU+C9zoSmCkryZhJIy9uvfOVBD3Sm\nHGrhIvSvot21gRr0bbq8Zi5mDLmqKd8tcTEG1b5qep/C0/a2m158BDbbH4zzWKSY\nVPc1FbROLbkCrWMWxY5FndV6JuU+AbtqbHF/oXjHZELIRlE9KLM+BSi8DbvfgTVc\nR3YMel+BLAL8jbB4B1zTxGx20KZR49Ckr6INZzrj5w7spOY1HcCjzbRrLl5x840K\nPVKJXxqElq+q0awUzTTHN2Qhh1BB3bXn8LMCLy8Js4+1EcUKFIxj/ZZSTj88xG+e\npc7Oho5cmgggxyuUZmV8Sl+vWNb9YuZZCn16LhO1SA3pMpbmeNho5UIa5gpkAn+z\nA2b+fZkz5LK4HkPScxIoxnhEys8WU4IupPfR/t2PidyvoBl/clVwy8xGCUt5p7+U\ngQ4VkMP81ZhBPSMp15kW5/25zsyudovxQWR38l2F2nhm5RaTFO5onQQaPPL5iNVj\n+1BXPu/QwYRr7pQVbVlc+a8UOWEmdLwBWtNfTGUiRHHWPuHwoW4XP/R+SHAkT/ld\nNeNMXWno3Gwz/NxAskmICoNC1Em2XT5mGaMCLu2YL0wbo5xinzn/4bVtHjBCuOvK\nGTxb52YWAqBVBcYdyjQz/iLNuyCrCcr71WG6sO9uLKBhqOyh+fXCQX6T2f0KBmtb\nLyX55AhIdkoBjLUDTCWXNmE2LlWoygd4Lre9zfTormZhciDNuSkzjg==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-Xrqu9emF9PJmthdKW'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpgwoq7seu.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpgwoq7seu.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1 object at 0x7f84228ba490>

    def test_encrypted_signed_response_4(self):
    
        cert_str, cert_key_str = generate_cert()
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_advice=cert_str,
        )

tests/test_50_server.py:697: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f842227e930>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-lmT9ISgD3gqe19ZnP" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:23Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-lmT9ISgD3gqe19ZnP"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-Xrqu9emF9PJmthdKW" IssueInstant="2024-09-12T12:13:23Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-Xrqu9emF9PJmthdKW"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">e49b0b3a33ea2408bbde249ddc749a7f824d672cd69c05c3b3b6b5f8aff23dfe</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:23Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:23Z" NotOnOrAfter="2024-09-12T12:18:23Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_b3f10c89-f130-4dc5-8986-e429a679f599" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_36ab8ba8-bb06-46f7-a42e-39ce6208f37d"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzIzWhcNMzQwOTEwMTIxMzIzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAtc2JQrYT1zxWA4mj1FQJf325U4hcXCgib46vON1ZOnMLoSVI3XvEQh6n\nWdWuEvDJa9lbnXW+osYUnA8lg++ysQOWdVls3pQhCYsNSyOmbD2KHZm5lagwxneF\noyBS4xYRPY8j2OcK0+rrQwCmmM+ebxCTFU7Hqv7mOEZLpe+jv2+DMsNy2HIkYgZp\nA6WlHJT7DnGUqtPoB8e2e7vzywNopsReM2+RtK0ifRN/+kAPRrOOJvvNfSWo6F5e\nsfQaBsG6ymHEdZTiL/sB4gTFoiJRER1WDkW+aLDfSBsu/ymGjveriki5Exhb0DRn\nCbInv0gi/Lm6mBw4YKkrR0DWuT8IrwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAAH5\nqoJHPVXIunDyMQY6MFV3KpACyThEnIHGYy/73OqdOQ26YeyYce8w8LT0tmpBb/gn\nLNF8FE4w609Pdx15QE9ghR3vhzUd4V1vffSLQsKy/Ja5K495Hq34tTc5zAH+96xw\nwHnwqoaiqOWSqkhJyRrWN3nDENrMLtgX9pXCf+Jy</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>gsTMwaSUWSF/QhhPpnV+X+WtewmzEPvyEVaepH5zJbA7W9+i8mKtXHuIzr/YlrHW\nMpD0uARQoOdOGd4oxGuq9PHfAnRJE0SbYeHRXbnzT7La+TPr9rFNyaG7ilulfBam\n4EX1oTAekyExC/onAp4OP/PdQ/FGDP44/WMPxGOzeld72VnITcI0OXCOC10UZeXo\nuYnKOY5El1CLUM3mqxHNN0pdm6inrb02z24cxp4CGHvF1yDN0cKnGZglsPt1AjLK\nxL3wzY6sULM9vAGkiYq7VGffpUOIP/Gxqwb87Y7kiS0vGFdRn3CcuaHpKtjRQpIU\n6IuUX8xkYe+70AmXGwv1YQ==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>4hq61zBkuscV3guCsoAseesoohWS/OG38Zmdcknv5bCmZAdsMPDipIBHPS0wkXIu\n94345fJD/Z0mrXwpuiSFhC4fbC7foxja7JPodUQp92+4wF64mlu/ynZxG2kRZ90T\np0XmuSNBBSwDT4UD63us5WoS3Lwu3NOviOsao3Z5+xbfu2ye6OyVyfzQfSnsPNHA\nKUlpg7/976auRvmMeaRM4rDm7mDgPh8by8N13PP1dXuS2y8ke1+mUzxuNeqN7Sbt\nhZ/UPfnpsUMGlaDJWSi0AkBAIyP4zCunBcPKoI2n/iW/AgpfmlPuKbUuwUDAY85Q\nWo8oa/TqZf41NkqgV4VsCA61lDR7AppFhqgQLT3tIuUdHVf7WUZ0kEz7+tKdfO/b\nNDKRkwB9csOSYuyLDoTtw5jVQ9giJXc35OmnyMeRgnzcau7XWlAE+SZyXxUwCfEf\nOFA2taIPjkPhWbhFWv8KSeZn3z8OvfFWKX5WfGIYjQju40a0iwW3oF0CXHCIPq4T\nTe2SFl5fbiusfQeZKKT6NH72DKPhCFBQyemo6gyYOBjrTrztEDj8S2Hi2PHb0k1t\nqw+Kq1qPkRjBjgt+qoiYQjCUC/Oj08vMSOzPq3XyJeIPitwh9hq5OGJqtGlhV75A\nDwD3I4XiRSFDa0ur60JBtyrxu82DKmexGbQhg6bgIshk071lifwx38iv7oHsFzNe\nzBkquNNvoHwle165rnlAY0Y3cOx3p4XaSKAGdtcjwBbWtlo2eHWFpMk0x3F03iex\nma5+zp4xqY76f266n2ZEQ62yzQMe0L8u+omn5oiMDrhCyLRZDEB8liunJx1WLT8Q\nVG811zB59/4Pqtu8Hx4tUX5+LoRQcMxL6k7adGU8fiAkmoVOc1W//AGRluhCo/S/\nn2ywygu6lWLIVbgCxIcu8trRuu6Q3OJjI3Ux3ky3LMT0z7Z3wL/CSymFweKQLl8w\nVw6W9GbgE4spzCvyn6t8c9ZaWC9valys1b7COG3xW9tvINrxf9fiTwM2mlNU2qKM\nCGTGfh7k9gd/RrGexVtSzI7y3XOBsEiHnJZauHntjZCamIz40rX7PRilTUGwfZ0y\nND+JO4Jn0Wstp9i74+Cki6Vky7M3uaZGv6MHTrc0wKjiCo+KYf9m33hoI6UkA41w\n4fgntgNM5m+fl7SNkzjAcr2YySp8SAhhX5n54ddFEfJ5CeBkmGC8QHGeWrPwdt3o\nQF+9rTynC3LnaN4DIhGm8WLhXq2BZLuE338OHYO4StUdhwWXgFgrk+VDn1j19YNm\nzKGaCBvvzWvNq/+S2IAoLHiD69CHlRwCqc1NAwQ83cd3xJD+nwsoMN/aYmgb+fNM\n9bAF0GGiTGyNce5tWpMC7WueiLZ7Wp8LCPJd+DMy6qFF8UU+xbP+g4lXYpGPYvkr\nPhRvP0Q7DQxxYtOzKe70215B1o+NuhJdFi4OpeGGs9S/aH9UrLbqfYZqZYDv+Xro\ncq3uZLD5qqoimAQPOSmLh1w5KqfIBdn/oDmCEGNoImA8xwZcfr8zhPJpKJHJh5Vy\nd6+199rGhVwfS1yzJ+myuOtJ8/XPUQFtfqZCsx1QKOPHtjGbLfH+V+g51AeezKl2\nemDRg2p/BnLu97wIUAwgu0Jfd9g251ejUekpmeLM10v1eqRWSjtRt28N/J/nMIF3\nnjWG91iap+D841RESJu12OG0LD7/rStr4nPKU+C9zoSmCkryZhJIy9uvfOVBD3Sm\nHGrhIvSvot21gRr0bbq8Zi5mDLmqKd8tcTEG1b5qep/C0/a2m158BDbbH4zzWKSY\nVPc1FbROLbkCrWMWxY5FndV6JuU+AbtqbHF/oXjHZELIRlE9KLM+BSi8DbvfgTVc\nR3YMel+BLAL8jbB4B1zTxGx20KZR49Ckr6INZzrj5w7spOY1HcCjzbRrLl5x840K\nPVKJXxqElq+q0awUzTTHN2Qhh1BB3bXn8LMCLy8Js4+1EcUKFIxj/ZZSTj88xG+e\npc7Oho5cmgggxyuUZmV8Sl+vWNb9YuZZCn16LhO1SA3pMpbmeNho5UIa5gpkAn+z\nA2b+fZkz5LK4HkPScxIoxnhEys8WU4IupPfR/t2PidyvoBl/clVwy8xGCUt5p7+U\ngQ4VkMP81ZhBPSMp15kW5/25zsyudovxQWR38l2F2nhm5RaTFO5onQQaPPL5iNVj\n+1BXPu/QwYRr7pQVbVlc+a8UOWEmdLwBWtNfTGUiRHHWPuHwoW4XP/R+SHAkT/ld\nNeNMXWno3Gwz/NxAskmICoNC1Em2XT5mGaMCLu2YL0wbo5xinzn/4bVtHjBCuOvK\nGTxb52YWAqBVBcYdyjQz/iLNuyCrCcr71WG6sO9uLKBhqOyh+fXCQX6T2f0KBmtb\nLyX55AhIdkoBjLUDTCWXNmE2LlWoygd4Lre9zfTormZhciDNuSkzjg==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-Xrqu9emF9PJmthdKW'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Xrqu9emF9PJmthdKW', '--output', '/tmp/tmpe9p9sc3b.xml', '/tmp/tmpgwoq7seu.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpgwoq7seu.xml"

output=
_________________ TestServer1NonAsciiAva.test_signed_response __________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-fEWdkD2OBeKcexevE" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-I0nh2LOm0d2WZkMSL" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-I0nh2LOm0d2WZkMSL"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">4435f8b27cb0117f6b95f0b82e6499d30fe44a6ebae83ea77cfead24d6f31c3f</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-I0nh2LOm0d2WZkMSL'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpa13kb408.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpa13kb408.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1NonAsciiAva object at 0x7f84228ce890>

    def test_signed_response(self):
        name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
        ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"}
    
>       signed_resp = self.server.create_authn_response(
            ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=name_id,
            sign_assertion=True,
        )

tests/test_50_server.py:1517: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-fEWdkD2OBeKcexevE" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-I0nh2LOm0d2WZkMSL" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-I0nh2LOm0d2WZkMSL"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">4435f8b27cb0117f6b95f0b82e6499d30fe44a6ebae83ea77cfead24d6f31c3f</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-I0nh2LOm0d2WZkMSL'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-I0nh2LOm0d2WZkMSL', '--output', '/tmp/tmphrdy5bzi.xml', '/tmp/tmpa13kb408.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpa13kb408.xml"

output=
________________ TestServer1NonAsciiAva.test_signed_response_1 _________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-PlRn1ONpqe7x50ygY" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-PlRn1ONpqe7x50ygY"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-6IWYprKb4byMho6Yk" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-6IWYprKb4byMho6Yk"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepci\xc3\xb3n</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">dave@cnr.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">#13</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-6IWYprKb4byMho6Yk'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpa_59g_4g.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpa_59g_4g.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1NonAsciiAva object at 0x7f84228ceb30>

    def test_signed_response_1(self):
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=True,
        )

tests/test_50_server.py:1540: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response
    return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-PlRn1ONpqe7x50ygY" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-PlRn1ONpqe7x50ygY"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-6IWYprKb4byMho6Yk" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-6IWYprKb4byMho6Yk"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepci\xc3\xb3n</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">dave@cnr.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">#13</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-6IWYprKb4byMho6Yk'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-6IWYprKb4byMho6Yk', '--output', '/tmp/tmph2pz48at.xml', '/tmp/tmpa_59g_4g.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpa_59g_4g.xml"

output=
________________ TestServer1NonAsciiAva.test_signed_response_2 _________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-KZyjmMQO9HAzk3hAs" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-KZyjmMQO9HAzk3hAs"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-SBXFrX3UVWotvPA3g" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepci\xc3\xb3n</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">dave@cnr.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">#13</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-KZyjmMQO9HAzk3hAs'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...]
extra_args = ['/tmp/tmp97u60bn7.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp97u60bn7.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1NonAsciiAva object at 0x7f84231c87a0>

    def test_signed_response_2(self):
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=False,
        )

tests/test_50_server.py:1571: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response
    return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-KZyjmMQO9HAzk3hAs" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-KZyjmMQO9HAzk3hAs"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-SBXFrX3UVWotvPA3g" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepci\xc3\xb3n</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">dave@cnr.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">#13</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-KZyjmMQO9HAzk3hAs'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-KZyjmMQO9HAzk3hAs', '--output', '/tmp/tmpx99c58n4.xml', '/tmp/tmp97u60bn7.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp97u60bn7.xml"

output=
________________ TestServer1NonAsciiAva.test_signed_response_3 _________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-8NgiPciDA8isg1zLd" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-3ZcqiG0A6ctn0tR22" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-3ZcqiG0A6ctn0tR22"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepci\xc3\xb3n</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">dave@cnr.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">#13</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-3ZcqiG0A6ctn0tR22'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpqqxpi720.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpqqxpi720.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1NonAsciiAva object at 0x7f8422a85c10>

    def test_signed_response_3(self):
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=False,
            sign_assertion=True,
        )

tests/test_50_server.py:1595: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-8NgiPciDA8isg1zLd" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-3ZcqiG0A6ctn0tR22" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-3ZcqiG0A6ctn0tR22"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepci\xc3\xb3n</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">dave@cnr.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">#13</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-3ZcqiG0A6ctn0tR22'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-3ZcqiG0A6ctn0tR22', '--output', '/tmp/tmphexotx0m.xml', '/tmp/tmpqqxpi720.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpqqxpi720.xml"

output=
___________ TestServer1NonAsciiAva.test_encrypted_signed_response_1 ____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-zOR5wcLRs7Xdd51PR" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-zOR5wcLRs7Xdd51PR"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-Pej6MifvNhzvGX6oP" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-Pej6MifvNhzvGX6oP"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_7b507e45-41f7-4d0c-97fa-7d9bcc7937cd" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_be596976-7044-4d15-9012-57922bd2b2d0"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzI1WhcNMzQwOTEwMTIxMzI1WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAzsvyHWPQnpzkhGQs9kPyZO3HNK2tkc5w5Y7adsd8WZiqr3Xt0msTQ/pL\n1mDMkjkYXncCWA9Um4rz3M9O1j6U60xdAhEauDshm3gPVzMGUUDj51gNR+8F8wsi\nZ5HGAatS6nCWxHPMRUGJffuGubxKhIcs8wDiUX6Ma/gzjaf7AgsFsWezK7mAZ3Nf\nFvH9Hsbq3uhQxs7ybvhXmXdhRAFM3/D2/DeVr1BNv1KHtuh39T204DCWJ/b7Gmvy\n7+wafydKtJVgBCQrHrn1Q0z7u8G2eX3tIf2FW39N1li2qbNouWBTf/+3C0ijegxj\n0fP9zqW4BzkmEsZrorL5amdRcbh4zwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBABx+\n3LqI0EV7PNgJx77ZSfWc/ry6Kjz+amToaPzQKXcAhTl1FHsLpOGk7FmrjfwX1PsN\nnyu1ItTns94EQUjQBhWOv0299Kg+XFyRcEDCFGnjI4exVlp/kQ9HC0OcuEVuLFzs\nILkgI8QVgQmA8Ejt4PCkf9wdVxW9TB4M+GW8Jhtb</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>euD+QZ9AVlqG+A4uamxpI/CzqoDFhtsHew6+Kd8N8xmhSpo5xDazvx6FtA6yDvyo\njFXJVBp2FtnHm5WXWcJasKR5du/XG5yHrGGUFanR+TqsggV+Ma6SQDSbSWLYqOc2\nKsm+FH+Fd2uG8b/QMB8/Ujyr+KsLnzhK9o+D056dOhUzLvFaFe0vjltTWzi3h6F6\nkoamQj2SfTOD0RqHmPTH8DxfZ18jhygp0BWNtOeolGCk3uLDrsS95lGEQ4oB9QKs\nbqCahLUumRBJiU5PNykIyoDd5VGBvGrygfJGQ0mVCeajI+v7lCKcfZZJjl1Nm/IN\nrua19RfD/sZd7cVj8NROFg==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>ySriE95exSmmQ+WhvvTvPMP/fb0V+ZnO4SltbAK9uniCM0HgZQs8xo/a0VdEwZEC\nBJuNAgbqBdPnqhBTaVLL//Id8910Y0FgaXT+pAVCZ+LQgSv4GjrC5dQYTV3QebgP\nsO6Oc660SfPRyN50k68Zpgs91TBB0kzKRMyWUAmaLsG/LCZ2B8NB8muz9zMEENi5\nvQjCdLD/nNIyD9G1E1OWIIrH7NZMHvUsmBi+jbGAqcwecLwDlK+I9nPJHLHsaari\nEexlGo80XrdyB1nrrLBjHyomeOiJ73GsluXP1AWH9aMcJ+vaXAXR9eaRdeHsIj43\nS9Z8epYrtft/tsARL8W1vJH5dhtWFCN00ROdDcrXHWg1s3yfw1pAMTMZRfRUC/YL\nx4vlrg8eM5dJgjW0nu5K7l5xta4Vn1SAcYQZ0PB1BFxOfhcDKdEeHeyi3iKytQjK\n4LOlF0ZGz5r5qu656B4GvyLWwHHMiNT4z16PMxGAqgO6K/a2wajgcNkHIkRpCYbW\nzY2nNyxAnBwMqY9cgJ/DaTTohX3zeACAEToHjvV/JG+VXBrzAtXU0eqcEIkt51PD\nYaDwTVllrH5owy2e5HwSVyc8YLECmRox/Xx3OnHSqJYSWBcd9eOat13K+J9dA+rC\n/WJeR8d+iv/4XIiLebqC68TsgaR6KCMSEIxopOLk0Va+OmL8K0ugy+Ar6tysffVR\ndl/kG30hQTliVpSEqgC1PS8Te5QwYMTch/KTiMJDdKIzpV0QErYAAjK31kTynOsK\n3A0zvTCh60a5YGMFPjJODiSIxH1XVNaVQYfsPEjL+KzAKlQo6NFQaMq5bE8YDUze\nJj+0GIVUIh3JToBZZZs70TQBORZhFqIUAeuyVT/CUGFy38rOLMOGItEgCYiJfA08\nQ90Wv1TQAL5UHX35Qce43Q/84DMUVeDwghHyHjZ+hmE6qLpOTZ65fXnJbCrGGxPj\nq5E74s+oDj/DEeEKYRv836g42QLxtsN6+SCyR5QkpyTT2W/uIejsZugo4z/NzLrw\ng1axQxqUw8kbnk7aBVbR47wovNhKjoXIToTsDh4q3Jv4DO0rIaKtdH1XpElCo7yl\nzpj8FIAMdw3Ojv/SKysoOuDqp8wpW+Kg9VFG9UkhybvGi5KzoMnqZ8wnv2ACTGCA\nut4fy/beVZAtuRrT8ZbOiHwDgK1T9plVDOegXsMQNpxE1Aq0tQVlPo2Bdrkj+UB+\niKQmjWEwVWmhCY3nB7k5onV6JOgO1F1toOU+nh8dp3GYwRORK+mB48IV3+mXckDw\nNpg5DKfWJgaWjOeOsJDwarBm6QSHxe0yzrY6zv1OyQhSrqpsJmQPqG//UIfS2Qg/\nmCoSwe29paFPNsoDSn2JvdN8K039ULuwJ6sW9+PMbfNHgp3yxPtVwUeAc4YeFCPm\nzSgGLlBxMo1AwShsCDu8KlPbbYfn85yfJKe7dIcxO3dFqv6wHLhUf7y2vW/bWZUK\nwEYmxppC7/Z6NaQoty8ndVI5LT/0cF+GoYKxRTptIQQa7IfEgJnbx0Jhp3YnL6pL\nA03OC72vpIfsU6cgdk1q5GYm7+6EpvRTet6XsQQDChKPFhdUp9iHQR8s89JQoU9t\n7QcZB4xLI7vIkG0XKwnqLb9Cc33Dou4IRP0zs5QXelAvCeug4FK//Ndq9+1Ym4Ik\nfqEqln0RLTMsCc92aGA8Lpv7tvSV1WSMTCpXEYKq3hBWpcOtYgVhtXfM3ZtDsjYX\nailQr4c3ur51MCId4vSb7wqI9d+9edKXjDJjCmkSVKA5LEXlOaNRL+9zCo5zIOXD\n7aUPOizLlQsGRZnPGKdhPoUmpX14DgcIdYLU5K0m3g4Eq5k/pFK/o7ZEehNxX+O/\nFcvWzXVUlpsQO5jc6mAQcYSeAfDcDVC5IA2rJjCzlIBaeJ+LuEWCfvVwT+QNqvSi\nkhhJl4gn2c20AUKCq634M2oZSGxkuU3XAbCEgfV92dQ9ejjxJp7L7RoUanOTa/5O\nmHqlEMSuQpB/XkUBzjeB6WBoBoZDdWmopOpsrgIm5Cey77KW8GG9IeQUzOxYQCEh\n7+wyYQwFncT9Fdvh6rpjqCJY2iABewBGSM6c+yjh4gfjSoaX3ROO0zkWW7s3Alkf\naOJXhHYpUZ5v99TwBRPaj7r2RFezToz4+2IhBQVXqDLfmL8mj9RQH1pY2GqlmZR2\n9vWBKgtrzUMmVfwYZV42mfZuh5yAyMW2fI5xv1DXkTzNeaK5aeDIu22A/F9NXSc4\n3Enq2BoTTaWZAmlrO7PK7J1P85ziWLyYDPvhQy4LNPLlWP+u85H3LqNLgZ05IGGR\naupbsRV+Kt5W9tltfJVQS7Z9nCUYR1upghOLqDZKu/ZJZZy5Kp74DFaTGrMZaZ6p\nyBAJ7a57R0WNK/oxFthK6qlMSXu1yekrOza6l6ak/F9G90E4449JMA==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-Pej6MifvNhzvGX6oP'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp0kmu3dp5.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp0kmu3dp5.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1NonAsciiAva object at 0x7f8422a85b50>

    def test_encrypted_signed_response_1(self):
    
        cert_str, cert_key_str = generate_cert()
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=False,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_advice=cert_str,
        )

tests/test_50_server.py:1623: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response
    response = signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-zOR5wcLRs7Xdd51PR" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-zOR5wcLRs7Xdd51PR"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-Pej6MifvNhzvGX6oP" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-Pej6MifvNhzvGX6oP"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_7b507e45-41f7-4d0c-97fa-7d9bcc7937cd" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_be596976-7044-4d15-9012-57922bd2b2d0"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzI1WhcNMzQwOTEwMTIxMzI1WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAzsvyHWPQnpzkhGQs9kPyZO3HNK2tkc5w5Y7adsd8WZiqr3Xt0msTQ/pL\n1mDMkjkYXncCWA9Um4rz3M9O1j6U60xdAhEauDshm3gPVzMGUUDj51gNR+8F8wsi\nZ5HGAatS6nCWxHPMRUGJffuGubxKhIcs8wDiUX6Ma/gzjaf7AgsFsWezK7mAZ3Nf\nFvH9Hsbq3uhQxs7ybvhXmXdhRAFM3/D2/DeVr1BNv1KHtuh39T204DCWJ/b7Gmvy\n7+wafydKtJVgBCQrHrn1Q0z7u8G2eX3tIf2FW39N1li2qbNouWBTf/+3C0ijegxj\n0fP9zqW4BzkmEsZrorL5amdRcbh4zwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBABx+\n3LqI0EV7PNgJx77ZSfWc/ry6Kjz+amToaPzQKXcAhTl1FHsLpOGk7FmrjfwX1PsN\nnyu1ItTns94EQUjQBhWOv0299Kg+XFyRcEDCFGnjI4exVlp/kQ9HC0OcuEVuLFzs\nILkgI8QVgQmA8Ejt4PCkf9wdVxW9TB4M+GW8Jhtb</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>euD+QZ9AVlqG+A4uamxpI/CzqoDFhtsHew6+Kd8N8xmhSpo5xDazvx6FtA6yDvyo\njFXJVBp2FtnHm5WXWcJasKR5du/XG5yHrGGUFanR+TqsggV+Ma6SQDSbSWLYqOc2\nKsm+FH+Fd2uG8b/QMB8/Ujyr+KsLnzhK9o+D056dOhUzLvFaFe0vjltTWzi3h6F6\nkoamQj2SfTOD0RqHmPTH8DxfZ18jhygp0BWNtOeolGCk3uLDrsS95lGEQ4oB9QKs\nbqCahLUumRBJiU5PNykIyoDd5VGBvGrygfJGQ0mVCeajI+v7lCKcfZZJjl1Nm/IN\nrua19RfD/sZd7cVj8NROFg==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>ySriE95exSmmQ+WhvvTvPMP/fb0V+ZnO4SltbAK9uniCM0HgZQs8xo/a0VdEwZEC\nBJuNAgbqBdPnqhBTaVLL//Id8910Y0FgaXT+pAVCZ+LQgSv4GjrC5dQYTV3QebgP\nsO6Oc660SfPRyN50k68Zpgs91TBB0kzKRMyWUAmaLsG/LCZ2B8NB8muz9zMEENi5\nvQjCdLD/nNIyD9G1E1OWIIrH7NZMHvUsmBi+jbGAqcwecLwDlK+I9nPJHLHsaari\nEexlGo80XrdyB1nrrLBjHyomeOiJ73GsluXP1AWH9aMcJ+vaXAXR9eaRdeHsIj43\nS9Z8epYrtft/tsARL8W1vJH5dhtWFCN00ROdDcrXHWg1s3yfw1pAMTMZRfRUC/YL\nx4vlrg8eM5dJgjW0nu5K7l5xta4Vn1SAcYQZ0PB1BFxOfhcDKdEeHeyi3iKytQjK\n4LOlF0ZGz5r5qu656B4GvyLWwHHMiNT4z16PMxGAqgO6K/a2wajgcNkHIkRpCYbW\nzY2nNyxAnBwMqY9cgJ/DaTTohX3zeACAEToHjvV/JG+VXBrzAtXU0eqcEIkt51PD\nYaDwTVllrH5owy2e5HwSVyc8YLECmRox/Xx3OnHSqJYSWBcd9eOat13K+J9dA+rC\n/WJeR8d+iv/4XIiLebqC68TsgaR6KCMSEIxopOLk0Va+OmL8K0ugy+Ar6tysffVR\ndl/kG30hQTliVpSEqgC1PS8Te5QwYMTch/KTiMJDdKIzpV0QErYAAjK31kTynOsK\n3A0zvTCh60a5YGMFPjJODiSIxH1XVNaVQYfsPEjL+KzAKlQo6NFQaMq5bE8YDUze\nJj+0GIVUIh3JToBZZZs70TQBORZhFqIUAeuyVT/CUGFy38rOLMOGItEgCYiJfA08\nQ90Wv1TQAL5UHX35Qce43Q/84DMUVeDwghHyHjZ+hmE6qLpOTZ65fXnJbCrGGxPj\nq5E74s+oDj/DEeEKYRv836g42QLxtsN6+SCyR5QkpyTT2W/uIejsZugo4z/NzLrw\ng1axQxqUw8kbnk7aBVbR47wovNhKjoXIToTsDh4q3Jv4DO0rIaKtdH1XpElCo7yl\nzpj8FIAMdw3Ojv/SKysoOuDqp8wpW+Kg9VFG9UkhybvGi5KzoMnqZ8wnv2ACTGCA\nut4fy/beVZAtuRrT8ZbOiHwDgK1T9plVDOegXsMQNpxE1Aq0tQVlPo2Bdrkj+UB+\niKQmjWEwVWmhCY3nB7k5onV6JOgO1F1toOU+nh8dp3GYwRORK+mB48IV3+mXckDw\nNpg5DKfWJgaWjOeOsJDwarBm6QSHxe0yzrY6zv1OyQhSrqpsJmQPqG//UIfS2Qg/\nmCoSwe29paFPNsoDSn2JvdN8K039ULuwJ6sW9+PMbfNHgp3yxPtVwUeAc4YeFCPm\nzSgGLlBxMo1AwShsCDu8KlPbbYfn85yfJKe7dIcxO3dFqv6wHLhUf7y2vW/bWZUK\nwEYmxppC7/Z6NaQoty8ndVI5LT/0cF+GoYKxRTptIQQa7IfEgJnbx0Jhp3YnL6pL\nA03OC72vpIfsU6cgdk1q5GYm7+6EpvRTet6XsQQDChKPFhdUp9iHQR8s89JQoU9t\n7QcZB4xLI7vIkG0XKwnqLb9Cc33Dou4IRP0zs5QXelAvCeug4FK//Ndq9+1Ym4Ik\nfqEqln0RLTMsCc92aGA8Lpv7tvSV1WSMTCpXEYKq3hBWpcOtYgVhtXfM3ZtDsjYX\nailQr4c3ur51MCId4vSb7wqI9d+9edKXjDJjCmkSVKA5LEXlOaNRL+9zCo5zIOXD\n7aUPOizLlQsGRZnPGKdhPoUmpX14DgcIdYLU5K0m3g4Eq5k/pFK/o7ZEehNxX+O/\nFcvWzXVUlpsQO5jc6mAQcYSeAfDcDVC5IA2rJjCzlIBaeJ+LuEWCfvVwT+QNqvSi\nkhhJl4gn2c20AUKCq634M2oZSGxkuU3XAbCEgfV92dQ9ejjxJp7L7RoUanOTa/5O\nmHqlEMSuQpB/XkUBzjeB6WBoBoZDdWmopOpsrgIm5Cey77KW8GG9IeQUzOxYQCEh\n7+wyYQwFncT9Fdvh6rpjqCJY2iABewBGSM6c+yjh4gfjSoaX3ROO0zkWW7s3Alkf\naOJXhHYpUZ5v99TwBRPaj7r2RFezToz4+2IhBQVXqDLfmL8mj9RQH1pY2GqlmZR2\n9vWBKgtrzUMmVfwYZV42mfZuh5yAyMW2fI5xv1DXkTzNeaK5aeDIu22A/F9NXSc4\n3Enq2BoTTaWZAmlrO7PK7J1P85ziWLyYDPvhQy4LNPLlWP+u85H3LqNLgZ05IGGR\naupbsRV+Kt5W9tltfJVQS7Z9nCUYR1upghOLqDZKu/ZJZZy5Kp74DFaTGrMZaZ6p\nyBAJ7a57R0WNK/oxFthK6qlMSXu1yekrOza6l6ak/F9G90E4449JMA==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-Pej6MifvNhzvGX6oP'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Pej6MifvNhzvGX6oP', '--output', '/tmp/tmp78phdtwm.xml', '/tmp/tmp0kmu3dp5.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp0kmu3dp5.xml"

output=
___________ TestServer1NonAsciiAva.test_encrypted_signed_response_2 ____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = '<?xml version="1.0"?>\n<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-orN4XemuoERh2ePCE" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ns2:Reference URI="#id-orN4XemuoERh2ePCE"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ns2:DigestValue/></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue/><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></ns0:Status><saml:EncryptedAssertion><ns0:EncryptedData xmlns:ns0="http://www.w3.org/2001/04/xmlenc#" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" Id="ED_b99e5d00-51e7-4683-ba7c-11d27908763b" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ns1:KeyInfo><ns0:EncryptedKey Id="EK_f4c51366-696d-4afd-8964-d3e5661bc619"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue>lTLLeqpt4uPzKsHQhxf7a0JjB3C8tHUmbXhVpfQtCkij9IiWAb7wGZWe4jja0a+q\nPf40zsAOevdF3iBu06AdKDd1J8JKPjBwnJWmi0ewobvKJnOUaV6uhNWVZKFQj8po\naRwLHll9mBB/Ix/CKuFzYU0HBfZOZ/T3+DWglDCY9G8=</ns0:CipherValue></ns0:CipherData></ns0:EncryptedKey></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue>hzXyiSAlHBpyuFVek8VQDj548R6tdNMEOXMiAyXKwdWColfTDa+mAhKAD1NaVl2A\nQu1fs2QOrVN5cqxy97do1n3/ZeBdXelBRJMbHQjxjETNIQHxeAP5GUbUU1DRe5NK\n9nJaNN0ebh2u2luXgf+HkkLGZpdI0ueS5FxCrzmJK1ac1Bpitviy/y2mSHD8K8Oy\ne4KhRtuBcPcahKz5b7WANoRftE/IevFKa9Q0JLZONIsH+mq6vmYC69GboAdGzEYt\nKkJiPK/Z3PElQ5vYRuNaJLAY9oDEi3p7xTh0a4nZxwxjBLs7cdBTTYGTJJqu+xvX\nuCRY5Z4b4X3he+C74H5k2jh7VpVljzfzCdMk5rnuIHtOEO8o1f6pXbaWUrw+JMsw\nyA5H2fMMGLVy3ApGCITaVIYSYnIY7lRUYtw+NmjXA2t9bb8XPd+jZ8M5o6Klb6QW\n0yRtMVuyQ2ivH8c6k8JjNlfkeHnIqmMEhVkCOcyajl4iLBcX37JC0qH6qOgEpCtL\nIOrE3UsMRphj5XX8PGJrBtYx1Dz9RauMNCN+2C9f7xcYyjT/2xt/ZysrYfVbLhCy\n6C2MoSm+3p8PZS/X91hpMp8T5fti9uLB/GEraTyW271V3VcHWzyaLqu6L0YArb3+\nPXBU6tFOu962fRJ2puzc7ETK1eZnZtBXiQl1ZC9q4KMwBNsog1Ori+BWr07KLF4v\nXe3xViGGK5IojgjoTXSXai+qsVQCSydLMeNR7WpbXvywro7O8POTldMAFKyx1XnH\nO/IZl6sRw4SqUUs/iol0oeOGM/JpOMe2br9hj7TMDgTuGRxw1e0MhEQNI8phu0I+\nohCCR/3PmkZTxysasfTnq5oDldyickKMQC/wWVVWd64BDpjx4kURUB/wBlG1PBFh\no49nWKxeRy4O3mSw5cIBc0RdZlKC7hVOUEERK2qOdTNlRlS1LiFapgCaXYfYXb3X\nY9YcqAkck846hvFOsWMJIJ4Sd6+mWXkGeQmy53zwZlp5kYMNwsXBauC/7UoyFUvq\nbvqE73FtFIFBqEPRgnnQp7ED0gQdL4sbZRTR6hlHKIauGzXe0Nn38YZBieNKuT9C\nMVQHzYuEtKRcFPEq66SUu9YLnRe6Hj4EcYZr6fKIQgXb2oLk1rKYqwODJMEyu/sR\nvu+8OGvQ/RVTG/lFB7J7anHe2Q81L8UxxEf3CLAlfuh1lIq32i6dsY7JD4RjlKl3\n3sH1uWf6yFOw4P4EEufAS/5XGyNK/IpMLsnDB7/ktXrBmU9rLPcVIH9m5rmk2xzU\nTQ0XKrsgJ+7Tst4WmNDZvlAR0amw2YUbhcr5iRE/H5+mIfCs31hgXID4DoS2RF7M\nvYsreqNtZReLCldwa05pnvQue/CTNZqlKSZYobRABD5Mr3SabU/BWwmgzFfo4OBU\n82qfrT5W+QJ0PF72jg8cRSc3XrZgk/h+U6tckuNqakxed3NC9gMURqK0i7BXav3/\ne0XX1o0q4SWU62bnp7/t1ShX+Qp92wEcSAtDhPsgd7IRB1CCp6S/p8DG/ynfixna\nuhYxwAZ/X1FUWUAAugXJ7eC0AkmIUsLHHbGd+B8f6NhZ4/TO7mDiep5BbaH73qFA\ntOFLF91qPL2zJdNt9dz25OEJvkvm3IyfotjFfhO0EWWMmmol1L4hzrtcu7IEDUbr\nYmwIPaVd50Ca0NabSGmXCBjmDKkCfBDHrTgqet57nBpgRdFvJuDhS/hvLKlwzvf1\n+Dbqo+kcb8B54DFlVA1tIpgWWvgZ98lahCrmLZF6y3t0ybHcTC/OAqolJDrp82yt\nANdXalBHxrMZc0iBNu8/66PVGIlQIV34tNxIvhM87bmuoc859SVozb8HZs3JgYst\naZNsQTHJV8qWFq7b8DFExqOzBDtAPjwf7UTw0v0lqQIXWk+NI0opSHnQ9AVuhDup\ncghJlclIFGY4NpFKxmPKkgOUFaKsMYEx9JUJHtPBfWlsE7ofvp7axhNHbzMiYmke\nsEk0UJUG4EHoL09H3E4bOFFLhzIqD7CkIPrY/OVyIqzWDXkgamK2NFUCzsJ8OASq\n4yBB/hhFQvjzP8O6Dgp/KfNDQ3qSSN7nlEIm1tTg2Y/xslXkCE6LN5X0YzdFVWQI\n1Z1t8ywFVObCGs7RVwyCTQ5AFLmZc/giiv+/VJQ8QEYhmtgu/E9N3yNqdfqTBvPi\n5OZ0UmLrWhFlKnqqRJ7aJe/7sHkAV0o7s3j6HcTB1Qw/fDPldGFdomOh6ZUI5q/S\naryC+KJ5xrDXeJS/vHYkqOYc5HVp6e6OmwiKVHwHd4w5K30iWvHYn6BOTzxDUU/e\nzWFPcVPgvNp8KUWCbWzlNQLxjWrIyefWjaHtYxa3M/KoupfhbQPg/JwcNlvzKdUh\nVh4wJsZoUoV2+D+wBKuWNojG++FoKIrtf+cxEnZSWuHIaSJzjfnW1DxXVss85meD\nMwE4hH1wOccZj11wPUmmMsnzrib5fs+Yd9jls6wJtN5H/SnuDK3VNGVn/uWPw24x\nhvYDoPYXZ4RneERT5kst89+E93C6wGfI2WzFTGlxmylTm11dTHj/BGHqq4fEuZNT\nJJCWDD/7GQpRWnCiIHt22IuYgQ4LXLhGeb+xYTTafo9Yg1oA/VyMHk9f3H0ZiYBW\nICSPIT7d+FFg4tHk5Ie5rO/Ty9RtFCW0xJknRW4dSmU+bJN2K4Z9HgovK549kDzR\n50oUAiU/aJ3ZaxvWTuaAMrZ9Mqwgc+Kf1/iuvxUhIWk3u06HD6p74/R83cr8+E1f\nYt3h1a0zgfARvBxqhOfdN5xa28VwW878V3kBdptNi8FgaL2Ruhn6uhaHfnxhtuuk\ncyOy/M4pMrtwE7yZUhugi+ZQwiNMJ0LX/QUqMD7kkrHyy3seZ4rEUo+PiWcFs6pB\nXVXzBdGkebeCTYyp2nLc5//nqqupBYTPax60E0FT4h6FhYqPv4dMSg==</ns0:CipherValue></ns0:CipherData></ns0:EncryptedData></saml:EncryptedAssertion></ns0:Response>\n'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-orN4XemuoERh2ePCE'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...]
extra_args = ['/tmp/tmpsro_j5ci.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpsro_j5ci.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1NonAsciiAva object at 0x7f842246c890>

    def test_encrypted_signed_response_2(self):
        cert_str, cert_key_str = generate_cert()
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=False,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
        )

tests/test_50_server.py:1681: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:912: in _response
    return signed_instance_factory(response, self.sec, sign_class)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = '<?xml version="1.0"?>\n<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-orN4XemuoERh2ePCE" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ns2:Reference URI="#id-orN4XemuoERh2ePCE"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ns2:DigestValue/></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue/><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></ns0:Status><saml:EncryptedAssertion><ns0:EncryptedData xmlns:ns0="http://www.w3.org/2001/04/xmlenc#" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" Id="ED_b99e5d00-51e7-4683-ba7c-11d27908763b" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ns1:KeyInfo><ns0:EncryptedKey Id="EK_f4c51366-696d-4afd-8964-d3e5661bc619"><ns0:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue>lTLLeqpt4uPzKsHQhxf7a0JjB3C8tHUmbXhVpfQtCkij9IiWAb7wGZWe4jja0a+q\nPf40zsAOevdF3iBu06AdKDd1J8JKPjBwnJWmi0ewobvKJnOUaV6uhNWVZKFQj8po\naRwLHll9mBB/Ix/CKuFzYU0HBfZOZ/T3+DWglDCY9G8=</ns0:CipherValue></ns0:CipherData></ns0:EncryptedKey></ns1:KeyInfo><ns0:CipherData><ns0:CipherValue>hzXyiSAlHBpyuFVek8VQDj548R6tdNMEOXMiAyXKwdWColfTDa+mAhKAD1NaVl2A\nQu1fs2QOrVN5cqxy97do1n3/ZeBdXelBRJMbHQjxjETNIQHxeAP5GUbUU1DRe5NK\n9nJaNN0ebh2u2luXgf+HkkLGZpdI0ueS5FxCrzmJK1ac1Bpitviy/y2mSHD8K8Oy\ne4KhRtuBcPcahKz5b7WANoRftE/IevFKa9Q0JLZONIsH+mq6vmYC69GboAdGzEYt\nKkJiPK/Z3PElQ5vYRuNaJLAY9oDEi3p7xTh0a4nZxwxjBLs7cdBTTYGTJJqu+xvX\nuCRY5Z4b4X3he+C74H5k2jh7VpVljzfzCdMk5rnuIHtOEO8o1f6pXbaWUrw+JMsw\nyA5H2fMMGLVy3ApGCITaVIYSYnIY7lRUYtw+NmjXA2t9bb8XPd+jZ8M5o6Klb6QW\n0yRtMVuyQ2ivH8c6k8JjNlfkeHnIqmMEhVkCOcyajl4iLBcX37JC0qH6qOgEpCtL\nIOrE3UsMRphj5XX8PGJrBtYx1Dz9RauMNCN+2C9f7xcYyjT/2xt/ZysrYfVbLhCy\n6C2MoSm+3p8PZS/X91hpMp8T5fti9uLB/GEraTyW271V3VcHWzyaLqu6L0YArb3+\nPXBU6tFOu962fRJ2puzc7ETK1eZnZtBXiQl1ZC9q4KMwBNsog1Ori+BWr07KLF4v\nXe3xViGGK5IojgjoTXSXai+qsVQCSydLMeNR7WpbXvywro7O8POTldMAFKyx1XnH\nO/IZl6sRw4SqUUs/iol0oeOGM/JpOMe2br9hj7TMDgTuGRxw1e0MhEQNI8phu0I+\nohCCR/3PmkZTxysasfTnq5oDldyickKMQC/wWVVWd64BDpjx4kURUB/wBlG1PBFh\no49nWKxeRy4O3mSw5cIBc0RdZlKC7hVOUEERK2qOdTNlRlS1LiFapgCaXYfYXb3X\nY9YcqAkck846hvFOsWMJIJ4Sd6+mWXkGeQmy53zwZlp5kYMNwsXBauC/7UoyFUvq\nbvqE73FtFIFBqEPRgnnQp7ED0gQdL4sbZRTR6hlHKIauGzXe0Nn38YZBieNKuT9C\nMVQHzYuEtKRcFPEq66SUu9YLnRe6Hj4EcYZr6fKIQgXb2oLk1rKYqwODJMEyu/sR\nvu+8OGvQ/RVTG/lFB7J7anHe2Q81L8UxxEf3CLAlfuh1lIq32i6dsY7JD4RjlKl3\n3sH1uWf6yFOw4P4EEufAS/5XGyNK/IpMLsnDB7/ktXrBmU9rLPcVIH9m5rmk2xzU\nTQ0XKrsgJ+7Tst4WmNDZvlAR0amw2YUbhcr5iRE/H5+mIfCs31hgXID4DoS2RF7M\nvYsreqNtZReLCldwa05pnvQue/CTNZqlKSZYobRABD5Mr3SabU/BWwmgzFfo4OBU\n82qfrT5W+QJ0PF72jg8cRSc3XrZgk/h+U6tckuNqakxed3NC9gMURqK0i7BXav3/\ne0XX1o0q4SWU62bnp7/t1ShX+Qp92wEcSAtDhPsgd7IRB1CCp6S/p8DG/ynfixna\nuhYxwAZ/X1FUWUAAugXJ7eC0AkmIUsLHHbGd+B8f6NhZ4/TO7mDiep5BbaH73qFA\ntOFLF91qPL2zJdNt9dz25OEJvkvm3IyfotjFfhO0EWWMmmol1L4hzrtcu7IEDUbr\nYmwIPaVd50Ca0NabSGmXCBjmDKkCfBDHrTgqet57nBpgRdFvJuDhS/hvLKlwzvf1\n+Dbqo+kcb8B54DFlVA1tIpgWWvgZ98lahCrmLZF6y3t0ybHcTC/OAqolJDrp82yt\nANdXalBHxrMZc0iBNu8/66PVGIlQIV34tNxIvhM87bmuoc859SVozb8HZs3JgYst\naZNsQTHJV8qWFq7b8DFExqOzBDtAPjwf7UTw0v0lqQIXWk+NI0opSHnQ9AVuhDup\ncghJlclIFGY4NpFKxmPKkgOUFaKsMYEx9JUJHtPBfWlsE7ofvp7axhNHbzMiYmke\nsEk0UJUG4EHoL09H3E4bOFFLhzIqD7CkIPrY/OVyIqzWDXkgamK2NFUCzsJ8OASq\n4yBB/hhFQvjzP8O6Dgp/KfNDQ3qSSN7nlEIm1tTg2Y/xslXkCE6LN5X0YzdFVWQI\n1Z1t8ywFVObCGs7RVwyCTQ5AFLmZc/giiv+/VJQ8QEYhmtgu/E9N3yNqdfqTBvPi\n5OZ0UmLrWhFlKnqqRJ7aJe/7sHkAV0o7s3j6HcTB1Qw/fDPldGFdomOh6ZUI5q/S\naryC+KJ5xrDXeJS/vHYkqOYc5HVp6e6OmwiKVHwHd4w5K30iWvHYn6BOTzxDUU/e\nzWFPcVPgvNp8KUWCbWzlNQLxjWrIyefWjaHtYxa3M/KoupfhbQPg/JwcNlvzKdUh\nVh4wJsZoUoV2+D+wBKuWNojG++FoKIrtf+cxEnZSWuHIaSJzjfnW1DxXVss85meD\nMwE4hH1wOccZj11wPUmmMsnzrib5fs+Yd9jls6wJtN5H/SnuDK3VNGVn/uWPw24x\nhvYDoPYXZ4RneERT5kst89+E93C6wGfI2WzFTGlxmylTm11dTHj/BGHqq4fEuZNT\nJJCWDD/7GQpRWnCiIHt22IuYgQ4LXLhGeb+xYTTafo9Yg1oA/VyMHk9f3H0ZiYBW\nICSPIT7d+FFg4tHk5Ie5rO/Ty9RtFCW0xJknRW4dSmU+bJN2K4Z9HgovK549kDzR\n50oUAiU/aJ3ZaxvWTuaAMrZ9Mqwgc+Kf1/iuvxUhIWk3u06HD6p74/R83cr8+E1f\nYt3h1a0zgfARvBxqhOfdN5xa28VwW878V3kBdptNi8FgaL2Ruhn6uhaHfnxhtuuk\ncyOy/M4pMrtwE7yZUhugi+ZQwiNMJ0LX/QUqMD7kkrHyy3seZ4rEUo+PiWcFs6pB\nXVXzBdGkebeCTYyp2nLc5//nqqupBYTPax60E0FT4h6FhYqPv4dMSg==</ns0:CipherValue></ns0:CipherData></ns0:EncryptedData></saml:EncryptedAssertion></ns0:Response>\n'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-orN4XemuoERh2ePCE'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-orN4XemuoERh2ePCE', '--output', '/tmp/tmpc2r4p1x1.xml', '/tmp/tmpsro_j5ci.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpsro_j5ci.xml"

output=
___________ TestServer1NonAsciiAva.test_encrypted_signed_response_3 ____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-9ofYMsY0H3v29TRyX" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-9ofYMsY0H3v29TRyX"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><saml:Assertion Version="2.0" ID="id-qrM1Dja0WrOwp3c6H" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-qrM1Dja0WrOwp3c6H"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepci\xc3\xb3n</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">dave@cnr.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">#13</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-qrM1Dja0WrOwp3c6H'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpeowh4_bv.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpeowh4_bv.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1NonAsciiAva object at 0x7f842246c940>

    def test_encrypted_signed_response_3(self):
        cert_str, cert_key_str = generate_cert()
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=False,
            encrypt_cert_assertion=cert_str,
        )

tests/test_50_server.py:1726: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-9ofYMsY0H3v29TRyX" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:25Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-9ofYMsY0H3v29TRyX"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><saml:Assertion Version="2.0" ID="id-qrM1Dja0WrOwp3c6H" IssueInstant="2024-09-12T12:13:25Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-qrM1Dja0WrOwp3c6H"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:25Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:25Z" NotOnOrAfter="2024-09-12T12:18:25Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepci\xc3\xb3n</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">dave@cnr.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">#13</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-qrM1Dja0WrOwp3c6H'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-qrM1Dja0WrOwp3c6H', '--output', '/tmp/tmptihhnuyo.xml', '/tmp/tmpeowh4_bv.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpeowh4_bv.xml"

output=
___________ TestServer1NonAsciiAva.test_encrypted_signed_response_4 ____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-CwhEJHcMZmvXGVYoE" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:26Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-CwhEJHcMZmvXGVYoE"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-kEFIUJBYEDpDVoSRL" IssueInstant="2024-09-12T12:13:26Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-kEFIUJBYEDpDVoSRL"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:26Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:26Z" NotOnOrAfter="2024-09-12T12:18:26Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_76fa3465-4fa0-4fc0-bdba-e679f29bea25" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_5c198f8d-6595-4c27-ad51-aeb6e18cac39"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzI2WhcNMzQwOTEwMTIxMzI2WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAi7QKKdpvXqnIt7AakNqvi/FCJrmx7N2IoJoQDGuVqs44s08rxaOmJdfl\nFBy8a84GTsezo695TW/fDeCmdOxSgwoLIdIQuJkMZirbYJcslcmDYHQYuei856SM\nVNLNVzcaV9UYU/nebRVedQn1zMCSWwGtTUeGZMHc9nF83B6HKxYpH6rnRPRHR/2k\nCCrPvpBOrgN5gzzbSaVn2Wb4uVquzlAdFNPn6yGCsVR8oJEHWJ6kcRbNBjmh2P7l\n4x16vjmwOMAJgek4TlXn4Q4UJjeHC9LRPXYJ6EmMIPqwKmxxjjR3dB9fZ1pe+ixz\nIVyCrdRdwv68dqo1hkToZzHM9UyjewIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFY5\nqHIRuf66DGZYSBKeJVJ+xtsL79/Qt2F/YyAz+ceL4jr4SMIWtC09awQXokfun/lq\nLS76bbOh60U5nMmZbAWtn8iwVktHVBlETjw25D6xg3E4SErgq2pc9hq453+WWgoi\nQkHLBbStx6x3K3FSlQYph/xQ1A3LHHC95ZujBndi</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>GihpS7/wHvKrtCVWh1GzRgIbEanso+hXRY8w+XU0bOAgzA0JTy+BK2St2mrQDkpD\nMShuFi6ODG+U60KyJrTA8W+VcH87lYpBNb/NaCPUDa88rtpT+K+q/o0n0hw795zH\nNtNlIU8+pNErCwE3RP+p3k2ryOmilVLw4Muj573UjzUn7ihL9bS+HASommzUAPOP\nIV3978J9Mdy3/tG49kTOPnRYGa4qv0cTfdev3oK0tn8QuG7aaGceb9hL8JVTdU73\n3HpK1lH6y9gFkV/3Zwyp8ZIKmC7O/lGoeIpKEpfr6Y+WNoJAwu+oFsJEb0BqlqRr\nDwMdYWXDadpg5Pqfj9Dmfg==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>vXfvhhwYPRA8o37lNbjPwU4lfaKX9o4HT5TukfcsdPk87bCC74c5Js++aHKKYipZ\nmtCxi5QUhaRCkbNbbcNnlSt5t6GWHj5EHF2LPRQ+hvOQgMian855EdBCTwwcuMMm\nLpUOYUPSFIBfF3RJlBGHnmLaED1jskCfSqEbzAtQ1dG0aVTz+k+p+m/JNshnU0c0\nQrAHBCNn+Omv0xnZc0E2AJWnurIeqDZ4six2XrV58tB5M0O/RU9ZUy1VwhZU71os\noZ0KvluIFEZdWsuQ4d5fL717KN1s0r94Z7nXzj+EqtYS9Oq3XWbJUwYK5jKRQJ+J\nw/qC07DegYDQkexkNE//NdqJl0k1oBsQHkFFjy/Zrzo8xtOwl/rgiVgOdBVQSf0R\nyoVVK8rN9fHxBKg1MZWGUtdfg6eeSvaTjTMBIhcDGbB7ExhaHvIaL4z6qIXdgSzK\nSt88YJk0cmBfrZ25iPgBpdaRcic40BnY+CS1tkgSMrj4NyPH5T4Dh6Y/RQlGQD9a\nBz0LQgpbIDwisXYfwl581BqVmAZiOKdH22a8hHxHgH/AVkVVQHuZ1pfE7867N/FR\nN8wYi9+lehmiN7Xw2oUGNgUZYpajFpepeCaNu+v/LnTVJSkCn5YFsEcqEck3nxmg\n8wNRf/cwhCps11l0DSG9eGSCcELCnRYWW81haTt1lr4Luon8IltkvdXlGyowHEOt\ni+Q9iXQU2YKOctRnHdCjhnk3r7zTI05EGHIx3iXgNZ1AIea+dY73DUhlhS73yMxM\nqqjn2mBtngX5Us8eUcw2hpnQl7bve/R8jQ5E/8AyDnj+CT3G7iWpzszt2d5xVDL2\ntdYDsUh0zk4T0zeE/BAhxuJijENgcFCynT40nH26RZCqiuQApbYSd3LS4jZZy0mu\nyx+ZlfkyiEq3SjcEFl+8gDfvut7vRNLO+Vgy9S9E06hMJeumYNbsUAlNLetYphNc\nk9Q4W1OfBmVbICfKMTbFg6iyfmE18rfmmd+2BQpn98qlI+ba+aLtaoTPO3pNgqDJ\nWePmRbYuWE6yZUB1JT5vIX6OR9ETy7ulnL1B6af6Svre0f24A6sSxlT4Xk0bu4U+\nkdS0/K0xOo127CXWKdMiz0c3sVdywCKNFbOs/EWL3cwGTVdGUShrngpmMMTkp9fh\naKW/QPH9o50SDJnNmoWoFveHP90XwZIUBMHbhoDmrrDL3eEj8HEuzD5zX9m2HZZu\nsMJ0b2JLg9vwOqSgVxDMLpEBS7AFb3zEN0p6ir+unVNqGQ6x4vfV/VAh1a0ztBkF\nWEpfcDVzKdP+HFvk/LxoOgVnwmvwD0y+GtmwN6RyKsfWwrQwJXjNuBJF92Jcx78k\nOy36BFfB6IMRxN0dBvt5KORftQZK21e0uPMec+2JueYB2huFpEZJ9lKhlhmxA8kp\ngg5CP+moDGvTpFPzeDdLaRIRI1udhJpz4rd55ochOoo1/ApDCWIZLs5g3wWh2Jpi\nloL+J6gMCUJUywzYZavdwlaHr2R9+SruemgKMcUw8o7imuX/53WZnQkYWbTSFvk0\nrQYwNcbj57cdfp+AdNauE0hifb3//hXZSf8BL5RDd/gyuL+Q7H6E4x7oPolUm++u\n7GDPvirji4axMkFTlXemGPSnf4fI8+zf7iVHJ2cKbJkhfquEIR3LkN9nwpztDwQs\nUDQMbfZeuXUTHwzA+Y3qMkJFDYrDmAfUphrw55nT+KpVgzmqzN092rhYdODUsThR\nudZjpksym+CEqb9m6388BHfwfF8grnyW2eO0huw9v6q35NkxLh4NqJiSu3zSw5wq\nBmRYb7TFR9hwyg605+z5ROl2YnJJ2qsCSFQ/CJoRXQpVI8ilIcTp8QO0+3kwgVmt\nqAByjwHsaPInMwfSOzCsyxVhB1icIW4MQHYcVudEENbxN/hhM5IBskMUSdnqaaK7\nldsDxJOyLyVJ41LK5gO9LDJSMK9p78/4gdf9C72N7HU1Xi49eRxRBQh4MmcuCuMj\nLDHP53aGr8TD+d6G/XCjglxoaVIPSAZFd1QlyjOJZZYfSEoM+wezJpQ5yQ9jURlN\ni7iR6S2b/qZRal8j8y6sSh7g2AohER4NXILAM9ihx3PhWLAKXLPoj7O9ELR5af+j\nEk0+1EId9Ng+jaGGNtlkphrKMEKyPya/P7pxNLxxpgUSPZHicVvR7DbyViGW8xUA\nrEVKlAa9LDdpKbc2YvWcf/Dh5Rp5/FUBAWhWxjxbPpZJYXpf05nEP8jibQQt5r6c\noLcfpsg4umBX1hNExN8gqWbkpXGv3ESX8xbkIa8IPm1u7C6b0724vK/qD/Kk4Kme\n6kvhWp8A+HAJQq8gVCWTpAQLlhsmURUznrW8DCSvt1dnCcTyXl0G8tsr/0UlLXRs\nF9N3v5KkAYIUTvrQ87/4L1TGyNgTo6x3SXVg1iKyDzkyd+QqK7/BoA==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-kEFIUJBYEDpDVoSRL'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpzhfvxxch.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpzhfvxxch.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_50_server.TestServer1NonAsciiAva object at 0x7f84228ba850>

    def test_encrypted_signed_response_4(self):
    
        cert_str, cert_key_str = generate_cert()
    
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_advice=cert_str,
        )

tests/test_50_server.py:1773: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84222e3a10>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-CwhEJHcMZmvXGVYoE" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:26Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-CwhEJHcMZmvXGVYoE"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-kEFIUJBYEDpDVoSRL" IssueInstant="2024-09-12T12:13:26Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-kEFIUJBYEDpDVoSRL"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">8c26a5930f73fa9cbf8f79b904110de7e00de8c48dc89910c74f5d4ac2ad6058</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:26Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:26Z" NotOnOrAfter="2024-09-12T12:18:26Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_76fa3465-4fa0-4fc0-bdba-e679f29bea25" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_5c198f8d-6595-4c27-ad51-aeb6e18cac39"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzI2WhcNMzQwOTEwMTIxMzI2WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAi7QKKdpvXqnIt7AakNqvi/FCJrmx7N2IoJoQDGuVqs44s08rxaOmJdfl\nFBy8a84GTsezo695TW/fDeCmdOxSgwoLIdIQuJkMZirbYJcslcmDYHQYuei856SM\nVNLNVzcaV9UYU/nebRVedQn1zMCSWwGtTUeGZMHc9nF83B6HKxYpH6rnRPRHR/2k\nCCrPvpBOrgN5gzzbSaVn2Wb4uVquzlAdFNPn6yGCsVR8oJEHWJ6kcRbNBjmh2P7l\n4x16vjmwOMAJgek4TlXn4Q4UJjeHC9LRPXYJ6EmMIPqwKmxxjjR3dB9fZ1pe+ixz\nIVyCrdRdwv68dqo1hkToZzHM9UyjewIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFY5\nqHIRuf66DGZYSBKeJVJ+xtsL79/Qt2F/YyAz+ceL4jr4SMIWtC09awQXokfun/lq\nLS76bbOh60U5nMmZbAWtn8iwVktHVBlETjw25D6xg3E4SErgq2pc9hq453+WWgoi\nQkHLBbStx6x3K3FSlQYph/xQ1A3LHHC95ZujBndi</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>GihpS7/wHvKrtCVWh1GzRgIbEanso+hXRY8w+XU0bOAgzA0JTy+BK2St2mrQDkpD\nMShuFi6ODG+U60KyJrTA8W+VcH87lYpBNb/NaCPUDa88rtpT+K+q/o0n0hw795zH\nNtNlIU8+pNErCwE3RP+p3k2ryOmilVLw4Muj573UjzUn7ihL9bS+HASommzUAPOP\nIV3978J9Mdy3/tG49kTOPnRYGa4qv0cTfdev3oK0tn8QuG7aaGceb9hL8JVTdU73\n3HpK1lH6y9gFkV/3Zwyp8ZIKmC7O/lGoeIpKEpfr6Y+WNoJAwu+oFsJEb0BqlqRr\nDwMdYWXDadpg5Pqfj9Dmfg==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>vXfvhhwYPRA8o37lNbjPwU4lfaKX9o4HT5TukfcsdPk87bCC74c5Js++aHKKYipZ\nmtCxi5QUhaRCkbNbbcNnlSt5t6GWHj5EHF2LPRQ+hvOQgMian855EdBCTwwcuMMm\nLpUOYUPSFIBfF3RJlBGHnmLaED1jskCfSqEbzAtQ1dG0aVTz+k+p+m/JNshnU0c0\nQrAHBCNn+Omv0xnZc0E2AJWnurIeqDZ4six2XrV58tB5M0O/RU9ZUy1VwhZU71os\noZ0KvluIFEZdWsuQ4d5fL717KN1s0r94Z7nXzj+EqtYS9Oq3XWbJUwYK5jKRQJ+J\nw/qC07DegYDQkexkNE//NdqJl0k1oBsQHkFFjy/Zrzo8xtOwl/rgiVgOdBVQSf0R\nyoVVK8rN9fHxBKg1MZWGUtdfg6eeSvaTjTMBIhcDGbB7ExhaHvIaL4z6qIXdgSzK\nSt88YJk0cmBfrZ25iPgBpdaRcic40BnY+CS1tkgSMrj4NyPH5T4Dh6Y/RQlGQD9a\nBz0LQgpbIDwisXYfwl581BqVmAZiOKdH22a8hHxHgH/AVkVVQHuZ1pfE7867N/FR\nN8wYi9+lehmiN7Xw2oUGNgUZYpajFpepeCaNu+v/LnTVJSkCn5YFsEcqEck3nxmg\n8wNRf/cwhCps11l0DSG9eGSCcELCnRYWW81haTt1lr4Luon8IltkvdXlGyowHEOt\ni+Q9iXQU2YKOctRnHdCjhnk3r7zTI05EGHIx3iXgNZ1AIea+dY73DUhlhS73yMxM\nqqjn2mBtngX5Us8eUcw2hpnQl7bve/R8jQ5E/8AyDnj+CT3G7iWpzszt2d5xVDL2\ntdYDsUh0zk4T0zeE/BAhxuJijENgcFCynT40nH26RZCqiuQApbYSd3LS4jZZy0mu\nyx+ZlfkyiEq3SjcEFl+8gDfvut7vRNLO+Vgy9S9E06hMJeumYNbsUAlNLetYphNc\nk9Q4W1OfBmVbICfKMTbFg6iyfmE18rfmmd+2BQpn98qlI+ba+aLtaoTPO3pNgqDJ\nWePmRbYuWE6yZUB1JT5vIX6OR9ETy7ulnL1B6af6Svre0f24A6sSxlT4Xk0bu4U+\nkdS0/K0xOo127CXWKdMiz0c3sVdywCKNFbOs/EWL3cwGTVdGUShrngpmMMTkp9fh\naKW/QPH9o50SDJnNmoWoFveHP90XwZIUBMHbhoDmrrDL3eEj8HEuzD5zX9m2HZZu\nsMJ0b2JLg9vwOqSgVxDMLpEBS7AFb3zEN0p6ir+unVNqGQ6x4vfV/VAh1a0ztBkF\nWEpfcDVzKdP+HFvk/LxoOgVnwmvwD0y+GtmwN6RyKsfWwrQwJXjNuBJF92Jcx78k\nOy36BFfB6IMRxN0dBvt5KORftQZK21e0uPMec+2JueYB2huFpEZJ9lKhlhmxA8kp\ngg5CP+moDGvTpFPzeDdLaRIRI1udhJpz4rd55ochOoo1/ApDCWIZLs5g3wWh2Jpi\nloL+J6gMCUJUywzYZavdwlaHr2R9+SruemgKMcUw8o7imuX/53WZnQkYWbTSFvk0\nrQYwNcbj57cdfp+AdNauE0hifb3//hXZSf8BL5RDd/gyuL+Q7H6E4x7oPolUm++u\n7GDPvirji4axMkFTlXemGPSnf4fI8+zf7iVHJ2cKbJkhfquEIR3LkN9nwpztDwQs\nUDQMbfZeuXUTHwzA+Y3qMkJFDYrDmAfUphrw55nT+KpVgzmqzN092rhYdODUsThR\nudZjpksym+CEqb9m6388BHfwfF8grnyW2eO0huw9v6q35NkxLh4NqJiSu3zSw5wq\nBmRYb7TFR9hwyg605+z5ROl2YnJJ2qsCSFQ/CJoRXQpVI8ilIcTp8QO0+3kwgVmt\nqAByjwHsaPInMwfSOzCsyxVhB1icIW4MQHYcVudEENbxN/hhM5IBskMUSdnqaaK7\nldsDxJOyLyVJ41LK5gO9LDJSMK9p78/4gdf9C72N7HU1Xi49eRxRBQh4MmcuCuMj\nLDHP53aGr8TD+d6G/XCjglxoaVIPSAZFd1QlyjOJZZYfSEoM+wezJpQ5yQ9jURlN\ni7iR6S2b/qZRal8j8y6sSh7g2AohER4NXILAM9ihx3PhWLAKXLPoj7O9ELR5af+j\nEk0+1EId9Ng+jaGGNtlkphrKMEKyPya/P7pxNLxxpgUSPZHicVvR7DbyViGW8xUA\nrEVKlAa9LDdpKbc2YvWcf/Dh5Rp5/FUBAWhWxjxbPpZJYXpf05nEP8jibQQt5r6c\noLcfpsg4umBX1hNExN8gqWbkpXGv3ESX8xbkIa8IPm1u7C6b0724vK/qD/Kk4Kme\n6kvhWp8A+HAJQq8gVCWTpAQLlhsmURUznrW8DCSvt1dnCcTyXl0G8tsr/0UlLXRs\nF9N3v5KkAYIUTvrQ87/4L1TGyNgTo6x3SXVg1iKyDzkyd+QqK7/BoA==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-kEFIUJBYEDpDVoSRL'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-kEFIUJBYEDpDVoSRL', '--output', '/tmp/tmp5cf9wqxz.xml', '/tmp/tmpzhfvxxch.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpzhfvxxch.xml"

output=
_____________________ TestClient.test_sign_auth_request_0 ______________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84223e6ed0>
statement = b'<ns0:AuthnRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://eidas.europa.eu/saml-extensions" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id1" Version="2.0" IssueInstant="2024-09-12T12:13:27Z" Destination="http://www.example.com/sso" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://lingon.catalogix.se:8087/" ProviderName="urn:mace:example.com:saml:roland:sp"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id1"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Extensions><ns3:RequestedAttributes><ns3:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonNickname" isRequired="false" /><ns3:RequestedAttribute Name="urn:mace:dir:attribute-def:eduPersonNickname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="eduPersonNickname" isRequired="true" /><ns3:RequestedAttribute Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="eduPersonScopedAffiliation" isRequired="false" /></ns3:RequestedAttributes></ns0:Extensions></ns0:AuthnRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id1'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84223e6ed0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', ...]
extra_args = ['/tmp/tmpbhrw58i0.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpbhrw58i0.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f84228ac2f0>

    def test_sign_auth_request_0(self):
>       req_id, areq = self.client.create_authn_request("http://www.example.com/sso", sign=True, message_id="id1")

tests/test_51_client.py:396: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client_base.py:445: in create_authn_request
    msg = self._message(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message
    signed_req = self.sign(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84223e6ed0>
statement = b'<ns0:AuthnRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://eidas.europa.eu/saml-extensions" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id1" Version="2.0" IssueInstant="2024-09-12T12:13:27Z" Destination="http://www.example.com/sso" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://lingon.catalogix.se:8087/" ProviderName="urn:mace:example.com:saml:roland:sp"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id1"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Extensions><ns3:RequestedAttributes><ns3:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonNickname" isRequired="false" /><ns3:RequestedAttribute Name="urn:mace:dir:attribute-def:eduPersonNickname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="eduPersonNickname" isRequired="true" /><ns3:RequestedAttribute Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="eduPersonScopedAffiliation" isRequired="false" /></ns3:RequestedAttributes></ns0:Extensions></ns0:AuthnRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id1'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmp1dfi1uba.xml', '/tmp/tmpbhrw58i0.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpbhrw58i0.xml"

output=
_______________________ TestClient.test_logout_response ________________________

self = <test_51_client.TestClient object at 0x7f84228ac590>

    def test_logout_response(self):
        req_id, req = self.server.create_logout_request(
            "http://localhost:8088/slo",
            "urn:mace:example.com:saml:roland:sp",
            name_id=nid,
            reason="Tired",
            expire=in_a_while(minutes=15),
            session_indexes=["_foo"],
        )
    
        info = self.client.apply_binding(BINDING_HTTP_POST, req, destination="", relay_state="relay2")
        _dic_info = unpack_form(info["data"], "SAMLRequest")
        samlreq = _dic_info["SAMLRequest"]
    
>       resphttp = self.client.handle_logout_request(samlreq, nid, BINDING_HTTP_POST)

tests/test_51_client.py:429: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.client.Saml2Client object at 0x7f84227e9590>
request = 'PG5zMDpMb2dvdXRSZXF1ZXN0IHhtbG5zOm5zMD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQtdndmN0g2eUVKMEx2RFh6c0YiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDI0LTA5LTEyVDEyOjEzOjI3WiIgRGVzdGluYXRpb249Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9zbG8iIFJlYXNvbj0iVGlyZWQiIE5vdE9uT3JBZnRlcj0iMjAyNC0wOS0xMlQxMjoyODoyN1oiPjxzYW1sOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+dXJuOm1hY2U6ZXhhbXBsZS5jb206c2FtbDpyb2xhbmQ6aWRwPC9zYW1sOklzc3Vlcj48c2FtbDpOYW1lSUQgTmFtZVF1YWxpZmllcj0iZm9vIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+MTIzNDU2PC9zYW1sOk5hbWVJRD48bnMwOlNlc3Npb25JbmRleD5fZm9vPC9uczA6U2Vzc2lvbkluZGV4PjwvbnMwOkxvZ291dFJlcXVlc3Q+'
name_id = <saml2.saml.NameID object at 0x7f8421f6ce20>
binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', sign = True
sign_alg = None, digest_alg = None, relay_state = None, sigalg = None
signature = None

    def handle_logout_request(
        self,
        request,
        name_id,
        binding,
        sign=None,
        sign_alg=None,
        digest_alg=None,
        relay_state=None,
        sigalg=None,
        signature=None,
    ):
        """
        Deal with a LogoutRequest
    
        :param request: The request as text string
        :param name_id: The id of the current user
        :param binding: Which binding the message came in over
        :param sign: Whether the response will be signed or not
        :param sign_alg: The signing algorithm for the response
        :param digest_alg: The digest algorithm for the the response
        :param relay_state: The relay state of the request
        :param sigalg: The SigAlg query param of the request
        :param signature: The Signature query param of the request
        :return: Keyword arguments which can be used to send the response
            what's returned follow different patterns for different bindings.
            If the binding is BINDIND_SOAP, what is returned looks like this::
    
                {
                    "data": <the SOAP enveloped response>
                    "url": "",
                    'headers': [('content-type', 'application/soap+xml')]
                    'method': "POST
                }
        """
        logger.debug("logout request: %s", request)
    
        _req = self.parse_logout_request(
            xmlstr=request,
            binding=binding,
            relay_state=relay_state,
            sigalg=sigalg,
            signature=signature,
        )
    
        if _req.message.name_id == name_id:
            try:
                if self.local_logout(name_id):
                    status = success_status_factory()
                else:
                    status = status_message_factory("Server error", STATUS_REQUEST_DENIED)
            except KeyError:
                status = status_message_factory("Server error", STATUS_REQUEST_DENIED)
        else:
            status = status_message_factory("Wrong user", STATUS_UNKNOWN_PRINCIPAL)
    
        response_bindings = {
            BINDING_SOAP: [BINDING_SOAP],
            BINDING_HTTP_POST: [BINDING_HTTP_POST, BINDING_HTTP_REDIRECT],
            BINDING_HTTP_REDIRECT: [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST],
        }.get(binding, [])
    
        for response_binding in response_bindings:
            sign = sign if sign is not None else self.logout_responses_signed
            sign_redirect = sign and response_binding == BINDING_HTTP_REDIRECT
            sign_post = sign and not sign_redirect
    
            try:
                response = self.create_logout_response(
                    _req.message,
                    bindings=[response_binding],
                    status=status,
                    sign=sign_post,
                    sign_alg=sign_alg,
                    digest_alg=digest_alg,
                )
                rinfo = self.response_args(_req.message, [response_binding])
    
                return self.apply_binding(
                    rinfo["binding"],
                    response,
                    rinfo["destination"],
                    relay_state,
                    response=True,
                    sign=sign_redirect,
                    sigalg=sign_alg,
                )
            except Exception:
                continue
    
        log_ctx = {
            "message": "No supported bindings found to create LogoutResponse",
            "issuer": _req.issuer.text,
            "response_bindings": response_bindings,
        }
>       raise SAMLError(log_ctx)
E       saml2.SAMLError: {'message': 'No supported bindings found to create LogoutResponse', 'issuer': 'urn:mace:example.com:saml:roland:idp', 'response_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']}

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:733: SAMLError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmphrwwd3xa.xml"

output=
ERROR    saml2.mdstore:mdstore.py:1184 Unsupported binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (urn:mace:example.com:saml:roland:idp)
ERROR    saml2.entity:entity.py:352 Failed to find consumer URL: urn:mace:example.com:saml:roland:idp, ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'], idpsso
__________________________ TestClient.test_response_1 __________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-w1mdnnzdC62WnGC2v" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:27Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-w1mdnnzdC62WnGC2v"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-LIPcpQb7BJ8cfNr86" IssueInstant="2024-09-12T12:13:27Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID NameQualifier="urn:mace:example.com:saml:roland:idp" SPNameQualifier="urn:mace:example.com:saml:roland:sp" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">d67a592612e371b7e8bce0040c9aa2062197fa4cc770503385645cfe21abac71</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:27Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:27Z" NotOnOrAfter="2024-09-12T12:18:27Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:27Z" SessionIndex="id-IeFYvQP6YDwnE8i7g"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-w1mdnnzdC62WnGC2v'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...]
extra_args = ['/tmp/tmp74z2hzhj.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp74z2hzhj.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f8422a85790>

    def test_response_1(self):
        IDP = "urn:mace:example.com:saml:roland:idp"
    
        ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]}
    
        nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT)
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id_policy=nameid_policy,
            sign_response=True,
            userid="foba0001@example.com",
            authn=AUTHN,
        )

tests/test_51_client.py:469: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response
    return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-w1mdnnzdC62WnGC2v" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:27Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-w1mdnnzdC62WnGC2v"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-LIPcpQb7BJ8cfNr86" IssueInstant="2024-09-12T12:13:27Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID NameQualifier="urn:mace:example.com:saml:roland:idp" SPNameQualifier="urn:mace:example.com:saml:roland:sp" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">d67a592612e371b7e8bce0040c9aa2062197fa4cc770503385645cfe21abac71</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:27Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:27Z" NotOnOrAfter="2024-09-12T12:18:27Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:27Z" SessionIndex="id-IeFYvQP6YDwnE8i7g"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-w1mdnnzdC62WnGC2v'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-w1mdnnzdC62WnGC2v', '--output', '/tmp/tmpx59hnfj8.xml', '/tmp/tmp74z2hzhj.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp74z2hzhj.xml"

output=
__________________________ TestClient.test_response_2 __________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-0UjblDJ12ZM8q9dMZ" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:27Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-0UjblDJ12ZM8q9dMZ"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-09ybzj3h23uaikU6o" IssueInstant="2024-09-12T12:13:27Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-09ybzj3h23uaikU6o"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">ff1e561fb537a68bf4331013320261f8141f5fab2dba57f58ae99a76218d6cd9</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:27Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:27Z" NotOnOrAfter="2024-09-12T12:18:27Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_db4c5962-2ec0-4865-8b66-16187681fcab" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_4d670b36-672f-42b9-9da6-018a3b569cfc"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzI3WhcNMzQwOTEwMTIxMzI3WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA0OwX0GrH9sudBmgTYSmTyAbZo+TGrt9341WHljKbtn9GFbfHVdw263a1\n2r4/ogD0shNq50mA8D2AhK23TXO+uIvxYatKssF0bHLo4UABvpfTBwzz6uCUnncV\n9G5utAfW0UWxZbAoLjn42rYq6x0IkHFNQ5leN09U1H87g8uWKN9vUjgcBspTj0Dt\nLc9XWTjNDgunPhbhfEQvL7yUhKBr1yscxfKO/VBryC8JketrlfpQxfhWkCISaSCw\nBnBaYeid6I6X/colVrqljvoWE90/KtvHWOZVdI1BLWK0NVNE6dcxSoxxVV53jY2f\ndeHnLXfkWyyAbinr1Dr4DDJ2VP6axwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAHxV\nF6cluHtlIisHImyi9PechHl0Me5pXNh/5M9sES7sedeGGjSrouAToHwXg4d53TeN\ndohf7E5MgN3yPx6BmmVvLbuL/zfXp+AEB7sSad8tr/qiN56PrWYBtL1yr48PW+DW\nfVR6fb2z0IVFvarOisr+A9kc+fdAhOFym9qzqVwR</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>gUdwsDiEmZNKBm6g1eu919Xo7J2bJRIE9kileOzgtNUuJH2urix1LnU13ZVDU5gg\n3gRI4Hfadh45xZqUD5L8lCbI7bSFv2YvKaadlzMRuSGQOcnGiIRZh7MkGcYdluGL\nEWl/IBJOFDWWRNyN5v5IEMrFJr5MeeeDnrubhD4PQy+nTqLApNxEzYzyacah110a\njm8KNGpbOpogGvH79caUOtXU2WxItLgdtCzgSaBKBrY4HIN3Udkfl+LUNsiFRXFX\nkgQ/NV0on8r5goyA8Sp6XfTrq7p78csImBszOemPrC7acwkeZX480x77wLkl/RLl\n172iQFYhEhLz/aN4yjmn2g==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>PBU9Z7S54MNnVbUM6CPxdLBGORsxfn/8z1Ht79+4fhxna+FgLM51iSE+yAvebrT3\nqjzIvHqSZeeunvF1Cx83JWl+T81aEBHQIMpsVhdwYyxPLjRZ+4kDimgTez8CQfMf\n3goNnwMuCqZFAr7nObAbVUQpO3DJWLmqWZ/ot9vQVEdVxuhGiWWzMYrBRav8aTcp\nIW0cKPwi7MNqmu54oInfothc9ltRx0b1se0x+DQeqPnyN+wLCVc3sThwhssIWaE+\nni5JKnzTIim/hzVU17i0u7HGazsFEU0wAq4d3RoL3wk9mMeXOdfYb7YeodIhqK4d\nbcoi7Gd8qmLJdlGXRFDzCALaJdb6nw1Gz4N3u84gQW3b9uJ/FCto+uU9qW8jgbs4\nSJXnUgn1Lem3+ecODPSGwAG4mBY7ZA1CzvghoFzM9sBxO6hK6YIsJb0DvL+4SdXM\n/IrV91j2M7MQMnIi9zwS6SB27vxv8GZ/BI9XCi3Yj0HVfnw4zM6noXN3FkK1NGlv\nP0y/cn3mc/KsDByj8/DhqenBfb66p8vV9GMzphnBy3T8RUqrRH1If0lS+Jfrjye8\nB5BY6V4cGf/bjGdQeR/CeC9rAJ4hY437GGntbDYbLdbevGOnNSnXPO3RA1pvLrUu\ntFNftQJU1Ykemgc+Tu2uDS861zrOAC37/bjSboMUb5O9FFpmi+HBinwS7UsqwGbS\nwh6isgWBxZfZ3qLKDClTr2mXBWdbzX5NcoS+3YFmy4sdoEWCP/3gCHn4R4ykSSKw\ncUP8hYaQLaddmzgvnNVuzJ/J25PZHcIXLZdTOqhB40OugSOpCKefesnbciBFDFt+\n5veB8eH5ctqb9TYBoSo8xi8Uqwx0+PmC2oVblmOTc7vJsuQo4o4HaP+RGkKvdrIU\nnt2m9e8qTgKaQU1Wu+01tHmN4O2I5VmLcGTg+CAgiYI4uHc07pKeaVS3gdYE9/Cb\nNzUZJdFjXexmTogj8CSmC7NytPjVMvITUCd3G1bPY53+CRF4MhzhyEdM4EpFIkjC\n6nQrvip067XLxUqd5nWE1NsG4tKVuhb5AR0cCMCTfthRLRowl3g8+NA7KflAAego\nYjIfJEJ2kbCeOTuAxxRL6ReAwCQFRhhYZGbJwhNS5YI7LMsOjtA+fFzFS+C4b4Tf\nmZmnC5yhr5e5CQGYSvGniHGxdlNcZk6qss3PqwYSm8ziT44KmhUUiB+t6OX/P7Y0\n+tYw66awcqx0OUS2sdlt9hi6Eljf2m1yjB34nnHpojc4D+cMwsGKKj+F7NfD4Ukk\nzre52vC341LqokiJeNl/wsG+PJDO8QEdfYknl1q+CS3ZHLZdqrYeVVm9BWqjNlXO\nAmtcJC+WGFrCKWl6ydABv4hwtT4pxNaYsLJEUcAcbfmdRr9Dm5CZgPGNogMdE4iq\nOK8mcZsT7x4036EoyHRcE1cSUGTIJECdhW04GfNJVwHaIW3M3nAu+m/ESH6xAk+W\nvLZSyzOouF9ML8avWI6awe5x6VyYVO7eqHEzDR3cLan5tT2luL+NRJja9pbj0cQW\n8MAPSvqeIHsTJmNBgg6Y0ZSVi3i0yUUPtOP9T56JjCkWVROKIsWyq/KTiNu0dyIF\nhrG/yRxGzPIevNG13kPxk5e5PldGBgl2NomFsorbvTPsZDwBW8p7T3KCx3tXWmWm\n+TDT2hyGuBqE+R/JIjF8/U2PlUSeCUBkXwjcalhlGto1DWr8LHChV1qE1QKxZze0\nn9muiQrpTtDREC21akZUaQUWFSa8n7EaRVJz7bJZfAvm7xcZtuYrJ5veFsQ93Xoj\nyhi8A89EvHeNqsM5txJ4LcO+iOaxy6sd5xiQau6qFtUIywUY6farIRIHuYNwJlBq\nM5x+iBo/RtY0t8puFvA3Uo6nLEVArdTxHqQxds/qQ9BwMKix1OxZhdLqSUQvbcup\nQkmv7/+mLXThqFdqiDeGmQy/9KVOD61jkhiLEf55BXHHkoRpWdM8zoT0gFMH0+Sf\nEEHBBbOxXQji5ZrzI8W6c5BgNaobeyRxOHDG1v6z8QmoCzIVPj28a/nih4A/phz6\nQT9X2B9jOuIFP1xxFwdpX4g0ZxMalCJrzkP2VNCvdMHRPIo/iiH6aQy/X5v1ooUU\naTKFfx/DTh1NXy2jBgT9LrYDaqU6rG996VWx/pI7ps+rSYIn/Ci8YLEJyUyLIkOK\ntvbPkgehqiURwTvU/syD9LY8KRvIsPEA9qPVqEj34/sGzZr93c+5THSdTVWMKr4v\nHf3EvGOaxIwM+NwKFN3ReM7n7SQa/QdvSm7Bjp/TjoFO5Z3+cF6K8tlWyrPqWy/R\nIiw45VEcynfMsyfQZRnv6gR5eRndeF5nHySphZ9zEZR4eJaIOudb48M7vuBuAdXO\nyrbvdNkYUOWlRKNrEB5LzjBqtriCrYx5AXhELAgN0FfJ2Vn0Gpl2LQ==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:27Z" SessionIndex="id-lLCB5nin7hN18brm3"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-09ybzj3h23uaikU6o'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmptd7h5_08.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmptd7h5_08.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f8422a856d0>

    def test_response_2(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        cert_str, cert_key_str = generate_cert()
    
        cert = {"cert": cert_str, "key": cert_key_str}
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=False,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_advice=cert_str,
        )

tests/test_51_client.py:549: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response
    response = signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-0UjblDJ12ZM8q9dMZ" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:27Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-0UjblDJ12ZM8q9dMZ"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-09ybzj3h23uaikU6o" IssueInstant="2024-09-12T12:13:27Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-09ybzj3h23uaikU6o"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">ff1e561fb537a68bf4331013320261f8141f5fab2dba57f58ae99a76218d6cd9</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:27Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:27Z" NotOnOrAfter="2024-09-12T12:18:27Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_db4c5962-2ec0-4865-8b66-16187681fcab" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_4d670b36-672f-42b9-9da6-018a3b569cfc"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzI3WhcNMzQwOTEwMTIxMzI3WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA0OwX0GrH9sudBmgTYSmTyAbZo+TGrt9341WHljKbtn9GFbfHVdw263a1\n2r4/ogD0shNq50mA8D2AhK23TXO+uIvxYatKssF0bHLo4UABvpfTBwzz6uCUnncV\n9G5utAfW0UWxZbAoLjn42rYq6x0IkHFNQ5leN09U1H87g8uWKN9vUjgcBspTj0Dt\nLc9XWTjNDgunPhbhfEQvL7yUhKBr1yscxfKO/VBryC8JketrlfpQxfhWkCISaSCw\nBnBaYeid6I6X/colVrqljvoWE90/KtvHWOZVdI1BLWK0NVNE6dcxSoxxVV53jY2f\ndeHnLXfkWyyAbinr1Dr4DDJ2VP6axwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAHxV\nF6cluHtlIisHImyi9PechHl0Me5pXNh/5M9sES7sedeGGjSrouAToHwXg4d53TeN\ndohf7E5MgN3yPx6BmmVvLbuL/zfXp+AEB7sSad8tr/qiN56PrWYBtL1yr48PW+DW\nfVR6fb2z0IVFvarOisr+A9kc+fdAhOFym9qzqVwR</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>gUdwsDiEmZNKBm6g1eu919Xo7J2bJRIE9kileOzgtNUuJH2urix1LnU13ZVDU5gg\n3gRI4Hfadh45xZqUD5L8lCbI7bSFv2YvKaadlzMRuSGQOcnGiIRZh7MkGcYdluGL\nEWl/IBJOFDWWRNyN5v5IEMrFJr5MeeeDnrubhD4PQy+nTqLApNxEzYzyacah110a\njm8KNGpbOpogGvH79caUOtXU2WxItLgdtCzgSaBKBrY4HIN3Udkfl+LUNsiFRXFX\nkgQ/NV0on8r5goyA8Sp6XfTrq7p78csImBszOemPrC7acwkeZX480x77wLkl/RLl\n172iQFYhEhLz/aN4yjmn2g==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>PBU9Z7S54MNnVbUM6CPxdLBGORsxfn/8z1Ht79+4fhxna+FgLM51iSE+yAvebrT3\nqjzIvHqSZeeunvF1Cx83JWl+T81aEBHQIMpsVhdwYyxPLjRZ+4kDimgTez8CQfMf\n3goNnwMuCqZFAr7nObAbVUQpO3DJWLmqWZ/ot9vQVEdVxuhGiWWzMYrBRav8aTcp\nIW0cKPwi7MNqmu54oInfothc9ltRx0b1se0x+DQeqPnyN+wLCVc3sThwhssIWaE+\nni5JKnzTIim/hzVU17i0u7HGazsFEU0wAq4d3RoL3wk9mMeXOdfYb7YeodIhqK4d\nbcoi7Gd8qmLJdlGXRFDzCALaJdb6nw1Gz4N3u84gQW3b9uJ/FCto+uU9qW8jgbs4\nSJXnUgn1Lem3+ecODPSGwAG4mBY7ZA1CzvghoFzM9sBxO6hK6YIsJb0DvL+4SdXM\n/IrV91j2M7MQMnIi9zwS6SB27vxv8GZ/BI9XCi3Yj0HVfnw4zM6noXN3FkK1NGlv\nP0y/cn3mc/KsDByj8/DhqenBfb66p8vV9GMzphnBy3T8RUqrRH1If0lS+Jfrjye8\nB5BY6V4cGf/bjGdQeR/CeC9rAJ4hY437GGntbDYbLdbevGOnNSnXPO3RA1pvLrUu\ntFNftQJU1Ykemgc+Tu2uDS861zrOAC37/bjSboMUb5O9FFpmi+HBinwS7UsqwGbS\nwh6isgWBxZfZ3qLKDClTr2mXBWdbzX5NcoS+3YFmy4sdoEWCP/3gCHn4R4ykSSKw\ncUP8hYaQLaddmzgvnNVuzJ/J25PZHcIXLZdTOqhB40OugSOpCKefesnbciBFDFt+\n5veB8eH5ctqb9TYBoSo8xi8Uqwx0+PmC2oVblmOTc7vJsuQo4o4HaP+RGkKvdrIU\nnt2m9e8qTgKaQU1Wu+01tHmN4O2I5VmLcGTg+CAgiYI4uHc07pKeaVS3gdYE9/Cb\nNzUZJdFjXexmTogj8CSmC7NytPjVMvITUCd3G1bPY53+CRF4MhzhyEdM4EpFIkjC\n6nQrvip067XLxUqd5nWE1NsG4tKVuhb5AR0cCMCTfthRLRowl3g8+NA7KflAAego\nYjIfJEJ2kbCeOTuAxxRL6ReAwCQFRhhYZGbJwhNS5YI7LMsOjtA+fFzFS+C4b4Tf\nmZmnC5yhr5e5CQGYSvGniHGxdlNcZk6qss3PqwYSm8ziT44KmhUUiB+t6OX/P7Y0\n+tYw66awcqx0OUS2sdlt9hi6Eljf2m1yjB34nnHpojc4D+cMwsGKKj+F7NfD4Ukk\nzre52vC341LqokiJeNl/wsG+PJDO8QEdfYknl1q+CS3ZHLZdqrYeVVm9BWqjNlXO\nAmtcJC+WGFrCKWl6ydABv4hwtT4pxNaYsLJEUcAcbfmdRr9Dm5CZgPGNogMdE4iq\nOK8mcZsT7x4036EoyHRcE1cSUGTIJECdhW04GfNJVwHaIW3M3nAu+m/ESH6xAk+W\nvLZSyzOouF9ML8avWI6awe5x6VyYVO7eqHEzDR3cLan5tT2luL+NRJja9pbj0cQW\n8MAPSvqeIHsTJmNBgg6Y0ZSVi3i0yUUPtOP9T56JjCkWVROKIsWyq/KTiNu0dyIF\nhrG/yRxGzPIevNG13kPxk5e5PldGBgl2NomFsorbvTPsZDwBW8p7T3KCx3tXWmWm\n+TDT2hyGuBqE+R/JIjF8/U2PlUSeCUBkXwjcalhlGto1DWr8LHChV1qE1QKxZze0\nn9muiQrpTtDREC21akZUaQUWFSa8n7EaRVJz7bJZfAvm7xcZtuYrJ5veFsQ93Xoj\nyhi8A89EvHeNqsM5txJ4LcO+iOaxy6sd5xiQau6qFtUIywUY6farIRIHuYNwJlBq\nM5x+iBo/RtY0t8puFvA3Uo6nLEVArdTxHqQxds/qQ9BwMKix1OxZhdLqSUQvbcup\nQkmv7/+mLXThqFdqiDeGmQy/9KVOD61jkhiLEf55BXHHkoRpWdM8zoT0gFMH0+Sf\nEEHBBbOxXQji5ZrzI8W6c5BgNaobeyRxOHDG1v6z8QmoCzIVPj28a/nih4A/phz6\nQT9X2B9jOuIFP1xxFwdpX4g0ZxMalCJrzkP2VNCvdMHRPIo/iiH6aQy/X5v1ooUU\naTKFfx/DTh1NXy2jBgT9LrYDaqU6rG996VWx/pI7ps+rSYIn/Ci8YLEJyUyLIkOK\ntvbPkgehqiURwTvU/syD9LY8KRvIsPEA9qPVqEj34/sGzZr93c+5THSdTVWMKr4v\nHf3EvGOaxIwM+NwKFN3ReM7n7SQa/QdvSm7Bjp/TjoFO5Z3+cF6K8tlWyrPqWy/R\nIiw45VEcynfMsyfQZRnv6gR5eRndeF5nHySphZ9zEZR4eJaIOudb48M7vuBuAdXO\nyrbvdNkYUOWlRKNrEB5LzjBqtriCrYx5AXhELAgN0FfJ2Vn0Gpl2LQ==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:27Z" SessionIndex="id-lLCB5nin7hN18brm3"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-09ybzj3h23uaikU6o'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-09ybzj3h23uaikU6o', '--output', '/tmp/tmpcei6nf9t.xml', '/tmp/tmptd7h5_08.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmptd7h5_08.xml"

output=
__________________________ TestClient.test_response_3 __________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-mRsFvAZHWb3lUKegK" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:27Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-mRsFvAZHWb3lUKegK"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-LzTN0K1K7sytzxPbe" IssueInstant="2024-09-12T12:13:27Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-LzTN0K1K7sytzxPbe"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">86b65f0a3f050f6f3f132881254f366fee21209b35daebf8408ee509b528d0da</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:27Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:27Z" NotOnOrAfter="2024-09-12T12:18:27Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_c4d7f022-ca00-4f79-a370-8d1ded9e0c76" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_16b3d491-d9f3-40f2-8cf8-2cfd932ef7d9"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>UBmKWVd/bYVFcx4CVELJz+hV+wfJhGB6jgwWf+gCdfXnj8qBwA6alle2u96RDBKE\ntXaCr6LyAWBbeOlmD+nXB00cHa9dpo9MJuCT6CJDcq4iBCYXxKQeaDKOdkm7vCNr\nJB29S9mcKlCpVUQmVDxcbeJyWJ68XkNizGhQa1qtgsI=</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>wBvTm5RI1ZQdZ4+xadC/FXTFoz5GuxJ7QFDceQSEgsYvXDIYzywg6+dgROI3Bw+l\nFqMHsYV1B/LC7ti7ivrselfi1acB4yM8X3iLFgEqbHEKhKzpfTS/wii2d9SqfL6j\nJjOdP0EqT+qzhj8I9oe1xlYHWwL2XyK0S2m/lh0oXe41Tg10/RLlWDV/bhVEaWOS\nUNctkswHa9xUfpzSnyihj7sRRYA7+kjz0Z6ianh6fZEAISQcA5pIUsabxkhOCHmo\naIUW7LkOnGrZzPmLCd0/5h4nSQPAGA3VNcYmuURwIk69MqWG2eVowynl1yXOWCTj\nafmxAZnQx5X080LNYAeyNxVetnjHdPm6EPUqSBfgzuVHgl6q9fdY7djX616WjVFm\nZQfivW/rZuRwKCtBorqCnysMGDHDJtdYLGRDMV0O8e5qKWGAy/a9+ChwfLNDSUzI\nwmr+MfnywsgbNH5moMGFsDCLjcWY3WftCqlMp3VFLpYkRM3SWAFmJipSmwFyJfGr\nOvvngNj2lghlEd+Zs8V4lg7AfAJBjxxjQqJcl6mmmcis7LwYk/n5dAxZpEccKQxD\nowfkO4UxfNtdBC2EKLwsthZ7umhjYCY7kyAFqSazOAdfQ6wmZFEh7XqLKTd8ulB1\nOqowezVJLU0FnbsYIre3lxHDfGFKkh0Qo0miJ+osYcEuPrUhxvSJvvOCYKBzGe33\n12hZbmX4epsQZh6xVVWx5L2eD2c+mr/mF6aYeRxInIWWN72OFtvYD+odnO/DjdLw\nskhqFnamtTkYcXBfyFGrnmtfgz0auiURjiklh3kgFQ7h/wMWTTEiTLhnss2ojd88\nzFmhlKQg8+X95bt1e4QgwL05HPnb6IEpt4G+CqRj3gxLlhbqYtozm9wyvSfBVFyZ\nVoJOpS/AKRwjKvCFDr4DxYzLpU6Q9axNKze/NYhfgSvUHmWTqscxbIAI26V0q4OC\nUYJ04q84s+s3XNVjUxPrb7RXfAJZfdgxWMsSwxihqSR8FCm4AYWcVU6MqmrUirDL\nWKBhMXedUjGLYr+mg9yL6GxU9e8nhpwdf0foWeGIZbDrGxxOLP7LoJfXfCkOqOz/\noSFHJhVPRgm2H1JqebFC8xvEmKGHZyTUnLU75b7q+ebuFqU8tgkvP+1hNZeLg4Mc\nz8GJzcoSOQHvccSMvj0UOCwOoWKQqwHue1S3MDBPteVVzvMReejUeICHpwveYEMc\nSO3mBNvrRxKLh9rneR4qjXonSJPqQGREgkNaWoe12R50CdUjBpJzS71G4WOZWzUQ\nzazfyyqIKg1Dee1SFHIuYtO4foVQuzkBR1eer5QQrK+9/uUPo05m2+cJba8J8zxu\nza+71XFbqEDkT8xk+jsHHwAdaoImSY5N5GMrjkicoWfavbHaxgg6cDdqGEmajXfd\nRzY43L5nCGIe/385W6+oGqA/35Qc7zPQ/F7ab0FdE5iZlX74ZiuG+N8WlRwlN2nW\nu7VN+le2ie7Atyi4ezBnv17+wYGJ7p4zKLgowcKbyrsEB6Ig6Qvt5ZBv1s5J09K/\nvEiYnRrmU+mqQX/3Pw76iQK0wfWeAGjNKfbf4c/7WjczaiyQyAeisTTnmbNT/WPE\nwREUxZDWuEiBh9htStBJBuVyLGpLfUfTtCBFr4ROoz/T4gTEOk34c3QspM4SUWGL\n/Rgtj9ZseBsgR1mbBRiQsJexnzuHGRjsp7blmFddiMyKWpxqafaKKvhEkX9OZ+A5\nWfyIqrRCSGixlWSZgXQs1O/CDJPDlSUGoynvQawZavekFpjfx2cedPPRSJreCa8P\n7injilpep0+bP716JupZvIuAJ8NWyPIzpSPtwcFMZrBVRmX78PRtdsq+RFblxmFT\nLltPPx0Gv6tCWEveJB8j4iUEQWeDkPXoiXMWWqrwXMQnkVLaRvv6vv//8jyasD7y\nXXy6q1Q3pI3KZm0t5byvDfSYK+L/2666IZP1lYqY8RlE7xbe6jHj2dufQkmtEXOC\nngLOlRSCVJ3cZmoT5CPqXf4yJh/egnmAsnv3m7XELjyBiFTIxBUFvziL1S4KrSdk\n+mB2FWIS/5sDsgorK0o2yzD54gHwOe7mJZTHBzGXyR+plkFp7NM8cIaOT5GGLS3x\n7pxhidlrNPVlzJSMNHjGwj9DSSbQjgRBbs4M81nSk8CYFvL8BlGmb5pFi5ououyo\n6wrOTb6I8CZoADT8pqRNbR6QYDW+TqU8pZcQMveLjENkUVhJHyzBRCRX21RB1xnz\no7CIhs2MIsSb+hXXDJ9BMVNFZH1NZ+rYgJURjdYzXSiEznGQRsbNRNXGiKuSXzSA\nTEKHiyQgfzle38DBh3xZvTqt0X88hVbSe9e3907It1qZ6Lv0VPsPG4A1mZaTiC8W\nS1YBkSsKx2P7lBTMW7Ckf9tjh7rqjzCRaLGBHl0EYf1UXvLZ84AGNQ==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:27Z" SessionIndex="id-nh8qeEl9yBQ1JASTA"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-LzTN0K1K7sytzxPbe'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpu_jg1pmq.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpu_jg1pmq.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f842246c9f0>

    def test_response_3(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=False,
            encrypt_assertion_self_contained=True,
            pefim=True,
        )

tests/test_51_client.py:584: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response
    response = signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-mRsFvAZHWb3lUKegK" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:27Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-mRsFvAZHWb3lUKegK"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-LzTN0K1K7sytzxPbe" IssueInstant="2024-09-12T12:13:27Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-LzTN0K1K7sytzxPbe"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">86b65f0a3f050f6f3f132881254f366fee21209b35daebf8408ee509b528d0da</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:27Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:27Z" NotOnOrAfter="2024-09-12T12:18:27Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_c4d7f022-ca00-4f79-a370-8d1ded9e0c76" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_16b3d491-d9f3-40f2-8cf8-2cfd932ef7d9"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>UBmKWVd/bYVFcx4CVELJz+hV+wfJhGB6jgwWf+gCdfXnj8qBwA6alle2u96RDBKE\ntXaCr6LyAWBbeOlmD+nXB00cHa9dpo9MJuCT6CJDcq4iBCYXxKQeaDKOdkm7vCNr\nJB29S9mcKlCpVUQmVDxcbeJyWJ68XkNizGhQa1qtgsI=</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>wBvTm5RI1ZQdZ4+xadC/FXTFoz5GuxJ7QFDceQSEgsYvXDIYzywg6+dgROI3Bw+l\nFqMHsYV1B/LC7ti7ivrselfi1acB4yM8X3iLFgEqbHEKhKzpfTS/wii2d9SqfL6j\nJjOdP0EqT+qzhj8I9oe1xlYHWwL2XyK0S2m/lh0oXe41Tg10/RLlWDV/bhVEaWOS\nUNctkswHa9xUfpzSnyihj7sRRYA7+kjz0Z6ianh6fZEAISQcA5pIUsabxkhOCHmo\naIUW7LkOnGrZzPmLCd0/5h4nSQPAGA3VNcYmuURwIk69MqWG2eVowynl1yXOWCTj\nafmxAZnQx5X080LNYAeyNxVetnjHdPm6EPUqSBfgzuVHgl6q9fdY7djX616WjVFm\nZQfivW/rZuRwKCtBorqCnysMGDHDJtdYLGRDMV0O8e5qKWGAy/a9+ChwfLNDSUzI\nwmr+MfnywsgbNH5moMGFsDCLjcWY3WftCqlMp3VFLpYkRM3SWAFmJipSmwFyJfGr\nOvvngNj2lghlEd+Zs8V4lg7AfAJBjxxjQqJcl6mmmcis7LwYk/n5dAxZpEccKQxD\nowfkO4UxfNtdBC2EKLwsthZ7umhjYCY7kyAFqSazOAdfQ6wmZFEh7XqLKTd8ulB1\nOqowezVJLU0FnbsYIre3lxHDfGFKkh0Qo0miJ+osYcEuPrUhxvSJvvOCYKBzGe33\n12hZbmX4epsQZh6xVVWx5L2eD2c+mr/mF6aYeRxInIWWN72OFtvYD+odnO/DjdLw\nskhqFnamtTkYcXBfyFGrnmtfgz0auiURjiklh3kgFQ7h/wMWTTEiTLhnss2ojd88\nzFmhlKQg8+X95bt1e4QgwL05HPnb6IEpt4G+CqRj3gxLlhbqYtozm9wyvSfBVFyZ\nVoJOpS/AKRwjKvCFDr4DxYzLpU6Q9axNKze/NYhfgSvUHmWTqscxbIAI26V0q4OC\nUYJ04q84s+s3XNVjUxPrb7RXfAJZfdgxWMsSwxihqSR8FCm4AYWcVU6MqmrUirDL\nWKBhMXedUjGLYr+mg9yL6GxU9e8nhpwdf0foWeGIZbDrGxxOLP7LoJfXfCkOqOz/\noSFHJhVPRgm2H1JqebFC8xvEmKGHZyTUnLU75b7q+ebuFqU8tgkvP+1hNZeLg4Mc\nz8GJzcoSOQHvccSMvj0UOCwOoWKQqwHue1S3MDBPteVVzvMReejUeICHpwveYEMc\nSO3mBNvrRxKLh9rneR4qjXonSJPqQGREgkNaWoe12R50CdUjBpJzS71G4WOZWzUQ\nzazfyyqIKg1Dee1SFHIuYtO4foVQuzkBR1eer5QQrK+9/uUPo05m2+cJba8J8zxu\nza+71XFbqEDkT8xk+jsHHwAdaoImSY5N5GMrjkicoWfavbHaxgg6cDdqGEmajXfd\nRzY43L5nCGIe/385W6+oGqA/35Qc7zPQ/F7ab0FdE5iZlX74ZiuG+N8WlRwlN2nW\nu7VN+le2ie7Atyi4ezBnv17+wYGJ7p4zKLgowcKbyrsEB6Ig6Qvt5ZBv1s5J09K/\nvEiYnRrmU+mqQX/3Pw76iQK0wfWeAGjNKfbf4c/7WjczaiyQyAeisTTnmbNT/WPE\nwREUxZDWuEiBh9htStBJBuVyLGpLfUfTtCBFr4ROoz/T4gTEOk34c3QspM4SUWGL\n/Rgtj9ZseBsgR1mbBRiQsJexnzuHGRjsp7blmFddiMyKWpxqafaKKvhEkX9OZ+A5\nWfyIqrRCSGixlWSZgXQs1O/CDJPDlSUGoynvQawZavekFpjfx2cedPPRSJreCa8P\n7injilpep0+bP716JupZvIuAJ8NWyPIzpSPtwcFMZrBVRmX78PRtdsq+RFblxmFT\nLltPPx0Gv6tCWEveJB8j4iUEQWeDkPXoiXMWWqrwXMQnkVLaRvv6vv//8jyasD7y\nXXy6q1Q3pI3KZm0t5byvDfSYK+L/2666IZP1lYqY8RlE7xbe6jHj2dufQkmtEXOC\nngLOlRSCVJ3cZmoT5CPqXf4yJh/egnmAsnv3m7XELjyBiFTIxBUFvziL1S4KrSdk\n+mB2FWIS/5sDsgorK0o2yzD54gHwOe7mJZTHBzGXyR+plkFp7NM8cIaOT5GGLS3x\n7pxhidlrNPVlzJSMNHjGwj9DSSbQjgRBbs4M81nSk8CYFvL8BlGmb5pFi5ououyo\n6wrOTb6I8CZoADT8pqRNbR6QYDW+TqU8pZcQMveLjENkUVhJHyzBRCRX21RB1xnz\no7CIhs2MIsSb+hXXDJ9BMVNFZH1NZ+rYgJURjdYzXSiEznGQRsbNRNXGiKuSXzSA\nTEKHiyQgfzle38DBh3xZvTqt0X88hVbSe9e3907It1qZ6Lv0VPsPG4A1mZaTiC8W\nS1YBkSsKx2P7lBTMW7Ckf9tjh7rqjzCRaLGBHl0EYf1UXvLZ84AGNQ==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:27Z" SessionIndex="id-nh8qeEl9yBQ1JASTA"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-LzTN0K1K7sytzxPbe'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-LzTN0K1K7sytzxPbe', '--output', '/tmp/tmpo21h8tog.xml', '/tmp/tmpu_jg1pmq.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpu_jg1pmq.xml"

output=
__________________________ TestClient.test_response_4 __________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-bkqQ5EZZWuNFLicyj" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:27Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-bkqQ5EZZWuNFLicyj"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-bYkpM99vt8tPSlTdY" IssueInstant="2024-09-12T12:13:27Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-bYkpM99vt8tPSlTdY"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">0c0446cf878452e35c119ff6e87024ce94eb13bc85d87af828ff41a4c383ca2b</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:27Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:27Z" NotOnOrAfter="2024-09-12T12:18:27Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_08c028a9-459e-4a01-a515-8cca288ea9b2" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_d8042ef1-c994-40a2-a8fe-3a6a06e32211"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>QC3LVUHMCOn42bQuqHzK91puprErGZiQu/n2zyCz9IUu4N5iIpN/SoftXkOYQX5A\nAx0ltKw6a0n5JFHM3jO05CtrKFBy+S8gnZVhTOQocn1RKjrBNjJsLWflVcCNF8ag\nykAX29kA8oXt4Rf+Fr0k0vyfAoVNzmaCiAzFB7m8w/0=</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>NiFSOZM5wjymoFBC8XOBa92pGH+CYA/ajkjLpxHnk2NXauxDuzb+XQPk2SCYJ8RK\ncUR11VjiUWDkVEcBa1nCeJrE85WgfhLkUSPAEouVAjkgkH1tB8dBAFMpTUZaZnH9\nNZD2c7zo1VV+TjtUmzxsu8ecROUZLC1uWfolbi/+wziVNad6lj5Jjy311EjkM7Vp\n8y5i9WCokP+RgSeVZFw7CznUq639d8Ne0ExxpyDn4eYBx/AtaUw9Z1YM+UrMpaUA\nrbwMdviipstwev6fwnkNEsRa4IlsJkhYe6fFf/QGorcc+BhTCdEUizvgb6xke/bV\nXLxw2YohY18oW4ELJ2TISbu70M74wjXpzunMjSyqF6a49f4ohOtbHZTpDe5SR5/8\nS2d3uumjWz6cSaJ/4fE8wzL8f51ESP9Ybz6tBP4P1UQD5nbocbAcBa5mn9iwTg1b\nGdnsxjHJNnnNg3WAZ9lQQkwwRwXYvKqvijcIQ2lJTeLsF9jpT3n16tw1Oa61Co7J\nEOZlJd+8tgwUIJTEHO4qJFY6KzY2kW4h2W2UxpZdndNDc/SLG6jwCbjPDUoznOSp\neKILIWBglAT7LE6mA1fp4z2DsqUWwzby0R3HHWhNwZNHtuiBefCB4+iIA0zguE+P\nfYOSZfgDq0rBBsVmbs+iSlUUe3eV6ghpz6dwKc0viohMl+VMdJ7go0FkyQAwqR/T\n6i0emdbbUK4KNEL6z7J9yYUiEnjCdGPQyWnHpYkjE0vZK7Oi98BZ59gieqSaRoiB\nSNX0L6g7egEmHjL7bCqmnGAZgJRcWI7OOyesAYs8TafAzSkxwZWYePPwg4J6tiqz\ndeKhD2QX562qAVwDcRkAb9/vdC3DYbcjo/oThu7EcHBO9Qk2HCAnvwO5QsIqY0Om\npm+i6Vi4x1GOaypY4bhmolsDk4t1nDT0R2jCBJeGyX6cOo+xgKoJTBmcyuiZcXE5\n7UBqzEdHU+qrcG61rybqG3rgBMakVKVw9rCuO9jFB/1lcW+UISqWnyucBIZW3JMm\nufdhI5yRzqf0psFtoEqGKGyAYTk5A2/lqUmBFHj3MumjDViipPNhWWYQYbpUMavV\nI2QiMn6jIamLFnl35opN67nZ4LusEa7uCiuI09cpDJ5U490bDWcXRDAASbx59Kal\nfIVU8MuKqgspYmxxTIgmgM+Sk0q4yYX8wN/w0NRkuehWo6NOZctyZ2lg6a1jWS/E\nLNoy2/jfzUJJx8l2xwXRL6DWm+Vs31+hvGNIOHk2MbUINZFd+tPCrRNDfnlLcZtF\nhfi2Tym6fVAWw4hG1RHB6bX8Hs0LY8W085uhalgWpbAbyEvtrsYA9IhdpnmmQ7wI\nxHFonvfUCiedjaZhDhAR0NsLKl7ks3BRGqTt5ouRA/jgYlo7Zl6DosfASR7PQfGf\nRnh49m97AyFIngCWtYRYGdnjnO/1A94VXlT1XH80I4zfp0JymuxRkHrsKyzw+MvU\nqjNdSIQkWWDbWFIUV9gSZjDEWU/wc6gdXLIYKazFC9dKeS/8qbjC1IQ7x9XrK+uK\nC5e0g/6aR7zvWBJabXUaE3ZrO44UscCBksuEJpPtSxEUZMTMTqrDVF79zpf0PFX8\n+L3c6195ccLJIiIvSPIeUL93PVrPJ6L21lAJE6gn0aZrpVssSHYpw4c9iwnqx4Rf\niNHN0q6zgllSqERcLzpTH6X/R592SR6k/9FH0Dd14CFsuOO6x3A1XlDpCJQil4tR\nHfQBdcVHRWqFs714Yxv9gnPGuQKCk0ntW03BFckL6rIdbVLbeNhUmpY2WIaAtRc6\nZyt59EdWS+a5G9BqIDiWwoiFIRK37V6JLpPEM8mWeok55s0V+Od+1sVmBrzJ5eLN\n/Mec1iQGNC1FFhTP67nQco5Zl5/jJ285dZ+Z5R1V3rWDHdKIeTcz4KeGDA/ImBDh\nmQD++9vepgmaXOGAT4E+MpeET7BB6pzDpUfUalb4XLNzSiNOTuT40awhTe7RKROY\nuonGDpUKNaYuYhSHCCqQhqUHZn839s5338Dou5r9PanXVDUV/CCO3VpXz+Ov7erb\nFNOowdLU/sbZwTfSq5f6naPKul+nNHX3eQ2lH2Dn7pY3gtZ2fwKb+evK/DALef9X\nt04WqqqT93T+ifTnHbehpSktwuim5Yu+pLo9CrsZRPlowS0+EAMSAtgFocLvveVG\nAAnsNuC57jxT9wBqfaK2gSkKBZRpef119R2Lk+vi1u9V+2+boMqh5Beadz7TgpE9\ny1ni7Cc1L0x+PgyEEJ2G7jLbt1JlFi7WSF8Ka76b6WKgPgeiJ+1B0h0wjj3S+QAv\n0KJdMbjEWAG39fSgjfHxZEOuyxWIqr0hcyv4cXUML/yQFCfxIpo9rTS42OEM7tZn\nlP6LgQtvlf9uS3PFiNSrZwAREOPgroyJ8EUFCxzs4zLVDeJKSmnNfQ==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:27Z" SessionIndex="id-Ir9ep5kkaDvhoivIe"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-bYkpM99vt8tPSlTdY'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp7ulbov_7.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp7ulbov_7.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f842246cb50>

    def test_response_4(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            pefim=True,
        )

tests/test_51_client.py:618: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-bkqQ5EZZWuNFLicyj" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:27Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-bkqQ5EZZWuNFLicyj"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-bYkpM99vt8tPSlTdY" IssueInstant="2024-09-12T12:13:27Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-bYkpM99vt8tPSlTdY"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">0c0446cf878452e35c119ff6e87024ce94eb13bc85d87af828ff41a4c383ca2b</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:27Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:27Z" NotOnOrAfter="2024-09-12T12:18:27Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_08c028a9-459e-4a01-a515-8cca288ea9b2" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_d8042ef1-c994-40a2-a8fe-3a6a06e32211"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>QC3LVUHMCOn42bQuqHzK91puprErGZiQu/n2zyCz9IUu4N5iIpN/SoftXkOYQX5A\nAx0ltKw6a0n5JFHM3jO05CtrKFBy+S8gnZVhTOQocn1RKjrBNjJsLWflVcCNF8ag\nykAX29kA8oXt4Rf+Fr0k0vyfAoVNzmaCiAzFB7m8w/0=</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>NiFSOZM5wjymoFBC8XOBa92pGH+CYA/ajkjLpxHnk2NXauxDuzb+XQPk2SCYJ8RK\ncUR11VjiUWDkVEcBa1nCeJrE85WgfhLkUSPAEouVAjkgkH1tB8dBAFMpTUZaZnH9\nNZD2c7zo1VV+TjtUmzxsu8ecROUZLC1uWfolbi/+wziVNad6lj5Jjy311EjkM7Vp\n8y5i9WCokP+RgSeVZFw7CznUq639d8Ne0ExxpyDn4eYBx/AtaUw9Z1YM+UrMpaUA\nrbwMdviipstwev6fwnkNEsRa4IlsJkhYe6fFf/QGorcc+BhTCdEUizvgb6xke/bV\nXLxw2YohY18oW4ELJ2TISbu70M74wjXpzunMjSyqF6a49f4ohOtbHZTpDe5SR5/8\nS2d3uumjWz6cSaJ/4fE8wzL8f51ESP9Ybz6tBP4P1UQD5nbocbAcBa5mn9iwTg1b\nGdnsxjHJNnnNg3WAZ9lQQkwwRwXYvKqvijcIQ2lJTeLsF9jpT3n16tw1Oa61Co7J\nEOZlJd+8tgwUIJTEHO4qJFY6KzY2kW4h2W2UxpZdndNDc/SLG6jwCbjPDUoznOSp\neKILIWBglAT7LE6mA1fp4z2DsqUWwzby0R3HHWhNwZNHtuiBefCB4+iIA0zguE+P\nfYOSZfgDq0rBBsVmbs+iSlUUe3eV6ghpz6dwKc0viohMl+VMdJ7go0FkyQAwqR/T\n6i0emdbbUK4KNEL6z7J9yYUiEnjCdGPQyWnHpYkjE0vZK7Oi98BZ59gieqSaRoiB\nSNX0L6g7egEmHjL7bCqmnGAZgJRcWI7OOyesAYs8TafAzSkxwZWYePPwg4J6tiqz\ndeKhD2QX562qAVwDcRkAb9/vdC3DYbcjo/oThu7EcHBO9Qk2HCAnvwO5QsIqY0Om\npm+i6Vi4x1GOaypY4bhmolsDk4t1nDT0R2jCBJeGyX6cOo+xgKoJTBmcyuiZcXE5\n7UBqzEdHU+qrcG61rybqG3rgBMakVKVw9rCuO9jFB/1lcW+UISqWnyucBIZW3JMm\nufdhI5yRzqf0psFtoEqGKGyAYTk5A2/lqUmBFHj3MumjDViipPNhWWYQYbpUMavV\nI2QiMn6jIamLFnl35opN67nZ4LusEa7uCiuI09cpDJ5U490bDWcXRDAASbx59Kal\nfIVU8MuKqgspYmxxTIgmgM+Sk0q4yYX8wN/w0NRkuehWo6NOZctyZ2lg6a1jWS/E\nLNoy2/jfzUJJx8l2xwXRL6DWm+Vs31+hvGNIOHk2MbUINZFd+tPCrRNDfnlLcZtF\nhfi2Tym6fVAWw4hG1RHB6bX8Hs0LY8W085uhalgWpbAbyEvtrsYA9IhdpnmmQ7wI\nxHFonvfUCiedjaZhDhAR0NsLKl7ks3BRGqTt5ouRA/jgYlo7Zl6DosfASR7PQfGf\nRnh49m97AyFIngCWtYRYGdnjnO/1A94VXlT1XH80I4zfp0JymuxRkHrsKyzw+MvU\nqjNdSIQkWWDbWFIUV9gSZjDEWU/wc6gdXLIYKazFC9dKeS/8qbjC1IQ7x9XrK+uK\nC5e0g/6aR7zvWBJabXUaE3ZrO44UscCBksuEJpPtSxEUZMTMTqrDVF79zpf0PFX8\n+L3c6195ccLJIiIvSPIeUL93PVrPJ6L21lAJE6gn0aZrpVssSHYpw4c9iwnqx4Rf\niNHN0q6zgllSqERcLzpTH6X/R592SR6k/9FH0Dd14CFsuOO6x3A1XlDpCJQil4tR\nHfQBdcVHRWqFs714Yxv9gnPGuQKCk0ntW03BFckL6rIdbVLbeNhUmpY2WIaAtRc6\nZyt59EdWS+a5G9BqIDiWwoiFIRK37V6JLpPEM8mWeok55s0V+Od+1sVmBrzJ5eLN\n/Mec1iQGNC1FFhTP67nQco5Zl5/jJ285dZ+Z5R1V3rWDHdKIeTcz4KeGDA/ImBDh\nmQD++9vepgmaXOGAT4E+MpeET7BB6pzDpUfUalb4XLNzSiNOTuT40awhTe7RKROY\nuonGDpUKNaYuYhSHCCqQhqUHZn839s5338Dou5r9PanXVDUV/CCO3VpXz+Ov7erb\nFNOowdLU/sbZwTfSq5f6naPKul+nNHX3eQ2lH2Dn7pY3gtZ2fwKb+evK/DALef9X\nt04WqqqT93T+ifTnHbehpSktwuim5Yu+pLo9CrsZRPlowS0+EAMSAtgFocLvveVG\nAAnsNuC57jxT9wBqfaK2gSkKBZRpef119R2Lk+vi1u9V+2+boMqh5Beadz7TgpE9\ny1ni7Cc1L0x+PgyEEJ2G7jLbt1JlFi7WSF8Ka76b6WKgPgeiJ+1B0h0wjj3S+QAv\n0KJdMbjEWAG39fSgjfHxZEOuyxWIqr0hcyv4cXUML/yQFCfxIpo9rTS42OEM7tZn\nlP6LgQtvlf9uS3PFiNSrZwAREOPgroyJ8EUFCxzs4zLVDeJKSmnNfQ==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:27Z" SessionIndex="id-Ir9ep5kkaDvhoivIe"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-bYkpM99vt8tPSlTdY'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-bYkpM99vt8tPSlTdY', '--output', '/tmp/tmpzh01mbjg.xml', '/tmp/tmp7ulbov_7.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp7ulbov_7.xml"

output=
__________________________ TestClient.test_response_5 __________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-cxAc1fJW1ZVbJoJ24" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:28Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-cxAc1fJW1ZVbJoJ24"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-x0h58WBQZegvZpN30" IssueInstant="2024-09-12T12:13:28Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-x0h58WBQZegvZpN30"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">63c12be6b9ae493138abee57eb750ad911f298f6965a024b8d2d74bccc58e235</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:28Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:28Z" NotOnOrAfter="2024-09-12T12:18:28Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_1fa633a8-0c96-4a05-ba4f-784594e4b733" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_bd46105c-7a14-4b0f-90c6-509d58a8c68c"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>TDBKTfJRwS+AxAlV0sEyYKYYHO+XdfAHdj3pXdLuVXEKxPodxfEJMBacDQDreIsC\nqgnlzF3g8T0OmD0hN9k3i00SN65JHCz6sWfznxUg1A01jp5B5RHN2ZaPlMniiV1F\nmqUtHz+uiXJ9VT97HG+eJooxMZJNP1OZUv/kWf3/z6o=</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>47A2ahRvc5iWanHToddamqQHFpxihvRLOaQzrBEo1ZM9YgK5EJLs1sQAny9lpy0q\nCE5nQSaoEdyfErWXt2r+rEmEDw75f5aMtf/tauQ/shjxGWYDQExHsMpm2axH1qPS\nYGvj0wmPGfr4J3BjUiypafFRYYUK1+TaPHP+kE8HKnDv+ebgNqbjLS6QjyEehj/4\nTgWFylpJ/j6DMcAheAn3j346oUWWloEar5MpnPIbW1p4nDqd6BRj8gwXLmFe3fpD\nHIUTLxA1FQWqpplu2SHrHHbetCFeI/6N6t2vUiJ8mT2s35CZjmmDTBr0Z90x5hPu\npFvqa9LQoKI8eViMEJZaVFl6PQ1WPpnIzsF4EuTNsoyYFhKOS5clY+SBWkENlI44\nhn5zUUD1yMVby0Z/Ye0cl34hcuRIDa18bqmd5UPn16b6DT6uH4PLHeAm38RMRLS7\nSH5c2pRmUoAODWn63TXT6gsmAgb4GjeUXUEnghG3bPAXaS69dHvrCkMeRNwojPk2\nrx0/MiQ7ZrRgW3Vdv78RA+/bDX+ArLZ/c2Dr1/3/FHy1Eb5eGCcd1mbkrx0DhZQ1\npf0R+U4MTGGmNvOydiYZq8vEsAT4PYurT30T/5Hj4yj2JzdmA9SXYV6nUrhsDKkt\nCVyG7tucJHcNTX2p+cAuoLRU+NgK5z+BFnD8BaPAuJyJkaG4KXqx1KIsi88eB+rh\nZP6rbgBiokQOSNcVyMs7IW9SqttxjKs0oRECu1kwve5O32ZTdVjCUahR7eSmuYie\nspESw7G0EyX8Q11A5m+jwfwTZDR/VQHhuxG83/gokFM3wso7zAaRdkahMqaqx6GH\nQzrEaQvJbh3nKAc6yV3Y8f8JAvWrcYLJbLHQ0A7eyFlmWB4gAZ8SybCieY35rx07\nUqTSyJM6qxYi7JXBqC4Iybvick1KOp/EtESDDXD371Ik0Oad5oPtdARs9FKXTqKy\nzc9e3sxM20CgiuKEPSupx29mSBA/IMhMSw1q8dRBvwJjWobwGSXGNQtxzTcJM3xy\nAQG+/xvWHpTWc3dXjCoe3OGktHMRrN2TYb//ecrv5RZEtOy4HY/qdIrJPaAE92/f\nyctTTEVbuKkPb6//5nU+NSbYJrwthNuswe9PfcXxW7Giush1k22Pe5NvgzQSem+1\nZGJ3/j56petKd6VioZoVvwuDSVOMCZ1kwsXcRALWAEiYT0DkT85DAEjZ4IdpoL7C\nUbC/7wrcDjee5dVclOOX0wlZsAkQCfItN+Zy5MC/FofiIl4wAAXn4aCMYPx/1Yjc\n1MIJGGcFVqUYALxxZQho951Zq+qI6tmG0e/tdsmviXw3fepV4QvWx+KYo1Ef5Kux\nB4ocvbNqCyDwnVzniRJQ8ewL3Add/abcvWGYclXOF4GgtfTMDsmIQ1Tht2oReYpt\n2701AFctHiZqQ6FNspcwafWPkHBCxQPPyrEFMDCEsNvO42lFKB7bPFVz558i+XBj\nkagObJEY+XWBhs2Iw6YQc8hpdolUsmr0uGrSyrTc9Eve2cFPbQEag5TFDCJQF+0d\nFDR4oiu3HkYhAoFknq888zEeULC6kLZEpJrTWYdpjHCh0OVmfiyUJ4+3n/CZQ+Le\nFk8ZtFPv153ngXE/Tn7LjUKZe8n8UoUNAW6M/ns59zJ0bHbjT1Vc58yenWoB2gka\nyfS9JJidIRgykvQXFSTkWrpVt3fhJjBN8VGEMAVnP8q3G/Sg168eAcM81ziV9mX8\nTGjRy8gJonsyIvpPA1pDG0JnG+WcqPALTSke8uz/gaRaWgrMyuOz3yl6HX7TIUzM\nzezZqz0NPDfaPkIl5MjjA7tjPTuAWW2cgQCUrGffas1aoiWU1TWQGdeg+CjIebHf\nnFQdo3Mhw2yca1Uwqz7tlfwnxdqgi+7dDubaM9SQF8Dn5IVHcrfhD7bzmibuExX5\nsigyJe11yyNTZK3oOmWBgaznoV6aY3s0yn7yh/fBJvzHW3mGhtTHTPkY2YbCJSTJ\narcOrrLoKj9fIGYqtxSghuPT4ds5pqfSGCiYOiGaFKJHXDjcS7zPQz4TbbeDQ+KU\nva08Ud9eIeUQuKZBbn679j2d1TdvRQm0j8GMVFXaMbiiUfQzCL2f69v/TlFNpLCe\nQc9IdOFrrxQ6DOjaFyyuC23zXv2tLYt0NdYtM6uii2+s1I3cQzMPmDG6M7wbY37C\nVk/NpSBJL1jzinbviyJmKFGGP7TsjlaAgWdiVFPJIMSO08LRg8dXOUu20Lrbql/B\nDtbtzAfREanWPWlP9qQBTAd/FwfJx/i607uvwMv/QA8GV66CIv1KndgdoDLrUq/9\nmAZuz7PnnuNufSSIhOcaEk4MMdEcqE8ZaG45xblUcFSKYlLMeur3VhDk1vUnclAA\nXDy3az1IfZY1iKvEAAzpRtl5a3i1eTPwfEHOKvXoE5V5jwLFqHopGA==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:28Z" SessionIndex="id-VK0Z2rivWha7VXlHR"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-x0h58WBQZegvZpN30'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpu1b3pkdw.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpu1b3pkdw.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f84228bc2d0>

    def test_response_5(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
        cert_str, cert_key_str = generate_cert()
    
        cert = {"cert": cert_str, "key": cert_key_str}
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_assertion=cert_str,
        )

tests/test_51_client.py:656: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-cxAc1fJW1ZVbJoJ24" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:28Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-cxAc1fJW1ZVbJoJ24"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-x0h58WBQZegvZpN30" IssueInstant="2024-09-12T12:13:28Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-x0h58WBQZegvZpN30"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">63c12be6b9ae493138abee57eb750ad911f298f6965a024b8d2d74bccc58e235</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:28Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:28Z" NotOnOrAfter="2024-09-12T12:18:28Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_1fa633a8-0c96-4a05-ba4f-784594e4b733" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_bd46105c-7a14-4b0f-90c6-509d58a8c68c"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>TDBKTfJRwS+AxAlV0sEyYKYYHO+XdfAHdj3pXdLuVXEKxPodxfEJMBacDQDreIsC\nqgnlzF3g8T0OmD0hN9k3i00SN65JHCz6sWfznxUg1A01jp5B5RHN2ZaPlMniiV1F\nmqUtHz+uiXJ9VT97HG+eJooxMZJNP1OZUv/kWf3/z6o=</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>47A2ahRvc5iWanHToddamqQHFpxihvRLOaQzrBEo1ZM9YgK5EJLs1sQAny9lpy0q\nCE5nQSaoEdyfErWXt2r+rEmEDw75f5aMtf/tauQ/shjxGWYDQExHsMpm2axH1qPS\nYGvj0wmPGfr4J3BjUiypafFRYYUK1+TaPHP+kE8HKnDv+ebgNqbjLS6QjyEehj/4\nTgWFylpJ/j6DMcAheAn3j346oUWWloEar5MpnPIbW1p4nDqd6BRj8gwXLmFe3fpD\nHIUTLxA1FQWqpplu2SHrHHbetCFeI/6N6t2vUiJ8mT2s35CZjmmDTBr0Z90x5hPu\npFvqa9LQoKI8eViMEJZaVFl6PQ1WPpnIzsF4EuTNsoyYFhKOS5clY+SBWkENlI44\nhn5zUUD1yMVby0Z/Ye0cl34hcuRIDa18bqmd5UPn16b6DT6uH4PLHeAm38RMRLS7\nSH5c2pRmUoAODWn63TXT6gsmAgb4GjeUXUEnghG3bPAXaS69dHvrCkMeRNwojPk2\nrx0/MiQ7ZrRgW3Vdv78RA+/bDX+ArLZ/c2Dr1/3/FHy1Eb5eGCcd1mbkrx0DhZQ1\npf0R+U4MTGGmNvOydiYZq8vEsAT4PYurT30T/5Hj4yj2JzdmA9SXYV6nUrhsDKkt\nCVyG7tucJHcNTX2p+cAuoLRU+NgK5z+BFnD8BaPAuJyJkaG4KXqx1KIsi88eB+rh\nZP6rbgBiokQOSNcVyMs7IW9SqttxjKs0oRECu1kwve5O32ZTdVjCUahR7eSmuYie\nspESw7G0EyX8Q11A5m+jwfwTZDR/VQHhuxG83/gokFM3wso7zAaRdkahMqaqx6GH\nQzrEaQvJbh3nKAc6yV3Y8f8JAvWrcYLJbLHQ0A7eyFlmWB4gAZ8SybCieY35rx07\nUqTSyJM6qxYi7JXBqC4Iybvick1KOp/EtESDDXD371Ik0Oad5oPtdARs9FKXTqKy\nzc9e3sxM20CgiuKEPSupx29mSBA/IMhMSw1q8dRBvwJjWobwGSXGNQtxzTcJM3xy\nAQG+/xvWHpTWc3dXjCoe3OGktHMRrN2TYb//ecrv5RZEtOy4HY/qdIrJPaAE92/f\nyctTTEVbuKkPb6//5nU+NSbYJrwthNuswe9PfcXxW7Giush1k22Pe5NvgzQSem+1\nZGJ3/j56petKd6VioZoVvwuDSVOMCZ1kwsXcRALWAEiYT0DkT85DAEjZ4IdpoL7C\nUbC/7wrcDjee5dVclOOX0wlZsAkQCfItN+Zy5MC/FofiIl4wAAXn4aCMYPx/1Yjc\n1MIJGGcFVqUYALxxZQho951Zq+qI6tmG0e/tdsmviXw3fepV4QvWx+KYo1Ef5Kux\nB4ocvbNqCyDwnVzniRJQ8ewL3Add/abcvWGYclXOF4GgtfTMDsmIQ1Tht2oReYpt\n2701AFctHiZqQ6FNspcwafWPkHBCxQPPyrEFMDCEsNvO42lFKB7bPFVz558i+XBj\nkagObJEY+XWBhs2Iw6YQc8hpdolUsmr0uGrSyrTc9Eve2cFPbQEag5TFDCJQF+0d\nFDR4oiu3HkYhAoFknq888zEeULC6kLZEpJrTWYdpjHCh0OVmfiyUJ4+3n/CZQ+Le\nFk8ZtFPv153ngXE/Tn7LjUKZe8n8UoUNAW6M/ns59zJ0bHbjT1Vc58yenWoB2gka\nyfS9JJidIRgykvQXFSTkWrpVt3fhJjBN8VGEMAVnP8q3G/Sg168eAcM81ziV9mX8\nTGjRy8gJonsyIvpPA1pDG0JnG+WcqPALTSke8uz/gaRaWgrMyuOz3yl6HX7TIUzM\nzezZqz0NPDfaPkIl5MjjA7tjPTuAWW2cgQCUrGffas1aoiWU1TWQGdeg+CjIebHf\nnFQdo3Mhw2yca1Uwqz7tlfwnxdqgi+7dDubaM9SQF8Dn5IVHcrfhD7bzmibuExX5\nsigyJe11yyNTZK3oOmWBgaznoV6aY3s0yn7yh/fBJvzHW3mGhtTHTPkY2YbCJSTJ\narcOrrLoKj9fIGYqtxSghuPT4ds5pqfSGCiYOiGaFKJHXDjcS7zPQz4TbbeDQ+KU\nva08Ud9eIeUQuKZBbn679j2d1TdvRQm0j8GMVFXaMbiiUfQzCL2f69v/TlFNpLCe\nQc9IdOFrrxQ6DOjaFyyuC23zXv2tLYt0NdYtM6uii2+s1I3cQzMPmDG6M7wbY37C\nVk/NpSBJL1jzinbviyJmKFGGP7TsjlaAgWdiVFPJIMSO08LRg8dXOUu20Lrbql/B\nDtbtzAfREanWPWlP9qQBTAd/FwfJx/i607uvwMv/QA8GV66CIv1KndgdoDLrUq/9\nmAZuz7PnnuNufSSIhOcaEk4MMdEcqE8ZaG45xblUcFSKYlLMeur3VhDk1vUnclAA\nXDy3az1IfZY1iKvEAAzpRtl5a3i1eTPwfEHOKvXoE5V5jwLFqHopGA==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:28Z" SessionIndex="id-VK0Z2rivWha7VXlHR"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-x0h58WBQZegvZpN30'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-x0h58WBQZegvZpN30', '--output', '/tmp/tmppt4hshcf.xml', '/tmp/tmpu1b3pkdw.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpu1b3pkdw.xml"

output=
__________________________ TestClient.test_response_6 __________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-dfV4y4xEECHitGKN6" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:28Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-dfV4y4xEECHitGKN6"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-02WSOJfzypyJAIACF" IssueInstant="2024-09-12T12:13:28Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-02WSOJfzypyJAIACF"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fa37e97becb8ac40316e7b6c990c9d3af4418ab205e5ede4f24913e840ca7dde</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:28Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:28Z" NotOnOrAfter="2024-09-12T12:18:28Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_bef5e003-80cc-4227-9b06-c02aca95f2ee" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_709f2412-0c5a-46d7-bcb2-21fbe3a8db78"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzI4WhcNMzQwOTEwMTIxMzI4WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA5b/ykVkgGp/R6t74lJKB5xugArTL/B5+a7aaZCmuWmmLUsYQjKmVxSMr\nHjUicxK+Xvmp2UWB7Kie5DjeZ8QG5cB+Zly0SOTWeE4/tdOX8CKYYYtP2TGY4qWp\nhWjMq1sylRtAbzcHodSm2tq3otTS3SSNk1c2WejWlRY6Zp7JojYBDeKtW5ZXaieY\nbYvE+IdeiaOsQlFs8pOk6b5SfQei9iI0D1nGaHB9VxkFNwC0TBG+jZnsXMhQq6ai\nzM3k9KDQcI+vyECoh28HsVUGFkbJGTfIW9e//tfg6YCwFhnSHOqrIbpITwFUxahY\nAaC7aJA+aUCmGYwKppbencZU05GQAQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAMjW\n1H+sBwxONHnR0CgTT0rK8W+44nm3eVzvJtTAvYZ/iAm+xsYOQts6JAA8O2qfCKbj\neElv02paO13g3w/8Vll/4Mzys+ntub3NzCJznlbTwIfFPfl4+C4AsJDdew8bhZoa\nUsAivMg4fXzLKIfAS0E2DUrrtupdi4YcWOQ0l6rn</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>ZBlSs/Wu9scHpDciaGhc+/Mk4ZTvrMm6pMCaxMpN/nFvquCI8LADl887Z6y0ClEP\nnRLwXw/nz3nGolCoJYtaFH0zme8uJVRGDIcasoRzzcDOobsZNrpwZE8gx7apo8O2\n+IRXJ6evAz38G40JXRAB3SuUSSdtsCJXzbJ6mNSUB4Jqpi5fc4eVb3q9P+uoYFL7\nstrxNEnyxdbrFMfNCCrYiDtp13aAEfjju9RROrLN0BhhUWw3hKg2C1UubImDUFHc\nBCml4wVr1tpqesBSbsCCP7WB1u41OfLPSzmY6E+VyrS4T8JVA+Wog6dUd3x3Rlvh\nXV3KP0QPYcx3g/2UUm7rwA==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>hXlnOk5VL77+nuzNP0YLp9nY5RLF09G0bXf9gNkFtwY3gjnn8h0Mi20k1plTWBSv\npep5GZzINjZGPk807EjKnQ5V3OSXAIU9kF0CRrLIUC/1Otd+dKWRCCwCLwDCrXlj\nipK7zFZqxAv9l2dQ6WA5mqquJJEb8YhdNqk5Cv4UoxIBkxF63+MOy9+WG5G+xO/P\nl/IMHqeFOfkFKm55HoEtdJMsgG3+NtNX5tfVGMrhkTJdfMyYR646Tp+nHHY5yguM\nFrHSG5Cw8e3ESQ++hBFRLuOT9YQo5VHuNM4Xgp5mTCfS+UywsK6F9/xV7MlV8qXg\nFnRUvQot46I4LRFUqG0Dsqf9DJdoCvUBglLoFHYlT7HFkwaFPHY+fBqPs59lO0Vv\nRx1uAmoh1N++GUNZTbsX4GSYrokKlapMVVPK84QqRb+G3sZMxl8YLn9qCbZotHem\nV3l0bsHN1eGr7T1t0OvATbQ8Zgxw1+AENvvUdJ6R7w8R+JXFI0g4Ojq5ui0j1zBN\ncSJzBCo0hQ9+znbA14qmxk5XXBLg3YzbPlbG954MqVkdVTjMFxdaVKeSryRZ8B1q\nC8d1XF2ggRkek2IN0nmE5UZkkYz7PR3Af6vp6MVFfzOOHnIagylVtVc7FUaB7cgA\n6+harrKti2X0KnVCvo07vdnqGUuTAAQLJzV6WrRgtX9L8sNSpLmYIQ9lkyrJ5OT3\nGbhc7qVHzPRzH8/9MxixsnQLrm51bJUtpEkIDvW0dvj3VbAfiO2ucO5/1NaOggWC\nUJ3xNX03qdt7l8SJ43P85erksFF7yKBHgjW+wAKDvTl16f+0O5tevTDO301PfxhK\nY67aZaX09mU9jdOZSPvjoSFtuFoiTHfq61VG40FChLlsfn8GAVtKzUqPPomIb689\naiIfqbmM8WoXVqAi9TK72kCqz0/pxBHOctgxMV67E/ehWWezretGAOdbGqxax+Ro\nsVA+nCbkFsBCnvh66Q8BYVBytG5+fJUhkKyoP7C8I+cz8trSK4lXKm2DAHVBfWu+\nn+8+qG1lNm91zaqI1ndEDg9iPK+AMo+yk2s8LxqP4pKcfMzj7ks1lxoXcQ6/Ykej\n/Ngkej7INkX60UwM+jc8iex970yzDS62E7u2Htfgsixg+6fzWcwedlypyswc/EjP\nM42MeDCzYZO0OhUjdcbjxcIM0IAdnKQNxqlthkRq+g49ZSLscfIad6szOpXk80D9\nZe1WrQ3uu7niZvwlbhzRH0Oy31ZBnP5sFPV4Hziy6x4Od/afqTu7t2WjxIeBpmaC\nQVYfxfwbXdvRc9/7iWrSg//+iW5/4hOehrTDm8FM7NBRyOZp999wMWgG4OFk9Vjx\nDY7HS+TFffvrPf8UPcggiilUkJ6FMQVM08Vg079e4qDkF+jYassQZyeev6O2RJ6x\nGGW1TsnAwztWxZWV0Q0krIU/f8vnyFDm9cTJ9VBalovzhQaNugfx2QZCqxgTUaqG\nb73RAr0KYAnlQ2rezVbdxGnoSZ6hkXvNlw0osSmMlGCJIUOKrPESdxfuSC0t3c2K\nIn+T23NbGMP0x4FPw/W67lTWQ1u7KsLwkGW0sgNQOMrm9cHByY1Oxf95T9TKdJL5\nKGfL6j5C++Qe1B2axnp2SDljC9VtOZWgYm4roGjOCvQIK2Q9NsOv9i9Aixyro64z\nDg7JDs357vPgUoWwUiYxwTAcXv5py86LNZdJxcNnB25Xm2YDT7ffeLSU/vdAyae2\npFH/gAaEpmExh3HAd0BADgwUHzJnSTUZoiLiB4eJxyEqrdKWDV8JM2P1zKGPoj5B\njkNcbJbXNUWzKkpHLZiR9tIwLvxO1HbqOth8pwhApOwmdqEWcycFPcd7s6Zst3u7\nFs2nwmsDH371fk7IL0sP/NjOkzwuQSkUDrQJMHzxIXYMJnxaDhUcOoTh3cpnhWuw\nI+b82raXqkHcmDzbAJ4trx6p85BAU2T0pYyDzTBLCgMGxUAxh70Ohf973VN2bPYL\nWrr0igRgYbtCpJ5e1WqwcbVyMzS1PSAggmFouFdFFwQBABIvkqKUNDMNkNMhpwTC\naaSyHTZ5hoSAteLCc45qJ13FduS2wOSbf1kVvmhrgPZSepu/nudagLi/I+cu8Wk7\nhyQKYOTw1P8khjzi/OutG8GkuvKL/xW5P+3EkAm1YvcJxIZkuWM6IVbZ9K74hQM4\nTuxvPg0QZPthM3Jv5EAQy6AMKcFNoIsMSorVB7fTGs7/P2oCuxydEdUgx1XaFCX4\nz4Kv0HgliqIOeI5yO7fivIIbkzp/97Et1XA5+gRfMzFsONbl9i44c4T4nFSCUyRV\nDiFOlIPUQfmEg/tG7sOwsQRVTsmLPM3XqNETmh7BLH9g+yXtsuXWcvc3o1T1OJ90\n09EsoVufprrKywckP/mH+lC8kZQFpY+UIXUTrp1wZZOtI5se/0jPUg==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:28Z" SessionIndex="id-dpvwooxMh4FHP9jFo"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-02WSOJfzypyJAIACF'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpan9w5j1c.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpan9w5j1c.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f84228bc410>

    def test_response_6(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
        cert_assertion_str, cert_key_assertion_str = generate_cert()
    
        cert_assertion = {"cert": cert_assertion_str, "key": cert_key_assertion_str}
    
        cert_advice_str, cert_key_advice_str = generate_cert()
    
        cert_advice = {"cert": cert_advice_str, "key": cert_key_advice_str}
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_assertion=cert_assertion_str,
            encrypt_cert_advice=cert_advice_str,
        )

tests/test_51_client.py:699: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-dfV4y4xEECHitGKN6" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:28Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-dfV4y4xEECHitGKN6"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-02WSOJfzypyJAIACF" IssueInstant="2024-09-12T12:13:28Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-02WSOJfzypyJAIACF"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">fa37e97becb8ac40316e7b6c990c9d3af4418ab205e5ede4f24913e840ca7dde</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:28Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:28Z" NotOnOrAfter="2024-09-12T12:18:28Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_bef5e003-80cc-4227-9b06-c02aca95f2ee" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_709f2412-0c5a-46d7-bcb2-21fbe3a8db78"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzI4WhcNMzQwOTEwMTIxMzI4WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA5b/ykVkgGp/R6t74lJKB5xugArTL/B5+a7aaZCmuWmmLUsYQjKmVxSMr\nHjUicxK+Xvmp2UWB7Kie5DjeZ8QG5cB+Zly0SOTWeE4/tdOX8CKYYYtP2TGY4qWp\nhWjMq1sylRtAbzcHodSm2tq3otTS3SSNk1c2WejWlRY6Zp7JojYBDeKtW5ZXaieY\nbYvE+IdeiaOsQlFs8pOk6b5SfQei9iI0D1nGaHB9VxkFNwC0TBG+jZnsXMhQq6ai\nzM3k9KDQcI+vyECoh28HsVUGFkbJGTfIW9e//tfg6YCwFhnSHOqrIbpITwFUxahY\nAaC7aJA+aUCmGYwKppbencZU05GQAQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAMjW\n1H+sBwxONHnR0CgTT0rK8W+44nm3eVzvJtTAvYZ/iAm+xsYOQts6JAA8O2qfCKbj\neElv02paO13g3w/8Vll/4Mzys+ntub3NzCJznlbTwIfFPfl4+C4AsJDdew8bhZoa\nUsAivMg4fXzLKIfAS0E2DUrrtupdi4YcWOQ0l6rn</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>ZBlSs/Wu9scHpDciaGhc+/Mk4ZTvrMm6pMCaxMpN/nFvquCI8LADl887Z6y0ClEP\nnRLwXw/nz3nGolCoJYtaFH0zme8uJVRGDIcasoRzzcDOobsZNrpwZE8gx7apo8O2\n+IRXJ6evAz38G40JXRAB3SuUSSdtsCJXzbJ6mNSUB4Jqpi5fc4eVb3q9P+uoYFL7\nstrxNEnyxdbrFMfNCCrYiDtp13aAEfjju9RROrLN0BhhUWw3hKg2C1UubImDUFHc\nBCml4wVr1tpqesBSbsCCP7WB1u41OfLPSzmY6E+VyrS4T8JVA+Wog6dUd3x3Rlvh\nXV3KP0QPYcx3g/2UUm7rwA==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>hXlnOk5VL77+nuzNP0YLp9nY5RLF09G0bXf9gNkFtwY3gjnn8h0Mi20k1plTWBSv\npep5GZzINjZGPk807EjKnQ5V3OSXAIU9kF0CRrLIUC/1Otd+dKWRCCwCLwDCrXlj\nipK7zFZqxAv9l2dQ6WA5mqquJJEb8YhdNqk5Cv4UoxIBkxF63+MOy9+WG5G+xO/P\nl/IMHqeFOfkFKm55HoEtdJMsgG3+NtNX5tfVGMrhkTJdfMyYR646Tp+nHHY5yguM\nFrHSG5Cw8e3ESQ++hBFRLuOT9YQo5VHuNM4Xgp5mTCfS+UywsK6F9/xV7MlV8qXg\nFnRUvQot46I4LRFUqG0Dsqf9DJdoCvUBglLoFHYlT7HFkwaFPHY+fBqPs59lO0Vv\nRx1uAmoh1N++GUNZTbsX4GSYrokKlapMVVPK84QqRb+G3sZMxl8YLn9qCbZotHem\nV3l0bsHN1eGr7T1t0OvATbQ8Zgxw1+AENvvUdJ6R7w8R+JXFI0g4Ojq5ui0j1zBN\ncSJzBCo0hQ9+znbA14qmxk5XXBLg3YzbPlbG954MqVkdVTjMFxdaVKeSryRZ8B1q\nC8d1XF2ggRkek2IN0nmE5UZkkYz7PR3Af6vp6MVFfzOOHnIagylVtVc7FUaB7cgA\n6+harrKti2X0KnVCvo07vdnqGUuTAAQLJzV6WrRgtX9L8sNSpLmYIQ9lkyrJ5OT3\nGbhc7qVHzPRzH8/9MxixsnQLrm51bJUtpEkIDvW0dvj3VbAfiO2ucO5/1NaOggWC\nUJ3xNX03qdt7l8SJ43P85erksFF7yKBHgjW+wAKDvTl16f+0O5tevTDO301PfxhK\nY67aZaX09mU9jdOZSPvjoSFtuFoiTHfq61VG40FChLlsfn8GAVtKzUqPPomIb689\naiIfqbmM8WoXVqAi9TK72kCqz0/pxBHOctgxMV67E/ehWWezretGAOdbGqxax+Ro\nsVA+nCbkFsBCnvh66Q8BYVBytG5+fJUhkKyoP7C8I+cz8trSK4lXKm2DAHVBfWu+\nn+8+qG1lNm91zaqI1ndEDg9iPK+AMo+yk2s8LxqP4pKcfMzj7ks1lxoXcQ6/Ykej\n/Ngkej7INkX60UwM+jc8iex970yzDS62E7u2Htfgsixg+6fzWcwedlypyswc/EjP\nM42MeDCzYZO0OhUjdcbjxcIM0IAdnKQNxqlthkRq+g49ZSLscfIad6szOpXk80D9\nZe1WrQ3uu7niZvwlbhzRH0Oy31ZBnP5sFPV4Hziy6x4Od/afqTu7t2WjxIeBpmaC\nQVYfxfwbXdvRc9/7iWrSg//+iW5/4hOehrTDm8FM7NBRyOZp999wMWgG4OFk9Vjx\nDY7HS+TFffvrPf8UPcggiilUkJ6FMQVM08Vg079e4qDkF+jYassQZyeev6O2RJ6x\nGGW1TsnAwztWxZWV0Q0krIU/f8vnyFDm9cTJ9VBalovzhQaNugfx2QZCqxgTUaqG\nb73RAr0KYAnlQ2rezVbdxGnoSZ6hkXvNlw0osSmMlGCJIUOKrPESdxfuSC0t3c2K\nIn+T23NbGMP0x4FPw/W67lTWQ1u7KsLwkGW0sgNQOMrm9cHByY1Oxf95T9TKdJL5\nKGfL6j5C++Qe1B2axnp2SDljC9VtOZWgYm4roGjOCvQIK2Q9NsOv9i9Aixyro64z\nDg7JDs357vPgUoWwUiYxwTAcXv5py86LNZdJxcNnB25Xm2YDT7ffeLSU/vdAyae2\npFH/gAaEpmExh3HAd0BADgwUHzJnSTUZoiLiB4eJxyEqrdKWDV8JM2P1zKGPoj5B\njkNcbJbXNUWzKkpHLZiR9tIwLvxO1HbqOth8pwhApOwmdqEWcycFPcd7s6Zst3u7\nFs2nwmsDH371fk7IL0sP/NjOkzwuQSkUDrQJMHzxIXYMJnxaDhUcOoTh3cpnhWuw\nI+b82raXqkHcmDzbAJ4trx6p85BAU2T0pYyDzTBLCgMGxUAxh70Ohf973VN2bPYL\nWrr0igRgYbtCpJ5e1WqwcbVyMzS1PSAggmFouFdFFwQBABIvkqKUNDMNkNMhpwTC\naaSyHTZ5hoSAteLCc45qJ13FduS2wOSbf1kVvmhrgPZSepu/nudagLi/I+cu8Wk7\nhyQKYOTw1P8khjzi/OutG8GkuvKL/xW5P+3EkAm1YvcJxIZkuWM6IVbZ9K74hQM4\nTuxvPg0QZPthM3Jv5EAQy6AMKcFNoIsMSorVB7fTGs7/P2oCuxydEdUgx1XaFCX4\nz4Kv0HgliqIOeI5yO7fivIIbkzp/97Et1XA5+gRfMzFsONbl9i44c4T4nFSCUyRV\nDiFOlIPUQfmEg/tG7sOwsQRVTsmLPM3XqNETmh7BLH9g+yXtsuXWcvc3o1T1OJ90\n09EsoVufprrKywckP/mH+lC8kZQFpY+UIXUTrp1wZZOtI5se/0jPUg==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:28Z" SessionIndex="id-dpvwooxMh4FHP9jFo"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-02WSOJfzypyJAIACF'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-02WSOJfzypyJAIACF', '--output', '/tmp/tmpkfrjc153.xml', '/tmp/tmpan9w5j1c.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpan9w5j1c.xml"

output=
__________________________ TestClient.test_response_7 __________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-u45TH6iJf76rR0Eju" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:28Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-u45TH6iJf76rR0Eju"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-QlXIsdhRyLKqkRZx1" IssueInstant="2024-09-12T12:13:28Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-QlXIsdhRyLKqkRZx1"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">a2500a9bc3d73a311da57167b3908dbfc0f0b5d83c006c205e863658f7aa7a64</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:28Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:28Z" NotOnOrAfter="2024-09-12T12:18:28Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:28Z" SessionIndex="id-ssVaJ2eIuqMnbbIIb"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Derek</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Jeter</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">derek@nyy.mlb.com</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">The man</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-QlXIsdhRyLKqkRZx1'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpc37wkk5m.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpc37wkk5m.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f842244b920>

    def test_response_7(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            encrypted_advice_attributes=True,
        )

tests/test_51_client.py:738: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-u45TH6iJf76rR0Eju" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:28Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-u45TH6iJf76rR0Eju"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-QlXIsdhRyLKqkRZx1" IssueInstant="2024-09-12T12:13:28Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-QlXIsdhRyLKqkRZx1"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">a2500a9bc3d73a311da57167b3908dbfc0f0b5d83c006c205e863658f7aa7a64</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:28Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:28Z" NotOnOrAfter="2024-09-12T12:18:28Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:28Z" SessionIndex="id-ssVaJ2eIuqMnbbIIb"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Derek</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Jeter</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">derek@nyy.mlb.com</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">The man</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-QlXIsdhRyLKqkRZx1'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-QlXIsdhRyLKqkRZx1', '--output', '/tmp/tmp0hy_3yhd.xml', '/tmp/tmpc37wkk5m.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpc37wkk5m.xml"

output=
__________________________ TestClient.test_response_8 __________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-QLcoYm3pzhldCOvQY" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:28Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-QLcoYm3pzhldCOvQY"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-K471V7F7jge9uqT8i" IssueInstant="2024-09-12T12:13:28Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-K471V7F7jge9uqT8i"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">9740ea2d87226e000c61887b699918d8a3c5758fd0aa77e55fc7498ff871d4dc</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:28Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:28Z" NotOnOrAfter="2024-09-12T12:18:28Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:28Z" SessionIndex="id-H6h13motNEOz4bL0E"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Derek</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Jeter</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">derek@nyy.mlb.com</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">The man</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-K471V7F7jge9uqT8i'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpa28f81tr.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpa28f81tr.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f842208acd0>

    def test_response_8(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
        cert_str, cert_key_str = generate_cert()
    
        cert = {"cert": cert_str, "key": cert_key_str}
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            encrypt_cert_assertion=cert_str,
        )

tests/test_51_client.py:776: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-QLcoYm3pzhldCOvQY" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:28Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-QLcoYm3pzhldCOvQY"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-K471V7F7jge9uqT8i" IssueInstant="2024-09-12T12:13:28Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-K471V7F7jge9uqT8i"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">9740ea2d87226e000c61887b699918d8a3c5758fd0aa77e55fc7498ff871d4dc</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:28Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:28Z" NotOnOrAfter="2024-09-12T12:18:28Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:28Z" SessionIndex="id-H6h13motNEOz4bL0E"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Derek</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Jeter</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">derek@nyy.mlb.com</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">The man</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-K471V7F7jge9uqT8i'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-K471V7F7jge9uqT8i', '--output', '/tmp/tmpm1ej2job.xml', '/tmp/tmpa28f81tr.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpa28f81tr.xml"

output=
_________________ TestClient.test_sign_then_encrypt_assertion __________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-KKrCY8DE03lGFsLAj" IssueInstant="2024-09-12T12:13:28Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-KKrCY8DE03lGFsLAj"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:Subject>_aaa<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /></saml:Subject><saml:AttributeStatement><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-KKrCY8DE03lGFsLAj'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpwodwo_tv.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpwodwo_tv.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f84228d1940>

    def test_sign_then_encrypt_assertion(self):
        # Begin with the IdPs side
        _sec = self.server.sec
    
        assertion = s_utils.assertion_factory(
            subject=factory(saml.Subject, text="_aaa", name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)),
            attribute_statement=do_attribute_statement(
                {
                    ("", "", "sn"): ("Jeter", ""),
                    ("", "", "givenName"): ("Derek", ""),
                }
            ),
            issuer=self.server._issuer(),
        )
    
        assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1)
    
>       sigass = _sec.sign_statement(
            assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id
        )

tests/test_51_client.py:906: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-KKrCY8DE03lGFsLAj" IssueInstant="2024-09-12T12:13:28Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-KKrCY8DE03lGFsLAj"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:Subject>_aaa<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /></saml:Subject><saml:AttributeStatement><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-KKrCY8DE03lGFsLAj'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KKrCY8DE03lGFsLAj', '--output', '/tmp/tmpw38dmyql.xml', '/tmp/tmpwodwo_tv.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpwodwo_tv.xml"

output=
_________________ TestClient.test_sign_then_encrypt_assertion2 _________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-9jOCxoLMBkLn5OH8o" IssueInstant="2024-09-12T12:13:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-9jOCxoLMBkLn5OH8o"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-IU5lsvWbTCbe8Wf25"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-9jOCxoLMBkLn5OH8o'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp_yu68mp9.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp_yu68mp9.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f842316d5b0>

    def test_sign_then_encrypt_assertion2(self):
        # Begin with the IdPs side
        _sec = self.server.sec
    
        nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT)
    
        asser = Assertion({"givenName": "Derek", "sn": "Jeter"})
        farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER])
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "in_response_to", "_012345"],
        )
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"],
        )
    
        assertion = asser.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            farg=farg["assertion"],
        )
    
        assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1)
    
>       sigass = _sec.sign_statement(
            assertion, class_name(assertion), key_file=self.client.sec.key_file, node_id=assertion.id
        )

tests/test_51_client.py:979: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-9jOCxoLMBkLn5OH8o" IssueInstant="2024-09-12T12:13:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-9jOCxoLMBkLn5OH8o"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-IU5lsvWbTCbe8Wf25"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-9jOCxoLMBkLn5OH8o'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-9jOCxoLMBkLn5OH8o', '--output', '/tmp/tmpg72bvl83.xml', '/tmp/tmp_yu68mp9.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp_yu68mp9.xml"

output=
_____________ TestClient.test_sign_then_encrypt_assertion_advice_1 _____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-Z6qODC5Z1l3tKS07R" InResponseTo="_012345" Version="2.0" IssueInstant="2024-09-12T12:13:29Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-8nYnJ5Y9TphUr0Hok" IssueInstant="2024-09-12T12:13:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><saml:Assertion Version="2.0" ID="id-yod9flFyJQ8rrSIYx" IssueInstant="2024-09-12T12:13:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-yod9flFyJQ8rrSIYx"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-sl7D74P87C3rNKTBS"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="uid"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">test01</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:1.2.840.113549.1.9.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="email"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">test.testsson@test.se</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-uZR4I3GzI70nWvA4S"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-yod9flFyJQ8rrSIYx'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpywjpvbtj.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpywjpvbtj.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f842316f110>

    def test_sign_then_encrypt_assertion_advice_1(self):
        # Begin with the IdPs side
        _sec = self.server.sec
    
        nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT)
    
        asser = Assertion({"givenName": "Derek", "sn": "Jeter"})
    
        subject_confirmation_specs = {
            "recipient": "http://lingon.catalogix.se:8087/",
            "in_response_to": "_012345",
            "subject_confirmation_method": saml.SCM_BEARER,
        }
        name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)
    
        farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER])
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "in_response_to", "_012345"],
        )
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"],
        )
    
        assertion = asser.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            name_id=name_id,
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            farg=farg["assertion"],
        )
    
        a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"})
        a_assertion = a_asser.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_assertion.signature = sigver.pre_signature_part(a_assertion.id, _sec.my_cert, 1)
    
        assertion.advice = Advice()
    
        assertion.advice.encrypted_assertion = []
        assertion.advice.encrypted_assertion.append(EncryptedAssertion())
    
        assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion)
    
        response = response_factory(
            in_response_to="_012345",
            destination="http://lingon.catalogix.se:8087/",
            status=s_utils.success_status_factory(),
            issuer=self.server._issuer(),
        )
    
        response.assertion.append(assertion)
    
>       response = _sec.sign_statement(
            f"{response}", class_name(a_assertion), key_file=self.client.sec.key_file, node_id=a_assertion.id
        )

tests/test_51_client.py:1081: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-Z6qODC5Z1l3tKS07R" InResponseTo="_012345" Version="2.0" IssueInstant="2024-09-12T12:13:29Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-8nYnJ5Y9TphUr0Hok" IssueInstant="2024-09-12T12:13:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><saml:Assertion Version="2.0" ID="id-yod9flFyJQ8rrSIYx" IssueInstant="2024-09-12T12:13:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-yod9flFyJQ8rrSIYx"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-sl7D74P87C3rNKTBS"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="uid"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">test01</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:1.2.840.113549.1.9.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="email"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">test.testsson@test.se</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-uZR4I3GzI70nWvA4S"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-yod9flFyJQ8rrSIYx'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yod9flFyJQ8rrSIYx', '--output', '/tmp/tmp5qw88032.xml', '/tmp/tmpywjpvbtj.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpywjpvbtj.xml"

output=
_____________ TestClient.test_sign_then_encrypt_assertion_advice_2 _____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-pMRNQMw7VlV8UDqWU" InResponseTo="_012345" Version="2.0" IssueInstant="2024-09-12T12:13:29Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-0EbHTLKdAfUlYEcZS" IssueInstant="2024-09-12T12:13:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-0EbHTLKdAfUlYEcZS"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-wM5rMjOVDoOmStXAh" IssueInstant="2024-09-12T12:13:29Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature1"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-wM5rMjOVDoOmStXAh"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-IwhcF5yLWnWSfRxnU"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="uid"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">test01</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-oymVharQcWT6kUFho"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-wM5rMjOVDoOmStXAh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpmjzo6cpe.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpmjzo6cpe.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f8423e79cc0>

    def test_sign_then_encrypt_assertion_advice_2(self):
        # Begin with the IdPs side
        _sec = self.server.sec
    
        nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT)
    
        asser_1 = Assertion({"givenName": "Derek"})
    
        farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER])
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "in_response_to", "_012345"],
        )
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"],
        )
        name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)
    
        assertion_1 = asser_1.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        asser_2 = Assertion({"sn": "Jeter"})
    
        assertion_2 = asser_2.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_asser_1 = Assertion({"uid": "test01"})
        a_assertion_1 = a_asser_1.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_asser_2 = Assertion({"email": "test.testsson@test.se"})
        a_assertion_2 = a_asser_2.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_asser_3 = Assertion({"street": "street"})
        a_assertion_3 = a_asser_3.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_asser_4 = Assertion({"title": "title"})
        a_assertion_4 = a_asser_4.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_assertion_1.signature = sigver.pre_signature_part(a_assertion_1.id, _sec.my_cert, 1)
    
        a_assertion_2.signature = sigver.pre_signature_part(a_assertion_2.id, _sec.my_cert, 1)
    
        a_assertion_3.signature = sigver.pre_signature_part(a_assertion_3.id, _sec.my_cert, 1)
    
        a_assertion_4.signature = sigver.pre_signature_part(a_assertion_4.id, _sec.my_cert, 1)
    
        assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1)
    
        assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1)
    
        response = response_factory(
            in_response_to="_012345",
            destination="http://lingon.catalogix.se:8087/",
            status=s_utils.success_status_factory(),
            issuer=self.server._issuer(),
        )
    
        response.assertion = assertion_1
    
        response.assertion.advice = Advice()
    
        response.assertion.advice.encrypted_assertion = []
        response.assertion.advice.encrypted_assertion.append(EncryptedAssertion())
    
        response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1)
    
        advice_tag = response.assertion.advice._to_element_tree().tag
        assertion_tag = a_assertion_1._to_element_tree().tag
        response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
            assertion_tag, advice_tag
        )
    
>       response = _sec.sign_statement(
            f"{response}", class_name(a_assertion_1), key_file=self.server.sec.key_file, node_id=a_assertion_1.id
        )

tests/test_51_client.py:1242: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-pMRNQMw7VlV8UDqWU" InResponseTo="_012345" Version="2.0" IssueInstant="2024-09-12T12:13:29Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-0EbHTLKdAfUlYEcZS" IssueInstant="2024-09-12T12:13:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-0EbHTLKdAfUlYEcZS"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-wM5rMjOVDoOmStXAh" IssueInstant="2024-09-12T12:13:29Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature1"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-wM5rMjOVDoOmStXAh"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-IwhcF5yLWnWSfRxnU"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="uid"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">test01</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-oymVharQcWT6kUFho"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-wM5rMjOVDoOmStXAh'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wM5rMjOVDoOmStXAh', '--output', '/tmp/tmpx_fb7esl.xml', '/tmp/tmpmjzo6cpe.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpmjzo6cpe.xml"

output=
______________ TestClient.test_signed_with_default_algo_redirect _______________

self = <test_51_client.TestClient object at 0x7f84228d8af0>

    def test_signed_with_default_algo_redirect(self):
        # Revert configuration change to disallow unsinged responses
        self.client.want_response_signed = True
    
        reqid, req = self.client.create_authn_request("http://localhost:8088/sso", message_id="id1")
        msg_str = str(req)
    
>       info = self.client.apply_binding(
            BINDING_HTTP_REDIRECT,
            msg_str,
            destination="",
            relay_state="relay2",
            sign=True,
        )

tests/test_51_client.py:1389: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding
    info = http_redirect_message(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message
    args["Signature"] = base64.b64encode(signer.sign(string_enc))
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign
    return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

rsakey = <cryptography.hazmat.bindings._rust.openssl.rsa.RSAPrivateKey object at 0x7f84224a0df0>
message = b'SAMLRequest=tZRRb9owEMe%2FiuX3OInpNrAIEltXDanrUGF72JuJDzgtsTPfpaLffkqAdqooYtOmPPl8l9%2F%2Ffz577Ckz05a3%2Fh5%2BtkAsdnXlyXjKCtlGb4IlJONtDWS4NIvp51ujVWaaGDiUoZJPBbqQW%2BbGpCmgs6SgjaGxCtqUbF0lsGPwhMHTsaQLn4dYIoiMwUsxuy4kulyKbxC7vxRSq0yKGVELM09sPRdSZ%2FoqyUZJrpe5NvnA6NF3Ka6BGL3lvuogsQqlrbaB2Ayz4TAlClLMD5beo3foN%2BelrfZJZD4tl%2FNk%2FmWxlGJ6lPsheGpriAuID1jC1%2FvbZzD6TfCqtGyrsMGdIugkvEt7%2FgM6iHe2hj28tiUY2Nm6qUCVoe5bZmKorHeGGjkZ94G%2BCVHchFhbPi%2B7i6BL1n2qAc%2FIj3JyAWuc%2FoaajLux%2Bfh0ot1am8MEgZsyR1y1DK9uiGePAZ3J1UC9Vbm6Url6M9IDlfefln3eJb4sc%2ByiR2dtRCluIoJ31eMeBq6dQ6Tg77D80eVKgdRJwwiukGtbEUiRXiC5b5XD2FP7zcTB2pwA%2FK38lSUs%2F9AAx%2FYf6V%2BUoQE3Xa%2BxQru%2Ffv%2FHyAnQ6SNJX52v9OUkpi9ftMkv&RelayState=relay2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1'
digest = <cryptography.hazmat.primitives.hashes.SHA1 object at 0x7f8425c79a70>

    def key_sign(rsakey, message, digest):
        """Sign the given message with the RSA key."""
        padding = _asymmetric.padding.PKCS1v15()
>       signature = rsakey.sign(message, padding, digest)
E       cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing.

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm
__________________ TestClient.test_do_logout_signed_redirect ___________________

self = <test_51_client.TestClient object at 0x7f84228d90e0>

    def test_do_logout_signed_redirect(self):
        conf = config.SPConfig()
        conf.load_file("sp_slo_redirect_conf")
        client = Saml2Client(conf)
    
        # information about the user from an IdP
        session_info = {
            "name_id": nid,
            "issuer": "urn:mace:example.com:saml:roland:idp",
            "not_on_or_after": in_a_while(minutes=15),
            "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"},
        }
        client.users.add_information_about_person(session_info)
        entity_ids = client.users.issuers_of_info(nid)
        assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
    
>       resp = client.do_logout(
            nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT
        )

tests/test_51_client.py:1527: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout
    http_info = self.apply_binding(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding
    info = http_redirect_message(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message
    args["Signature"] = base64.b64encode(signer.sign(string_enc))
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign
    return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

rsakey = <cryptography.hazmat.bindings._rust.openssl.rsa.RSAPrivateKey object at 0x7f8422738850>
message = b'SAMLRequest=nVLNasJAEH6VZe8xyWpLHEzAIi0Bq9SKlN6WZKPbbnZ0ZwLapy9JPRSEHnoaGL7fYWaeEljiHjvemFNniMW5dZ7AU5LLLnhATZbA69YQcAWv8%2BclqFECx4CMFTp5JZBu3d8MTWQCW%2FRSlItc2jo6fD2d6ML7jzd1Oj3sPlmKnQlk0edSjRIpSqLOlJ5Ye86lStQkSqZRqrapgnQMavouxcIQW695YB2YjxDHDivtDkgMWZJlMTmUYmM09ZCtDaaWYoW89uswb9iEG%2BlskC5mfSkYQgTxiKHV%2FHfFfmPrqBmgYDxbvsiiZ7S6MmDOuj06M6qwHe4FAZ32NdBxFv%2ByuvqudGvKhejHS6edbWyftEGU%2F8jCQXuyxrMsUjWe3N1fHX9Mill88wjFNw%3D%3D&RelayState=id-hzGqsytgjX2qqBVkt%7C1726143209%7C6a346c2f30a353b10991435e7a9a5b4c6114fec5&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1'
digest = <cryptography.hazmat.primitives.hashes.SHA1 object at 0x7f8425c79a70>

    def key_sign(rsakey, message, digest):
        """Sign the given message with the RSA key."""
        padding = _asymmetric.padding.PKCS1v15()
>       signature = rsakey.sign(message, padding, digest)
E       cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing.

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm
______________ TestClient.test_do_logout_signed_redirect_invalid _______________

self = <test_51_client.TestClient object at 0x7f84228d9130>

    def test_do_logout_signed_redirect_invalid(self):
        conf = config.SPConfig()
        conf.load_file("sp_slo_redirect_conf")
        client = Saml2Client(conf)
    
        session_info = {
            "name_id": nid,
            "issuer": "urn:mace:example.com:saml:roland:idp",
            "not_on_or_after": in_a_while(minutes=15),
            "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"},
        }
        client.users.add_information_about_person(session_info)
        entity_ids = client.users.issuers_of_info(nid)
    
>       resp = client.do_logout(
            nid,
            entity_ids,
            "Tired",
            in_a_while(minutes=5),
            sign=True,
            expected_binding=BINDING_HTTP_REDIRECT,
        )

tests/test_51_client.py:1565: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout
    http_info = self.apply_binding(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding
    info = http_redirect_message(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message
    args["Signature"] = base64.b64encode(signer.sign(string_enc))
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign
    return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

rsakey = <cryptography.hazmat.bindings._rust.openssl.rsa.RSAPrivateKey object at 0x7f8422c4ac50>
message = b'SAMLRequest=nVJLS8NAEP4ry97TPFo1HZJAoVQifWCthXpbko1d2OzEnQnWfy%2BJPQgFD54Ghu85TOYogjW%2BY897%2FdFrYnFprSNwFOWy9w5QkSFwqtUEXMHLYrOGZBJB55GxQiuvBFKt%2FZuhiLRng06KcplLUwcnKpuHz9dtuSlPT8fVo5XiqD0ZdLlMJpEUJVGvS0esHOcyiZJZEM2DODnECcRTSOZvUiw1sXGKR9aZuYMwtFgpe0ZiSKM0DcmiFHutaIAcjNe1FFvkndv5RcPa30ino3SRDaVgDOHFCn2r%2BO%2BKw8bUQTNCQTs2%2FCWLgdGqSoO%2BqLazelJhO94LPFrlaqAuC39ZXX23qtXlUgzjuVfWNGZI2iDKf2RhrxwZ7VgWcTKd3d1fHX9Miiy8eYTiGw%3D%3D&RelayState=id-YsIf7wUNIMIYJVFGl%7C1726143209%7Cd6bf103f03c664173891538b4b5f2e9c8553c7e2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1'
digest = <cryptography.hazmat.primitives.hashes.SHA1 object at 0x7f8425c79a70>

    def key_sign(rsakey, message, digest):
        """Sign the given message with the RSA key."""
        padding = _asymmetric.padding.PKCS1v15()
>       signature = rsakey.sign(message, padding, digest)
E       cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing.

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm
________________________ TestClient.test_do_logout_post ________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84223e6ed0>
statement = b'<ns0:LogoutRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-Q10pNambHAMr02S8o" Version="2.0" IssueInstant="2024-09-12T12:13:29Z" Destination="http://localhost:8088/slop" Reason="Tired" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-Q10pNambHAMr02S8o"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:NameID NameQualifier="foo" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">123456</saml:NameID><ns0:SessionIndex>_foo</ns0:SessionIndex></ns0:LogoutRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-Q10pNambHAMr02S8o'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84223e6ed0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...]
extra_args = ['/tmp/tmpyo_mwtgi.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpyo_mwtgi.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f84228d91d0>

    def test_do_logout_post(self):
        # information about the user from an IdP
        session_info = {
            "name_id": nid,
            "issuer": "urn:mace:example.com:saml:roland:idp",
            "not_on_or_after": in_a_while(minutes=15),
            "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"},
            "session_index": SessionIndex("_foo"),
        }
        self.client.users.add_information_about_person(session_info)
        entity_ids = self.client.users.issuers_of_info(nid)
        assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
>       resp = self.client.do_logout(
            nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST
        )

tests/test_51_client.py:1609: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout
    req_id, request = self.create_logout_request(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request
    return self._message(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message
    signed_req = self.sign(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84223e6ed0>
statement = b'<ns0:LogoutRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-Q10pNambHAMr02S8o" Version="2.0" IssueInstant="2024-09-12T12:13:29Z" Destination="http://localhost:8088/slop" Reason="Tired" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-Q10pNambHAMr02S8o"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:NameID NameQualifier="foo" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">123456</saml:NameID><ns0:SessionIndex>_foo</ns0:SessionIndex></ns0:LogoutRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-Q10pNambHAMr02S8o'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-Q10pNambHAMr02S8o', '--output', '/tmp/tmp85uud2dh.xml', '/tmp/tmpyo_mwtgi.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpyo_mwtgi.xml"

output=
__________________ TestClient.test_do_logout_session_expired ___________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84223e6ed0>
statement = b'<ns0:LogoutRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-4hY8hfDwjrSIznh4S" Version="2.0" IssueInstant="2024-09-12T12:13:29Z" Destination="http://localhost:8088/slop" Reason="Tired" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-4hY8hfDwjrSIznh4S"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:NameID NameQualifier="foo" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">123456</saml:NameID><ns0:SessionIndex>_foo</ns0:SessionIndex></ns0:LogoutRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-4hY8hfDwjrSIznh4S'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84223e6ed0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...]
extra_args = ['/tmp/tmpggb8h3ll.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpggb8h3ll.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f84228d9270>

    def test_do_logout_session_expired(self):
        # information about the user from an IdP
        session_info = {
            "name_id": nid,
            "issuer": "urn:mace:example.com:saml:roland:idp",
            "not_on_or_after": a_while_ago(minutes=15),
            "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"},
            "session_index": SessionIndex("_foo"),
        }
        self.client.users.add_information_about_person(session_info)
        entity_ids = self.client.users.issuers_of_info(nid)
        assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
>       resp = self.client.do_logout(
            nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST
        )

tests/test_51_client.py:1661: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout
    req_id, request = self.create_logout_request(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request
    return self._message(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message
    signed_req = self.sign(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f84223e6ed0>
statement = b'<ns0:LogoutRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-4hY8hfDwjrSIznh4S" Version="2.0" IssueInstant="2024-09-12T12:13:29Z" Destination="http://localhost:8088/slop" Reason="Tired" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-4hY8hfDwjrSIznh4S"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:NameID NameQualifier="foo" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">123456</saml:NameID><ns0:SessionIndex>_foo</ns0:SessionIndex></ns0:LogoutRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-4hY8hfDwjrSIznh4S'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-4hY8hfDwjrSIznh4S', '--output', '/tmp/tmpan0m19je.xml', '/tmp/tmpggb8h3ll.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpggb8h3ll.xml"

output=
_______________________ TestClient.test_signature_wants ________________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-1nWAIuNjUq1pdXl2M" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:29Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-1nWAIuNjUq1pdXl2M"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-RSV0kzKcB4dWwag9U" IssueInstant="2024-09-12T12:13:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID NameQualifier="urn:mace:example.com:saml:roland:idp" SPNameQualifier="urn:mace:example.com:saml:roland:sp" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">d67a592612e371b7e8bce0040c9aa2062197fa4cc770503385645cfe21abac71</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-eb6naOwITVWuv5tV5"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-1nWAIuNjUq1pdXl2M'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...]
extra_args = ['/tmp/tmp38bto4ch.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp38bto4ch.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClient object at 0x7f84228d9310>

    def test_signature_wants(self):
    
        ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]}
    
        nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT)
    
        kwargs = {
            "identity": ava,
            "in_response_to": "id1",
            "destination": "http://lingon.catalogix.se:8087/",
            "sp_entity_id": "urn:mace:example.com:saml:roland:sp",
            "name_id_policy": nameid_policy,
            "userid": "foba0001@example.com",
            "authn": AUTHN,
        }
    
        outstanding = {"id1": "http://foo.example.com/service"}
    
        def create_authn_response(**kwargs):
            return b64encode(str(self.server.create_authn_response(**kwargs)).encode())
    
        def parse_authn_response(response):
            self.client.parse_authn_request_response(response, BINDING_HTTP_POST, outstanding)
    
        def set_client_want(response, assertion, either):
            self.client.want_response_signed = response
            self.client.want_assertions_signed = assertion
            self.client.want_assertions_or_response_signed = either
    
        # Response is signed but assertion is not.
        kwargs["sign_response"] = True
        kwargs["sign_assertion"] = False
>       response = create_authn_response(**kwargs)

tests/test_51_client.py:1706: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
tests/test_51_client.py:1693: in create_authn_response
    return b64encode(str(self.server.create_authn_response(**kwargs)).encode())
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response
    return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422372ab0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-1nWAIuNjUq1pdXl2M" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:29Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-1nWAIuNjUq1pdXl2M"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-RSV0kzKcB4dWwag9U" IssueInstant="2024-09-12T12:13:29Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID NameQualifier="urn:mace:example.com:saml:roland:idp" SPNameQualifier="urn:mace:example.com:saml:roland:sp" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">d67a592612e371b7e8bce0040c9aa2062197fa4cc770503385645cfe21abac71</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:29Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:29Z" NotOnOrAfter="2024-09-12T12:18:29Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:29Z" SessionIndex="id-eb6naOwITVWuv5tV5"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-1nWAIuNjUq1pdXl2M'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-1nWAIuNjUq1pdXl2M', '--output', '/tmp/tmps_dzqafp.xml', '/tmp/tmp38bto4ch.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp38bto4ch.xml"

output=
________________ TestClientNonAsciiAva.test_sign_auth_request_0 ________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422ffc170>
statement = b'<ns0:AuthnRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://eidas.europa.eu/saml-extensions" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id1" Version="2.0" IssueInstant="2024-09-12T12:13:30Z" Destination="http://www.example.com/sso" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://lingon.catalogix.se:8087/" ProviderName="urn:mace:example.com:saml:roland:sp"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id1"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Extensions><ns3:RequestedAttributes><ns3:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonNickname" isRequired="false" /><ns3:RequestedAttribute Name="urn:mace:dir:attribute-def:eduPersonNickname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="eduPersonNickname" isRequired="true" /><ns3:RequestedAttribute Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="eduPersonScopedAffiliation" isRequired="false" /></ns3:RequestedAttributes></ns0:Extensions></ns0:AuthnRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id1'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422ffc170>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', ...]
extra_args = ['/tmp/tmpyc5a7jem.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpyc5a7jem.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f842395f250>

    def test_sign_auth_request_0(self):
>       req_id, areq = self.client.create_authn_request("http://www.example.com/sso", sign=True, message_id="id1")

tests/test_51_client.py:2023: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client_base.py:445: in create_authn_request
    msg = self._message(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message
    signed_req = self.sign(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422ffc170>
statement = b'<ns0:AuthnRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://eidas.europa.eu/saml-extensions" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id1" Version="2.0" IssueInstant="2024-09-12T12:13:30Z" Destination="http://www.example.com/sso" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://lingon.catalogix.se:8087/" ProviderName="urn:mace:example.com:saml:roland:sp"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id1"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Extensions><ns3:RequestedAttributes><ns3:RequestedAttribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="eduPersonNickname" isRequired="false" /><ns3:RequestedAttribute Name="urn:mace:dir:attribute-def:eduPersonNickname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="eduPersonNickname" isRequired="true" /><ns3:RequestedAttribute Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="eduPersonScopedAffiliation" isRequired="false" /></ns3:RequestedAttributes></ns0:Extensions></ns0:AuthnRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id1'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpveaeucqg.xml', '/tmp/tmpyc5a7jem.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpyc5a7jem.xml"

output=
____________________ TestClientNonAsciiAva.test_response_1 _____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-NtTaEDlmc9y8SXF6y" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:30Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-NtTaEDlmc9y8SXF6y"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-d5HtsfNcBawsQMDHu" IssueInstant="2024-09-12T12:13:30Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID NameQualifier="urn:mace:example.com:saml:roland:idp" SPNameQualifier="urn:mace:example.com:saml:roland:sp" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">d67a592612e371b7e8bce0040c9aa2062197fa4cc770503385645cfe21abac71</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:30Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:30Z" NotOnOrAfter="2024-09-12T12:18:30Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:30Z" SessionIndex="id-hNPj3mQaUSSjtyB4P"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepci\xc3\xb3n</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave@cnr.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">#13</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-NtTaEDlmc9y8SXF6y'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...]
extra_args = ['/tmp/tmps4acha2a.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmps4acha2a.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f8423256030>

    def test_response_1(self):
        IDP = "urn:mace:example.com:saml:roland:idp"
    
        ava = {"givenName": ["Dave"], "sn": ["Concepción"], "mail": ["Dave@cnr.mlb.com"], "title": ["#13"]}
    
        nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT)
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id_policy=nameid_policy,
            sign_response=True,
            userid="foba0001@example.com",
            authn=AUTHN,
        )

tests/test_51_client.py:2066: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response
    return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-NtTaEDlmc9y8SXF6y" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:30Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-NtTaEDlmc9y8SXF6y"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-d5HtsfNcBawsQMDHu" IssueInstant="2024-09-12T12:13:30Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID NameQualifier="urn:mace:example.com:saml:roland:idp" SPNameQualifier="urn:mace:example.com:saml:roland:sp" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">d67a592612e371b7e8bce0040c9aa2062197fa4cc770503385645cfe21abac71</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:30Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:30Z" NotOnOrAfter="2024-09-12T12:18:30Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:30Z" SessionIndex="id-hNPj3mQaUSSjtyB4P"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepci\xc3\xb3n</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave@cnr.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">#13</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-NtTaEDlmc9y8SXF6y'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-NtTaEDlmc9y8SXF6y', '--output', '/tmp/tmpvsyue392.xml', '/tmp/tmps4acha2a.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmps4acha2a.xml"

output=
____________________ TestClientNonAsciiAva.test_response_2 _____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-b1im5DOfM9p377jSF" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:30Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-b1im5DOfM9p377jSF"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-xmvc8aQyutcKergJo" IssueInstant="2024-09-12T12:13:30Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-xmvc8aQyutcKergJo"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">43a39fa600e162f850be69eefa4a2ed133a0551cbaf5d49ece0800bfdf2337c5</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:30Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:30Z" NotOnOrAfter="2024-09-12T12:18:30Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_93c5120a-ce7b-4bc8-a59b-a9e89240c637" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_63add1fa-8faa-4bad-949f-01d6d4bfa36f"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzMwWhcNMzQwOTEwMTIxMzMwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAt7l3YcLmxXhlHhvYSqMXhz8VlRJa+XZY9SksUNWdv5hI/uG01OlxCcy9\ngJdK0y8ai26Bye1ro3O8UUmIPx+T1gxfzFsN1zsxKws9b0/balsBzXgr78B7Es2C\nfI3zfSsge/EoT32EoMu7m6XjYo2be9bHo8qXBMbix40eh4FK5wDixNdhoMIIw/UN\nvasT4AufoW2rTbHIjIBRF3i/WoojS5CtEkKbCLlQJTItMpagosvfbzZTWGJ74ywD\n2pFBn7Z/TReJlivjuosS3SHVZlN1EphCGDP9IBikJYv4wSS+P6MC7Olx7+Bzsehf\nXSHe9VAuyg2125SLB9fYiUnrY/P5PwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJjM\nX9aE3Jq1YyynqBzixHeW6ufh15vXNipePIammjVqt7A2T28hul003aiUI8339BKv\niTUCwk/qJ9ImrXja6eFoZr92+deuGHHXmfyACbRORDVWEF0QyX+0cTrcgjvRa0t0\nyULEm0XC19oUUkRuIG6ZDjLPugcckTW/wOaSrzFJ</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>AGRtA5urwP1JsDsBSpF1wGalOBGCAgoZoo3w1IdILN2YqZ2b9E6UnINhvmfz4xdy\n9evNetHOJ+b7L8muNMPGJmt11XbqiYfD9rWw/n9tXpCe/R5a/8DRInA2ftRLts2P\nHRpBjch3xi1vSaTBtPdt3GFymGnpCnTaST0MK/+DKK+adU4wWwDXmvr6x4xl4eV0\n39LDIcP9rL8wSrI/P+rxXaKEaijBUOFBApnwrGr2t+qW7n8XcH5xpxPqanDmBz+1\nqQFVC1Fl1uVxw6KI+obwUbIqylW6FdcioGwLWG9papVkXCyZCn/mECpHjHvenSRY\nZwPtHnyGo1Y1I033k+6K0g==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>lp+MUXa2oCtXwbXznqQakxd1xLx9h8/TPVFDE6fMcRr50mSOezR0SlOuLKaOS2YA\n7gHadPdbNjPcip4JYbLPTUpy1JUeTwZaXquU2NAhKgAwCqZo3GOmg6BMaICz4INF\naQoj2AyvGk3C5EQcvPdz+g9nr7TXBM+pj5mMHBKlS+HQG9LO+sk4bxXLYkIEyVWh\nF0MPuhWnwnQSj9+fACRg3syjjXyWozC13TK9qSVIDUfaBzJbfOrtpzZ/O7IG14/7\nPRjmmd9wZatx8JQ0szPltqm/B/TUKX8CV3XuZb5Q0mWJV6rS00bUTPb21fHO4Adh\nWvwO4vIFruVOh0gm0U3HYeeZDwnh7cRpUieuk3QXYrpkUTKl4V9lErDK2qgZ2CHb\n6FI2u93sjNHDQ9GxPf+wKOKIOxndbh/LfLvZ9SuZKaNJKuupzo1PyU4sFXSPPLeW\nRsaASwN1OXiv7eRWCAyEXvyZbgfVS/RWKY/M9o4uLbTg8AvIDH+Mu/GYDvsRBoMt\naxMYojyg5kYfrYZPONlMmIrbIYpnkE0kVBYoMV0BKO5/vUDF95c9nfk/aUUk0DhG\nOuCBAPFvtVbrt05KtlYWnRaij8Uasp++hdrpqG2XnHG10J0GEXDsMYndGjqTVAoX\nFlYYQhWypqKYkr3Jjt2wrl0qlSTOeiS8yCa+DY7wKQxXUW5/W9zdDJG/YTE+QaZu\nJOXvZEAKHT+vuiORaW6dZteg1BJTLWKAmwxwL+frr4lk9T9XOdwwVtSncZLmLie8\nb5CIti87uAdX5vmme6HPSlt5t/j3RcFEDqeHh52qhDoprjw/wIkhtI/KW+346eLA\naIU+R6A0ET3BPYOBg6Y/WJL8U7fffNTKiEtiG6a7yX7GIkkvWYbF29zrDf45vxf4\n3lOTZRlnHwUExrKHm7p1gioAGoFfwPRsCZt0RlVq7WoP831VNW+Yz5LimIw0+d+n\ndifLDzjLS35oWjzn+L65yczVHYXFjkIMWV116mT25yWceNqAhIA3XNDHhqDGlKGk\nAa/XW3KVJdFGIJ0m7PtKLN4uH5zFc1tYekxHYs1/bgPCC+0zyh4C437XvKnNov8e\nk8WEf7amCO+nMfdjqDFkjUzgNaK3bO+pZFrZ3fFLgZ3yJGlyP79U/LjExT3TNRJ7\nM92IDiCjkGWbNmWESj3JOgdlqpy7Y3I/z9Nawz+Jrq8t1R/ZNk8VLeg8ZI4BwYG7\njzhBhEmeieVpT65rXH5Q/G5dY+/LExDHj37mKD6YnFy67nKm6snh/PW4T3QKsU5S\nqBhPk0EyJTeRLPv6QLz1Tlkbw59OrpFMu44Qwp5eI5oLMW3O5aGnt5p9FEKC6c8+\nzV6qLFrV7W/yOougfThAH3VxIwKSE9qLZOR0EQuALTiBT0Fc2MPGYkgLT8rjvC6s\nciKt/WeXL2M2NGLaUiYQtdKGGs76rqMpLWjlbEsS3LH03+XZCOWp0Tj55Oyk9ERV\nKGBiLP84fqPHFOU2BJvYdQqoIHtGkL8XWkjVatxdp+iUbM5c2wYLdzNWyvBDz6ND\n66oVYkpDn4dY+2GR1wEkhR5P0G5pk2Y4Gg0hULNdLPw1oZnvWsohiQ/JzTKkwKE7\nAmkyST7yWucBQ/XFStRZaUw2+SuMlGQxIre8+Q9FukepE76rtcNhlf5dJGOJjsBX\nSwfv/1d9Yg3+pBWVxnYnkVQGGMd8ybS8isrAiIe0lGB+o68uUNzjVRx0wQciNY8K\nrEFjLO0utHxvOgOYA3OP4qII6Asq9Lf3CPP55QGIXMVTqtTd3MFAFfJQZdRgkiW+\n9myC/V6660+hHeQqAfld77gELAgYs1ygcydiR0yS2qJINCqD4VQuaziDlNtln0EN\n+SuiRZfnXNl63ZD35eI62XxemOFwbKRClFF7y96IcLS8j4h7e8FOElQEzUGp2NL0\n4U5WiEnLDZk2imM0rMW6lXRlBy1JDFaMXK3wX+GKfp/Xk+tQDCzeS3fz+IACGIzm\nVgqyJhosjYLipT4ZyfGOD1jxBxsoLmErd4zhWm1svP9m8iwv4U4b2CyKDNuRH7i2\nYe4IjaX1grGtuAhK/0Zm9i7IJ87qB4Q195VXe7qXqEVuH+zNUrtgy1OakWfwPzEM\ncqWJYiu0g92yasXAUeRaJtF8D3BzIaDuXPDieH1Mt4PvkrQlis4Y01+vKk8Mf+/z\n0snOIhQ+pqSgksBOPuw7F0a9ayjX5GPIp1Hr5MsaPtU/+E97B/2FZ6/7VLVnm33B\nZ4Ji5YoI0kXMSbHflME2d9CFha4rog8SGH4vDvDEWZqeCT7ik8+qhpCwx2KyqgAG\nFBl2kAWV0BxyCPEOSXcfdNEkJItypCnCkJaAJbmUVPurlaILFwBHioXTRpurWLkV\nlv8FAksOlB66BHD47fv4IJigrWNzOJ8ZEWrKANmp8UjXEaelMyw1aw==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:30Z" SessionIndex="id-QwKJcv4UwRfv0iKn2"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-xmvc8aQyutcKergJo'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp4ip919gx.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp4ip919gx.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f84228af850>

    def test_response_2(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        cert_str, cert_key_str = generate_cert()
    
        cert = {"cert": cert_str, "key": cert_key_str}
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=False,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_advice=cert_str,
        )

tests/test_51_client.py:2146: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response
    response = signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-b1im5DOfM9p377jSF" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:30Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-b1im5DOfM9p377jSF"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-xmvc8aQyutcKergJo" IssueInstant="2024-09-12T12:13:30Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-xmvc8aQyutcKergJo"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">43a39fa600e162f850be69eefa4a2ed133a0551cbaf5d49ece0800bfdf2337c5</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:30Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:30Z" NotOnOrAfter="2024-09-12T12:18:30Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_93c5120a-ce7b-4bc8-a59b-a9e89240c637" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_63add1fa-8faa-4bad-949f-01d6d4bfa36f"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzMwWhcNMzQwOTEwMTIxMzMwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAt7l3YcLmxXhlHhvYSqMXhz8VlRJa+XZY9SksUNWdv5hI/uG01OlxCcy9\ngJdK0y8ai26Bye1ro3O8UUmIPx+T1gxfzFsN1zsxKws9b0/balsBzXgr78B7Es2C\nfI3zfSsge/EoT32EoMu7m6XjYo2be9bHo8qXBMbix40eh4FK5wDixNdhoMIIw/UN\nvasT4AufoW2rTbHIjIBRF3i/WoojS5CtEkKbCLlQJTItMpagosvfbzZTWGJ74ywD\n2pFBn7Z/TReJlivjuosS3SHVZlN1EphCGDP9IBikJYv4wSS+P6MC7Olx7+Bzsehf\nXSHe9VAuyg2125SLB9fYiUnrY/P5PwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJjM\nX9aE3Jq1YyynqBzixHeW6ufh15vXNipePIammjVqt7A2T28hul003aiUI8339BKv\niTUCwk/qJ9ImrXja6eFoZr92+deuGHHXmfyACbRORDVWEF0QyX+0cTrcgjvRa0t0\nyULEm0XC19oUUkRuIG6ZDjLPugcckTW/wOaSrzFJ</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>AGRtA5urwP1JsDsBSpF1wGalOBGCAgoZoo3w1IdILN2YqZ2b9E6UnINhvmfz4xdy\n9evNetHOJ+b7L8muNMPGJmt11XbqiYfD9rWw/n9tXpCe/R5a/8DRInA2ftRLts2P\nHRpBjch3xi1vSaTBtPdt3GFymGnpCnTaST0MK/+DKK+adU4wWwDXmvr6x4xl4eV0\n39LDIcP9rL8wSrI/P+rxXaKEaijBUOFBApnwrGr2t+qW7n8XcH5xpxPqanDmBz+1\nqQFVC1Fl1uVxw6KI+obwUbIqylW6FdcioGwLWG9papVkXCyZCn/mECpHjHvenSRY\nZwPtHnyGo1Y1I033k+6K0g==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>lp+MUXa2oCtXwbXznqQakxd1xLx9h8/TPVFDE6fMcRr50mSOezR0SlOuLKaOS2YA\n7gHadPdbNjPcip4JYbLPTUpy1JUeTwZaXquU2NAhKgAwCqZo3GOmg6BMaICz4INF\naQoj2AyvGk3C5EQcvPdz+g9nr7TXBM+pj5mMHBKlS+HQG9LO+sk4bxXLYkIEyVWh\nF0MPuhWnwnQSj9+fACRg3syjjXyWozC13TK9qSVIDUfaBzJbfOrtpzZ/O7IG14/7\nPRjmmd9wZatx8JQ0szPltqm/B/TUKX8CV3XuZb5Q0mWJV6rS00bUTPb21fHO4Adh\nWvwO4vIFruVOh0gm0U3HYeeZDwnh7cRpUieuk3QXYrpkUTKl4V9lErDK2qgZ2CHb\n6FI2u93sjNHDQ9GxPf+wKOKIOxndbh/LfLvZ9SuZKaNJKuupzo1PyU4sFXSPPLeW\nRsaASwN1OXiv7eRWCAyEXvyZbgfVS/RWKY/M9o4uLbTg8AvIDH+Mu/GYDvsRBoMt\naxMYojyg5kYfrYZPONlMmIrbIYpnkE0kVBYoMV0BKO5/vUDF95c9nfk/aUUk0DhG\nOuCBAPFvtVbrt05KtlYWnRaij8Uasp++hdrpqG2XnHG10J0GEXDsMYndGjqTVAoX\nFlYYQhWypqKYkr3Jjt2wrl0qlSTOeiS8yCa+DY7wKQxXUW5/W9zdDJG/YTE+QaZu\nJOXvZEAKHT+vuiORaW6dZteg1BJTLWKAmwxwL+frr4lk9T9XOdwwVtSncZLmLie8\nb5CIti87uAdX5vmme6HPSlt5t/j3RcFEDqeHh52qhDoprjw/wIkhtI/KW+346eLA\naIU+R6A0ET3BPYOBg6Y/WJL8U7fffNTKiEtiG6a7yX7GIkkvWYbF29zrDf45vxf4\n3lOTZRlnHwUExrKHm7p1gioAGoFfwPRsCZt0RlVq7WoP831VNW+Yz5LimIw0+d+n\ndifLDzjLS35oWjzn+L65yczVHYXFjkIMWV116mT25yWceNqAhIA3XNDHhqDGlKGk\nAa/XW3KVJdFGIJ0m7PtKLN4uH5zFc1tYekxHYs1/bgPCC+0zyh4C437XvKnNov8e\nk8WEf7amCO+nMfdjqDFkjUzgNaK3bO+pZFrZ3fFLgZ3yJGlyP79U/LjExT3TNRJ7\nM92IDiCjkGWbNmWESj3JOgdlqpy7Y3I/z9Nawz+Jrq8t1R/ZNk8VLeg8ZI4BwYG7\njzhBhEmeieVpT65rXH5Q/G5dY+/LExDHj37mKD6YnFy67nKm6snh/PW4T3QKsU5S\nqBhPk0EyJTeRLPv6QLz1Tlkbw59OrpFMu44Qwp5eI5oLMW3O5aGnt5p9FEKC6c8+\nzV6qLFrV7W/yOougfThAH3VxIwKSE9qLZOR0EQuALTiBT0Fc2MPGYkgLT8rjvC6s\nciKt/WeXL2M2NGLaUiYQtdKGGs76rqMpLWjlbEsS3LH03+XZCOWp0Tj55Oyk9ERV\nKGBiLP84fqPHFOU2BJvYdQqoIHtGkL8XWkjVatxdp+iUbM5c2wYLdzNWyvBDz6ND\n66oVYkpDn4dY+2GR1wEkhR5P0G5pk2Y4Gg0hULNdLPw1oZnvWsohiQ/JzTKkwKE7\nAmkyST7yWucBQ/XFStRZaUw2+SuMlGQxIre8+Q9FukepE76rtcNhlf5dJGOJjsBX\nSwfv/1d9Yg3+pBWVxnYnkVQGGMd8ybS8isrAiIe0lGB+o68uUNzjVRx0wQciNY8K\nrEFjLO0utHxvOgOYA3OP4qII6Asq9Lf3CPP55QGIXMVTqtTd3MFAFfJQZdRgkiW+\n9myC/V6660+hHeQqAfld77gELAgYs1ygcydiR0yS2qJINCqD4VQuaziDlNtln0EN\n+SuiRZfnXNl63ZD35eI62XxemOFwbKRClFF7y96IcLS8j4h7e8FOElQEzUGp2NL0\n4U5WiEnLDZk2imM0rMW6lXRlBy1JDFaMXK3wX+GKfp/Xk+tQDCzeS3fz+IACGIzm\nVgqyJhosjYLipT4ZyfGOD1jxBxsoLmErd4zhWm1svP9m8iwv4U4b2CyKDNuRH7i2\nYe4IjaX1grGtuAhK/0Zm9i7IJ87qB4Q195VXe7qXqEVuH+zNUrtgy1OakWfwPzEM\ncqWJYiu0g92yasXAUeRaJtF8D3BzIaDuXPDieH1Mt4PvkrQlis4Y01+vKk8Mf+/z\n0snOIhQ+pqSgksBOPuw7F0a9ayjX5GPIp1Hr5MsaPtU/+E97B/2FZ6/7VLVnm33B\nZ4Ji5YoI0kXMSbHflME2d9CFha4rog8SGH4vDvDEWZqeCT7ik8+qhpCwx2KyqgAG\nFBl2kAWV0BxyCPEOSXcfdNEkJItypCnCkJaAJbmUVPurlaILFwBHioXTRpurWLkV\nlv8FAksOlB66BHD47fv4IJigrWNzOJ8ZEWrKANmp8UjXEaelMyw1aw==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:30Z" SessionIndex="id-QwKJcv4UwRfv0iKn2"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-xmvc8aQyutcKergJo'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xmvc8aQyutcKergJo', '--output', '/tmp/tmpudivo68u.xml', '/tmp/tmp4ip919gx.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp4ip919gx.xml"

output=
____________________ TestClientNonAsciiAva.test_response_3 _____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-yK3xwxnFDv7AD4OeU" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:30Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-yK3xwxnFDv7AD4OeU"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-UpGr2hjG9Wc28j9v2" IssueInstant="2024-09-12T12:13:30Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-UpGr2hjG9Wc28j9v2"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">a36f22dc6608a42744a8c4bb3df4b8a298908002bce067723d7fae511dba4c89</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:30Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:30Z" NotOnOrAfter="2024-09-12T12:18:30Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_ae3598c8-3a83-4c60-95a3-352c104378d1" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_83e1b642-0a44-449f-b016-02d08586f78a"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>ahGx8rtRgxeuQjD91UhC7kNDq2mGnDYHA+liahZKzq5m72clAKN9KXHDsKoICZ8I\nOk4idn59zAMKd6eDtsUcPjuVriYt97g8bzlGYOp/Yi3NecUZ2Wzbnl76S7UZzH9o\niD4WRcQJ6lzYTtxhjW0Ayl2UDDmfmTZuYSBclC2aHwg=</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>uM2z8hkEDcVNrM2IBi3tFyiKm6IdOSy0rXLOj4LI6g8IPacXnloYane3aqWwkEmv\nHbhHQ5jSm3MINuN1QqqPfmbHpq3ZJ09vvXmOhgprfm4in4DyolWV3VLxxn2byq/A\nAu7JcFFw9zAsN6Je9AYZVGB9utSXeOEaBELev/xbZainOUIMizgAHW42cjsF01El\nP79Kh4fvElnxXelSXENgHezAcjNxQiQmaJzi3mGWmIhe/zPzVF65lQ7/DRDNy3Kv\n1Dqvx0b+zxiptpljgfYjN3POOozHz24PJYCMwgLov2GdjCwviU13IvW20yGOgyQz\n/9BqC/TjLnRNGWxQ3FFMuVcZBFzhSttDl04yeDVUnTMwKg5oQtXy3X5IYbzuhWYH\niTkJoUjPlVcdip/NWSjtV9VxoYPMUnIumBeSzGB8VyNQbmp6PIsZR7Z3uVHTTmeC\n87JlGuFqbUV7SPkPrEP3vs49bb8orWXpF0x8YspcZ+/orqpE4ZANXmPFTDgZu297\nbWhyZCMOCKKQvxNPx8ueIprpJTVHcb5hVBxwnnMzxgyt5876onJeTgWnGfqyp3in\nqdqYFQAFI5Ur/iuB0l9j43UjetJA/WGWLPtpyPuLYmq53eiw9VQ/UshUvjWHv4hB\nuIP1LvfGnkUwWX5bcYyAK9UGchcR0KWLMeVsUhY2Y2/fzWEQKP6NVbp/dwkQD6uy\nQJc+Kt9O19PkhpkLSJfDvittj4wgYwjQwCHvUvn/Xps/i+6OzunCSMsw3ZuEmcSu\narc5f2CkRYFpFzzLpJMIm9SPwDpnaOnnIYpCo4560VNlKYN7U8nWMx2LoIlk1ct0\n+5TBe2a5z4UAe1VdjsEt1xVwLnEAAV7db2THXYcl9OOy9hOsUsstzqyUM+Kmug4M\nYpJncAPpzNvI+FNhUsKY5I/N0KKzlj4yHtgfc9V6SvK1OsdIQMAx0wCbs7k8AwtE\nl6417BTEwjGPdrBTej2icxgVd8I3QDn4MNNzByZvPw1BPEEk16TcZf7pZbnk4suz\n5b7FTdRkZ4JmdwM/LbQkrQyk0RabHoupYnUA4nhCqaF+QnmKu1H81IeGnPl5XwGg\nVPhgqqveYhIAnIS6cEmjzEXU5IYOKGyx++hXh/Zqi1bRkDnYmVMfWBohxksDasmn\n9SI3hmDjBa4/wS+Mb4Dvy+isZhubR3dMZoCebTILz4ZFjGj4xhY2LAPcNNIaDv/g\nULCEVK80d/8ffeOcJKjLow7wCr+MbjT1QitYplZ/4gUGmmyQoRcyo1RbDxngcosg\nVb9bV+MS6NkJgE2+GGh0zN8oo0ZAAvdp4scLrMf9TbPTgbwQDC9Jg3O8TMqeowMt\naLXWdWYoI35FNazXq+Tgkvf9fIod/CXUt77pfgZyGdfgDnYPEiOvJ573ve49U+Wo\nxuOetzaZ2vE1rNb7N9a8w1tomPNpaXBIo/UvgbLxMTHGg4FlLmxniSL+I+syKAHR\nFXrfuJsyEttqIMwi9fqgH8j2wgwYVMsmsxkayA2xxP2/q2vyzGOTRagq7uurV7BZ\n0a3Bf8U4STUOXpmEZbHdB7vjEXaHXjqRdIicaNxW8wLpzlBOMUZe5uUNJeJvjRu5\ng9MLmaxt/MnJ88W3IePnkuJ35EOf3z09H3s1ce0dgmDJmp7YeyZ6zC36qVWJP21Z\nMe71yQuLlusf9p7Bl9vNAKl+va0a12tYPEzuG6nv5D1QjlGzQ+f/bsi2KhdVJG2J\n1AfNJwXs2BNTcTL1IiQwI4LPCVtpHb2Q+A+g+Lh9GSjP0p84Dq+Yv8lDwel0MYdn\nHyS6CgcyPK4gbfEbfHD/sc7Oaa9u2ZLlTu+fgLRMk2o3tlEFOsHViLp+QFQaym+q\nXGWzlLAiJE+I2OYuMwUVEIBmPe1yZ2AUP4/P9aEMDJi6zxmaNhGwpGkMHjjpZd2l\npj5zeIT4VtkSRPuxgGb71nUPNr2i+iZfcbERUISXKIwS6zQp4bQPc7Vf6jAOkSNV\n+471bBd4WI7bSlI5iQQYyge9W2nrC53fD6ZrMaUbevj5XdEUQUYwhEB9L1ZYb87T\nS4AQHMp+LstTnWFb/ajI5niuX6RYA+ODNdRIr+3B9+6W2FJjDeQ77JYl1PIJCHsN\nToQU4xYKGfXg+IxvFEiwT3KhPo1udazsOmITp8oCUC3IyCFjskJwbqU4HIYT0AOo\nJldXnSI9YTeMGx7qI2ywTyVT2WgtQR7xes7npTTLOQOS9aNa327uUSaZlKF8Fzs+\nLJPeHsVh9NRzf/4mouYj2gjdgM3UfwGTBLU3zVUzY91omvEwfPBBUbpgAgXqjt5C\nKDDB6orDsAyY/6DQINg6gDKGZPJrUWmeT/HSFjWbjQBjlrc96N/ze00ovn0mx2AZ\nLkhSHbwxUXGnL7/dFPPmWZiHWjQNFtE0q22Wi5iRwFhu/7nXBd0Dow==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:30Z" SessionIndex="id-NDxRHg6Mu0AeJ1ZSV"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-UpGr2hjG9Wc28j9v2'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpcqwg2ezs.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpcqwg2ezs.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f84228af310>

    def test_response_3(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=False,
            encrypt_assertion_self_contained=True,
            pefim=True,
        )

tests/test_51_client.py:2181: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response
    response = signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-yK3xwxnFDv7AD4OeU" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:30Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-yK3xwxnFDv7AD4OeU"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-UpGr2hjG9Wc28j9v2" IssueInstant="2024-09-12T12:13:30Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-UpGr2hjG9Wc28j9v2"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">a36f22dc6608a42744a8c4bb3df4b8a298908002bce067723d7fae511dba4c89</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:30Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:30Z" NotOnOrAfter="2024-09-12T12:18:30Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><ns3:EncryptedData Id="ED_ae3598c8-3a83-4c60-95a3-352c104378d1" Type="http://www.w3.org/2001/04/xmlenc#Element"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><ns2:KeyInfo><ns3:EncryptedKey Id="EK_83e1b642-0a44-449f-b016-02d08586f78a"><ns3:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>ahGx8rtRgxeuQjD91UhC7kNDq2mGnDYHA+liahZKzq5m72clAKN9KXHDsKoICZ8I\nOk4idn59zAMKd6eDtsUcPjuVriYt97g8bzlGYOp/Yi3NecUZ2Wzbnl76S7UZzH9o\niD4WRcQJ6lzYTtxhjW0Ayl2UDDmfmTZuYSBclC2aHwg=</ns3:CipherValue></ns3:CipherData></ns3:EncryptedKey></ns2:KeyInfo><ns3:CipherData><ns3:CipherValue>uM2z8hkEDcVNrM2IBi3tFyiKm6IdOSy0rXLOj4LI6g8IPacXnloYane3aqWwkEmv\nHbhHQ5jSm3MINuN1QqqPfmbHpq3ZJ09vvXmOhgprfm4in4DyolWV3VLxxn2byq/A\nAu7JcFFw9zAsN6Je9AYZVGB9utSXeOEaBELev/xbZainOUIMizgAHW42cjsF01El\nP79Kh4fvElnxXelSXENgHezAcjNxQiQmaJzi3mGWmIhe/zPzVF65lQ7/DRDNy3Kv\n1Dqvx0b+zxiptpljgfYjN3POOozHz24PJYCMwgLov2GdjCwviU13IvW20yGOgyQz\n/9BqC/TjLnRNGWxQ3FFMuVcZBFzhSttDl04yeDVUnTMwKg5oQtXy3X5IYbzuhWYH\niTkJoUjPlVcdip/NWSjtV9VxoYPMUnIumBeSzGB8VyNQbmp6PIsZR7Z3uVHTTmeC\n87JlGuFqbUV7SPkPrEP3vs49bb8orWXpF0x8YspcZ+/orqpE4ZANXmPFTDgZu297\nbWhyZCMOCKKQvxNPx8ueIprpJTVHcb5hVBxwnnMzxgyt5876onJeTgWnGfqyp3in\nqdqYFQAFI5Ur/iuB0l9j43UjetJA/WGWLPtpyPuLYmq53eiw9VQ/UshUvjWHv4hB\nuIP1LvfGnkUwWX5bcYyAK9UGchcR0KWLMeVsUhY2Y2/fzWEQKP6NVbp/dwkQD6uy\nQJc+Kt9O19PkhpkLSJfDvittj4wgYwjQwCHvUvn/Xps/i+6OzunCSMsw3ZuEmcSu\narc5f2CkRYFpFzzLpJMIm9SPwDpnaOnnIYpCo4560VNlKYN7U8nWMx2LoIlk1ct0\n+5TBe2a5z4UAe1VdjsEt1xVwLnEAAV7db2THXYcl9OOy9hOsUsstzqyUM+Kmug4M\nYpJncAPpzNvI+FNhUsKY5I/N0KKzlj4yHtgfc9V6SvK1OsdIQMAx0wCbs7k8AwtE\nl6417BTEwjGPdrBTej2icxgVd8I3QDn4MNNzByZvPw1BPEEk16TcZf7pZbnk4suz\n5b7FTdRkZ4JmdwM/LbQkrQyk0RabHoupYnUA4nhCqaF+QnmKu1H81IeGnPl5XwGg\nVPhgqqveYhIAnIS6cEmjzEXU5IYOKGyx++hXh/Zqi1bRkDnYmVMfWBohxksDasmn\n9SI3hmDjBa4/wS+Mb4Dvy+isZhubR3dMZoCebTILz4ZFjGj4xhY2LAPcNNIaDv/g\nULCEVK80d/8ffeOcJKjLow7wCr+MbjT1QitYplZ/4gUGmmyQoRcyo1RbDxngcosg\nVb9bV+MS6NkJgE2+GGh0zN8oo0ZAAvdp4scLrMf9TbPTgbwQDC9Jg3O8TMqeowMt\naLXWdWYoI35FNazXq+Tgkvf9fIod/CXUt77pfgZyGdfgDnYPEiOvJ573ve49U+Wo\nxuOetzaZ2vE1rNb7N9a8w1tomPNpaXBIo/UvgbLxMTHGg4FlLmxniSL+I+syKAHR\nFXrfuJsyEttqIMwi9fqgH8j2wgwYVMsmsxkayA2xxP2/q2vyzGOTRagq7uurV7BZ\n0a3Bf8U4STUOXpmEZbHdB7vjEXaHXjqRdIicaNxW8wLpzlBOMUZe5uUNJeJvjRu5\ng9MLmaxt/MnJ88W3IePnkuJ35EOf3z09H3s1ce0dgmDJmp7YeyZ6zC36qVWJP21Z\nMe71yQuLlusf9p7Bl9vNAKl+va0a12tYPEzuG6nv5D1QjlGzQ+f/bsi2KhdVJG2J\n1AfNJwXs2BNTcTL1IiQwI4LPCVtpHb2Q+A+g+Lh9GSjP0p84Dq+Yv8lDwel0MYdn\nHyS6CgcyPK4gbfEbfHD/sc7Oaa9u2ZLlTu+fgLRMk2o3tlEFOsHViLp+QFQaym+q\nXGWzlLAiJE+I2OYuMwUVEIBmPe1yZ2AUP4/P9aEMDJi6zxmaNhGwpGkMHjjpZd2l\npj5zeIT4VtkSRPuxgGb71nUPNr2i+iZfcbERUISXKIwS6zQp4bQPc7Vf6jAOkSNV\n+471bBd4WI7bSlI5iQQYyge9W2nrC53fD6ZrMaUbevj5XdEUQUYwhEB9L1ZYb87T\nS4AQHMp+LstTnWFb/ajI5niuX6RYA+ODNdRIr+3B9+6W2FJjDeQ77JYl1PIJCHsN\nToQU4xYKGfXg+IxvFEiwT3KhPo1udazsOmITp8oCUC3IyCFjskJwbqU4HIYT0AOo\nJldXnSI9YTeMGx7qI2ywTyVT2WgtQR7xes7npTTLOQOS9aNa327uUSaZlKF8Fzs+\nLJPeHsVh9NRzf/4mouYj2gjdgM3UfwGTBLU3zVUzY91omvEwfPBBUbpgAgXqjt5C\nKDDB6orDsAyY/6DQINg6gDKGZPJrUWmeT/HSFjWbjQBjlrc96N/ze00ovn0mx2AZ\nLkhSHbwxUXGnL7/dFPPmWZiHWjQNFtE0q22Wi5iRwFhu/7nXBd0Dow==</ns3:CipherValue></ns3:CipherData></ns3:EncryptedData></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:30Z" SessionIndex="id-NDxRHg6Mu0AeJ1ZSV"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-UpGr2hjG9Wc28j9v2'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-UpGr2hjG9Wc28j9v2', '--output', '/tmp/tmpkq2b1v3g.xml', '/tmp/tmpcqwg2ezs.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpcqwg2ezs.xml"

output=
____________________ TestClientNonAsciiAva.test_response_4 _____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-sDle2adi6skg6f8Xc" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:30Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-sDle2adi6skg6f8Xc"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-v4IOwOlS9DlMMA57g" IssueInstant="2024-09-12T12:13:30Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-v4IOwOlS9DlMMA57g"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">2271b3e574b221a4a7b5a11515204e524d3409eaa49f60930edc1fe6ddc19cfe</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:30Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:30Z" NotOnOrAfter="2024-09-12T12:18:30Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_4b950fde-fd10-4edd-8e2c-61176c8919ee" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_3fbee171-caaf-4836-898a-c7630852a674"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>Awj+COYSozKhZD3wSd+jV4BnCgoM2VcbCLXh5tI0UX76EOxAa8Qo7qDtvFQI2W+f\nLpQSqBjq68ZklsPZfqaoHOdUQNjR1DZ284N+yo1Sjh0nQ0luZ8BihDlBmj3to0ac\nxSAkq9gr29hTjE/ohVuMTkX1RAnSJ/DtkeFP8wboD80=</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>eXsPz1bhkenC3woasbqjU372f9B/6erfOwaEL/6p82v3TXFb71zK5a07+4ra9SVJ\nFC63NQw37xY6lCvS41DqpQqkZ6IYwegTBNj+tsbkMAsRVfDm+5P8JcS+t2GQcgpE\nA9Hf/WtGXf+wEM9ckSdOP1694cNiWSiTrLg5+5WFftp6A+JhhAyvI31SZSiGPbm9\nxzbPLLK/NC4gK/UaLXoR/t2fcWmipGLUW32RWzTfUGHuW2V7/pfYjDTsKH6MSRij\nTecCMAFV13il9HaReGDa9Wg+u2qHTAy7ThSa7n6DYqma7YyQXh9UzBOy51L5N+R1\nSpJn71HjKNVNs6th0POfrhBV+PFG+YRCPzCc9YQTXtN5rZLujwT0daQLiO5BnzT+\nZ8DZp/mV1FX3b5htdQ5NH1fPgbLNVz8CblxHbBw+RIC2MjUEPYrqG5RD69JDsjWV\nsHHwVHcR9O9QXSyhOKSFxOaBZ0H2fTmPO84BEQiyal0HFyHgLgm5CU8tCssMzOEg\nYONuvqjhSCWd6C0xq84g2hikmbX7JNjUf/pCqKw44W1ttcLy6o7MnLd/UAEc15vQ\nONYKEAThn/0/0qzPiFM2hhdpREOLkLbVpJwT+mYCGcPdq9PZvlEqUQI9FhkQIRhv\nGp3Pv3Eg0nY6+w9ArGmQS9iERqDMlOEoJWG/9FnAo3FCDhfKi4ji4PMIcq0oTqJ+\ntI3Z04jz3DkfRSge1PyYAU7zSoOS1cA4zsLExO/Lo8QwruNq1qE1X9piHreiNoUc\niFhXmzPjDpQ7DtQJOAaKb8Q0Or0/2kXvjWJR4IVkEkEmnTjaYGDj+hwCg0Hfe70L\n0BsyfQfaDQ3UyLuvxaa7BDLuO6MiU91yJzhtZWIu7hm+G3Pq1jjUP4xyyn2tWGcV\nSRowrrnGzQL+BIlbaT0mRAclCiU0A2aqUXVrD4yxItENnMdB488+O6/xmVoy4NF0\ndIZX3p4guH16bA94vM8y6rb4jKgcyVMPiatuO2DTpoIRWQlcuQbVaeM0YMD1Srhp\nOACXkoWvQfEhL68E7gMLvI4ccx9Vr+qE27EKhOHDB4weAlGycw7m5Iptss70En1/\n3sQywUL8K5gZEcRlJCUvKufmljTG93qRMqxIFNzY7k1veMXlf49zviSZEdFvuJE6\nHKoBMQ1CYfPXUZkZ9Rqlisqw2qTRqjVxeIKAshqaGnkF3rGmT5zazj8stloNvyBo\nEAwRjcCwJLAe8OCxgMk14mCw29W7n2khd7ADRJD3/CblYBmy1y8aDIPUM4FRD1HW\nkItQV/dsVMi/Q64xNOC1oy9eSRYWx5jecx/69HCRC7SYFAGfo9BLreUgv3n4sYFt\nnABTRTJ1QZY9oHhbR+qlNLnC7YoKmOQfZDey/23PhxAnUBsvuNwTNd5mtpO5zyBB\nriSiudxl5w7E1xhZ/X4HF8hmUq/RIuK7I2A/Ob/4KHAwCOjjU+qoFwGGM6wWC3da\ndhZfi30SwMVj6pjIkd8xRGuBo+POZRjNjIswoAKKBvmDecF1TJMegBCrqxUtHi30\n15IDjgU0Z+/oJxvN8kyJ0StTYOCEVcJ0SV1NStnknn6GQAeEwla9VxsDLHrU7Yjf\n3SQ8i46qmC3Yn2LCRxhhvM+PTzAq8tvQL+M+minz2R5nb+4tD/gjMPG781GUjEoh\nHsFYQLLchBv6oSyQxwSFhRKuGfYhekLZMEAwDJ0ZysK1PZsM7tgh2o6ALnRO0zqW\naQPG7WOBAiwMAM2zucgcIVsLdqIJQ1689AXWk6qkHa6+nLFI1v1EiSu3bJmqlpBQ\ni3hCF98EEgGfaAdMqxOyLLUTd31HpGtitTxO2qE088jsJo9v+0s2sDK/FsaW3K8A\nmrA2MTVix8n7G+XLtJvlRKiTfe1d8VkMnjuDQDJeN4wRAjIm8KwPJbdTCFVgw+IP\nZx5L1Xx80tI9WVktUknCCKbMk2IFf4KX+qUs+AO7InmCAHah37XkJvEHA7hMnAZD\nFHJPtMjB79SIBTNEH4pUUhZmlc/shhbhBPE1c04GNm6V4bWkME8VB0adzS13b4l8\nvGi6GEkEt8jUgzbYvrBJI56OOpk4eznyl+oWChjZMeQaxhRQNQK7fv5Nd78SOKo3\nzdXwnjuFMq90q/ho1485ZrqUlfbk17FYjnt9RHpcQ46VsENA1C1QbSrnhFSpnXnD\nsff/GxB5wJVuoVZWCHQIzI3+wCM0x29AgMHiRGkuq+7ei04CFZfrqhWmP57U4OHL\nu6H7cZhsmgJly+DoHg/H2XU48DwrndYq90nS2fDgIyLCryMWlwrpdgjQdqXXKI0e\nJrctTvwl9zWVALKKMmIDQWxfMqhaHtydLGS7sVP0BFhLhKdbVkRAytL/DsvsNeA7\neli9tBZHn5hwjrVP+TSlRvd0qWpq+cx0VAXOve33++IzTj32JJrSGA==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:30Z" SessionIndex="id-sZihqIZ3Cger5LIes"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-v4IOwOlS9DlMMA57g'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpqd2ai_uv.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpqd2ai_uv.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f84231c94a0>

    def test_response_4(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            pefim=True,
        )

tests/test_51_client.py:2215: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-sDle2adi6skg6f8Xc" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:30Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-sDle2adi6skg6f8Xc"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-v4IOwOlS9DlMMA57g" IssueInstant="2024-09-12T12:13:30Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-v4IOwOlS9DlMMA57g"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">2271b3e574b221a4a7b5a11515204e524d3409eaa49f60930edc1fe6ddc19cfe</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:30Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:30Z" NotOnOrAfter="2024-09-12T12:18:30Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_4b950fde-fd10-4edd-8e2c-61176c8919ee" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_3fbee171-caaf-4836-898a-c7630852a674"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>Awj+COYSozKhZD3wSd+jV4BnCgoM2VcbCLXh5tI0UX76EOxAa8Qo7qDtvFQI2W+f\nLpQSqBjq68ZklsPZfqaoHOdUQNjR1DZ284N+yo1Sjh0nQ0luZ8BihDlBmj3to0ac\nxSAkq9gr29hTjE/ohVuMTkX1RAnSJ/DtkeFP8wboD80=</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>eXsPz1bhkenC3woasbqjU372f9B/6erfOwaEL/6p82v3TXFb71zK5a07+4ra9SVJ\nFC63NQw37xY6lCvS41DqpQqkZ6IYwegTBNj+tsbkMAsRVfDm+5P8JcS+t2GQcgpE\nA9Hf/WtGXf+wEM9ckSdOP1694cNiWSiTrLg5+5WFftp6A+JhhAyvI31SZSiGPbm9\nxzbPLLK/NC4gK/UaLXoR/t2fcWmipGLUW32RWzTfUGHuW2V7/pfYjDTsKH6MSRij\nTecCMAFV13il9HaReGDa9Wg+u2qHTAy7ThSa7n6DYqma7YyQXh9UzBOy51L5N+R1\nSpJn71HjKNVNs6th0POfrhBV+PFG+YRCPzCc9YQTXtN5rZLujwT0daQLiO5BnzT+\nZ8DZp/mV1FX3b5htdQ5NH1fPgbLNVz8CblxHbBw+RIC2MjUEPYrqG5RD69JDsjWV\nsHHwVHcR9O9QXSyhOKSFxOaBZ0H2fTmPO84BEQiyal0HFyHgLgm5CU8tCssMzOEg\nYONuvqjhSCWd6C0xq84g2hikmbX7JNjUf/pCqKw44W1ttcLy6o7MnLd/UAEc15vQ\nONYKEAThn/0/0qzPiFM2hhdpREOLkLbVpJwT+mYCGcPdq9PZvlEqUQI9FhkQIRhv\nGp3Pv3Eg0nY6+w9ArGmQS9iERqDMlOEoJWG/9FnAo3FCDhfKi4ji4PMIcq0oTqJ+\ntI3Z04jz3DkfRSge1PyYAU7zSoOS1cA4zsLExO/Lo8QwruNq1qE1X9piHreiNoUc\niFhXmzPjDpQ7DtQJOAaKb8Q0Or0/2kXvjWJR4IVkEkEmnTjaYGDj+hwCg0Hfe70L\n0BsyfQfaDQ3UyLuvxaa7BDLuO6MiU91yJzhtZWIu7hm+G3Pq1jjUP4xyyn2tWGcV\nSRowrrnGzQL+BIlbaT0mRAclCiU0A2aqUXVrD4yxItENnMdB488+O6/xmVoy4NF0\ndIZX3p4guH16bA94vM8y6rb4jKgcyVMPiatuO2DTpoIRWQlcuQbVaeM0YMD1Srhp\nOACXkoWvQfEhL68E7gMLvI4ccx9Vr+qE27EKhOHDB4weAlGycw7m5Iptss70En1/\n3sQywUL8K5gZEcRlJCUvKufmljTG93qRMqxIFNzY7k1veMXlf49zviSZEdFvuJE6\nHKoBMQ1CYfPXUZkZ9Rqlisqw2qTRqjVxeIKAshqaGnkF3rGmT5zazj8stloNvyBo\nEAwRjcCwJLAe8OCxgMk14mCw29W7n2khd7ADRJD3/CblYBmy1y8aDIPUM4FRD1HW\nkItQV/dsVMi/Q64xNOC1oy9eSRYWx5jecx/69HCRC7SYFAGfo9BLreUgv3n4sYFt\nnABTRTJ1QZY9oHhbR+qlNLnC7YoKmOQfZDey/23PhxAnUBsvuNwTNd5mtpO5zyBB\nriSiudxl5w7E1xhZ/X4HF8hmUq/RIuK7I2A/Ob/4KHAwCOjjU+qoFwGGM6wWC3da\ndhZfi30SwMVj6pjIkd8xRGuBo+POZRjNjIswoAKKBvmDecF1TJMegBCrqxUtHi30\n15IDjgU0Z+/oJxvN8kyJ0StTYOCEVcJ0SV1NStnknn6GQAeEwla9VxsDLHrU7Yjf\n3SQ8i46qmC3Yn2LCRxhhvM+PTzAq8tvQL+M+minz2R5nb+4tD/gjMPG781GUjEoh\nHsFYQLLchBv6oSyQxwSFhRKuGfYhekLZMEAwDJ0ZysK1PZsM7tgh2o6ALnRO0zqW\naQPG7WOBAiwMAM2zucgcIVsLdqIJQ1689AXWk6qkHa6+nLFI1v1EiSu3bJmqlpBQ\ni3hCF98EEgGfaAdMqxOyLLUTd31HpGtitTxO2qE088jsJo9v+0s2sDK/FsaW3K8A\nmrA2MTVix8n7G+XLtJvlRKiTfe1d8VkMnjuDQDJeN4wRAjIm8KwPJbdTCFVgw+IP\nZx5L1Xx80tI9WVktUknCCKbMk2IFf4KX+qUs+AO7InmCAHah37XkJvEHA7hMnAZD\nFHJPtMjB79SIBTNEH4pUUhZmlc/shhbhBPE1c04GNm6V4bWkME8VB0adzS13b4l8\nvGi6GEkEt8jUgzbYvrBJI56OOpk4eznyl+oWChjZMeQaxhRQNQK7fv5Nd78SOKo3\nzdXwnjuFMq90q/ho1485ZrqUlfbk17FYjnt9RHpcQ46VsENA1C1QbSrnhFSpnXnD\nsff/GxB5wJVuoVZWCHQIzI3+wCM0x29AgMHiRGkuq+7ei04CFZfrqhWmP57U4OHL\nu6H7cZhsmgJly+DoHg/H2XU48DwrndYq90nS2fDgIyLCryMWlwrpdgjQdqXXKI0e\nJrctTvwl9zWVALKKMmIDQWxfMqhaHtydLGS7sVP0BFhLhKdbVkRAytL/DsvsNeA7\neli9tBZHn5hwjrVP+TSlRvd0qWpq+cx0VAXOve33++IzTj32JJrSGA==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:30Z" SessionIndex="id-sZihqIZ3Cger5LIes"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-v4IOwOlS9DlMMA57g'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-v4IOwOlS9DlMMA57g', '--output', '/tmp/tmp3l1o68yk.xml', '/tmp/tmpqd2ai_uv.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpqd2ai_uv.xml"

output=
____________________ TestClientNonAsciiAva.test_response_5 _____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-LuG902ksiDk4LBzZo" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:31Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-LuG902ksiDk4LBzZo"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-zICmpW8BPDOQLvZpd" IssueInstant="2024-09-12T12:13:31Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-zICmpW8BPDOQLvZpd"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">0e49172363c2c903f9dbf89915e936b380da69f87095d36ce23b6dd94d20bd42</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:31Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:31Z" NotOnOrAfter="2024-09-12T12:18:31Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_230fb5dc-ac8a-41ef-aca2-eee366ad1578" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_5da90b7c-7c95-4c13-a7ec-c43e337abc0e"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>EacmO2Yyn6R+j5S4kxYtRcl2DygqVzKLZTpk2xeztEe3hZLAO8p4Ec4zGu+tBJeY\nvk+eZ5/WfuN1DMwUaXcSChbHGVyDWFbe0UjsRSN9x9/KHTYacoJMebXdHZRocwHG\n+nb0M9CzXIsnfuucJ+obpON+K9hNNTMUN5aWWHHrHXA=</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>8UZDCQ1epApoZOxjb33fnVUwTosfZVOIv765vO95stQij6SwMwaeFAOM0rA+eyfb\nFhdrHHQTDSogYGTKXk2GKmlj/0SmRkxVEu1VAT1BSClsnaPTpoV95yIX+2BS51MV\nC+FXC8NHYfrgwus8Pv0icrumhSLUCS77FF8MmFbuuEGtUjciAMBazhN+QflrdUH2\neeMQ6Rq5y9k7eszb3hPE7wR8glIX+PNa3KS2f5W5oD1ooNVQWR78wVZn/bdYLB+7\nJq7WTi/6YDYrOCTgX5nFnPaqFnwsnLjofwBieYHcQyuTRrYjWZgdRyMhhS6J7Bou\ntcwN+N6oxqhVYT4pTDNhBRbY4wEm2ouY8D1YwlDXNaCU+APz/IAL5m8edGMk9fGx\np8Bqggivip+NFbOzluiM91BoJhrjUTuNv4fbcSpUAaVqVIc3NBH3J41Ksjkqx3Zb\n0JNBD3z695Ms47mwVIzKK/pwGcyDhVZ5G+CyWxb765l4BzXJ2qicRZ+zkFJn067g\nfRWq2yL3HD6EJl7w4e6u6Zt4m1kr5v+9wM3kv9HZd/SognBMHsGHluKeyJU4fgeL\nBkud6jhdmu+AVGKte+UtxjVypYfoCKDlXNQficbIobXeK4VHH3pGc2pjGVjrDtYz\nQ165SFuEtcK5FqiqRcRWDagO/tByXqzU3RYQJz1H6kRsrVxLAgiXsC97AI4AKTgw\nQW1r4tFhFwOESngOoSYC80LcQMqO//WqmkM7Fr3JLFuLOLoK5F7JugYtuu+Vmy77\nlD/FpqlSq+7dZvhSq9d0CH5JdJRN4RZf6e2d2jVZoJqHEKLyAPgVP5qGDjsdlqBQ\nPxlklcaVa4f5RSsBKAsadFJokxknlp5AXCDKOKtm5CzmpGfxSD29BfVlPDcez24B\nIdQoVXvIjyI+x9YlOuPBH9zbadT/ltMX3L3EuOwwgCIRuZHI1BdKeX0cXFkrdGyr\nHOxyV2ouABTXAKgszHlCwlHLUTXxgrJdwtQCf5OrSMJX3cw5/HqQ4DZHnC8+rwJK\nvllj6sk9gPsY6bjZiuWugq2G4Owcivt3w3zxoNGsdae4E2gNtU5OlRSy8sO5Ajs9\nGozhW6cN4Gt3uy26xbh2sOIrdzyXZ2VXUlD/xG7fysBtmJJSRfEK4hfzGYjksaAu\nAp2MMHo+aAGJ34ZF1GbQQPZYDoMB1wURd3Zzy0FhmccCCcURfq4TOtShdocUxuxf\nab2nHMHJUAEBSYTJb6bRSZv940OUbh2HeeEUJO1UDbPcLVnZtNj+pEfwbUI/UHGJ\nHgnVpjMlzespgoGPneIWS+Nc3/A3VR5BnAtiGDiBzIG31rj7OxThelT2AKYDtuQP\nNHtY4CNpN5ZtZ1pFMDIRSe7IW7avg2jui4pynDJoDgEG/YzU4QqPFQUxj3L5w6b0\nhfGdNsyYFBbAgTkK4RGNBt4ooJPdsvyyvoMJg2lWOBSnSHcBBfVMMSvubaFNX2em\n1wzMT0qXdODtQFhWk4EuHxMuHnf+CTGN2cIaYMqBDnFXspJV50rXlZWv3T4s9+7a\n0j2gqQ0z+A0L37dB93LGEkXGtccmxoUklZ0kg6JGT7ULs5EwSKdDppcxzCkw8MbM\nbL/BgeF0/byS9PzJKy5HkTKwuwkGuhAMRNoKXxGALMTlfYBPa0/ajJ4EAKMZ/qib\nfxuB7zN4as+QdG0dXFzsltN6ZGN8e0QLJ30Tny1nKOfspG/GEOo1tiXW4jr8ovAZ\nKoKwdu1wyVFO6qQgh39U4sTAUIgIwCzqWTO7lP384ys+368JMY+lJ/9yRhcJQOuJ\nJh3DqPHC7+iv7X1ehiuzMTCPziKOR73MIgheNhX00OuVq4UNpbqOZhoGRnqw607b\nCCFo3UPSj51fKE916p+CeL4k8iGjzfpdkB2XYDuamsd85Y1yr/NtffypJeqnTj1X\nY6LH9RBmEsNm3cViowuGzsabtEs9VFQ4cRuN01OPyxuNUs6pNDMbw5Pw9LcRNDyJ\nGdSjtFWeZyCGEyKnLR+gGAx2qK0t7i4Nvc66Th5p0XOZgDA/PuMEabY/8+bX3a7I\nSH/Qkn4zAzSULdCaf7tKFD3YBgRSyd0JHoPEX1Z0g3SBoS49ZonQVYel2Mq7a4Jg\nbYADKuHVVGWYNM2QnwDD4m1SUAWTJCYUtZ6kimeOEG33gWvH9a9Kp9t7Ijk/pxMs\nSiK6C3OOQrwcIwtkZ0qnK95AyerXEbpZIWF+gR3ovff3f9CiYPItQB2tSmwAHf9h\nwSZ6Ey3Ky9cSziD8AMI8zQZyezVacwEBl3hdUGQO+7P/BY6oMVBZMFPPdgvvJyTR\nkQlQC05brKZG39fiDiKF5ZljPt+IDzIyTO2z1+WdN32i1hSKRZUBzzCuVQEC6sU7\ngn2Ao2qVczrgODT0Ns/IAR2SrLvLK+kZXFE1/bqPyLpB9ziAfnxQpw==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:31Z" SessionIndex="id-hXiQjguhvNMAH9cTC"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-zICmpW8BPDOQLvZpd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp14l1lj6a.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp14l1lj6a.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f8422a871d0>

    def test_response_5(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
        cert_str, cert_key_str = generate_cert()
    
        cert = {"cert": cert_str, "key": cert_key_str}
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_assertion=cert_str,
        )

tests/test_51_client.py:2253: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-LuG902ksiDk4LBzZo" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:31Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-LuG902ksiDk4LBzZo"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-zICmpW8BPDOQLvZpd" IssueInstant="2024-09-12T12:13:31Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-zICmpW8BPDOQLvZpd"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">0e49172363c2c903f9dbf89915e936b380da69f87095d36ce23b6dd94d20bd42</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:31Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:31Z" NotOnOrAfter="2024-09-12T12:18:31Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_230fb5dc-ac8a-41ef-aca2-eee366ad1578" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_5da90b7c-7c95-4c13-a7ec-c43e337abc0e"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>EacmO2Yyn6R+j5S4kxYtRcl2DygqVzKLZTpk2xeztEe3hZLAO8p4Ec4zGu+tBJeY\nvk+eZ5/WfuN1DMwUaXcSChbHGVyDWFbe0UjsRSN9x9/KHTYacoJMebXdHZRocwHG\n+nb0M9CzXIsnfuucJ+obpON+K9hNNTMUN5aWWHHrHXA=</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>8UZDCQ1epApoZOxjb33fnVUwTosfZVOIv765vO95stQij6SwMwaeFAOM0rA+eyfb\nFhdrHHQTDSogYGTKXk2GKmlj/0SmRkxVEu1VAT1BSClsnaPTpoV95yIX+2BS51MV\nC+FXC8NHYfrgwus8Pv0icrumhSLUCS77FF8MmFbuuEGtUjciAMBazhN+QflrdUH2\neeMQ6Rq5y9k7eszb3hPE7wR8glIX+PNa3KS2f5W5oD1ooNVQWR78wVZn/bdYLB+7\nJq7WTi/6YDYrOCTgX5nFnPaqFnwsnLjofwBieYHcQyuTRrYjWZgdRyMhhS6J7Bou\ntcwN+N6oxqhVYT4pTDNhBRbY4wEm2ouY8D1YwlDXNaCU+APz/IAL5m8edGMk9fGx\np8Bqggivip+NFbOzluiM91BoJhrjUTuNv4fbcSpUAaVqVIc3NBH3J41Ksjkqx3Zb\n0JNBD3z695Ms47mwVIzKK/pwGcyDhVZ5G+CyWxb765l4BzXJ2qicRZ+zkFJn067g\nfRWq2yL3HD6EJl7w4e6u6Zt4m1kr5v+9wM3kv9HZd/SognBMHsGHluKeyJU4fgeL\nBkud6jhdmu+AVGKte+UtxjVypYfoCKDlXNQficbIobXeK4VHH3pGc2pjGVjrDtYz\nQ165SFuEtcK5FqiqRcRWDagO/tByXqzU3RYQJz1H6kRsrVxLAgiXsC97AI4AKTgw\nQW1r4tFhFwOESngOoSYC80LcQMqO//WqmkM7Fr3JLFuLOLoK5F7JugYtuu+Vmy77\nlD/FpqlSq+7dZvhSq9d0CH5JdJRN4RZf6e2d2jVZoJqHEKLyAPgVP5qGDjsdlqBQ\nPxlklcaVa4f5RSsBKAsadFJokxknlp5AXCDKOKtm5CzmpGfxSD29BfVlPDcez24B\nIdQoVXvIjyI+x9YlOuPBH9zbadT/ltMX3L3EuOwwgCIRuZHI1BdKeX0cXFkrdGyr\nHOxyV2ouABTXAKgszHlCwlHLUTXxgrJdwtQCf5OrSMJX3cw5/HqQ4DZHnC8+rwJK\nvllj6sk9gPsY6bjZiuWugq2G4Owcivt3w3zxoNGsdae4E2gNtU5OlRSy8sO5Ajs9\nGozhW6cN4Gt3uy26xbh2sOIrdzyXZ2VXUlD/xG7fysBtmJJSRfEK4hfzGYjksaAu\nAp2MMHo+aAGJ34ZF1GbQQPZYDoMB1wURd3Zzy0FhmccCCcURfq4TOtShdocUxuxf\nab2nHMHJUAEBSYTJb6bRSZv940OUbh2HeeEUJO1UDbPcLVnZtNj+pEfwbUI/UHGJ\nHgnVpjMlzespgoGPneIWS+Nc3/A3VR5BnAtiGDiBzIG31rj7OxThelT2AKYDtuQP\nNHtY4CNpN5ZtZ1pFMDIRSe7IW7avg2jui4pynDJoDgEG/YzU4QqPFQUxj3L5w6b0\nhfGdNsyYFBbAgTkK4RGNBt4ooJPdsvyyvoMJg2lWOBSnSHcBBfVMMSvubaFNX2em\n1wzMT0qXdODtQFhWk4EuHxMuHnf+CTGN2cIaYMqBDnFXspJV50rXlZWv3T4s9+7a\n0j2gqQ0z+A0L37dB93LGEkXGtccmxoUklZ0kg6JGT7ULs5EwSKdDppcxzCkw8MbM\nbL/BgeF0/byS9PzJKy5HkTKwuwkGuhAMRNoKXxGALMTlfYBPa0/ajJ4EAKMZ/qib\nfxuB7zN4as+QdG0dXFzsltN6ZGN8e0QLJ30Tny1nKOfspG/GEOo1tiXW4jr8ovAZ\nKoKwdu1wyVFO6qQgh39U4sTAUIgIwCzqWTO7lP384ys+368JMY+lJ/9yRhcJQOuJ\nJh3DqPHC7+iv7X1ehiuzMTCPziKOR73MIgheNhX00OuVq4UNpbqOZhoGRnqw607b\nCCFo3UPSj51fKE916p+CeL4k8iGjzfpdkB2XYDuamsd85Y1yr/NtffypJeqnTj1X\nY6LH9RBmEsNm3cViowuGzsabtEs9VFQ4cRuN01OPyxuNUs6pNDMbw5Pw9LcRNDyJ\nGdSjtFWeZyCGEyKnLR+gGAx2qK0t7i4Nvc66Th5p0XOZgDA/PuMEabY/8+bX3a7I\nSH/Qkn4zAzSULdCaf7tKFD3YBgRSyd0JHoPEX1Z0g3SBoS49ZonQVYel2Mq7a4Jg\nbYADKuHVVGWYNM2QnwDD4m1SUAWTJCYUtZ6kimeOEG33gWvH9a9Kp9t7Ijk/pxMs\nSiK6C3OOQrwcIwtkZ0qnK95AyerXEbpZIWF+gR3ovff3f9CiYPItQB2tSmwAHf9h\nwSZ6Ey3Ky9cSziD8AMI8zQZyezVacwEBl3hdUGQO+7P/BY6oMVBZMFPPdgvvJyTR\nkQlQC05brKZG39fiDiKF5ZljPt+IDzIyTO2z1+WdN32i1hSKRZUBzzCuVQEC6sU7\ngn2Ao2qVczrgODT0Ns/IAR2SrLvLK+kZXFE1/bqPyLpB9ziAfnxQpw==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:31Z" SessionIndex="id-hXiQjguhvNMAH9cTC"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-zICmpW8BPDOQLvZpd'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-zICmpW8BPDOQLvZpd', '--output', '/tmp/tmpa2xiu2qu.xml', '/tmp/tmp14l1lj6a.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp14l1lj6a.xml"

output=
____________________ TestClientNonAsciiAva.test_response_6 _____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-EzYZcO7qMym7cy9RJ" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:31Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-EzYZcO7qMym7cy9RJ"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-H27txlRbPvYeKVEIf" IssueInstant="2024-09-12T12:13:31Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-H27txlRbPvYeKVEIf"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">efe9d203e8865b61a56c41ef37e3b9221ca08945f66f574a8b1c4d2451e4c9dc</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:31Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:31Z" NotOnOrAfter="2024-09-12T12:18:31Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_0c440d81-d08b-4ea4-9955-d18070860907" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_4607b2b9-9397-49a7-b9dc-31024ff2a0b0"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzMxWhcNMzQwOTEwMTIxMzMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEArFjQRN33Z+25IohwVlO3OEditcoI9UpxCVM/rDnsklFrBZZa3/sDDVri\nFsEvotZnny2Ro+/TMoN+Ne8ZIKdnnPlZ4o0I7bECcvRN7ihy9Ja+ovw2WsoVTf1a\nJLlWkIFn4mnUkx8h7MsQn2PiqhfCcP4Wx0bL7woknTlK0gRl61K79gl02NTURIww\nO5vQlSaXww0oIO5M8R143pfLXkoObw4S/WcZoRJa41x9A0kkOJFfD83ReAesPa5Y\nUc89WjXqmPw215FoZp0x26YdxVIYXNrlY2UWKwg89Lx6IcY854JX8Caii+YCkNdJ\n9xDh+xruIx9ekzwMhNpyWdGeyvtpMQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAKZp\neyjDsQfsfm4JoSxbTdFGsLT7Boh1RAu8++EVgtaiIvPHr8crTDqZHM1u4xRgKQTb\nABZJAHt+k4+c2UjtT2QX3ocK6W9i0TFiOIRv6vHXSdf3VjctV2br/Ynhvmi745CO\nUiDxi1d5LtnteI1QYlquy6Ok/ZBoTRJkMYYXsVFc</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>bhYmm1brxg+iBFD0GlMMedoDx/saWWf8+P4861QDAjbWKaUtydhaujhL8eDjO6sX\nnbEK7FT+SUhXemO9SdjgyxNOH1fdTN2GmYjy/Ucv8kRh9Vc1Pb4YY8nR+w0W8Nr8\nkgom5Mit6PrlctishUNOrKVLCFcRoB5gPOwr0PRato4+QdDbBuCL0FevdTQ9x8/o\n8zBbZPRXyRJivZj9r70sFjAlvI6NwSb6bUWKa45KtdHESLutfkrWkZk4UA3jtb2v\n07cofxjy+x+fBOIwR0PSCHGDt0wMmrJxmmfrmS3GyRWcFFPgJd6IaAlV+ztEIGQC\nsJrM4+m1lHr2BrTkOr6zSQ==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>jjHmo7b/EEszZDJw8upVmEWIZiUWoTeGcxAQSTCSYts3ybuNhuJZrvLTjO5k8E8O\nsgR6zdfSM+XI5Gw8tIFpV4j28Bs+R4uK3y3JzymTM47mgq4vtiRaVrTTdO3W3d+H\nOTCnNT2hygP7VvAF1Mjnu7JQwPsH9dc8R6XbWh5+t4Bb4YPmeK5A06uzDudz6qXM\njQGjOXKCoZ88sLq9ufMF75A0t6KUO1zKvDKBS66katqfAF7hak+UJBYiQyTV2i8L\nkATPyGSjuVQOfEpticB7QksfmJhsKCL3T4VRAftrFaRO90Z8tfd1SqUlnAEUfRXI\n2NJ28vjW26APGIUxMYiN8tUH3mm+FZ+cbxL4Iai1FvjrevguFbQl4a2IMfAqlcdO\nKoPw/7qTsi6ZW/2pMhqHD6G6sQvKe1u8UdOMsRGEcJ8C4GXZ5jTgw2hFvMPA2bmC\ns+cWW/Z1ZkM3nPL1u7m4MNw3RVad7DS2AqoduNUyYqv4VHWjlPvKWhlcSupLCISC\nJHoG3w93HvvRo396aAHpXZKox07BFyJ3utQ6TANVG4dqvrc8Cfwz4I5AsIv8GzwU\n/PejJ3XAMabzy8uxexUt6/9c2645cuUwGoy8Yyzw/itJnsigTTtCCpBPJdXSUPle\nHSvsUMVwchnHOErrh4uZb+ogEixf1oNDjYFEZqqwAA0fDLsXQQPV3i5ADZiVLjUq\no/YKYdkZBiKeNVH2uZiXE7S4lbZJOBjRQN5Rb5khfEvtA2eFLDExtm1BjxcuqHTR\nACljJhA+wz+2alTQNHqE8Nxy6TaUTaCOA+2vikjx3MfNhb5kHuxJJCSvxYgDaE3t\nNfLKChkgyjhir9I5KhNx5Rzx1oPPvlu8j6rBAZiEYUpxgXJ4VIE57xVnzlLPuxyM\nPldj57Onw/nNtC1JueZL1GsrgKv66sXEVhtPupCkL9TaUo1YcTVIxCll9dfm92zk\nzvH1UzQBK7K2f/TTMONJWbGvetE7VhxSrGfah5huZoYf3leWIYlvVevGtx9BBsTn\nR5W7rvOhZF+dybZ3XTNF2HC+rjGcc14yko8Lf013MYHS8YgnvT5SNPL/4UMSVVtC\nW33aJPaw5P8ShRXhjxg6TPZ0YQU6vj+KzbNr899el4F8yXao8l6GpieoSVK6BwoR\nZSrMicupQObiaRlQpmSQPcw8pLF3op+eNiJAQJUok6q3psA4RiwhFIt0aFiMDG8i\n03H6X1OYNgCIj0qAtIIxV/kHSHZphQGRuqL4A+G4+KYcSoFHgYpqlZFKezQL23kU\noPtLj5yRx4lhcXdw1AlP7amawZg3OiicUZxbghNhXCvnZV+AeM3LsxwoPSfK/zSh\nuMiZd4HBAB33dXShAp/Oa5ozJGAtou+Gem/00pl1pxekvlorqxsS5fN0ixdumsgh\n8eAaEtyvQj9mZgMi8CoZIxB8MUbLqDa1+ujHGKaRHpPwTCdGzMXnEkrnO4r/JsDG\n+hlcmuqIyq5Oes0D2kGgLH/o6U3AURoJcDXyodW+0LbrM3W665G8Br07Rtz11UkY\ng+hDRpwZZXovJkwExHKc2VshrCq67vVHRCBDTtEk7eujIThiYa2mt+8LAONZ0K6c\noieEqRiwuYmGsR89HKn00YoCYCHpuXSrSTP8kkeNRMFh9SQii79UOZNjceaKd0Mg\nukABpq9TfVcGBKq0V42C32OkADeA6ZcCGDB1jxT+UA+0f1R4D1mPN/FnWI62CNjn\nbEXCA98qHIJ0y/rRHgLHnQjurfzYxoj/w6gaMYnLwLobiyaNFsTt/SwDNAeTq6nB\nlzONz5pbS+GMVSN4L8stB6b7N9GwvfUIqEJ/jsmvlL2bD2v5jcj0VuRtG5SAtFs2\n7SWtqeeM+Dc9Dv0XfypjsrcBjd9MTjMrB9vtJmIePEt0BCacl7xlz+HOtsM2FpVY\nK+T7d4wNBG8PRqGYj40Z9K70FdCXIr0cG7Ak7yl0GUwZsI7qAu/NpTGNs8pHM5uG\nX9trgC2prb40U4KMqp7A3y9q/Pe+J6XkbjIi6m75tI+M3TxDgNzF+777Wsk6Rwus\nrZzUMOVPPB1/37Og2T0CbFawrUgvwTSkkCvxqz39m0l7KbzAKa6GeNbn0dl6Friz\nD495EBaVhpmdiqU8zjV7pE2oD9rOrU016nPSM0m0qjzBQAtJEA2U9DXNWmOQ+2nj\nLjmffdJXARr+lZk898j0aSHBwG+AL/crsoAnz6DDchRLuLLepqDJQHOqbUoQpxpQ\nLJlRMURjJGJX1YVlD/JIVM2BLXDzJmotorcoT/WnkORraYIDSh8AxgiNrTMrV1Vj\nDH2n7NK1qpQ3FY+y6Hb96q8uHB+LqNRTjRZ5KkjDjv9GTIW+w4GGqBa6scw9QkUa\nHuGtPaSL0fWm1nA5nSRGUdFPkUduL2ZU3s0jZrSveMPwfdZrNtWz+g==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:31Z" SessionIndex="id-tVAySR3HtlxyJ6UYK"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-H27txlRbPvYeKVEIf'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpxefeg_9_.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpxefeg_9_.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f8422a84ad0>

    def test_response_6(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
        cert_assertion_str, cert_key_assertion_str = generate_cert()
    
        cert_assertion = {"cert": cert_assertion_str, "key": cert_key_assertion_str}
    
        cert_advice_str, cert_key_advice_str = generate_cert()
    
        cert_advice = {"cert": cert_advice_str, "key": cert_key_advice_str}
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_assertion=cert_assertion_str,
            encrypt_cert_advice=cert_advice_str,
        )

tests/test_51_client.py:2296: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-EzYZcO7qMym7cy9RJ" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:31Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-EzYZcO7qMym7cy9RJ"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-H27txlRbPvYeKVEIf" IssueInstant="2024-09-12T12:13:31Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/04/xmlenc#" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-H27txlRbPvYeKVEIf"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">efe9d203e8865b61a56c41ef37e3b9221ca08945f66f574a8b1c4d2451e4c9dc</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:31Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:31Z" NotOnOrAfter="2024-09-12T12:18:31Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:Advice><encas2:EncryptedAssertion><encas1:EncryptedData Id="ED_0c440d81-d08b-4ea4-9955-d18070860907" Type="http://www.w3.org/2001/04/xmlenc#Element"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /><encas0:KeyInfo><encas1:EncryptedKey Id="EK_4607b2b9-9397-49a7-b9dc-31024ff2a0b0"><encas1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQw\nOTEyMTIxMzMxWhcNMzQwOTEwMTIxMzMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEArFjQRN33Z+25IohwVlO3OEditcoI9UpxCVM/rDnsklFrBZZa3/sDDVri\nFsEvotZnny2Ro+/TMoN+Ne8ZIKdnnPlZ4o0I7bECcvRN7ihy9Ja+ovw2WsoVTf1a\nJLlWkIFn4mnUkx8h7MsQn2PiqhfCcP4Wx0bL7woknTlK0gRl61K79gl02NTURIww\nO5vQlSaXww0oIO5M8R143pfLXkoObw4S/WcZoRJa41x9A0kkOJFfD83ReAesPa5Y\nUc89WjXqmPw215FoZp0x26YdxVIYXNrlY2UWKwg89Lx6IcY854JX8Caii+YCkNdJ\n9xDh+xruIx9ekzwMhNpyWdGeyvtpMQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAKZp\neyjDsQfsfm4JoSxbTdFGsLT7Boh1RAu8++EVgtaiIvPHr8crTDqZHM1u4xRgKQTb\nABZJAHt+k4+c2UjtT2QX3ocK6W9i0TFiOIRv6vHXSdf3VjctV2br/Ynhvmi745CO\nUiDxi1d5LtnteI1QYlquy6Ok/ZBoTRJkMYYXsVFc</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>bhYmm1brxg+iBFD0GlMMedoDx/saWWf8+P4861QDAjbWKaUtydhaujhL8eDjO6sX\nnbEK7FT+SUhXemO9SdjgyxNOH1fdTN2GmYjy/Ucv8kRh9Vc1Pb4YY8nR+w0W8Nr8\nkgom5Mit6PrlctishUNOrKVLCFcRoB5gPOwr0PRato4+QdDbBuCL0FevdTQ9x8/o\n8zBbZPRXyRJivZj9r70sFjAlvI6NwSb6bUWKa45KtdHESLutfkrWkZk4UA3jtb2v\n07cofxjy+x+fBOIwR0PSCHGDt0wMmrJxmmfrmS3GyRWcFFPgJd6IaAlV+ztEIGQC\nsJrM4+m1lHr2BrTkOr6zSQ==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedKey></encas0:KeyInfo><encas1:CipherData><encas1:CipherValue>jjHmo7b/EEszZDJw8upVmEWIZiUWoTeGcxAQSTCSYts3ybuNhuJZrvLTjO5k8E8O\nsgR6zdfSM+XI5Gw8tIFpV4j28Bs+R4uK3y3JzymTM47mgq4vtiRaVrTTdO3W3d+H\nOTCnNT2hygP7VvAF1Mjnu7JQwPsH9dc8R6XbWh5+t4Bb4YPmeK5A06uzDudz6qXM\njQGjOXKCoZ88sLq9ufMF75A0t6KUO1zKvDKBS66katqfAF7hak+UJBYiQyTV2i8L\nkATPyGSjuVQOfEpticB7QksfmJhsKCL3T4VRAftrFaRO90Z8tfd1SqUlnAEUfRXI\n2NJ28vjW26APGIUxMYiN8tUH3mm+FZ+cbxL4Iai1FvjrevguFbQl4a2IMfAqlcdO\nKoPw/7qTsi6ZW/2pMhqHD6G6sQvKe1u8UdOMsRGEcJ8C4GXZ5jTgw2hFvMPA2bmC\ns+cWW/Z1ZkM3nPL1u7m4MNw3RVad7DS2AqoduNUyYqv4VHWjlPvKWhlcSupLCISC\nJHoG3w93HvvRo396aAHpXZKox07BFyJ3utQ6TANVG4dqvrc8Cfwz4I5AsIv8GzwU\n/PejJ3XAMabzy8uxexUt6/9c2645cuUwGoy8Yyzw/itJnsigTTtCCpBPJdXSUPle\nHSvsUMVwchnHOErrh4uZb+ogEixf1oNDjYFEZqqwAA0fDLsXQQPV3i5ADZiVLjUq\no/YKYdkZBiKeNVH2uZiXE7S4lbZJOBjRQN5Rb5khfEvtA2eFLDExtm1BjxcuqHTR\nACljJhA+wz+2alTQNHqE8Nxy6TaUTaCOA+2vikjx3MfNhb5kHuxJJCSvxYgDaE3t\nNfLKChkgyjhir9I5KhNx5Rzx1oPPvlu8j6rBAZiEYUpxgXJ4VIE57xVnzlLPuxyM\nPldj57Onw/nNtC1JueZL1GsrgKv66sXEVhtPupCkL9TaUo1YcTVIxCll9dfm92zk\nzvH1UzQBK7K2f/TTMONJWbGvetE7VhxSrGfah5huZoYf3leWIYlvVevGtx9BBsTn\nR5W7rvOhZF+dybZ3XTNF2HC+rjGcc14yko8Lf013MYHS8YgnvT5SNPL/4UMSVVtC\nW33aJPaw5P8ShRXhjxg6TPZ0YQU6vj+KzbNr899el4F8yXao8l6GpieoSVK6BwoR\nZSrMicupQObiaRlQpmSQPcw8pLF3op+eNiJAQJUok6q3psA4RiwhFIt0aFiMDG8i\n03H6X1OYNgCIj0qAtIIxV/kHSHZphQGRuqL4A+G4+KYcSoFHgYpqlZFKezQL23kU\noPtLj5yRx4lhcXdw1AlP7amawZg3OiicUZxbghNhXCvnZV+AeM3LsxwoPSfK/zSh\nuMiZd4HBAB33dXShAp/Oa5ozJGAtou+Gem/00pl1pxekvlorqxsS5fN0ixdumsgh\n8eAaEtyvQj9mZgMi8CoZIxB8MUbLqDa1+ujHGKaRHpPwTCdGzMXnEkrnO4r/JsDG\n+hlcmuqIyq5Oes0D2kGgLH/o6U3AURoJcDXyodW+0LbrM3W665G8Br07Rtz11UkY\ng+hDRpwZZXovJkwExHKc2VshrCq67vVHRCBDTtEk7eujIThiYa2mt+8LAONZ0K6c\noieEqRiwuYmGsR89HKn00YoCYCHpuXSrSTP8kkeNRMFh9SQii79UOZNjceaKd0Mg\nukABpq9TfVcGBKq0V42C32OkADeA6ZcCGDB1jxT+UA+0f1R4D1mPN/FnWI62CNjn\nbEXCA98qHIJ0y/rRHgLHnQjurfzYxoj/w6gaMYnLwLobiyaNFsTt/SwDNAeTq6nB\nlzONz5pbS+GMVSN4L8stB6b7N9GwvfUIqEJ/jsmvlL2bD2v5jcj0VuRtG5SAtFs2\n7SWtqeeM+Dc9Dv0XfypjsrcBjd9MTjMrB9vtJmIePEt0BCacl7xlz+HOtsM2FpVY\nK+T7d4wNBG8PRqGYj40Z9K70FdCXIr0cG7Ak7yl0GUwZsI7qAu/NpTGNs8pHM5uG\nX9trgC2prb40U4KMqp7A3y9q/Pe+J6XkbjIi6m75tI+M3TxDgNzF+777Wsk6Rwus\nrZzUMOVPPB1/37Og2T0CbFawrUgvwTSkkCvxqz39m0l7KbzAKa6GeNbn0dl6Friz\nD495EBaVhpmdiqU8zjV7pE2oD9rOrU016nPSM0m0qjzBQAtJEA2U9DXNWmOQ+2nj\nLjmffdJXARr+lZk898j0aSHBwG+AL/crsoAnz6DDchRLuLLepqDJQHOqbUoQpxpQ\nLJlRMURjJGJX1YVlD/JIVM2BLXDzJmotorcoT/WnkORraYIDSh8AxgiNrTMrV1Vj\nDH2n7NK1qpQ3FY+y6Hb96q8uHB+LqNRTjRZ5KkjDjv9GTIW+w4GGqBa6scw9QkUa\nHuGtPaSL0fWm1nA5nSRGUdFPkUduL2ZU3s0jZrSveMPwfdZrNtWz+g==</encas1:CipherValue></encas1:CipherData></encas1:EncryptedData></encas2:EncryptedAssertion></encas2:Advice><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:31Z" SessionIndex="id-tVAySR3HtlxyJ6UYK"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-H27txlRbPvYeKVEIf'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-H27txlRbPvYeKVEIf', '--output', '/tmp/tmpaihcvfhw.xml', '/tmp/tmpxefeg_9_.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpxefeg_9_.xml"

output=
____________________ TestClientNonAsciiAva.test_response_7 _____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-z19QTBWTmtdPltAle" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:31Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-z19QTBWTmtdPltAle"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-yBhgyZ03zsbkEXhdf" IssueInstant="2024-09-12T12:13:31Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-yBhgyZ03zsbkEXhdf"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">bb26530bff0bfa97b045d96ac29cdef158f879b484ddcd5762a5c0fff3d4c303</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:31Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:31Z" NotOnOrAfter="2024-09-12T12:18:31Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:31Z" SessionIndex="id-d62EwCkQZPvtUlFcr"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Dave</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Concepción</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Dave@cnr.mlb.com</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">#13</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-yBhgyZ03zsbkEXhdf'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpkd_f58no.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpkd_f58no.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f842246ccb0>

    def test_response_7(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            encrypted_advice_attributes=True,
        )

tests/test_51_client.py:2335: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-z19QTBWTmtdPltAle" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:31Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-z19QTBWTmtdPltAle"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-yBhgyZ03zsbkEXhdf" IssueInstant="2024-09-12T12:13:31Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-yBhgyZ03zsbkEXhdf"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">bb26530bff0bfa97b045d96ac29cdef158f879b484ddcd5762a5c0fff3d4c303</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:31Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:31Z" NotOnOrAfter="2024-09-12T12:18:31Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:31Z" SessionIndex="id-d62EwCkQZPvtUlFcr"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Dave</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Concepción</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Dave@cnr.mlb.com</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">#13</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-yBhgyZ03zsbkEXhdf'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yBhgyZ03zsbkEXhdf', '--output', '/tmp/tmpss83g3nj.xml', '/tmp/tmpkd_f58no.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpkd_f58no.xml"

output=
____________________ TestClientNonAsciiAva.test_response_8 _____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-W5LrIcKSTHTCAzDNb" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:31Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-W5LrIcKSTHTCAzDNb"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-jq0QigTm5xGNfmDV3" IssueInstant="2024-09-12T12:13:31Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-jq0QigTm5xGNfmDV3"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">b403b05cf40900463d5362fbcef5f87783e1ff0c837517dc0d59c362374641a5</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:31Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:31Z" NotOnOrAfter="2024-09-12T12:18:31Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:31Z" SessionIndex="id-JZUaeEWZwzg7ygY6V"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Dave</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Concepción</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Dave@cnr.mlb.com</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">#13</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-jq0QigTm5xGNfmDV3'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp_zfl1kjx.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp_zfl1kjx.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f842246cc00>

    def test_response_8(self):
        conf = config.SPConfig()
        conf.load_file("server_conf")
        _client = Saml2Client(conf)
    
        idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response()
    
        self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1")
    
        cert_str, cert_key_str = generate_cert()
    
        cert = {"cert": cert_str, "key": cert_key_str}
    
>       resp = self.server.create_authn_response(
            identity=ava,
            in_response_to="id1",
            destination="http://lingon.catalogix.se:8087/",
            sp_entity_id="urn:mace:example.com:saml:roland:sp",
            name_id=self.name_id,
            userid="foba0001@example.com",
            authn=AUTHN,
            sign_response=True,
            sign_assertion=True,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            encrypt_cert_assertion=cert_str,
        )

tests/test_51_client.py:2373: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response
    response = signed_instance_factory(response, self.sec, to_sign_assertion)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-W5LrIcKSTHTCAzDNb" InResponseTo="id1" Version="2.0" IssueInstant="2024-09-12T12:13:31Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-W5LrIcKSTHTCAzDNb"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-jq0QigTm5xGNfmDV3" IssueInstant="2024-09-12T12:13:31Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature2"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-jq0QigTm5xGNfmDV3"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID NameQualifier="" SPNameQualifier="id1" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">b403b05cf40900463d5362fbcef5f87783e1ff0c837517dc0d59c362374641a5</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:31Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id1" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:31Z" NotOnOrAfter="2024-09-12T12:18:31Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:31Z" SessionIndex="id-JZUaeEWZwzg7ygY6V"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Dave</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Concepción</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">Dave@cnr.mlb.com</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">#13</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-jq0QigTm5xGNfmDV3'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-jq0QigTm5xGNfmDV3', '--output', '/tmp/tmpohpe_h3l.xml', '/tmp/tmp_zfl1kjx.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp_zfl1kjx.xml"

output=
____________ TestClientNonAsciiAva.test_sign_then_encrypt_assertion ____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-APamg4z01RiPUXgzL" IssueInstant="2024-09-12T12:13:31Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-APamg4z01RiPUXgzL"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:Subject>_aaa<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /></saml:Subject><saml:AttributeStatement><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-APamg4z01RiPUXgzL'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp9xsbusca.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp9xsbusca.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f842204f3d0>

    def test_sign_then_encrypt_assertion(self):
        # Begin with the IdPs side
        _sec = self.server.sec
    
        assertion = s_utils.assertion_factory(
            subject=factory(saml.Subject, text="_aaa", name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)),
            attribute_statement=do_attribute_statement(
                {
                    ("", "", "sn"): ("Jeter", ""),
                    ("", "", "givenName"): ("Derek", ""),
                }
            ),
            issuer=self.server._issuer(),
        )
    
        assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1)
    
>       sigass = _sec.sign_statement(
            assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id
        )

tests/test_51_client.py:2557: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-APamg4z01RiPUXgzL" IssueInstant="2024-09-12T12:13:31Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-APamg4z01RiPUXgzL"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:Subject>_aaa<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /></saml:Subject><saml:AttributeStatement><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-APamg4z01RiPUXgzL'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-APamg4z01RiPUXgzL', '--output', '/tmp/tmpeoxsci6g.xml', '/tmp/tmp9xsbusca.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp9xsbusca.xml"

output=
___________ TestClientNonAsciiAva.test_sign_then_encrypt_assertion2 ____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-NNnGuaFSKJfYG65BJ" IssueInstant="2024-09-12T12:13:31Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-NNnGuaFSKJfYG65BJ"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:31Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:31Z" NotOnOrAfter="2024-09-12T12:18:31Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:31Z" SessionIndex="id-kEi2dQjfBObB86e2d"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepción</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-NNnGuaFSKJfYG65BJ'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpmuhkqwz0.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpmuhkqwz0.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f84228cbe00>

    def test_sign_then_encrypt_assertion2(self):
        # Begin with the IdPs side
        _sec = self.server.sec
    
        nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT)
    
        asser = Assertion({"givenName": "Dave", "sn": "Concepción"})
        farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER])
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "in_response_to", "_012345"],
        )
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"],
        )
    
        assertion = asser.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            farg=farg["assertion"],
        )
    
        assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1)
    
>       sigass = _sec.sign_statement(
            assertion, class_name(assertion), key_file=self.client.sec.key_file, node_id=assertion.id
        )

tests/test_51_client.py:2628: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<saml:Assertion xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="id-NNnGuaFSKJfYG65BJ" IssueInstant="2024-09-12T12:13:31Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns1:Signature Id="Signature1"><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#id-NNnGuaFSKJfYG65BJ"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue /></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue /><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:31Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:31Z" NotOnOrAfter="2024-09-12T12:18:31Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:31Z" SessionIndex="id-kEi2dQjfBObB86e2d"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepción</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-NNnGuaFSKJfYG65BJ'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-NNnGuaFSKJfYG65BJ', '--output', '/tmp/tmpncepca2k.xml', '/tmp/tmpmuhkqwz0.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpmuhkqwz0.xml"

output=
_______ TestClientNonAsciiAva.test_sign_then_encrypt_assertion_advice_1 ________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-SAt2dfGiRqe2Vvewd" InResponseTo="_012345" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-hR0fU8p6aEElBBVod" IssueInstant="2024-09-12T12:13:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><saml:Assertion Version="2.0" ID="id-WEo3NqDJd7L39cdQa" IssueInstant="2024-09-12T12:13:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-WEo3NqDJd7L39cdQa"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:32Z" SessionIndex="id-W11ASwkVzbzZzy286"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="uid"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">test01</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:1.2.840.113549.1.9.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="email"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">test.testsson@test.se</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:32Z" SessionIndex="id-vtfIHq56SaJF54R0z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepción</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-WEo3NqDJd7L39cdQa'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp23649poo.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp23649poo.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f84228cbbd0>

    def test_sign_then_encrypt_assertion_advice_1(self):
        # Begin with the IdPs side
        _sec = self.server.sec
    
        nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT)
    
        asser = Assertion({"givenName": "Dave", "sn": "Concepción"})
    
        subject_confirmation_specs = {
            "recipient": "http://lingon.catalogix.se:8087/",
            "in_response_to": "_012345",
            "subject_confirmation_method": saml.SCM_BEARER,
        }
        name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)
    
        farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER])
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "in_response_to", "_012345"],
        )
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"],
        )
    
        assertion = asser.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            name_id=name_id,
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            farg=farg["assertion"],
        )
    
        a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"})
        a_assertion = a_asser.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_assertion.signature = sigver.pre_signature_part(a_assertion.id, _sec.my_cert, 1)
    
        assertion.advice = Advice()
    
        assertion.advice.encrypted_assertion = []
        assertion.advice.encrypted_assertion.append(EncryptedAssertion())
    
        assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion)
    
        response = response_factory(
            in_response_to="_012345",
            destination="http://lingon.catalogix.se:8087/",
            status=s_utils.success_status_factory(),
            issuer=self.server._issuer(),
        )
    
        response.assertion.append(assertion)
    
>       response = _sec.sign_statement(
            f"{response}", class_name(a_assertion), key_file=self.client.sec.key_file, node_id=a_assertion.id
        )

tests/test_51_client.py:2730: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-SAt2dfGiRqe2Vvewd" InResponseTo="_012345" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-hR0fU8p6aEElBBVod" IssueInstant="2024-09-12T12:13:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><saml:Assertion Version="2.0" ID="id-WEo3NqDJd7L39cdQa" IssueInstant="2024-09-12T12:13:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-WEo3NqDJd7L39cdQa"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:32Z" SessionIndex="id-W11ASwkVzbzZzy286"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="uid"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">test01</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:1.2.840.113549.1.9.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="email"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">test.testsson@test.se</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:32Z" SessionIndex="id-vtfIHq56SaJF54R0z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Concepción</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-WEo3NqDJd7L39cdQa'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-WEo3NqDJd7L39cdQa', '--output', '/tmp/tmpan8j5aqr.xml', '/tmp/tmp23649poo.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp23649poo.xml"

output=
_______ TestClientNonAsciiAva.test_sign_then_encrypt_assertion_advice_2 ________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-5LMvfiPmD0vwThvcE" InResponseTo="_012345" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-F5yfl5rPsOk6L0Xdh" IssueInstant="2024-09-12T12:13:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-F5yfl5rPsOk6L0Xdh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-6OVQSXsb5orOQdSjr" IssueInstant="2024-09-12T12:13:32Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature1"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-6OVQSXsb5orOQdSjr"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:32Z" SessionIndex="id-t60r91icqRtNl3dq7"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="uid"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">test01</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:32Z" SessionIndex="id-kv9wJSV4C4JW4FkFn"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-6OVQSXsb5orOQdSjr'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpehi_fg6j.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpehi_fg6j.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f842316c0b0>

    def test_sign_then_encrypt_assertion_advice_2(self):
        # Begin with the IdPs side
        _sec = self.server.sec
    
        asser_1 = Assertion({"givenName": "Dave"})
    
        farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER])
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "in_response_to", "_012345"],
        )
        add_path(
            farg["assertion"]["subject"]["subject_confirmation"],
            ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"],
        )
        name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)
    
        assertion_1 = asser_1.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        asser_2 = Assertion({"sn": "Concepción"})
    
        assertion_2 = asser_2.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_asser_1 = Assertion({"uid": "test01"})
        a_assertion_1 = a_asser_1.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_asser_2 = Assertion({"email": "test.testsson@test.se"})
        a_assertion_2 = a_asser_2.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_asser_3 = Assertion({"street": "street"})
        a_assertion_3 = a_asser_3.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_asser_4 = Assertion({"title": "title"})
        a_assertion_4 = a_asser_4.construct(
            self.client.config.entityid,
            self.server.config.attribute_converters,
            self.server.config.getattr("policy", "idp"),
            issuer=self.server._issuer(),
            authn_class=INTERNETPROTOCOLPASSWORD,
            authn_auth="http://www.example.com/login",
            name_id=name_id,
            farg=farg["assertion"],
        )
    
        a_assertion_1.signature = sigver.pre_signature_part(a_assertion_1.id, _sec.my_cert, 1)
    
        a_assertion_2.signature = sigver.pre_signature_part(a_assertion_2.id, _sec.my_cert, 1)
    
        a_assertion_3.signature = sigver.pre_signature_part(a_assertion_3.id, _sec.my_cert, 1)
    
        a_assertion_4.signature = sigver.pre_signature_part(a_assertion_4.id, _sec.my_cert, 1)
    
        assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1)
    
        assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1)
    
        response = response_factory(
            in_response_to="_012345",
            destination="http://lingon.catalogix.se:8087/",
            status=s_utils.success_status_factory(),
            issuer=self.server._issuer(),
        )
    
        response.assertion = assertion_1
    
        response.assertion.advice = Advice()
    
        response.assertion.advice.encrypted_assertion = []
        response.assertion.advice.encrypted_assertion.append(EncryptedAssertion())
    
        response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1)
    
        advice_tag = response.assertion.advice._to_element_tree().tag
        assertion_tag = a_assertion_1._to_element_tree().tag
        response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
            assertion_tag, advice_tag
        )
    
>       response = _sec.sign_statement(
            f"{response}", class_name(a_assertion_1), key_file=self.server.sec.key_file, node_id=a_assertion_1.id
        )

tests/test_51_client.py:2890: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec75eb0>
statement = '<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-5LMvfiPmD0vwThvcE" InResponseTo="_012345" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-F5yfl5rPsOk6L0Xdh" IssueInstant="2024-09-12T12:13:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-F5yfl5rPsOk6L0Xdh"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:Advice><saml:EncryptedAssertion><encas2:Assertion Version="2.0" ID="id-6OVQSXsb5orOQdSjr" IssueInstant="2024-09-12T12:13:32Z" xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</encas2:Issuer><encas0:Signature Id="Signature1"><encas0:SignedInfo><encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><encas0:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><encas0:Reference URI="#id-6OVQSXsb5orOQdSjr"><encas0:Transforms><encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><encas0:DigestValue /></encas0:Reference></encas0:SignedInfo><encas0:SignatureValue /><encas0:KeyInfo><encas0:X509Data><encas0:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature><encas2:Subject><encas2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="_012345" /></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><encas2:AudienceRestriction><encas2:Audience>urn:mace:example.com:saml:roland:sp</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-09-12T12:13:32Z" SessionIndex="id-t60r91icqRtNl3dq7"><encas2:AuthnContext><encas2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</encas2:AuthnContextClassRef><encas2:AuthenticatingAuthority>http://www.example.com/login</encas2:AuthenticatingAuthority></encas2:AuthnContext></encas2:AuthnStatement><encas2:AttributeStatement><encas2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="uid"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">test01</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></saml:Advice><saml:AuthnStatement AuthnInstant="2024-09-12T12:13:32Z" SessionIndex="id-kv9wJSV4C4JW4FkFn"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword</saml:AuthnContextClassRef><saml:AuthenticatingAuthority>http://www.example.com/login</saml:AuthenticatingAuthority></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Dave</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-6OVQSXsb5orOQdSjr'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-6OVQSXsb5orOQdSjr', '--output', '/tmp/tmpe8hhwga0.xml', '/tmp/tmpehi_fg6j.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpehi_fg6j.xml"

output=
_____________ TestClientNonAsciiAva.test_do_logout_signed_redirect _____________

self = <test_51_client.TestClientNonAsciiAva object at 0x7f84228d93b0>

    def test_do_logout_signed_redirect(self):
        conf = config.SPConfig()
        conf.load_file("sp_slo_redirect_conf")
        client = Saml2Client(conf)
    
        # information about the user from an IdP
        session_info = {
            "name_id": nid,
            "issuer": "urn:mace:example.com:saml:roland:idp",
            "not_on_or_after": in_a_while(minutes=15),
            "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"},
        }
        client.users.add_information_about_person(session_info)
        entity_ids = client.users.issuers_of_info(nid)
        assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
    
>       resp = client.do_logout(
            nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT
        )

tests/test_51_client.py:3066: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout
    http_info = self.apply_binding(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding
    info = http_redirect_message(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message
    args["Signature"] = base64.b64encode(signer.sign(string_enc))
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign
    return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

rsakey = <cryptography.hazmat.bindings._rust.openssl.rsa.RSAPrivateKey object at 0x7f841f71e5b0>
message = b'SAMLRequest=nVJfa8IwEP8qIe%2FaNurmjloQZKzgdOtkTN9CTWcgyXW5K7hvP9r5MBB82NPB8ft7XB4ohTV%2BYseV%2BeoMsTh7FwgCpQvZxQCoyRIE7Q0B1%2FC2fF6DGqfQRmSs0ckLgbR3txmayES2GKQoVwtpj6PN%2FqPS1f1rtZ9Vh6V6epHi3USyGBZSjVMpSqLOlIFYB15IlarpKH0YZWqXKcgmMFEHKVaG2AbNA%2BvE3EKSOKy1OyExzNP5PCGHUlRGUw%2FZ2WiOUmyQt2Eblw2beCU9H6SLvC8FQ4goHjF6zbcr9ht7HDUDFExgy9%2By6Ble1wbMWfvWmXGNfrgXRHQ6HIHaPPljdfHdaG%2FKlejHa6edbWyftEGU%2F8jCUQeyJrAsMjWZzu4ujr8mRZ5cPULxAw%3D%3D&RelayState=id-NYXRaR7QRY5RZA2HP%7C1726143212%7C9a8c233027031522b8f679f7d4fc84c7067d33e2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1'
digest = <cryptography.hazmat.primitives.hashes.SHA1 object at 0x7f8425c79a70>

    def key_sign(rsakey, message, digest):
        """Sign the given message with the RSA key."""
        padding = _asymmetric.padding.PKCS1v15()
>       signature = rsakey.sign(message, padding, digest)
E       cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing.

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm
__________________ TestClientNonAsciiAva.test_do_logout_post ___________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422ffc170>
statement = b'<ns0:LogoutRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-vmRfptrq1pInzb10f" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://localhost:8088/slop" Reason="Tired" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-vmRfptrq1pInzb10f"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:NameID NameQualifier="foo" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">123456</saml:NameID><ns0:SessionIndex>_foo</ns0:SessionIndex></ns0:LogoutRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-vmRfptrq1pInzb10f'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422ffc170>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...]
extra_args = ['/tmp/tmpudjztp9a.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpudjztp9a.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f84228d8d70>

    def test_do_logout_post(self):
        # information about the user from an IdP
        session_info = {
            "name_id": nid,
            "issuer": "urn:mace:example.com:saml:roland:idp",
            "not_on_or_after": in_a_while(minutes=15),
            "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"},
            "session_index": SessionIndex("_foo"),
        }
        self.client.users.add_information_about_person(session_info)
        entity_ids = self.client.users.issuers_of_info(nid)
        assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
>       resp = self.client.do_logout(
            nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST
        )

tests/test_51_client.py:3102: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout
    req_id, request = self.create_logout_request(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request
    return self._message(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message
    signed_req = self.sign(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422ffc170>
statement = b'<ns0:LogoutRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-vmRfptrq1pInzb10f" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://localhost:8088/slop" Reason="Tired" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-vmRfptrq1pInzb10f"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:NameID NameQualifier="foo" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">123456</saml:NameID><ns0:SessionIndex>_foo</ns0:SessionIndex></ns0:LogoutRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-vmRfptrq1pInzb10f'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-vmRfptrq1pInzb10f', '--output', '/tmp/tmpjfdgm31h.xml', '/tmp/tmpudjztp9a.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpudjztp9a.xml"

output=
_____________ TestClientNonAsciiAva.test_do_logout_session_expired _____________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422ffc170>
statement = b'<ns0:LogoutRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-AXYrCGbzU60QkV5B1" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://localhost:8088/slop" Reason="Tired" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-AXYrCGbzU60QkV5B1"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:NameID NameQualifier="foo" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">123456</saml:NameID><ns0:SessionIndex>_foo</ns0:SessionIndex></ns0:LogoutRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-AXYrCGbzU60QkV5B1'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422ffc170>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...]
extra_args = ['/tmp/tmp4_u3jjxz.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp4_u3jjxz.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_51_client.TestClientNonAsciiAva object at 0x7f84228d9450>

    def test_do_logout_session_expired(self):
        # information about the user from an IdP
        session_info = {
            "name_id": nid,
            "issuer": "urn:mace:example.com:saml:roland:idp",
            "not_on_or_after": a_while_ago(minutes=15),
            "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"},
            "session_index": SessionIndex("_foo"),
        }
        self.client.users.add_information_about_person(session_info)
        entity_ids = self.client.users.issuers_of_info(nid)
        assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
>       resp = self.client.do_logout(
            nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST
        )

tests/test_51_client.py:3127: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout
    req_id, request = self.create_logout_request(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request
    return self._message(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message
    signed_req = self.sign(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f8422ffc170>
statement = b'<ns0:LogoutRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-AXYrCGbzU60QkV5B1" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://localhost:8088/slop" Reason="Tired" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-AXYrCGbzU60QkV5B1"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:NameID NameQualifier="foo" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">123456</saml:NameID><ns0:SessionIndex>_foo</ns0:SessionIndex></ns0:LogoutRequest>'
node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-AXYrCGbzU60QkV5B1'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-AXYrCGbzU60QkV5B1', '--output', '/tmp/tmpbysqmpde.xml', '/tmp/tmp4_u3jjxz.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp4_u3jjxz.xml"

output=
___________________ TestSignedResponse.test_signed_response ____________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec95d90>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-686gbKJj9gzDhNK5C" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-pAXm2Mek8BO3Tkt8Y" IssueInstant="2024-09-12T12:13:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-pAXm2Mek8BO3Tkt8Y"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">f95cf6bb811edbf58da1275a32746354c3d0000cbe0c1d32e53c21312fccb4c3</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-pAXm2Mek8BO3Tkt8Y'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec95d90>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmpja_jdd7g.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmpja_jdd7g.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_52_default_sign_alg.TestSignedResponse object at 0x7f8422418910>

    def test_signed_response(self):
        print(ds.DefaultSignature().get_digest_alg())
        name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12")
        ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"}
    
>       signed_resp = self.server.create_authn_response(
            ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=name_id,
            sign_assertion=True,
        )

tests/test_52_default_sign_alg.py:70: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response
    return signed_instance_factory(response, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec95d90>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-686gbKJj9gzDhNK5C" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-pAXm2Mek8BO3Tkt8Y" IssueInstant="2024-09-12T12:13:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-pAXm2Mek8BO3Tkt8Y"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">f95cf6bb811edbf58da1275a32746354c3d0000cbe0c1d32e53c21312fccb4c3</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-pAXm2Mek8BO3Tkt8Y'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-pAXm2Mek8BO3Tkt8Y', '--output', '/tmp/tmpgjwece0e.xml', '/tmp/tmpja_jdd7g.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
----------------------------- Captured stdout call -----------------------------
http://www.w3.org/2000/09/xmldsig#sha1
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmpja_jdd7g.xml"

output=
__________________ TestSignedResponse.test_signed_response_1 ___________________

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec95d90>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-yCtTdy9kbv2OjKrFP" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-yCtTdy9kbv2OjKrFP"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-E8BPst1Jp6fldLNnj" IssueInstant="2024-09-12T12:13:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-E8BPst1Jp6fldLNnj"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">a80d24d2355890f0ab51c6af45bf64541b8bac1f678417dfae1bf8034c0155ac</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-E8BPst1Jp6fldLNnj'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
>           (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec95d90>
com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...]
extra_args = ['/tmp/tmp2ku9r55b.xml']

    def _run_xmlsec(self, com_list, extra_args):
        """
        Common code to invoke xmlsec and parse the output.
        :param com_list: Key-value parameter list for xmlsec
        :param extra_args: Positional parameters to be appended after all
            key-value parameters
        :result: Whatever xmlsec wrote to an --output temporary file
        """
        with NamedTemporaryFile(suffix=".xml") as ntf:
            com_list.extend(["--output", ntf.name])
            if self.version_nums >= (1, 3):
                com_list.extend(['--lax-key-search'])
            com_list += extra_args
    
            logger.debug("xmlsec command: %s", " ".join(com_list))
    
            pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
            p_out, p_err = pof.communicate()
            p_out = p_out.decode()
            p_err = p_err.decode()
    
            if pof.returncode != 0:
                errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}"
                logger.error(errmsg)
>               raise XmlsecError(errmsg)
E               saml2.sigver.XmlsecError: returncode=1
E               error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
E               func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
E               func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
E               func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
E               func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
E               func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
E               func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
E               Error: signature failed 
E               Error: failed to sign file "/tmp/tmp2ku9r55b.xml"
E               
E               output=

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError

The above exception was the direct cause of the following exception:

self = <test_52_default_sign_alg.TestSignedResponse object at 0x7f8422418690>

    def test_signed_response_1(self):
>       signed_resp = self.server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/",  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=True,
            sign_assertion=True,
        )

tests/test_52_default_sign_alg.py:87: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response
    return self._authn_response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response
    return self._response(
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response
    return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign
    return signed_instance_factory(msg, self.sec, to_sign)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory
    signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement
    return self.crypto.sign_statement(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.CryptoBackendXmlSec1 object at 0x7f841ec95d90>
statement = b'<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-yCtTdy9kbv2OjKrFP" InResponseTo="id12" Version="2.0" IssueInstant="2024-09-12T12:13:32Z" Destination="http://lingon.catalogix.se:8087/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-yCtTdy9kbv2OjKrFP"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns0:Status><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status><saml:Assertion Version="2.0" ID="id-E8BPst1Jp6fldLNnj" IssueInstant="2024-09-12T12:13:32Z"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:idp</saml:Issuer><ns2:Signature Id="Signature2"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns2:Reference URI="#id-E8BPst1Jp6fldLNnj"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns2:DigestValue /></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue /><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><saml:Subject><saml:NameID NameQualifier="" SPNameQualifier="id12" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">a80d24d2355890f0ab51c6af45bf64541b8bac1f678417dfae1bf8034c0155ac</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2024-09-12T12:18:32Z" Recipient="http://lingon.catalogix.se:8087/" InResponseTo="id12" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2024-09-12T12:13:32Z" NotOnOrAfter="2024-09-12T12:18:32Z"><saml:AudienceRestriction><saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AttributeStatement><saml:Attribute Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Derek</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="surName"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">Jeter</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">derek@nyy.mlb.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="title"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">The man</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></ns0:Response>'
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key'
node_id = 'id-E8BPst1Jp6fldLNnj'

    def sign_statement(self, statement, node_name, key_file, node_id):
        """
        Sign an XML statement.
    
        :param statement: The statement to be signed
        :param node_name: string like 'urn:oasis:names:...:Assertion'
        :param key_file: The file where the key can be found
        :param node_id:
        :return: The signed statement
        """
        if isinstance(statement, SamlBase):
            statement = str(statement)
    
        tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles)
    
        com_list = [
            self.xmlsec,
            "--sign",
            "--privkey-pem",
            key_file,
            "--id-attr:ID",
            node_name,
        ]
    
        if node_id:
            com_list.extend(["--node-id", node_id])
    
        try:
            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
        except XmlsecError as e:
>           raise SignatureError(com_list) from e
E           saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-E8BPst1Jp6fldLNnj', '--output', '/tmp/tmpzq7_v7dt.xml', '/tmp/tmp2ku9r55b.xml']

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "/tmp/tmp2ku9r55b.xml"

output=
_____________________________________ test _____________________________________

    def test():
        with closing(Server(config_file=dotname("idp_all_conf"))) as idp:
            conf = SPConfig()
            conf.load_file(dotname("servera_conf"))
            sp = Saml2Client(conf)
    
            srvs = sp.metadata.single_sign_on_service(idp.config.entityid, BINDING_HTTP_REDIRECT)
    
            destination = srvs[0]["location"]
            req_id, req = sp.create_authn_request(destination, id="id1")
    
>           info = http_redirect_message(
                req,
                destination,
                relay_state="RS",
                typ="SAMLRequest",
                sigalg=SIG_RSA_SHA1,
                sign=True,
                backend=sp.sec.sec_backend,
            )

tests/test_70_redirect_signing.py:33: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message
    args["Signature"] = base64.b64encode(signer.sign(string_enc))
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign
    return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

rsakey = <cryptography.hazmat.bindings._rust.openssl.rsa.RSAPrivateKey object at 0x7f84205a83d0>
message = b'SAMLRequest=pZPBbtswEER%2FReDdkiwXjUPYBlwHRQ2krWsrPfS2pTY2EXFX5a4S5e8LKQ7qQyMU6JWc5TwOhwuS3K5bPdEef7UomnShJrEk%2BdK0kSyDeLEEAcWqs4f151tbpLltIis7rs15QCDU4xMgglE9k0m2N0vjq8l1fCDeTp%2BKb7Errug9mOQ7RvFMS1OkuUm2Ii1uSRRIl6bIi3eT%2FHoyLcppYaczO5v9MMkNinoCHaZOqo3Nspod1CcWtfN8Ps9EOItY%2BYhOTbI7k3%2FwVHk6jkP%2FfBGJ%2FVSWu8nu66E0yfr1IhsmaQPGA8ZH7%2FBuf%2FuHwNORKXWgUPPRd6lgz3KVDf6PvsL4BQK%2BmAdwaLGD0NSYOg5DmDZyDVRZacxqMSwMacTkI8cAOo7dr%2Fhqcj9ILZJ6fTarf%2FBaZBdWq0XfjnMxsBpqsmFS7DTZcGggeulTxw6cvlJeqjY1iOzxfjXaC2ddr0OxOxB54lj1T4ROsSojkDQc9cz118P%2F37f0AQ%2FP5Ep%2BQBq1yt5M5Lx3%2BZdWvwE%3D&RelayState=RS&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1'
digest = <cryptography.hazmat.primitives.hashes.SHA1 object at 0x7f8425c79a70>

    def key_sign(rsakey, message, digest):
        """Sign the given message with the RSA key."""
        padding = _asymmetric.padding.PKCS1v15()
>       signature = rsakey.sign(message, padding, digest)
E       cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing.

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm
_ TestAuthnResponse.test_signed_assertion_with_random_embedded_cert_should_be_ignored _

self = <test_xmlsec1_key_data.TestAuthnResponse object at 0x7f842208c640>
mock_validate_on_or_after = <MagicMock name='validate_on_or_after' id='140205489589280'>

    @patch("saml2.response.validate_on_or_after", return_value=True)
    def test_signed_assertion_with_random_embedded_cert_should_be_ignored(self, mock_validate_on_or_after):
        """
        if the embedded cert is not ignored then verification will fail
        """
    
        conf = config_factory("sp", dotname("server_conf"))
        ar = authn_response(conf, return_addrs="https://51.15.251.81.xip.io/acs/post")
        ar.issue_instant_ok = Mock(return_value=True)
    
        with open(SIGNED_ASSERTION_RANDOM_EMBEDDED_CERT) as fp:
            xml_response = fp.read()
    
        ar.outstanding_queries = {"id-abc": "http://localhost:8088/sso"}
        ar.timeslack = 10000
    
        # .loads does not check the assertion, only the response signature
        # use .verify to verify the contents of the response
        assert ar.loads(xml_response, decode=False)
>       assert ar.verify()

tests/test_xmlsec1_key_data.py:78: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:1026: in verify
    if self.parse_assertion(keys):
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:918: in parse_assertion
    if not self._assertion(assertion, False):
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:791: in _assertion
    self.sec.check_signature(assertion, class_name(assertion), self.xmlstr)
../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1538: in check_signature
    return self._check_signature(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.sigver.SecurityContext object at 0x7f8422362b30>
decoded_xml = '<?xml version="1.0"?>\n<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="the-response-id" IssueInstant="2020-12-04T07:48:09.700Z" InResponseTo="id-abc" Destination="https://51.15.251.81.xip.io/acs/post">\n    <saml:Issuer>urn:mace:example.com:saml:roland:idp</saml:Issuer>\n    <samlp:Status>\n        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>\n    </samlp:Status>\n    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="the-assertion-id" IssueInstant="2020-12-04T07:48:09.600Z">\n        <saml:Issuer>urn:mace:example.com:saml:roland:idp</saml:Issuer>\n        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">\n            <ds:SignedInfo>\n                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>\n                <ds:Reference URI="#the-assertion-id">\n                    <ds:Transforms>\n                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\n                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n                    </ds:Transforms>\n                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>\n                    <ds:DigestValue>NHB0WhPWj5OyRz9N52fZrEBWK3dXT2pVVT54f4kg1tM=</ds:DigestValue>\n                </ds:Reference>\n            </ds:SignedInfo>\n            <ds:SignatureValue>Mo4ZheAEDvdPQwWvT5SOYZZ2IBELwtmBpdsn+Th+IvsanychWQ6JHYKTI8hl+3DigbqQwdsqet8n9sfdvr+D+Q7XozjVaFPdzUGC9d96Mn/vrc+JIP/ESoDjDUQEsoSBhUFlrbu7tPJDJehPgd/maIwd/GqEHWXFlm1ZWVCmaH8=</ds:SignatureValue>\n            <ds:KeyInfo>\n                <ds:X509Data>\n                    <ds:X509Certificate>MIIFLDCCBBSgAwIBAgISA3UxXAgBWRS1D74GOLiAjky6MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTAxMTcyMDIxNTNaFw0yMTA0MTcyMDIxNTNaMB4xHDAaBgNVBAMTEzUxLjE1LjI1MS44MS54aXAuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkjSN9vZDOwE1m7g1vyiwBsKBKNItyy05BcHUkM8fabBcsavugT8uE4wYz5aeZrnKb5dbDLHaZe6Dl5GHgRO8s7REwSJ/BHT3/eMaEakLwIGE5/6QSWuBjOawPfmYarW5IqoITjSt/o/jxu3haouqbr7XYf1WOuZmc6iwGnEgm0+cVB4CA0VGnnLYfsjp9iMt3pFI8a8ipdwp5lfzZU+j8JMVEn6SZhNjjTAjcakBQmZv4Q5/yU6yqfGjG47DO62xB/PPbDy78hDorER2v8UkoDTGV4aZrZaNltHBUxNohIiQnkhuakMmbf0NhA2ExBJw6KTCCxfYkyUX3CgYzaAnxAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHD7gcF0sNITPqhwcUlFyOBrkxRFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEzUxLjE1LjI1MS44MS54aXAuaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXcSOcqvAAAEAwBGMEQCIFhvPWYY+2VO55bHO1Sa9zJQk7B1kvCi7sfDCxAYp7mEAiBTKx6XD0GkfNGhji0LGuelvfD7gZOUSzURlJW1ahYcgQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdxI5yq4AAAQDAEgwRgIhAONNwcNZ66IxsWcUNDS0B9KV8Kk4VS9b/wUFNBHAQl3SAiEAxO5GwgaK3glL/6L/J7qpiedJBAs3h5406MWC0v4uYZ8wDQYJKoZIhvcNAQELBQADggEBAAZgbgfOb4+uI9kMGF4fMiompHeUFDXGyIND6y4FsfWHJG4Fn3aG+VQN/UtHeO8UusjS13/2yw3O+PeNTstBl+q6Ssega8zTYx2j3h3RFqM9JR8SWa83B0UTgyaxX3PTmfegV4/RZxC7KQ8pqjcLwKJSTgZF6W40Jo16tKVoi0VQY/2Gre6E9D1tPVw//mDGJST/5IcbFvtr79uft76IA+T674qNgAriBKxWncSbGzE42w2QsYsGMHHJn3vKbNl7alll9eJBqvdi1Q7ay86oI7NDQ0PPwjnB0/i4BOO0qQBcBSUIPPEChcrooEqN9PwM20aoyIjje0rtDGSxnEQRrg0=</ds:X509Certificate>\n                    <ds:X509Certificate>MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==</ds:X509Certificate>\n                </ds:X509Data>\n            </ds:KeyInfo>\n        </ds:Signature>\n        <saml:Subject>\n            <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">attack-name-id</saml:NameID>\n            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">\n                <saml:SubjectConfirmationData NotOnOrAfter="2020-12-04T07:58:09.600Z" Recipient="https://51.15.251.81.xip.io/acs/post" InResponseTo="id-abc"/>\n            </saml:SubjectConfirmation>\n        </saml:Subject>\n        <saml:Conditions NotBefore="2020-12-04T07:48:09.600Z" NotOnOrAfter="2020-12-04T07:58:09.600Z">\n            <saml:AudienceRestriction>\n                <saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience>\n            </saml:AudienceRestriction>\n        </saml:Conditions>\n        <saml:AuthnStatement AuthnInstant="2020-12-04T07:48:09.600Z" SessionNotOnOrAfter="2020-12-04T07:58:09.600Z" SessionIndex="_samling_8227405_474676521">\n            <saml:AuthnContext>\n                <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>\n            </saml:AuthnContext>\n        </saml:AuthnStatement>\n    </saml:Assertion>\n</samlp:Response>\n'
item = <saml2.saml.Assertion object at 0x7f8422360ad0>
node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion'
origdoc = '<?xml version="1.0"?>\n<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="the-response-id" IssueInstant="2020-12-04T07:48:09.700Z" InResponseTo="id-abc" Destination="https://51.15.251.81.xip.io/acs/post">\n    <saml:Issuer>urn:mace:example.com:saml:roland:idp</saml:Issuer>\n    <samlp:Status>\n        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>\n    </samlp:Status>\n    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="the-assertion-id" IssueInstant="2020-12-04T07:48:09.600Z">\n        <saml:Issuer>urn:mace:example.com:saml:roland:idp</saml:Issuer>\n        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">\n            <ds:SignedInfo>\n                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>\n                <ds:Reference URI="#the-assertion-id">\n                    <ds:Transforms>\n                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\n                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n                    </ds:Transforms>\n                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>\n                    <ds:DigestValue>NHB0WhPWj5OyRz9N52fZrEBWK3dXT2pVVT54f4kg1tM=</ds:DigestValue>\n                </ds:Reference>\n            </ds:SignedInfo>\n            <ds:SignatureValue>Mo4ZheAEDvdPQwWvT5SOYZZ2IBELwtmBpdsn+Th+IvsanychWQ6JHYKTI8hl+3DigbqQwdsqet8n9sfdvr+D+Q7XozjVaFPdzUGC9d96Mn/vrc+JIP/ESoDjDUQEsoSBhUFlrbu7tPJDJehPgd/maIwd/GqEHWXFlm1ZWVCmaH8=</ds:SignatureValue>\n            <ds:KeyInfo>\n                <ds:X509Data>\n                    <ds:X509Certificate>MIIFLDCCBBSgAwIBAgISA3UxXAgBWRS1D74GOLiAjky6MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTAxMTcyMDIxNTNaFw0yMTA0MTcyMDIxNTNaMB4xHDAaBgNVBAMTEzUxLjE1LjI1MS44MS54aXAuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkjSN9vZDOwE1m7g1vyiwBsKBKNItyy05BcHUkM8fabBcsavugT8uE4wYz5aeZrnKb5dbDLHaZe6Dl5GHgRO8s7REwSJ/BHT3/eMaEakLwIGE5/6QSWuBjOawPfmYarW5IqoITjSt/o/jxu3haouqbr7XYf1WOuZmc6iwGnEgm0+cVB4CA0VGnnLYfsjp9iMt3pFI8a8ipdwp5lfzZU+j8JMVEn6SZhNjjTAjcakBQmZv4Q5/yU6yqfGjG47DO62xB/PPbDy78hDorER2v8UkoDTGV4aZrZaNltHBUxNohIiQnkhuakMmbf0NhA2ExBJw6KTCCxfYkyUX3CgYzaAnxAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHD7gcF0sNITPqhwcUlFyOBrkxRFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEzUxLjE1LjI1MS44MS54aXAuaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXcSOcqvAAAEAwBGMEQCIFhvPWYY+2VO55bHO1Sa9zJQk7B1kvCi7sfDCxAYp7mEAiBTKx6XD0GkfNGhji0LGuelvfD7gZOUSzURlJW1ahYcgQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdxI5yq4AAAQDAEgwRgIhAONNwcNZ66IxsWcUNDS0B9KV8Kk4VS9b/wUFNBHAQl3SAiEAxO5GwgaK3glL/6L/J7qpiedJBAs3h5406MWC0v4uYZ8wDQYJKoZIhvcNAQELBQADggEBAAZgbgfOb4+uI9kMGF4fMiompHeUFDXGyIND6y4FsfWHJG4Fn3aG+VQN/UtHeO8UusjS13/2yw3O+PeNTstBl+q6Ssega8zTYx2j3h3RFqM9JR8SWa83B0UTgyaxX3PTmfegV4/RZxC7KQ8pqjcLwKJSTgZF6W40Jo16tKVoi0VQY/2Gre6E9D1tPVw//mDGJST/5IcbFvtr79uft76IA+T674qNgAriBKxWncSbGzE42w2QsYsGMHHJn3vKbNl7alll9eJBqvdi1Q7ay86oI7NDQ0PPwjnB0/i4BOO0qQBcBSUIPPEChcrooEqN9PwM20aoyIjje0rtDGSxnEQRrg0=</ds:X509Certificate>\n                    <ds:X509Certificate>MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==</ds:X509Certificate>\n                </ds:X509Data>\n            </ds:KeyInfo>\n        </ds:Signature>\n        <saml:Subject>\n            <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">attack-name-id</saml:NameID>\n            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">\n                <saml:SubjectConfirmationData NotOnOrAfter="2020-12-04T07:58:09.600Z" Recipient="https://51.15.251.81.xip.io/acs/post" InResponseTo="id-abc"/>\n            </saml:SubjectConfirmation>\n        </saml:Subject>\n        <saml:Conditions NotBefore="2020-12-04T07:48:09.600Z" NotOnOrAfter="2020-12-04T07:58:09.600Z">\n            <saml:AudienceRestriction>\n                <saml:Audience>urn:mace:example.com:saml:roland:sp</saml:Audience>\n            </saml:AudienceRestriction>\n        </saml:Conditions>\n        <saml:AuthnStatement AuthnInstant="2020-12-04T07:48:09.600Z" SessionNotOnOrAfter="2020-12-04T07:58:09.600Z" SessionIndex="_samling_8227405_474676521">\n            <saml:AuthnContext>\n                <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>\n            </saml:AuthnContext>\n        </saml:AuthnStatement>\n    </saml:Assertion>\n</samlp:Response>\n'
must = False, only_valid_cert = False, issuer = None

    def _check_signature(
        self, decoded_xml, item, node_name=NODE_NAME, origdoc=None, must=False, only_valid_cert=False, issuer=None
    ):
        try:
            _issuer = item.issuer.text.strip()
        except AttributeError:
            _issuer = None
    
        if _issuer is None:
            try:
                _issuer = issuer.text.strip()
            except AttributeError:
                _issuer = None
    
        # More trust in certs from metadata then certs in the XML document
        if self.metadata:
            try:
                _certs = self.metadata.certs(_issuer, "any", "signing")
            except KeyError:
                _certs = []
            certs = []
    
            for cert_name, cert in _certs:
                if isinstance(cert, str):
                    content = pem_format(cert)
                    tmp = make_temp(content, suffix=".pem", decode=False, delete_tmpfiles=self.delete_tmpfiles)
                    certs.append(tmp)
                else:
                    certs.append(cert)
        else:
            certs = []
    
        if not certs and not self.only_use_keys_in_metadata:
            logger.debug("==== Certs from instance ====")
            certs = [
                make_temp(content=pem_format(cert), suffix=".pem", decode=False, delete_tmpfiles=self.delete_tmpfiles)
                for cert in cert_from_instance(item)
            ]
        else:
            logger.debug("==== Certs from metadata ==== %s: %s ====", _issuer, certs)
    
        if not certs:
            raise MissingKey(_issuer)
    
        try:
            validate_doc_with_schema(str(item))
        except XMLSchemaError as e:
            error_context = {
                "message": "Signature verification failed. Invalid document format.",
                "reason": str(e),
                "ID": item.id,
                "issuer": _issuer,
                "type": node_name,
                "document": decoded_xml,
            }
            raise SignatureError(error_context) from e
    
        # saml-core section "5.4 XML Signature Profile" defines constrains on the
        # xmldsig-core facilities. It explicitly dictates that enveloped signatures
        # are the only signatures allowed. This means that:
        # * Assertion/RequestType/ResponseType elements must have an ID attribute
        # * signatures must have a single Reference element
        # * the Reference element must have a URI attribute
        # * the URI attribute contains an anchor
        # * the anchor points to the enclosing element's ID attribute
        signed_info = item.signature.signed_info
        references = signed_info.reference
        signatures_must_have_a_single_reference_element = len(references) == 1
        the_Reference_element_must_have_a_URI_attribute = signatures_must_have_a_single_reference_element and hasattr(
            references[0], "uri"
        )
        the_URI_attribute_contains_an_anchor = (
            the_Reference_element_must_have_a_URI_attribute
            and references[0].uri.startswith("#")
            and len(references[0].uri) > 1
        )
        the_anchor_points_to_the_enclosing_element_ID_attribute = (
            the_URI_attribute_contains_an_anchor and references[0].uri == f"#{item.id}"
        )
    
        # SAML implementations SHOULD use Exclusive Canonicalization,
        # with or without comments
        canonicalization_method_is_c14n = signed_info.canonicalization_method.algorithm in ALLOWED_CANONICALIZATIONS
    
        # Signatures in SAML messages SHOULD NOT contain transforms other than the
        # - enveloped signature transform
        #   (with the identifier http://www.w3.org/2000/09/xmldsig#enveloped-signature)
        # - or the exclusive canonicalization transforms
        #   (with the identifier http://www.w3.org/2001/10/xml-exc-c14n#
        #   or http://www.w3.org/2001/10/xml-exc-c14n#WithComments).
        transform_algos = [transform.algorithm for transform in references[0].transforms.transform]
        tranform_algos_valid = ALLOWED_TRANSFORMS.intersection(transform_algos)
        transform_algos_n = len(transform_algos)
        tranform_algos_valid_n = len(tranform_algos_valid)
    
        the_number_of_transforms_is_one_or_two = (
            signatures_must_have_a_single_reference_element and 1 <= transform_algos_n <= 2
        )
        all_transform_algs_are_allowed = (
            the_number_of_transforms_is_one_or_two and transform_algos_n == tranform_algos_valid_n
        )
        the_enveloped_signature_transform_is_defined = (
            the_number_of_transforms_is_one_or_two and TRANSFORM_ENVELOPED in transform_algos
        )
    
        # The <ds:Object> element is not defined for use with SAML signatures,
        # and SHOULD NOT be present.
        # Since it can be used in service of an attacker by carrying unsigned data,
        # verifiers SHOULD reject signatures that contain a <ds:Object> element.
        object_element_is_not_present = not item.signature.object
    
        validators = {
            "signatures must have a single reference element": (signatures_must_have_a_single_reference_element),
            "the Reference element must have a URI attribute": (the_Reference_element_must_have_a_URI_attribute),
            "the URI attribute contains an anchor": (the_URI_attribute_contains_an_anchor),
            "the anchor points to the enclosing element ID attribute": (
                the_anchor_points_to_the_enclosing_element_ID_attribute
            ),
            "canonicalization method is c14n": canonicalization_method_is_c14n,
            "the number of transforms is one or two": (the_number_of_transforms_is_one_or_two),
            "all transform algs are allowed": all_transform_algs_are_allowed,
            "the enveloped signature transform is defined": (the_enveloped_signature_transform_is_defined),
            "object element is not present": object_element_is_not_present,
        }
        if not all(validators.values()):
            error_context = {
                "message": "Signature failed to meet constraints on xmldsig",
                "validators": validators,
                "item ID": item.id,
                "reference URI": item.signature.signed_info.reference[0].uri,
                "issuer": _issuer,
                "node name": node_name,
                "xml document": decoded_xml,
            }
            raise SignatureError(error_context)
    
        verified = False
        last_pem_file = None
    
        for pem_fd in certs:
            try:
                last_pem_file = pem_fd.name
                if self.verify_signature(
                    decoded_xml,
                    pem_fd.name,
                    node_name=node_name,
                    node_id=item.id,
                ):
                    verified = True
                    break
            except XmlsecError as exc:
                logger.error("check_sig: %s", str(exc))
            except Exception as exc:
                logger.error("check_sig: %s", str(exc))
                raise
    
        if verified or only_valid_cert:
            if not self.cert_handler.verify_cert(last_pem_file):
                raise CertificateError("Invalid certificate!")
        else:
>           raise SignatureError("Failed to verify signature")
E           saml2.sigver.SignatureError: Failed to verify signature

../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1525: SignatureError
------------------------------ Captured log call -------------------------------
ERROR    saml2.sigver:sigver.py:869 returncode=1
error=func=xmlSecOpenSSLEvpSignatureVerify:file=evp_signatures.c:line=449:obj=rsa-sha1:subj=EVP_VerifyFinal_ex:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest
func=xmlSecTransformVerifyNodeContent:file=transforms.c:line=1544:obj=rsa-sha1:subj=xmlSecTransformVerify:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=367:obj=unknown:subj=xmlSecTransformVerifyNodeContent:error=1:xmlsec library function failed: 
Error: signature failed 
ERROR
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "/tmp/tmpmbpqk8ud.xml"

output=
ERROR    saml2.sigver:sigver.py:1516 check_sig: ['/usr/bin/xmlsec1', '--verify', '--enabled-reference-uris', 'empty,same-doc', '--enabled-key-data', 'raw-x509-cert', '--pubkey-cert-pem', '/tmp/tmpdylaovni.pem', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'the-assertion-id', '--output', '/tmp/tmpxrwalhyq.xml', '/tmp/tmpmbpqk8ud.xml']
ERROR    saml2.response:response.py:793 correctly_signed_response: Failed to verify signature
=============================== warnings summary ===============================
../../../../../usr/lib64/python3.13/site-packages/bson/__init__.py:193
  /usr/lib64/python3.13/site-packages/bson/__init__.py:193: DeprecationWarning: datetime.datetime.utcfromtimestamp() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.fromtimestamp(timestamp, datetime.UTC).
    EPOCH_NAIVE = datetime.datetime.utcfromtimestamp(0)

tests/test_10_time_util.py: 2 warnings
tests/test_20_assertion.py: 6 warnings
tests/test_32_cache.py: 5 warnings
tests/test_34_population.py: 4 warnings
tests/test_41_response.py: 4 warnings
tests/test_42_enc.py: 6 warnings
tests/test_44_authnresp.py: 4 warnings
tests/test_50_server.py: 160 warnings
tests/test_51_client.py: 145 warnings
tests/test_52_default_sign_alg.py: 6 warnings
tests/test_62_vo.py: 2 warnings
tests/test_63_ecp.py: 5 warnings
tests/test_64_artifact.py: 4 warnings
tests/test_65_authn_query.py: 7 warnings
tests/test_66_name_id_mapping.py: 2 warnings
tests/test_67_manage_name_id.py: 3 warnings
tests/test_68_assertion_id.py: 4 warnings
tests/test_89_http_post_relay_state.py: 2 warnings
  /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/time_util.py:177: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
    return datetime.utcnow() + delta

tests/test_50_server.py: 7 warnings
tests/test_51_client.py: 27 warnings
tests/test_63_ecp.py: 3 warnings
tests/test_64_artifact.py: 2 warnings
tests/test_65_authn_query.py: 5 warnings
tests/test_66_name_id_mapping.py: 2 warnings
tests/test_67_manage_name_id.py: 3 warnings
tests/test_68_assertion_id.py: 2 warnings
  /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/time_util.py:187: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
    return datetime.utcnow() - delta

tests/test_50_server.py: 18 warnings
tests/test_51_client.py: 10 warnings
tests/test_81_certificates.py: 12 warnings
  /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:141: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography.
    cert = crypto.X509Req()

tests/test_50_server.py: 18 warnings
tests/test_51_client.py: 10 warnings
tests/test_81_certificates.py: 12 warnings
  /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:161: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography.
    tmp_cert = crypto.dump_certificate_request(crypto.FILETYPE_PEM, cert)

tests/test_50_server.py: 18 warnings
tests/test_51_client.py: 10 warnings
tests/test_81_certificates.py: 12 warnings
  /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:246: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography.
    req_cert = crypto.load_certificate_request(crypto.FILETYPE_PEM, request_cert_str)

tests/test_50_server.py: 8 warnings
tests/test_81_certificates.py: 17 warnings
  /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:281: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
    now = pytz.UTC.localize(datetime.datetime.utcnow())

tests/test_50_server.py::TestServer1::test_encrypted_response_6
tests/test_50_server.py::TestServer1::test_encrypted_response_6
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_expire
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert
  /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:331: DeprecationWarning: verify() is deprecated. Use the equivalent APIs in cryptography.
    crypto.verify(ca_cert, cert_crypto.signature, cert_crypto.tbs_certificate_bytes, cert_algorithm)

tests/test_92_aes.py: 35 warnings
  /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/symmetric.py:124: DeprecationWarning: AESCipher type is deprecated. It will be removed in the next version. Use saml2.cryptography.symmetric.Default or saml2.cryptography.symmetric.Fernet instead.
    _warn(_deprecation_msg, DeprecationWarning)

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
=========================== short test summary info ============================
SKIPPED [1] tests/test_37_entity_categories.py:296: Temporarily disabled
SKIPPED [1] tests/test_37_entity_categories.py:325: Temporarily disabled
SKIPPED [1] tests/test_37_entity_categories.py:358: Temporarily disabled
SKIPPED [1] tests/test_40_sigver.py:101: pyasn1 is not installed
SKIPPED [1] tests/test_60_sp.py:59: s2repoze dependencies not installed
SKIPPED [1] tests/test_60_sp.py:62: s2repoze dependencies not installed
ERROR tests/test_41_response.py::TestResponse::test_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XyS76nBKaVIKs6hNd', '--output', '/tmp/tmp_7e8a6ab.xml', '/tmp/tmpi6fks64s.xml']
ERROR tests/test_41_response.py::TestResponse::test_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XyS76nBKaVIKs6hNd', '--output', '/tmp/tmp_7e8a6ab.xml', '/tmp/tmpi6fks64s.xml']
ERROR tests/test_41_response.py::TestResponse::test_issuer_none - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XyS76nBKaVIKs6hNd', '--output', '/tmp/tmp_7e8a6ab.xml', '/tmp/tmpi6fks64s.xml']
ERROR tests/test_41_response.py::TestResponse::test_false_sign - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XyS76nBKaVIKs6hNd', '--output', '/tmp/tmp_7e8a6ab.xml', '/tmp/tmpi6fks64s.xml']
ERROR tests/test_41_response.py::TestResponse::test_other_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-XyS76nBKaVIKs6hNd', '--output', '/tmp/tmp_7e8a6ab.xml', '/tmp/tmpi6fks64s.xml']
ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']
ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_signed_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']
ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_parse_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']
ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_w_authn - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']
ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_unpack_nested_eptid - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']
ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_multiple_attribute_statement - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uULhk7AUPIXICzxmh', '--output', '/tmp/tmp5yc6e84z.xml', '/tmp/tmpl6lis6nr.xml']
FAILED tests/test_39_metadata.py::test_signed_metadata_proper_str_bytes_handling - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', '--output', '/tmp/tmpfpz0u690.xml', '/tmp/tmpvnxp6ad3.xml']
FAILED tests/test_40_sigver.py::TestSecurity::test_sign_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpeg6m26hv.xml', '/tmp/tmpco60qsfo.xml']
FAILED tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpp1x9crft.xml', '/tmp/tmpwaadfdey.xml']
FAILED tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpr7jzgf0r.xml', '/tmp/tmp56tp8kn8.xml']
FAILED tests/test_40_sigver.py::TestSecurity::test_sign_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp2md_lu4u.xml', '/tmp/tmp7962nvld.xml']
FAILED tests/test_40_sigver.py::TestSecurity::test_sign_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmpi0qlruoc.xml', '/tmp/tmpp6ngmxd6.xml']
FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp07blw8bh.xml', '/tmp/tmpxhil2dkj.xml']
FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpmp1ydnxa.xml', '/tmp/tmpkd_zlm5i.xml']
FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify_assertion_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmp1lljq1jn.xml', '/tmp/tmpdp2u635i.xml']
FAILED tests/test_40_sigver.py::TestSecurity::test_exception_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpdvuqokfy.xml', '/tmp/tmpqyidnx4w.xml']
FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpbr0q2w6w.xml', '/tmp/tmp5_qsnjqj.xml']
FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp2a55r4rk.xml', '/tmp/tmp3n0e9w0_.xml']
FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpzzrede70.xml', '/tmp/tmp4jecio89.xml']
FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp7zsxye45.xml', '/tmp/tmpps4no7_f.xml']
FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmpwfb_opta.xml', '/tmp/tmp0xzci00n.xml']
FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp3is931nq.xml', '/tmp/tmp60u3r7io.xml']
FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpezeamdpt.xml', '/tmp/tmpd3q9gz22.xml']
FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_assertion_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmp_0ap6xwm.xml', '/tmp/tmpthjmlk4p.xml']
FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_exception_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmp0j4rlgb2.xml', '/tmp/tmpvoyjpbrv.xml']
FAILED tests/test_40_sigver.py::test_xbox - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpzcd19yur.xml', '/tmp/tmp9piz_9ji.xml']
FAILED tests/test_40_sigver.py::test_xbox_non_ascii_ava - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp9xr63_eo.xml', '/tmp/tmpfkeessnr.xml']
FAILED tests/test_50_server.py::TestServer1::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-PVnQgw4fpfmtB53aj', '--output', '/tmp/tmpfe6mn0_e.xml', '/tmp/tmpx2gfruy1.xml']
FAILED tests/test_50_server.py::TestServer1::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-QKMtTpLQY2uf3yZOB', '--output', '/tmp/tmp50pcf44r.xml', '/tmp/tmpg1khr3fy.xml']
FAILED tests/test_50_server.py::TestServer1::test_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-Q7avCVgkRqkq7lZH7', '--output', '/tmp/tmp3k7mzqt4.xml', '/tmp/tmpjiri70pu.xml']
FAILED tests/test_50_server.py::TestServer1::test_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-CFT0KN0NFua7mfoRN', '--output', '/tmp/tmphmzksg32.xml', '/tmp/tmp33bj2epz.xml']
FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-eBsWdpHr1E8YtMyud', '--output', '/tmp/tmpgoekvwgt.xml', '/tmp/tmp78mxwcnb.xml']
FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-ENvPwBlJANH6n5dQN', '--output', '/tmp/tmp3rfvtug1.xml', '/tmp/tmpss7_g9by.xml']
FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-trDBIEyGCd2ZhgF3i', '--output', '/tmp/tmpggm4t67e.xml', '/tmp/tmpzlellem8.xml']
FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Xrqu9emF9PJmthdKW', '--output', '/tmp/tmpe9p9sc3b.xml', '/tmp/tmpgwoq7seu.xml']
FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-I0nh2LOm0d2WZkMSL', '--output', '/tmp/tmphrdy5bzi.xml', '/tmp/tmpa13kb408.xml']
FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-6IWYprKb4byMho6Yk', '--output', '/tmp/tmph2pz48at.xml', '/tmp/tmpa_59g_4g.xml']
FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-KZyjmMQO9HAzk3hAs', '--output', '/tmp/tmpx99c58n4.xml', '/tmp/tmp97u60bn7.xml']
FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-3ZcqiG0A6ctn0tR22', '--output', '/tmp/tmphexotx0m.xml', '/tmp/tmpqqxpi720.xml']
FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Pej6MifvNhzvGX6oP', '--output', '/tmp/tmp78phdtwm.xml', '/tmp/tmp0kmu3dp5.xml']
FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-orN4XemuoERh2ePCE', '--output', '/tmp/tmpc2r4p1x1.xml', '/tmp/tmpsro_j5ci.xml']
FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-qrM1Dja0WrOwp3c6H', '--output', '/tmp/tmptihhnuyo.xml', '/tmp/tmpeowh4_bv.xml']
FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-kEFIUJBYEDpDVoSRL', '--output', '/tmp/tmp5cf9wqxz.xml', '/tmp/tmpzhfvxxch.xml']
FAILED tests/test_51_client.py::TestClient::test_sign_auth_request_0 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmp1dfi1uba.xml', '/tmp/tmpbhrw58i0.xml']
FAILED tests/test_51_client.py::TestClient::test_logout_response - saml2.SAMLError: {'message': 'No supported bindings found to create LogoutResponse', 'issuer': 'urn:mace:example.com:saml:roland:idp', 'response_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']}
FAILED tests/test_51_client.py::TestClient::test_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-w1mdnnzdC62WnGC2v', '--output', '/tmp/tmpx59hnfj8.xml', '/tmp/tmp74z2hzhj.xml']
FAILED tests/test_51_client.py::TestClient::test_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-09ybzj3h23uaikU6o', '--output', '/tmp/tmpcei6nf9t.xml', '/tmp/tmptd7h5_08.xml']
FAILED tests/test_51_client.py::TestClient::test_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-LzTN0K1K7sytzxPbe', '--output', '/tmp/tmpo21h8tog.xml', '/tmp/tmpu_jg1pmq.xml']
FAILED tests/test_51_client.py::TestClient::test_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-bYkpM99vt8tPSlTdY', '--output', '/tmp/tmpzh01mbjg.xml', '/tmp/tmp7ulbov_7.xml']
FAILED tests/test_51_client.py::TestClient::test_response_5 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-x0h58WBQZegvZpN30', '--output', '/tmp/tmppt4hshcf.xml', '/tmp/tmpu1b3pkdw.xml']
FAILED tests/test_51_client.py::TestClient::test_response_6 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-02WSOJfzypyJAIACF', '--output', '/tmp/tmpkfrjc153.xml', '/tmp/tmpan9w5j1c.xml']
FAILED tests/test_51_client.py::TestClient::test_response_7 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-QlXIsdhRyLKqkRZx1', '--output', '/tmp/tmp0hy_3yhd.xml', '/tmp/tmpc37wkk5m.xml']
FAILED tests/test_51_client.py::TestClient::test_response_8 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-K471V7F7jge9uqT8i', '--output', '/tmp/tmpm1ej2job.xml', '/tmp/tmpa28f81tr.xml']
FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KKrCY8DE03lGFsLAj', '--output', '/tmp/tmpw38dmyql.xml', '/tmp/tmpwodwo_tv.xml']
FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-9jOCxoLMBkLn5OH8o', '--output', '/tmp/tmpg72bvl83.xml', '/tmp/tmp_yu68mp9.xml']
FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yod9flFyJQ8rrSIYx', '--output', '/tmp/tmp5qw88032.xml', '/tmp/tmpywjpvbtj.xml']
FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wM5rMjOVDoOmStXAh', '--output', '/tmp/tmpx_fb7esl.xml', '/tmp/tmpmjzo6cpe.xml']
FAILED tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing.
FAILED tests/test_51_client.py::TestClient::test_do_logout_signed_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing.
FAILED tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing.
FAILED tests/test_51_client.py::TestClient::test_do_logout_post - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-Q10pNambHAMr02S8o', '--output', '/tmp/tmp85uud2dh.xml', '/tmp/tmpyo_mwtgi.xml']
FAILED tests/test_51_client.py::TestClient::test_do_logout_session_expired - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-4hY8hfDwjrSIznh4S', '--output', '/tmp/tmpan0m19je.xml', '/tmp/tmpggb8h3ll.xml']
FAILED tests/test_51_client.py::TestClient::test_signature_wants - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-1nWAIuNjUq1pdXl2M', '--output', '/tmp/tmps_dzqafp.xml', '/tmp/tmp38bto4ch.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpveaeucqg.xml', '/tmp/tmpyc5a7jem.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-NtTaEDlmc9y8SXF6y', '--output', '/tmp/tmpvsyue392.xml', '/tmp/tmps4acha2a.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-xmvc8aQyutcKergJo', '--output', '/tmp/tmpudivo68u.xml', '/tmp/tmp4ip919gx.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-UpGr2hjG9Wc28j9v2', '--output', '/tmp/tmpkq2b1v3g.xml', '/tmp/tmpcqwg2ezs.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-v4IOwOlS9DlMMA57g', '--output', '/tmp/tmp3l1o68yk.xml', '/tmp/tmpqd2ai_uv.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-zICmpW8BPDOQLvZpd', '--output', '/tmp/tmpa2xiu2qu.xml', '/tmp/tmp14l1lj6a.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-H27txlRbPvYeKVEIf', '--output', '/tmp/tmpaihcvfhw.xml', '/tmp/tmpxefeg_9_.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yBhgyZ03zsbkEXhdf', '--output', '/tmp/tmpss83g3nj.xml', '/tmp/tmpkd_f58no.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-jq0QigTm5xGNfmDV3', '--output', '/tmp/tmpohpe_h3l.xml', '/tmp/tmp_zfl1kjx.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-APamg4z01RiPUXgzL', '--output', '/tmp/tmpeoxsci6g.xml', '/tmp/tmp9xsbusca.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-NNnGuaFSKJfYG65BJ', '--output', '/tmp/tmpncepca2k.xml', '/tmp/tmpmuhkqwz0.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-WEo3NqDJd7L39cdQa', '--output', '/tmp/tmpan8j5aqr.xml', '/tmp/tmp23649poo.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-6OVQSXsb5orOQdSjr', '--output', '/tmp/tmpe8hhwga0.xml', '/tmp/tmpehi_fg6j.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing.
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-vmRfptrq1pInzb10f', '--output', '/tmp/tmpjfdgm31h.xml', '/tmp/tmpudjztp9a.xml']
FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-AXYrCGbzU60QkV5B1', '--output', '/tmp/tmpbysqmpde.xml', '/tmp/tmp4_u3jjxz.xml']
FAILED tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-pAXm2Mek8BO3Tkt8Y', '--output', '/tmp/tmpgjwece0e.xml', '/tmp/tmpja_jdd7g.xml']
FAILED tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-E8BPst1Jp6fldLNnj', '--output', '/tmp/tmpzq7_v7dt.xml', '/tmp/tmp2ku9r55b.xml']
FAILED tests/test_70_redirect_signing.py::test - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing.
FAILED tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored - saml2.sigver.SignatureError: Failed to verify signature
= 77 failed, 691 passed, 6 skipped, 612 warnings, 11 errors in 171.59s (0:02:51) =
error: 
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.359rJA (%check)
    Bad exit status from /var/tmp/rpm-tmp.359rJA (%check)
Finish: rpmbuild python-pysaml2-7.4.2-6.fc42.src.rpm
Finish: build phase for python-pysaml2-7.4.2-6.fc42.src.rpm
INFO: chroot_scan: 1 files copied to /var/lib/copr-rpmbuild/results/chroot_scan
INFO: /var/lib/mock/fedora-rawhide-x86_64-1726143099.876957/root/var/log/dnf5.log
ERROR: Exception(/var/lib/copr-rpmbuild/results/python-pysaml2-7.4.2-6.fc42.src.rpm) Config(fedora-rawhide-x86_64) 3 minutes 18 seconds
INFO: Results and/or logs in: /var/lib/copr-rpmbuild/results
INFO: Cleaning up build root ('cleanup_on_failure=True')
Start: clean chroot
INFO: unmounting tmpfs.
Finish: clean chroot
ERROR: Command failed: 
 # /usr/bin/systemd-nspawn -q -M 326f0b34477f4f4abffaff987aa7c4ba -D /var/lib/mock/fedora-rawhide-x86_64-1726143099.876957/root -a -u mockbuild --capability=cap_ipc_lock --rlimit=RLIMIT_NOFILE=10240 --capability=cap_ipc_lock --bind=/tmp/mock-resolv.d3okfk4s:/etc/resolv.conf --bind=/dev/btrfs-control --bind=/dev/mapper/control --bind=/dev/fuse --bind=/dev/loop-control --bind=/dev/loop0 --bind=/dev/loop1 --bind=/dev/loop2 --bind=/dev/loop3 --bind=/dev/loop4 --bind=/dev/loop5 --bind=/dev/loop6 --bind=/dev/loop7 --bind=/dev/loop8 --bind=/dev/loop9 --bind=/dev/loop10 --bind=/dev/loop11 --console=pipe --setenv=TERM=vt100 --setenv=SHELL=/bin/bash --setenv=HOME=/builddir --setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin '--setenv=PROMPT_COMMAND=printf "\033]0;<mock-chroot>\007"' '--setenv=PS1=<mock-chroot> \s-\v\$ ' --setenv=LANG=C.UTF-8 --resolv-conf=off bash --login -c '/usr/bin/rpmbuild -ba --noprep  --target x86_64 /builddir/build/originals/python-pysaml2.spec'

Copr build error: Build failed