Warning: Permanently added '54.226.31.0' (ED25519) to the list of known hosts. Running (timeout=18000): unbuffer mock --spec /var/lib/copr-rpmbuild/workspace/workdir-hmmrgi5w/python-pysaml2/python-pysaml2.spec --sources /var/lib/copr-rpmbuild/workspace/workdir-hmmrgi5w/python-pysaml2 --resultdir /var/lib/copr-rpmbuild/results --uniqueext 1730198127.190043 -r /var/lib/copr-rpmbuild/results/configs/child.cfg INFO: mock.py version 5.9 starting (python version = 3.12.1, NVR = mock-5.9-1.fc39), args: /usr/libexec/mock/mock --spec /var/lib/copr-rpmbuild/workspace/workdir-hmmrgi5w/python-pysaml2/python-pysaml2.spec --sources /var/lib/copr-rpmbuild/workspace/workdir-hmmrgi5w/python-pysaml2 --resultdir /var/lib/copr-rpmbuild/results --uniqueext 1730198127.190043 -r /var/lib/copr-rpmbuild/results/configs/child.cfg Start(bootstrap): init plugins INFO: tmpfs initialized INFO: selinux enabled INFO: chroot_scan: initialized INFO: compress_logs: initialized Finish(bootstrap): init plugins Start: init plugins INFO: tmpfs initialized INFO: selinux enabled INFO: chroot_scan: initialized INFO: compress_logs: initialized Finish: init plugins INFO: Signal handler active Start: run INFO: Start(/var/lib/copr-rpmbuild/workspace/workdir-hmmrgi5w/python-pysaml2/python-pysaml2.spec) Config(fedora-rawhide-x86_64) Start: clean chroot Finish: clean chroot Mock Version: 5.9 INFO: Mock Version: 5.9 Start(bootstrap): chroot init INFO: mounting tmpfs at /var/lib/mock/fedora-rawhide-x86_64-bootstrap-1730198127.190043/root. INFO: calling preinit hooks INFO: enabled root cache INFO: enabled package manager cache Start(bootstrap): cleaning package manager metadata Finish(bootstrap): cleaning package manager metadata INFO: Guessed host environment type: unknown INFO: Using bootstrap image: registry.fedoraproject.org/fedora:rawhide INFO: Pulling image: registry.fedoraproject.org/fedora:rawhide INFO: Copy content of container registry.fedoraproject.org/fedora:rawhide to /var/lib/mock/fedora-rawhide-x86_64-bootstrap-1730198127.190043/root INFO: Checking that registry.fedoraproject.org/fedora:rawhide image matches host's architecture INFO: mounting registry.fedoraproject.org/fedora:rawhide with podman image mount INFO: image registry.fedoraproject.org/fedora:rawhide as /var/lib/containers/storage/overlay/6af54bdc8972f405bc0c6964293a663354b6cd522ab13b8cdfa0e2573fc7c859/merged INFO: umounting image registry.fedoraproject.org/fedora:rawhide (/var/lib/containers/storage/overlay/6af54bdc8972f405bc0c6964293a663354b6cd522ab13b8cdfa0e2573fc7c859/merged) with podman image umount INFO: Package manager dnf5 detected and used (fallback) INFO: Not updating bootstrap chroot, bootstrap_image_ready=True Start(bootstrap): creating root cache Finish(bootstrap): creating root cache Finish(bootstrap): chroot init Start: chroot init INFO: mounting tmpfs at /var/lib/mock/fedora-rawhide-x86_64-1730198127.190043/root. INFO: calling preinit hooks INFO: enabled root cache INFO: enabled package manager cache Start: cleaning package manager metadata Finish: cleaning package manager metadata INFO: enabled HW Info plugin INFO: Package manager dnf5 detected and used (direct choice) INFO: Buildroot is handled by package management downloaded with a bootstrap image: rpm-4.20.0-1.fc42.x86_64 rpm-sequoia-1.7.0-2.fc41.x86_64 dnf5-5.2.6.2-1.fc42.x86_64 dnf5-plugins-5.2.6.2-1.fc42.x86_64 Start: installing minimal buildroot with dnf5 Updating and loading repositories: fedora 100% | 87.6 KiB/s | 24.9 KiB | 00m00s Copr repository 100% | 63.6 KiB/s | 1.5 KiB | 00m00s Additional repo http_kojipkgs_fedorapr 100% | 191.5 KiB/s | 3.8 KiB | 00m00s Copr repository 100% | 4.3 MiB/s | 92.1 KiB | 00m00s Repositories loaded. Package Arch Version Repository Size Installing group/module packages: bash x86_64 5.2.32-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 8.2 MiB bzip2 x86_64 1.0.8-19.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 95.7 KiB coreutils x86_64 9.5-10.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 5.7 MiB cpio x86_64 2.15-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.1 MiB diffutils x86_64 3.10-8.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.6 MiB fedora-release-common noarch 42-0.6 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 19.5 KiB findutils x86_64 1:4.10.0-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.8 MiB gawk x86_64 5.3.0-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.7 MiB glibc-minimal-langpack x86_64 2.40.9000-14.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 0.0 B grep x86_64 3.11-9.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.0 MiB gzip x86_64 1.13-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 389.0 KiB info x86_64 7.1.1-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 361.8 KiB patch x86_64 2.7.6-25.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 266.7 KiB redhat-rpm-config noarch 296-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 186.6 KiB rpm-build x86_64 4.20.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 194.3 KiB sed x86_64 4.9-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 861.5 KiB shadow-utils x86_64 2:4.16.0-6.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 4.1 MiB tar x86_64 2:1.35-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.9 MiB unzip x86_64 6.0-64.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 386.8 KiB util-linux x86_64 2.40.2-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 3.7 MiB which x86_64 2.21-42.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 80.2 KiB xz x86_64 1:5.6.3-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.2 MiB Installing dependencies: add-determinism x86_64 0.4.3-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.4 MiB alternatives x86_64 1.30-1.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 66.3 KiB ansible-srpm-macros noarch 1-16.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 35.7 KiB audit-libs x86_64 4.0.2-1.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 331.3 KiB authselect x86_64 1.5.0-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 157.5 KiB authselect-libs x86_64 1.5.0-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 822.2 KiB basesystem noarch 11-21.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 0.0 B binutils x86_64 2.43.50-5.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 27.6 MiB build-reproducibility-srpm-macros noarch 0.4.3-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 735.0 B bzip2-libs x86_64 1.0.8-19.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 80.7 KiB ca-certificates noarch 2024.2.69_v8.0.401-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.6 MiB coreutils-common x86_64 9.5-10.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 11.2 MiB cracklib x86_64 2.9.11-6.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 238.9 KiB crypto-policies noarch 20241018-1.gitce922cb.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 137.0 KiB curl x86_64 8.10.1-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 453.3 KiB cyrus-sasl-lib x86_64 2.1.28-27.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.3 MiB debugedit x86_64 5.0-18.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 199.3 KiB dwz x86_64 0.15-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 299.2 KiB ed x86_64 1.20.2-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 146.9 KiB efi-srpm-macros noarch 5-12.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 40.1 KiB elfutils x86_64 0.192-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.7 MiB elfutils-debuginfod-client x86_64 0.192-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 76.0 KiB elfutils-default-yama-scope noarch 0.192-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.8 KiB elfutils-libelf x86_64 0.192-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.2 MiB elfutils-libs x86_64 0.192-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 675.1 KiB fedora-gpg-keys noarch 42-0.3 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 126.4 KiB fedora-release noarch 42-0.6 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 0.0 B fedora-release-identity-basic noarch 42-0.6 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 719.0 B fedora-repos noarch 42-0.3 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 4.9 KiB fedora-repos-rawhide noarch 42-0.3 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.2 KiB file x86_64 5.45-7.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 103.5 KiB file-libs x86_64 5.45-7.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 9.9 MiB filesystem x86_64 3.18-29.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 106.0 B fonts-srpm-macros noarch 1:2.0.5-17.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 55.8 KiB forge-srpm-macros noarch 0.4.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 38.9 KiB fpc-srpm-macros noarch 1.3-13.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 144.0 B gdb-minimal x86_64 15.2-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 13.0 MiB gdbm x86_64 1:1.23-7.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 460.9 KiB gdbm-libs x86_64 1:1.23-7.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 121.9 KiB ghc-srpm-macros noarch 1.9.2-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 779.0 B glibc x86_64 2.40.9000-14.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 6.6 MiB glibc-common x86_64 2.40.9000-14.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.0 MiB glibc-gconv-extra x86_64 2.40.9000-14.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 7.1 MiB gmp x86_64 1:6.3.0-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 811.4 KiB gnat-srpm-macros noarch 6-6.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.0 KiB go-srpm-macros noarch 3.6.0-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 60.8 KiB jansson x86_64 2.14-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 93.1 KiB json-c x86_64 0.17-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 82.4 KiB kernel-srpm-macros noarch 1.0-24.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.9 KiB keyutils-libs x86_64 1.6.3-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 54.4 KiB krb5-libs x86_64 1.21.3-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.3 MiB libacl x86_64 2.3.2-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 40.0 KiB libarchive x86_64 3.7.6-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 934.8 KiB libattr x86_64 2.5.2-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 28.5 KiB libblkid x86_64 2.40.2-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 262.5 KiB libbrotli x86_64 1.1.0-5.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 837.6 KiB libcap x86_64 2.71-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 210.8 KiB libcap-ng x86_64 0.8.5-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 69.2 KiB libcom_err x86_64 1.47.1-6.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 67.2 KiB libcurl x86_64 8.10.1-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 838.4 KiB libeconf x86_64 0.7.4-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 68.3 KiB libevent x86_64 2.1.12-14.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 895.7 KiB libfdisk x86_64 2.40.2-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 362.9 KiB libffi x86_64 3.4.6-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 86.4 KiB libgcc x86_64 14.2.1-4.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 274.6 KiB libgomp x86_64 14.2.1-4.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 523.8 KiB libidn2 x86_64 2.3.7-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 329.1 KiB libmount x86_64 2.40.2-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 355.8 KiB libnghttp2 x86_64 1.64.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 174.5 KiB libnsl2 x86_64 2.0.1-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 57.9 KiB libpkgconf x86_64 2.3.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 78.2 KiB libpsl x86_64 0.21.5-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 80.5 KiB libpwquality x86_64 1.4.5-11.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 417.8 KiB libselinux x86_64 3.7-6.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 181.1 KiB libsemanage x86_64 3.7-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 298.0 KiB libsepol x86_64 3.7-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 818.0 KiB libsmartcols x86_64 2.40.2-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 180.4 KiB libssh x86_64 0.11.1-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 569.6 KiB libssh-config noarch 0.11.1-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 277.0 B libstdc++ x86_64 14.2.1-4.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.8 MiB libtasn1 x86_64 4.19.0-9.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 175.7 KiB libtirpc x86_64 1.3.6-0.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 203.0 KiB libtool-ltdl x86_64 2.4.7-12.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 66.2 KiB libunistring x86_64 1.1-8.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.7 MiB libuuid x86_64 2.40.2-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 41.4 KiB libverto x86_64 0.3.2-9.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 29.5 KiB libxcrypt x86_64 4.4.36-7.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 266.8 KiB libxml2 x86_64 2.12.8-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.7 MiB libzstd x86_64 1.5.6-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 795.9 KiB lua-libs x86_64 5.4.7-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 285.0 KiB lua-srpm-macros noarch 1-14.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.3 KiB lz4-libs x86_64 1.10.0-1.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 145.5 KiB mpfr x86_64 4.2.1-5.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 832.1 KiB ncurses-base noarch 6.5-2.20240629.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 326.3 KiB ncurses-libs x86_64 6.5-2.20240629.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 975.2 KiB ocaml-srpm-macros noarch 10-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.9 KiB openblas-srpm-macros noarch 2-18.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 112.0 B openldap x86_64 2.6.8-5.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 644.2 KiB openssl-libs x86_64 1:3.2.2-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 7.8 MiB p11-kit x86_64 0.25.5-4.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.2 MiB p11-kit-trust x86_64 0.25.5-4.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 403.8 KiB package-notes-srpm-macros noarch 0.5-12.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.6 KiB pam x86_64 1.6.1-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.6 MiB pam-libs x86_64 1.6.1-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 127.7 KiB pcre2 x86_64 10.44-1.fc41.1 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 653.5 KiB pcre2-syntax noarch 10.44-1.fc41.1 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 251.6 KiB perl-srpm-macros noarch 1-56.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 861.0 B pkgconf x86_64 2.3.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 88.6 KiB pkgconf-m4 noarch 2.3.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 14.4 KiB pkgconf-pkg-config x86_64 2.3.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 989.0 B popt x86_64 1.19-7.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 136.9 KiB publicsuffix-list-dafsa noarch 20240107-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 67.5 KiB pyproject-srpm-macros noarch 1.15.1-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.9 KiB python-srpm-macros noarch 3.13-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 51.0 KiB qt5-srpm-macros noarch 5.15.15-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 500.0 B qt6-srpm-macros noarch 6.8.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 456.0 B readline x86_64 8.2-11.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 493.1 KiB rpm x86_64 4.20.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 3.1 MiB rpm-build-libs x86_64 4.20.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 206.7 KiB rpm-libs x86_64 4.20.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 726.1 KiB rpm-sequoia x86_64 1.7.0-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.4 MiB rust-srpm-macros noarch 26.3-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 4.8 KiB setup noarch 2.15.0-5.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 720.7 KiB sqlite-libs x86_64 3.46.1-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.4 MiB systemd-libs x86_64 256.7-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.0 MiB util-linux-core x86_64 2.40.2-8.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.5 MiB xxhash-libs x86_64 0.8.2-4.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 88.4 KiB xz-libs x86_64 1:5.6.3-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 218.4 KiB zig-srpm-macros noarch 1-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.1 KiB zip x86_64 3.0-41.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 703.2 KiB zlib-ng-compat x86_64 2.1.7-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 138.0 KiB zstd x86_64 1.5.6-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.7 MiB Installing groups: Buildsystem building group Transaction Summary: Installing: 154 packages Total size of inbound packages is 53 MiB. Need to download 0 B. After this operation, 180 MiB extra will be used (install 180 MiB, remove 0 B). [1/1] tar-2:1.35-4.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [1/1] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/2] bzip2-0:1.0.8-19.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [2/2] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/3] redhat-rpm-config-0:296-1.fc42.no 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [3/3] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/4] rpm-build-0:4.20.0-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [4/4] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/5] unzip-0:6.0-64.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [5/5] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/6] cpio-0:2.15-2.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [6/6] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/7] which-0:2.21-42.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [7/7] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/8] bash-0:5.2.32-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [8/8] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/9] coreutils-0:9.5-10.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [9/9] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/10] grep-0:3.11-9.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [10/10] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/11] patch-0:2.7.6-25.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [11/11] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/12] sed-0:4.9-3.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [12/12] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/13] shadow-utils-2:4.16.0-6.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [13/13] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/14] util-linux-0:2.40.2-8.fc42.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [14/14] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/15] diffutils-0:3.10-8.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [15/15] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/16] fedora-release-common-0:42-0.6. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [16/16] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/17] findutils-1:4.10.0-4.fc41.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [17/17] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/18] gawk-0:5.3.0-4.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [18/18] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/19] glibc-minimal-langpack-0:2.40.9 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [19/19] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/20] gzip-0:1.13-2.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [20/20] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/21] info-0:7.1.1-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [21/21] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/22] xz-1:5.6.3-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [22/22] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/23] glibc-0:2.40.9000-14.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [23/23] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/24] glibc-common-0:2.40.9000-14.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [24/24] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/25] glibc-gconv-extra-0:2.40.9000-1 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [25/25] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/26] xz-libs-1:5.6.3-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [26/26] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/27] audit-libs-0:4.0.2-1.fc41.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [27/27] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/28] authselect-libs-0:1.5.0-8.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [28/28] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/29] libblkid-0:2.40.2-8.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [29/29] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/30] libcap-ng-0:0.8.5-3.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [30/30] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/31] libfdisk-0:2.40.2-8.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [31/31] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/32] libmount-0:2.40.2-8.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [32/32] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/33] libselinux-0:3.7-6.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [33/33] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/34] libsmartcols-0:2.40.2-8.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [34/34] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/35] libuuid-0:2.40.2-8.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [35/35] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/36] ncurses-libs-0:6.5-2.20240629.f 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [36/36] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/37] pam-0:1.6.1-8.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [37/37] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/38] pam-libs-0:1.6.1-8.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [38/38] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/39] readline-0:8.2-11.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [39/39] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/40] systemd-libs-0:256.7-1.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [40/40] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/41] util-linux-core-0:2.40.2-8.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [41/41] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/42] zlib-ng-compat-0:2.1.7-3.fc42.x 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [42/42] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/43] bzip2-libs-0:1.0.8-19.fc41.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [43/43] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/44] libacl-0:2.3.2-2.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [44/44] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/45] libcap-0:2.71-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [45/45] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/46] libgcc-0:14.2.1-4.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [46/46] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/47] libattr-0:2.5.2-4.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [47/47] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/48] libeconf-0:0.7.4-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [48/48] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/49] libsemanage-0:3.7-3.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [49/49] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/50] libxcrypt-0:4.4.36-7.fc41.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [50/50] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/51] setup-0:2.15.0-5.fc41.noarch 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [51/51] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/52] binutils-0:2.43.50-5.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [52/52] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/53] debugedit-0:5.0-18.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [53/53] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/54] elfutils-0:0.192-3.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [54/54] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/55] elfutils-libelf-0:0.192-3.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [55/55] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/56] file-0:5.45-7.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [56/56] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/57] libarchive-0:3.7.6-1.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [57/57] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/58] pkgconf-pkg-config-0:2.3.0-1.fc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [58/58] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/59] popt-0:1.19-7.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [59/59] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/60] rpm-0:4.20.0-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [60/60] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/61] rpm-build-libs-0:4.20.0-1.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [61/61] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/62] rpm-libs-0:4.20.0-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [62/62] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/63] zstd-0:1.5.6-2.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [63/63] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/64] curl-0:8.10.1-2.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [64/64] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/65] ansible-srpm-macros-0:1-16.fc41 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [65/65] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/66] build-reproducibility-srpm-macr 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [66/66] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/67] dwz-0:0.15-8.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [67/67] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/68] efi-srpm-macros-0:5-12.fc41.noa 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [68/68] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/69] fonts-srpm-macros-1:2.0.5-17.fc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [69/69] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/70] forge-srpm-macros-0:0.4.0-1.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [70/70] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/71] fpc-srpm-macros-0:1.3-13.fc41.n 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [71/71] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/72] ghc-srpm-macros-0:1.9.2-1.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [72/72] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/73] gnat-srpm-macros-0:6-6.fc41.noa 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [73/73] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/74] go-srpm-macros-0:3.6.0-3.fc41.n 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [74/74] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/75] kernel-srpm-macros-0:1.0-24.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [75/75] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/76] lua-srpm-macros-0:1-14.fc41.noa 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [76/76] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/77] ocaml-srpm-macros-0:10-3.fc41.n 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [77/77] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/78] openblas-srpm-macros-0:2-18.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [78/78] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/79] package-notes-srpm-macros-0:0.5 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [79/79] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/80] perl-srpm-macros-0:1-56.fc41.no 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [80/80] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/81] pyproject-srpm-macros-0:1.15.1- 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [81/81] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/82] python-srpm-macros-0:3.13-3.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [82/82] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/83] qt5-srpm-macros-0:5.15.15-1.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [83/83] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/84] qt6-srpm-macros-0:6.8.0-1.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [84/84] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/85] rust-srpm-macros-0:26.3-3.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [85/85] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/86] zig-srpm-macros-0:1-3.fc41.noar 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [86/86] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/87] zip-0:3.0-41.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [87/87] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/88] pkgconf-0:2.3.0-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [88/88] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/89] pkgconf-m4-0:2.3.0-1.fc42.noarc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [89/89] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/90] libpkgconf-0:2.3.0-1.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [90/90] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/91] ed-0:1.20.2-2.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [91/91] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/92] authselect-0:1.5.0-8.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [92/92] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/93] gdbm-1:1.23-7.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [93/93] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/94] gdbm-libs-1:1.23-7.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [94/94] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/95] libnsl2-0:2.0.1-2.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [95/95] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/96] libpwquality-0:1.4.5-11.fc41.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [96/96] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/97] libtirpc-0:1.3.6-0.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [97/97] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/98] openssl-libs-1:3.2.2-8.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [98/98] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/99] ca-certificates-0:2024.2.69_v8. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [99/99] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/100] crypto-policies-0:20241018-1. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [100/100] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/101] ncurses-base-0:6.5-2.20240629 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [101/101] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/102] krb5-libs-0:1.21.3-2.fc41.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [102/102] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/103] libcom_err-0:1.47.1-6.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [103/103] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/104] libsepol-0:3.7-3.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [104/104] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/105] pcre2-0:10.44-1.fc41.1.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [105/105] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/106] cracklib-0:2.9.11-6.fc41.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [106/106] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/107] libxml2-0:2.12.8-2.fc41.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [107/107] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/108] libzstd-0:1.5.6-2.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [108/108] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/109] lz4-libs-0:1.10.0-1.fc41.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [109/109] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/110] keyutils-libs-0:1.6.3-4.fc41. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [110/110] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/111] libverto-0:0.3.2-9.fc41.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [111/111] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/112] basesystem-0:11-21.fc41.noarc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [112/112] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/113] filesystem-0:3.18-29.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [113/113] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/114] gmp-1:6.3.0-2.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [114/114] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/115] mpfr-0:4.2.1-5.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [115/115] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/116] file-libs-0:5.45-7.fc41.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [116/116] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/117] fedora-repos-0:42-0.3.noarch 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [117/117] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/118] elfutils-debuginfod-client-0: 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [118/118] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/119] elfutils-libs-0:0.192-3.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [119/119] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/120] libstdc++-0:14.2.1-4.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [120/120] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/121] coreutils-common-0:9.5-10.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [121/121] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/122] libffi-0:3.4.6-3.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [122/122] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/123] p11-kit-0:0.25.5-4.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [123/123] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/124] p11-kit-trust-0:0.25.5-4.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [124/124] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/125] add-determinism-0:0.4.3-1.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [125/125] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/126] alternatives-0:1.30-1.fc41.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [126/126] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/127] jansson-0:2.14-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [127/127] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/128] lua-libs-0:5.4.7-1.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [128/128] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/129] rpm-sequoia-0:1.7.0-2.fc41.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [129/129] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/130] sqlite-libs-0:3.46.1-1.fc42.x 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [130/130] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/131] libgomp-0:14.2.1-4.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [131/131] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/132] pcre2-syntax-0:10.44-1.fc41.1 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [132/132] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/133] libtasn1-0:4.19.0-9.fc41.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [133/133] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/134] fedora-gpg-keys-0:42-0.3.noar 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [134/134] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/135] fedora-repos-rawhide-0:42-0.3 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [135/135] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/136] elfutils-default-yama-scope-0 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [136/136] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/137] json-c-0:0.17-4.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [137/137] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/138] fedora-release-0:42-0.6.noarc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [138/138] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/139] gdb-minimal-0:15.2-1.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [139/139] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/140] xxhash-libs-0:0.8.2-4.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [140/140] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/141] fedora-release-identity-basic 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [141/141] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/142] libcurl-0:8.10.1-2.fc42.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [142/142] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/143] libbrotli-0:1.1.0-5.fc41.x86_ 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [143/143] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/144] libidn2-0:2.3.7-2.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [144/144] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/145] libnghttp2-0:1.64.0-1.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [145/145] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/146] libpsl-0:0.21.5-4.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [146/146] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/147] libssh-0:0.11.1-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [147/147] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/148] openldap-0:2.6.8-5.fc41.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [148/148] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/149] cyrus-sasl-lib-0:2.1.28-27.fc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [149/149] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/150] libevent-0:2.1.12-14.fc41.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [150/150] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/151] libtool-ltdl-0:2.4.7-12.fc41. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [151/151] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/152] libssh-config-0:0.11.1-1.fc42 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [152/152] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/153] libunistring-0:1.1-8.fc41.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [153/153] Total 100% | 0.0 B/s | 0.0 B | 00m00s [ 1/154] publicsuffix-list-dafsa-0:202 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [154/154] Total 100% | 0.0 B/s | 0.0 B | 00m00s Running transaction [ 1/156] Verify package files 100% | 962.0 B/s | 154.0 B | 00m00s [ 2/156] Prepare transaction 100% | 4.3 KiB/s | 154.0 B | 00m00s [ 3/156] Installing libgcc-0:14.2.1-4. 100% | 269.8 MiB/s | 276.3 KiB | 00m00s [ 4/156] Installing publicsuffix-list- 100% | 0.0 B/s | 68.3 KiB | 00m00s [ 5/156] Installing libssh-config-0:0. 100% | 0.0 B/s | 816.0 B | 00m00s [ 6/156] Installing fedora-release-ide 100% | 0.0 B/s | 976.0 B | 00m00s [ 7/156] Installing fedora-gpg-keys-0: 100% | 56.1 MiB/s | 172.2 KiB | 00m00s [ 8/156] Installing fedora-repos-rawhi 100% | 0.0 B/s | 2.4 KiB | 00m00s [ 9/156] Installing fedora-repos-0:42- 100% | 0.0 B/s | 5.7 KiB | 00m00s [ 10/156] Installing fedora-release-com 100% | 23.2 MiB/s | 23.8 KiB | 00m00s [ 11/156] Installing fedora-release-0:4 100% | 0.0 B/s | 124.0 B | 00m00s [ 12/156] Installing setup-0:2.15.0-5.f 100% | 70.9 MiB/s | 726.1 KiB | 00m00s [ 13/156] Installing filesystem-0:3.18- 100% | 3.7 MiB/s | 212.6 KiB | 00m00s [ 14/156] Installing basesystem-0:11-21 100% | 0.0 B/s | 124.0 B | 00m00s [ 15/156] Installing pcre2-syntax-0:10. 100% | 248.1 MiB/s | 254.1 KiB | 00m00s [ 16/156] Installing coreutils-common-0 100% | 414.5 MiB/s | 11.2 MiB | 00m00s [ 17/156] Installing ncurses-base-0:6.5 100% | 85.9 MiB/s | 351.7 KiB | 00m00s [ 18/156] Installing glibc-minimal-lang 100% | 0.0 B/s | 124.0 B | 00m00s [ 19/156] Installing ncurses-libs-0:6.5 100% | 239.7 MiB/s | 981.8 KiB | 00m00s warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead [ 20/156] Installing glibc-0:2.40.9000- 100% | 275.7 MiB/s | 6.6 MiB | 00m00s [ 21/156] Installing bash-0:5.2.32-2.fc 100% | 430.0 MiB/s | 8.2 MiB | 00m00s [ 22/156] Installing glibc-common-0:2.4 100% | 205.1 MiB/s | 1.0 MiB | 00m00s warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead [ 23/156] Installing glibc-gconv-extra- 100% | 248.4 MiB/s | 7.2 MiB | 00m00s [ 24/156] Installing zlib-ng-compat-0:2 100% | 135.5 MiB/s | 138.8 KiB | 00m00s [ 25/156] Installing xz-libs-1:5.6.3-2. 100% | 214.3 MiB/s | 219.5 KiB | 00m00s [ 26/156] Installing bzip2-libs-0:1.0.8 100% | 0.0 B/s | 81.8 KiB | 00m00s [ 27/156] Installing libuuid-0:2.40.2-8 100% | 0.0 B/s | 42.5 KiB | 00m00s [ 28/156] Installing readline-0:8.2-11. 100% | 483.7 MiB/s | 495.3 KiB | 00m00s [ 29/156] Installing popt-0:1.19-7.fc41 100% | 70.1 MiB/s | 143.5 KiB | 00m00s [ 30/156] Installing libblkid-0:2.40.2- 100% | 257.5 MiB/s | 263.6 KiB | 00m00s [ 31/156] Installing libattr-0:2.5.2-4. 100% | 0.0 B/s | 29.5 KiB | 00m00s [ 32/156] Installing libacl-0:2.3.2-2.f 100% | 0.0 B/s | 40.7 KiB | 00m00s [ 33/156] Installing libxcrypt-0:4.4.36 100% | 263.2 MiB/s | 269.5 KiB | 00m00s [ 34/156] Installing libzstd-0:1.5.6-2. 100% | 389.3 MiB/s | 797.2 KiB | 00m00s [ 35/156] Installing elfutils-libelf-0: 100% | 390.1 MiB/s | 1.2 MiB | 00m00s [ 36/156] Installing gmp-1:6.3.0-2.fc41 100% | 397.3 MiB/s | 813.7 KiB | 00m00s [ 37/156] Installing libstdc++-0:14.2.1 100% | 396.4 MiB/s | 2.8 MiB | 00m00s [ 38/156] Installing libeconf-0:0.7.4-2 100% | 0.0 B/s | 70.0 KiB | 00m00s [ 39/156] Installing gdbm-libs-1:1.23-7 100% | 120.7 MiB/s | 123.6 KiB | 00m00s [ 40/156] Installing mpfr-0:4.2.1-5.fc4 100% | 407.1 MiB/s | 833.7 KiB | 00m00s [ 41/156] Installing gawk-0:5.3.0-4.fc4 100% | 346.4 MiB/s | 1.7 MiB | 00m00s [ 42/156] Installing dwz-0:0.15-8.fc42. 100% | 293.5 MiB/s | 300.6 KiB | 00m00s [ 43/156] Installing unzip-0:6.0-64.fc4 100% | 381.1 MiB/s | 390.3 KiB | 00m00s [ 44/156] Installing file-libs-0:5.45-7 100% | 709.6 MiB/s | 9.9 MiB | 00m00s [ 45/156] Installing file-0:5.45-7.fc41 100% | 20.5 MiB/s | 105.0 KiB | 00m00s [ 46/156] Installing crypto-policies-0: 100% | 39.9 MiB/s | 163.3 KiB | 00m00s [ 47/156] Installing libcap-ng-0:0.8.5- 100% | 0.0 B/s | 71.0 KiB | 00m00s [ 48/156] Installing audit-libs-0:4.0.2 100% | 325.6 MiB/s | 333.4 KiB | 00m00s [ 49/156] Installing pam-libs-0:1.6.1-8 100% | 126.7 MiB/s | 129.7 KiB | 00m00s [ 50/156] Installing libcap-0:2.71-1.fc 100% | 210.8 MiB/s | 215.8 KiB | 00m00s [ 51/156] Installing systemd-libs-0:256 100% | 339.6 MiB/s | 2.0 MiB | 00m00s [ 52/156] Installing libsmartcols-0:2.4 100% | 177.1 MiB/s | 181.4 KiB | 00m00s [ 53/156] Installing libcom_err-0:1.47. 100% | 0.0 B/s | 68.3 KiB | 00m00s [ 54/156] Installing libsepol-0:3.7-3.f 100% | 399.9 MiB/s | 819.0 KiB | 00m00s [ 55/156] Installing pcre2-0:10.44-1.fc 100% | 319.8 MiB/s | 654.9 KiB | 00m00s [ 56/156] Installing libselinux-0:3.7-6 100% | 178.0 MiB/s | 182.3 KiB | 00m00s [ 57/156] Installing sed-0:4.9-3.fc41.x 100% | 283.1 MiB/s | 869.7 KiB | 00m00s [ 58/156] Installing findutils-1:4.10.0 100% | 371.6 MiB/s | 1.9 MiB | 00m00s [ 59/156] Installing grep-0:3.11-9.fc41 100% | 250.8 MiB/s | 1.0 MiB | 00m00s [ 60/156] Installing xz-1:5.6.3-2.fc42. 100% | 309.3 MiB/s | 1.2 MiB | 00m00s [ 61/156] Installing libmount-0:2.40.2- 100% | 348.6 MiB/s | 356.9 KiB | 00m00s [ 62/156] Installing lz4-libs-0:1.10.0- 100% | 0.0 B/s | 146.6 KiB | 00m00s [ 63/156] Installing libffi-0:3.4.6-3.f 100% | 0.0 B/s | 87.8 KiB | 00m00s [ 64/156] Installing alternatives-0:1.3 100% | 0.0 B/s | 67.9 KiB | 00m00s [ 65/156] Installing lua-libs-0:5.4.7-1 100% | 279.5 MiB/s | 286.2 KiB | 00m00s [ 66/156] Installing libtasn1-0:4.19.0- 100% | 173.3 MiB/s | 177.5 KiB | 00m00s [ 67/156] Installing p11-kit-0:0.25.5-4 100% | 277.0 MiB/s | 2.2 MiB | 00m00s [ 68/156] Installing libunistring-0:1.1 100% | 432.7 MiB/s | 1.7 MiB | 00m00s [ 69/156] Installing libidn2-0:2.3.7-2. 100% | 163.6 MiB/s | 335.1 KiB | 00m00s [ 70/156] Installing libpsl-0:0.21.5-4. 100% | 0.0 B/s | 81.7 KiB | 00m00s [ 71/156] Installing p11-kit-trust-0:0. 100% | 66.0 MiB/s | 405.5 KiB | 00m00s [ 72/156] Installing openssl-libs-1:3.2 100% | 412.0 MiB/s | 7.8 MiB | 00m00s [ 73/156] Installing coreutils-0:9.5-10 100% | 301.4 MiB/s | 5.7 MiB | 00m00s [ 74/156] Installing ca-certificates-0: 100% | 2.1 MiB/s | 2.4 MiB | 00m01s [ 75/156] Installing gzip-0:1.13-2.fc41 100% | 192.7 MiB/s | 394.6 KiB | 00m00s [ 76/156] Installing authselect-libs-0: 100% | 204.4 MiB/s | 837.2 KiB | 00m00s [ 77/156] Installing cracklib-0:2.9.11- 100% | 81.5 MiB/s | 250.3 KiB | 00m00s [ 78/156] Installing libpwquality-0:1.4 100% | 140.0 MiB/s | 430.1 KiB | 00m00s [ 79/156] Installing rpm-sequoia-0:1.7. 100% | 394.5 MiB/s | 2.4 MiB | 00m00s [ 80/156] Installing libevent-0:2.1.12- 100% | 439.2 MiB/s | 899.5 KiB | 00m00s [ 81/156] Installing zstd-0:1.5.6-2.fc4 100% | 422.9 MiB/s | 1.7 MiB | 00m00s [ 82/156] Installing util-linux-core-0: 100% | 305.6 MiB/s | 1.5 MiB | 00m00s [ 83/156] Installing tar-2:1.35-4.fc41. 100% | 422.6 MiB/s | 3.0 MiB | 00m00s [ 84/156] Installing libsemanage-0:3.7- 100% | 146.4 MiB/s | 299.8 KiB | 00m00s [ 85/156] Installing shadow-utils-2:4.1 100% | 276.3 MiB/s | 4.1 MiB | 00m00s [ 86/156] Installing zip-0:3.0-41.fc41. 100% | 345.2 MiB/s | 707.1 KiB | 00m00s [ 87/156] Installing gdbm-1:1.23-7.fc41 100% | 227.4 MiB/s | 465.8 KiB | 00m00s [ 88/156] Installing cyrus-sasl-lib-0:2 100% | 384.3 MiB/s | 2.3 MiB | 00m00s [ 89/156] Installing libfdisk-0:2.40.2- 100% | 355.5 MiB/s | 364.0 KiB | 00m00s [ 90/156] Installing bzip2-0:1.0.8-19.f 100% | 97.8 MiB/s | 100.2 KiB | 00m00s [ 91/156] Installing libxml2-0:2.12.8-2 100% | 342.4 MiB/s | 1.7 MiB | 00m00s [ 92/156] Installing libarchive-0:3.7.6 100% | 304.9 MiB/s | 936.7 KiB | 00m00s [ 93/156] Installing add-determinism-0: 100% | 405.2 MiB/s | 2.4 MiB | 00m00s [ 94/156] Installing build-reproducibil 100% | 0.0 B/s | 1.0 KiB | 00m00s [ 95/156] Installing sqlite-libs-0:3.46 100% | 358.3 MiB/s | 1.4 MiB | 00m00s [ 96/156] Installing rpm-libs-0:4.20.0- 100% | 355.3 MiB/s | 727.7 KiB | 00m00s [ 97/156] Installing ed-0:1.20.2-2.fc41 100% | 145.7 MiB/s | 149.2 KiB | 00m00s [ 98/156] Installing patch-0:2.7.6-25.f 100% | 261.9 MiB/s | 268.2 KiB | 00m00s [ 99/156] Installing elfutils-default-y 100% | 510.7 KiB/s | 2.0 KiB | 00m00s [100/156] Installing elfutils-libs-0:0. 100% | 330.6 MiB/s | 677.0 KiB | 00m00s [101/156] Installing cpio-0:2.15-2.fc41 100% | 274.9 MiB/s | 1.1 MiB | 00m00s [102/156] Installing diffutils-0:3.10-8 100% | 318.1 MiB/s | 1.6 MiB | 00m00s [103/156] Installing libpkgconf-0:2.3.0 100% | 0.0 B/s | 79.3 KiB | 00m00s [104/156] Installing pkgconf-0:2.3.0-1. 100% | 89.0 MiB/s | 91.1 KiB | 00m00s [105/156] Installing keyutils-libs-0:1. 100% | 0.0 B/s | 55.8 KiB | 00m00s [106/156] Installing libverto-0:0.3.2-9 100% | 0.0 B/s | 31.3 KiB | 00m00s [107/156] Installing krb5-libs-0:1.21.3 100% | 383.2 MiB/s | 2.3 MiB | 00m00s [108/156] Installing libtirpc-0:1.3.6-0 100% | 200.0 MiB/s | 204.8 KiB | 00m00s [109/156] Installing libnsl2-0:2.0.1-2. 100% | 57.7 MiB/s | 59.1 KiB | 00m00s [110/156] Installing pam-0:1.6.1-8.fc42 100% | 167.9 MiB/s | 1.7 MiB | 00m00s [111/156] Installing libssh-0:0.11.1-1. 100% | 279.2 MiB/s | 571.7 KiB | 00m00s [112/156] Installing jansson-0:2.14-1.f 100% | 92.3 MiB/s | 94.5 KiB | 00m00s [113/156] Installing libgomp-0:14.2.1-4 100% | 256.4 MiB/s | 525.2 KiB | 00m00s [114/156] Installing rpm-build-libs-0:4 100% | 202.6 MiB/s | 207.5 KiB | 00m00s [115/156] Installing json-c-0:0.17-4.fc 100% | 81.7 MiB/s | 83.6 KiB | 00m00s [116/156] Installing xxhash-libs-0:0.8. 100% | 0.0 B/s | 89.8 KiB | 00m00s [117/156] Installing libbrotli-0:1.1.0- 100% | 410.1 MiB/s | 839.9 KiB | 00m00s [118/156] Installing libnghttp2-0:1.64. 100% | 171.5 MiB/s | 175.6 KiB | 00m00s [119/156] Installing libtool-ltdl-0:2.4 100% | 0.0 B/s | 67.3 KiB | 00m00s [120/156] Installing openldap-0:2.6.8-5 100% | 316.4 MiB/s | 648.0 KiB | 00m00s [121/156] Installing libcurl-0:8.10.1-2 100% | 409.9 MiB/s | 839.5 KiB | 00m00s [122/156] Installing elfutils-debuginfo 100% | 76.4 MiB/s | 78.2 KiB | 00m00s [123/156] Installing binutils-0:2.43.50 100% | 425.0 MiB/s | 27.6 MiB | 00m00s [124/156] Installing elfutils-0:0.192-3 100% | 380.8 MiB/s | 2.7 MiB | 00m00s [125/156] Installing gdb-minimal-0:15.2 100% | 433.2 MiB/s | 13.0 MiB | 00m00s [126/156] Installing debugedit-0:5.0-18 100% | 197.3 MiB/s | 202.0 KiB | 00m00s [127/156] Installing curl-0:8.10.1-2.fc 100% | 49.5 MiB/s | 455.8 KiB | 00m00s [128/156] Installing rpm-0:4.20.0-1.fc4 100% | 192.8 MiB/s | 2.5 MiB | 00m00s [129/156] Installing efi-srpm-macros-0: 100% | 0.0 B/s | 41.2 KiB | 00m00s [130/156] Installing lua-srpm-macros-0: 100% | 0.0 B/s | 1.9 KiB | 00m00s [131/156] Installing zig-srpm-macros-0: 100% | 0.0 B/s | 1.7 KiB | 00m00s [132/156] Installing pkgconf-m4-0:2.3.0 100% | 0.0 B/s | 14.8 KiB | 00m00s [133/156] Installing pkgconf-pkg-config 100% | 0.0 B/s | 1.8 KiB | 00m00s [134/156] Installing rust-srpm-macros-0 100% | 0.0 B/s | 5.6 KiB | 00m00s [135/156] Installing qt6-srpm-macros-0: 100% | 0.0 B/s | 732.0 B | 00m00s [136/156] Installing qt5-srpm-macros-0: 100% | 0.0 B/s | 776.0 B | 00m00s [137/156] Installing perl-srpm-macros-0 100% | 0.0 B/s | 1.1 KiB | 00m00s [138/156] Installing package-notes-srpm 100% | 0.0 B/s | 2.0 KiB | 00m00s [139/156] Installing openblas-srpm-macr 100% | 0.0 B/s | 392.0 B | 00m00s [140/156] Installing ocaml-srpm-macros- 100% | 0.0 B/s | 2.2 KiB | 00m00s [141/156] Installing kernel-srpm-macros 100% | 0.0 B/s | 2.3 KiB | 00m00s [142/156] Installing gnat-srpm-macros-0 100% | 0.0 B/s | 1.3 KiB | 00m00s [143/156] Installing ghc-srpm-macros-0: 100% | 0.0 B/s | 1.0 KiB | 00m00s [144/156] Installing fpc-srpm-macros-0: 100% | 0.0 B/s | 420.0 B | 00m00s [145/156] Installing ansible-srpm-macro 100% | 0.0 B/s | 36.2 KiB | 00m00s [146/156] Installing fonts-srpm-macros- 100% | 0.0 B/s | 57.0 KiB | 00m00s [147/156] Installing forge-srpm-macros- 100% | 0.0 B/s | 40.3 KiB | 00m00s [148/156] Installing go-srpm-macros-0:3 100% | 0.0 B/s | 62.0 KiB | 00m00s [149/156] Installing python-srpm-macros 100% | 0.0 B/s | 52.2 KiB | 00m00s [150/156] Installing redhat-rpm-config- 100% | 188.7 MiB/s | 193.2 KiB | 00m00s [151/156] Installing rpm-build-0:4.20.0 100% | 99.1 MiB/s | 202.9 KiB | 00m00s [152/156] Installing pyproject-srpm-mac 100% | 2.4 MiB/s | 2.5 KiB | 00m00s [153/156] Installing util-linux-0:2.40. 100% | 206.4 MiB/s | 3.7 MiB | 00m00s [154/156] Installing authselect-0:1.5.0 100% | 158.1 MiB/s | 161.9 KiB | 00m00s [155/156] Installing which-0:2.21-42.fc 100% | 80.5 MiB/s | 82.4 KiB | 00m00s warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead [156/156] Installing info-0:7.1.1-2.fc4 100% | 246.8 KiB/s | 362.2 KiB | 00m01s Warning: skipped PGP checks for 154 packages from repository: http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch Complete! Finish: installing minimal buildroot with dnf5 Start: creating root cache Finish: creating root cache Finish: chroot init INFO: Installed packages: INFO: add-determinism-0.4.3-1.fc42.x86_64 alternatives-1.30-1.fc41.x86_64 ansible-srpm-macros-1-16.fc41.noarch audit-libs-4.0.2-1.fc41.x86_64 authselect-1.5.0-8.fc42.x86_64 authselect-libs-1.5.0-8.fc42.x86_64 basesystem-11-21.fc41.noarch bash-5.2.32-2.fc42.x86_64 binutils-2.43.50-5.fc42.x86_64 build-reproducibility-srpm-macros-0.4.3-1.fc42.noarch bzip2-1.0.8-19.fc41.x86_64 bzip2-libs-1.0.8-19.fc41.x86_64 ca-certificates-2024.2.69_v8.0.401-2.fc42.noarch coreutils-9.5-10.fc42.x86_64 coreutils-common-9.5-10.fc42.x86_64 cpio-2.15-2.fc41.x86_64 cracklib-2.9.11-6.fc41.x86_64 crypto-policies-20241018-1.gitce922cb.fc42.noarch curl-8.10.1-2.fc42.x86_64 cyrus-sasl-lib-2.1.28-27.fc41.x86_64 debugedit-5.0-18.fc42.x86_64 diffutils-3.10-8.fc41.x86_64 dwz-0.15-8.fc42.x86_64 ed-1.20.2-2.fc41.x86_64 efi-srpm-macros-5-12.fc41.noarch elfutils-0.192-3.fc42.x86_64 elfutils-debuginfod-client-0.192-3.fc42.x86_64 elfutils-default-yama-scope-0.192-3.fc42.noarch elfutils-libelf-0.192-3.fc42.x86_64 elfutils-libs-0.192-3.fc42.x86_64 fedora-gpg-keys-42-0.3.noarch fedora-release-42-0.6.noarch fedora-release-common-42-0.6.noarch fedora-release-identity-basic-42-0.6.noarch fedora-repos-42-0.3.noarch fedora-repos-rawhide-42-0.3.noarch file-5.45-7.fc41.x86_64 file-libs-5.45-7.fc41.x86_64 filesystem-3.18-29.fc42.x86_64 findutils-4.10.0-4.fc41.x86_64 fonts-srpm-macros-2.0.5-17.fc41.noarch forge-srpm-macros-0.4.0-1.fc42.noarch fpc-srpm-macros-1.3-13.fc41.noarch gawk-5.3.0-4.fc41.x86_64 gdb-minimal-15.2-1.fc42.x86_64 gdbm-1.23-7.fc41.x86_64 gdbm-libs-1.23-7.fc41.x86_64 ghc-srpm-macros-1.9.2-1.fc42.noarch glibc-2.40.9000-14.fc42.x86_64 glibc-common-2.40.9000-14.fc42.x86_64 glibc-gconv-extra-2.40.9000-14.fc42.x86_64 glibc-minimal-langpack-2.40.9000-14.fc42.x86_64 gmp-6.3.0-2.fc41.x86_64 gnat-srpm-macros-6-6.fc41.noarch go-srpm-macros-3.6.0-3.fc41.noarch grep-3.11-9.fc41.x86_64 gzip-1.13-2.fc41.x86_64 info-7.1.1-2.fc42.x86_64 jansson-2.14-1.fc42.x86_64 json-c-0.17-4.fc41.x86_64 kernel-srpm-macros-1.0-24.fc41.noarch keyutils-libs-1.6.3-4.fc41.x86_64 krb5-libs-1.21.3-2.fc41.x86_64 libacl-2.3.2-2.fc41.x86_64 libarchive-3.7.6-1.fc42.x86_64 libattr-2.5.2-4.fc41.x86_64 libblkid-2.40.2-8.fc42.x86_64 libbrotli-1.1.0-5.fc41.x86_64 libcap-2.71-1.fc42.x86_64 libcap-ng-0.8.5-3.fc41.x86_64 libcom_err-1.47.1-6.fc42.x86_64 libcurl-8.10.1-2.fc42.x86_64 libeconf-0.7.4-2.fc42.x86_64 libevent-2.1.12-14.fc41.x86_64 libfdisk-2.40.2-8.fc42.x86_64 libffi-3.4.6-3.fc42.x86_64 libgcc-14.2.1-4.fc42.x86_64 libgomp-14.2.1-4.fc42.x86_64 libidn2-2.3.7-2.fc41.x86_64 libmount-2.40.2-8.fc42.x86_64 libnghttp2-1.64.0-1.fc42.x86_64 libnsl2-2.0.1-2.fc41.x86_64 libpkgconf-2.3.0-1.fc42.x86_64 libpsl-0.21.5-4.fc41.x86_64 libpwquality-1.4.5-11.fc41.x86_64 libselinux-3.7-6.fc42.x86_64 libsemanage-3.7-3.fc42.x86_64 libsepol-3.7-3.fc42.x86_64 libsmartcols-2.40.2-8.fc42.x86_64 libssh-0.11.1-1.fc42.x86_64 libssh-config-0.11.1-1.fc42.noarch libstdc++-14.2.1-4.fc42.x86_64 libtasn1-4.19.0-9.fc41.x86_64 libtirpc-1.3.6-0.fc42.x86_64 libtool-ltdl-2.4.7-12.fc41.x86_64 libunistring-1.1-8.fc41.x86_64 libuuid-2.40.2-8.fc42.x86_64 libverto-0.3.2-9.fc41.x86_64 libxcrypt-4.4.36-7.fc41.x86_64 libxml2-2.12.8-2.fc41.x86_64 libzstd-1.5.6-2.fc41.x86_64 lua-libs-5.4.7-1.fc42.x86_64 lua-srpm-macros-1-14.fc41.noarch lz4-libs-1.10.0-1.fc41.x86_64 mpfr-4.2.1-5.fc41.x86_64 ncurses-base-6.5-2.20240629.fc41.noarch ncurses-libs-6.5-2.20240629.fc41.x86_64 ocaml-srpm-macros-10-3.fc41.noarch openblas-srpm-macros-2-18.fc41.noarch openldap-2.6.8-5.fc41.x86_64 openssl-libs-3.2.2-8.fc42.x86_64 p11-kit-0.25.5-4.fc42.x86_64 p11-kit-trust-0.25.5-4.fc42.x86_64 package-notes-srpm-macros-0.5-12.fc41.noarch pam-1.6.1-8.fc42.x86_64 pam-libs-1.6.1-8.fc42.x86_64 patch-2.7.6-25.fc41.x86_64 pcre2-10.44-1.fc41.1.x86_64 pcre2-syntax-10.44-1.fc41.1.noarch perl-srpm-macros-1-56.fc41.noarch pkgconf-2.3.0-1.fc42.x86_64 pkgconf-m4-2.3.0-1.fc42.noarch pkgconf-pkg-config-2.3.0-1.fc42.x86_64 popt-1.19-7.fc41.x86_64 publicsuffix-list-dafsa-20240107-4.fc41.noarch pyproject-srpm-macros-1.15.1-1.fc42.noarch python-srpm-macros-3.13-3.fc41.noarch qt5-srpm-macros-5.15.15-1.fc42.noarch qt6-srpm-macros-6.8.0-1.fc42.noarch readline-8.2-11.fc42.x86_64 redhat-rpm-config-296-1.fc42.noarch rpm-4.20.0-1.fc42.x86_64 rpm-build-4.20.0-1.fc42.x86_64 rpm-build-libs-4.20.0-1.fc42.x86_64 rpm-libs-4.20.0-1.fc42.x86_64 rpm-sequoia-1.7.0-2.fc41.x86_64 rust-srpm-macros-26.3-3.fc42.noarch sed-4.9-3.fc41.x86_64 setup-2.15.0-5.fc41.noarch shadow-utils-4.16.0-6.fc42.x86_64 sqlite-libs-3.46.1-1.fc42.x86_64 systemd-libs-256.7-1.fc42.x86_64 tar-1.35-4.fc41.x86_64 unzip-6.0-64.fc41.x86_64 util-linux-2.40.2-8.fc42.x86_64 util-linux-core-2.40.2-8.fc42.x86_64 which-2.21-42.fc41.x86_64 xxhash-libs-0.8.2-4.fc42.x86_64 xz-5.6.3-2.fc42.x86_64 xz-libs-5.6.3-2.fc42.x86_64 zig-srpm-macros-1-3.fc41.noarch zip-3.0-41.fc41.x86_64 zlib-ng-compat-2.1.7-3.fc42.x86_64 zstd-1.5.6-2.fc41.x86_64 Start: buildsrpm Start: rpmbuild -bs Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1721347200 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.src.rpm Finish: rpmbuild -bs INFO: chroot_scan: 1 files copied to /var/lib/copr-rpmbuild/results/chroot_scan INFO: /var/lib/mock/fedora-rawhide-x86_64-1730198127.190043/root/var/log/dnf5.log Finish: buildsrpm INFO: Done(/var/lib/copr-rpmbuild/workspace/workdir-hmmrgi5w/python-pysaml2/python-pysaml2.spec) Config(child) 0 minutes 11 seconds INFO: Results and/or logs in: /var/lib/copr-rpmbuild/results INFO: Cleaning up build root ('cleanup_on_success=True') Start: clean chroot INFO: unmounting tmpfs. Finish: clean chroot INFO: Start(/var/lib/copr-rpmbuild/results/python-pysaml2-7.4.2-6.fc42.src.rpm) Config(fedora-rawhide-x86_64) Start(bootstrap): chroot init INFO: mounting tmpfs at /var/lib/mock/fedora-rawhide-x86_64-bootstrap-1730198127.190043/root. INFO: reusing tmpfs at /var/lib/mock/fedora-rawhide-x86_64-bootstrap-1730198127.190043/root. INFO: calling preinit hooks INFO: enabled root cache INFO: enabled package manager cache Start(bootstrap): cleaning package manager metadata Finish(bootstrap): cleaning package manager metadata Finish(bootstrap): chroot init Start: chroot init INFO: mounting tmpfs at /var/lib/mock/fedora-rawhide-x86_64-1730198127.190043/root. INFO: calling preinit hooks INFO: enabled root cache Start: unpacking root cache Finish: unpacking root cache INFO: enabled package manager cache Start: cleaning package manager metadata Finish: cleaning package manager metadata INFO: enabled HW Info plugin INFO: Buildroot is handled by package management downloaded with a bootstrap image: rpm-4.20.0-1.fc42.x86_64 rpm-sequoia-1.7.0-2.fc41.x86_64 dnf5-5.2.6.2-1.fc42.x86_64 dnf5-plugins-5.2.6.2-1.fc42.x86_64 Finish: chroot init Start: build phase for python-pysaml2-7.4.2-6.fc42.src.rpm Start: build setup for python-pysaml2-7.4.2-6.fc42.src.rpm Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1721347200 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.src.rpm Updating and loading repositories: fedora 100% | 857.8 KiB/s | 24.9 KiB | 00m00s Additional repo http_kojipkgs_fedorapr 100% | 273.5 KiB/s | 3.8 KiB | 00m00s Copr repository 100% | 89.7 KiB/s | 1.5 KiB | 00m00s Copr repository 100% | 4.9 MiB/s | 95.2 KiB | 00m00s Repositories loaded. Package Arch Version Repository Size Installing: git-core x86_64 2.47.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 22.6 MiB pyproject-rpm-macros noarch 1.15.1-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 109.2 KiB python3-devel x86_64 3.13.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.8 MiB python3-pymongo x86_64 4.2.0-8.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.5 MiB python3-pytest noarch 8.3.3-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 21.0 MiB python3-responses noarch 0.25.3-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 288.6 KiB python3-sphinx noarch 1:7.3.7-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 10.8 MiB xmlsec1 x86_64 1:1.2.39-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 551.3 KiB xmlsec1-openssl x86_64 1:1.2.39-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 277.1 KiB Installing dependencies: expat x86_64 2.6.3-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 291.5 KiB less x86_64 668-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 406.4 KiB libb2 x86_64 0.98.1-12.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 42.2 KiB libcbor x86_64 0.11.0-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 73.9 KiB libedit x86_64 3.1-53.20240808cvs.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 244.1 KiB libfido2 x86_64 1.15.0-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 238.2 KiB libxslt x86_64 1.1.42-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 483.1 KiB libyaml x86_64 0.2.5-15.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 134.4 KiB mpdecimal x86_64 2.5.1-16.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 204.9 KiB openssh x86_64 9.9p1-5.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.4 MiB openssh-clients x86_64 9.9p1-5.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.7 MiB python-pip-wheel noarch 24.2-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.2 MiB python-rpm-macros noarch 3.13-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 22.1 KiB python3 x86_64 3.13.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 31.8 KiB python3-babel noarch 2.16.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 28.3 MiB python3-bson x86_64 4.2.0-8.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 470.1 KiB python3-charset-normalizer noarch 3.4.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 319.9 KiB python3-docutils noarch 0.21.2-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 4.9 MiB python3-idna noarch 3.9-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 639.8 KiB python3-imagesize noarch 1.4.1-9.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 35.3 KiB python3-iniconfig noarch 1.1.1-23.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 20.6 KiB python3-jinja2 noarch 3.1.4-5.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.9 MiB python3-libs x86_64 3.13.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 40.4 MiB python3-markupsafe x86_64 2.1.5-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 57.5 KiB python3-packaging noarch 24.1-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 422.3 KiB python3-pluggy noarch 1.5.0-1.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 193.2 KiB python3-pygments noarch 2.18.0-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 10.6 MiB python3-pyyaml x86_64 6.0.1-18.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 791.1 KiB python3-requests noarch 2.32.3-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 485.9 KiB python3-rpm-generators noarch 14-11.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 81.7 KiB python3-rpm-macros noarch 3.13-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 6.4 KiB python3-snowballstemmer noarch 2.2.0-13.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.7 MiB python3-sphinx-theme-alabaster noarch 0.7.16-6.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 41.9 KiB python3-urllib3 noarch 2.2.3-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.0 MiB tzdata noarch 2024a-9.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.7 MiB Transaction Summary: Installing: 44 packages Total size of inbound packages is 35 MiB. Need to download 21 MiB. After this operation, 162 MiB extra will be used (install 162 MiB, remove 0 B). [1/2] pyproject-rpm-macros-0:1.15.1-1.f 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [2/3] python3-devel-0:3.13.0-1.fc42.x86 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [3/9] python3-pytest-0:8.3.3-2.fc42.noa 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 4/11] python3-0:3.13.0-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 5/16] python3-packaging-0:24.1-2.fc41 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 6/21] python3-pyyaml-0:6.0.1-18.fc41. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 7/25] libyaml-0:0.2.5-15.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 8/26] python3-iniconfig-0:1.1.1-23.fc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [ 9/27] python3-pluggy-0:1.5.0-1.fc41.n 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [10/30] python3-libs-0:3.13.0-1.fc42.x8 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [11/31] python-rpm-macros-0:3.13-3.fc41 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [12/32] python3-rpm-macros-0:3.13-3.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [13/33] expat-0:2.6.3-1.fc42.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [14/37] libb2-0:0.98.1-12.fc41.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [15/38] mpdecimal-0:2.5.1-16.fc41.x86_6 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [16/39] python-pip-wheel-0:24.2-2.fc42. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [17/40] tzdata-0:2024a-9.fc41.noarch 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [18/44] python3-rpm-generators-0:14-11. 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded [19/44] python3-responses-0:0.25.3-2.fc 100% | 3.3 MiB/s | 68.2 KiB | 00m00s [20/44] python3-sphinx-1:7.3.7-2.fc41.n 100% | 155.8 MiB/s | 2.5 MiB | 00m00s [21/44] xmlsec1-1:1.2.39-4.fc41.x86_64 100% | 25.8 MiB/s | 185.1 KiB | 00m00s [22/44] xmlsec1-openssl-1:1.2.39-4.fc41 100% | 14.9 MiB/s | 91.3 KiB | 00m00s [23/44] libxslt-0:1.1.42-2.fc41.x86_64 100% | 36.9 MiB/s | 189.1 KiB | 00m00s [24/44] python3-pymongo-0:4.2.0-8.fc41. 100% | 6.3 MiB/s | 494.2 KiB | 00m00s [25/44] python3-babel-0:2.16.0-1.fc42.n 100% | 176.2 MiB/s | 6.3 MiB | 00m00s [26/44] git-core-0:2.47.0-1.fc42.x86_64 100% | 47.1 MiB/s | 4.9 MiB | 00m00s [27/44] python3-imagesize-0:1.4.1-9.fc4 100% | 2.7 MiB/s | 22.2 KiB | 00m00s [28/44] python3-jinja2-0:3.1.4-5.fc41.n 100% | 76.7 MiB/s | 471.3 KiB | 00m00s [29/44] python3-docutils-0:0.21.2-1.fc4 100% | 28.2 MiB/s | 1.0 MiB | 00m00s [30/44] python3-requests-0:2.32.3-3.fc4 100% | 29.1 MiB/s | 149.0 KiB | 00m00s [31/44] python3-pygments-0:2.18.0-2.fc4 100% | 131.6 MiB/s | 2.4 MiB | 00m00s [32/44] python3-snowballstemmer-0:2.2.0 100% | 26.2 MiB/s | 241.6 KiB | 00m00s [33/44] python3-sphinx-theme-alabaster- 100% | 3.9 MiB/s | 24.3 KiB | 00m00s [34/44] python3-charset-normalizer-0:3. 100% | 24.7 MiB/s | 101.4 KiB | 00m00s [35/44] python3-idna-0:3.9-1.fc42.noarc 100% | 27.5 MiB/s | 112.5 KiB | 00m00s [36/44] python3-urllib3-0:2.2.3-3.fc42. 100% | 36.1 MiB/s | 259.0 KiB | 00m00s [37/44] python3-markupsafe-0:2.1.5-3.fc 100% | 7.5 MiB/s | 30.8 KiB | 00m00s [38/44] python3-bson-0:4.2.0-8.fc41.x86 100% | 14.7 MiB/s | 135.1 KiB | 00m00s [39/44] less-0:668-1.fc42.x86_64 100% | 30.8 MiB/s | 189.4 KiB | 00m00s [40/44] openssh-clients-0:9.9p1-5.fc42. 100% | 105.7 MiB/s | 757.4 KiB | 00m00s [41/44] libedit-0:3.1-53.20240808cvs.fc 100% | 25.8 MiB/s | 105.6 KiB | 00m00s [42/44] libfido2-0:1.15.0-2.fc41.x86_64 100% | 24.0 MiB/s | 98.1 KiB | 00m00s [43/44] openssh-0:9.9p1-5.fc42.x86_64 100% | 48.7 MiB/s | 349.2 KiB | 00m00s [44/44] libcbor-0:0.11.0-2.fc41.x86_64 100% | 6.5 MiB/s | 33.1 KiB | 00m00s -------------------------------------------------------------------------------- [44/44] Total 100% | 130.9 MiB/s | 21.1 MiB | 00m00s Running transaction [ 1/46] Verify package files 100% | 448.0 B/s | 44.0 B | 00m00s [ 2/46] Prepare transaction 100% | 1.0 KiB/s | 44.0 B | 00m00s [ 3/46] Installing python-rpm-macros-0: 100% | 0.0 B/s | 22.8 KiB | 00m00s [ 4/46] Installing python3-rpm-macros-0 100% | 0.0 B/s | 6.7 KiB | 00m00s [ 5/46] Installing expat-0:2.6.3-1.fc42 100% | 286.7 MiB/s | 293.6 KiB | 00m00s [ 6/46] Installing libxslt-0:1.1.42-2.f 100% | 237.4 MiB/s | 486.2 KiB | 00m00s [ 7/46] Installing xmlsec1-1:1.2.39-4.f 100% | 270.2 MiB/s | 553.4 KiB | 00m00s [ 8/46] Installing pyproject-rpm-macros 100% | 0.0 B/s | 111.2 KiB | 00m00s [ 9/46] Installing libcbor-0:0.11.0-2.f 100% | 0.0 B/s | 75.3 KiB | 00m00s [10/46] Installing libfido2-0:1.15.0-2. 100% | 234.1 MiB/s | 239.7 KiB | 00m00s [11/46] Installing libedit-0:3.1-53.202 100% | 80.0 MiB/s | 245.8 KiB | 00m00s [12/46] Installing tzdata-0:2024a-9.fc4 100% | 74.6 MiB/s | 1.9 MiB | 00m00s [13/46] Installing python-pip-wheel-0:2 100% | 620.8 MiB/s | 1.2 MiB | 00m00s [14/46] Installing mpdecimal-0:2.5.1-16 100% | 201.2 MiB/s | 206.0 KiB | 00m00s [15/46] Installing libb2-0:0.98.1-12.fc 100% | 14.1 MiB/s | 43.3 KiB | 00m00s [16/46] Installing python3-libs-0:3.13. 100% | 370.2 MiB/s | 40.7 MiB | 00m00s [17/46] Installing python3-0:3.13.0-1.f 100% | 0.0 B/s | 33.5 KiB | 00m00s [18/46] Installing python3-packaging-0: 100% | 211.5 MiB/s | 433.2 KiB | 00m00s [19/46] Installing python3-idna-0:3.9-1 100% | 315.5 MiB/s | 646.1 KiB | 00m00s [20/46] Installing python3-urllib3-0:2. 100% | 250.4 MiB/s | 1.0 MiB | 00m00s [21/46] Installing python3-rpm-generato 100% | 81.0 MiB/s | 82.9 KiB | 00m00s [22/46] Installing python3-babel-0:2.16 100% | 375.1 MiB/s | 28.5 MiB | 00m00s [23/46] Installing python3-docutils-0:0 100% | 296.9 MiB/s | 5.0 MiB | 00m00s [24/46] Installing python3-imagesize-0: 100% | 18.7 MiB/s | 38.3 KiB | 00m00s [25/46] Installing python3-pygments-0:2 100% | 338.8 MiB/s | 10.8 MiB | 00m00s [26/46] Installing python3-snowballstem 100% | 436.1 MiB/s | 1.7 MiB | 00m00s [27/46] Installing python3-sphinx-theme 100% | 45.3 MiB/s | 46.4 KiB | 00m00s [28/46] Installing python3-charset-norm 100% | 161.0 MiB/s | 329.8 KiB | 00m00s [29/46] Installing python3-requests-0:2 100% | 243.2 MiB/s | 498.0 KiB | 00m00s [30/46] Installing python3-iniconfig-0: 100% | 0.0 B/s | 23.6 KiB | 00m00s [31/46] Installing python3-pluggy-0:1.5 100% | 194.7 MiB/s | 199.4 KiB | 00m00s [32/46] Installing python3-bson-0:4.2.0 100% | 235.2 MiB/s | 481.8 KiB | 00m00s [33/46] Installing python3-markupsafe-0 100% | 60.1 MiB/s | 61.5 KiB | 00m00s [34/46] Installing python3-jinja2-0:3.1 100% | 484.3 MiB/s | 2.9 MiB | 00m00s [35/46] Installing openssh-0:9.9p1-5.fc 100% | 459.8 MiB/s | 1.4 MiB | 00m00s [36/46] Installing openssh-clients-0:9. 100% | 241.7 MiB/s | 2.7 MiB | 00m00s [37/46] Installing less-0:668-1.fc42.x8 100% | 200.0 MiB/s | 409.7 KiB | 00m00s [38/46] Installing libyaml-0:0.2.5-15.f 100% | 132.6 MiB/s | 135.8 KiB | 00m00s [39/46] Installing python3-pyyaml-0:6.0 100% | 262.0 MiB/s | 804.9 KiB | 00m00s [40/46] Installing python3-responses-0: 100% | 285.9 MiB/s | 292.8 KiB | 00m00s [41/46] Installing git-core-0:2.47.0-1. 100% | 471.8 MiB/s | 22.6 MiB | 00m00s [42/46] Installing python3-sphinx-1:7.3 100% | 275.8 MiB/s | 11.0 MiB | 00m00s [43/46] Installing python3-pymongo-0:4. 100% | 322.0 MiB/s | 2.6 MiB | 00m00s [44/46] Installing python3-pytest-0:8.3 100% | 503.4 MiB/s | 21.1 MiB | 00m00s [45/46] Installing python3-devel-0:3.13 100% | 259.1 MiB/s | 1.8 MiB | 00m00s warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead [46/46] Installing xmlsec1-openssl-1:1. 100% | 10.9 MiB/s | 278.1 KiB | 00m00s Warning: skipped PGP checks for 44 packages from repository: http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch Complete! Finish: build setup for python-pysaml2-7.4.2-6.fc42.src.rpm Start: rpmbuild python-pysaml2-7.4.2-6.fc42.src.rpm Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1721347200 Executing(%mkbuilddir): /bin/sh -e /var/tmp/rpm-tmp.UY7xri + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + test -d /builddir/build/BUILD/python-pysaml2-7.4.2-build + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w /builddir/build/BUILD/python-pysaml2-7.4.2-build + /usr/bin/rm -rf /builddir/build/BUILD/python-pysaml2-7.4.2-build + /usr/bin/mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build + /usr/bin/mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/SPECPARTS + RPM_EC=0 ++ jobs -p + exit 0 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.WKHfhz + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + rm -rf pysaml2-7.4.2 + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/pysaml2-7.4.2.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd pysaml2-7.4.2 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + /usr/bin/git init -q + /usr/bin/git config user.name rpm-build + /usr/bin/git config user.email '' + /usr/bin/git config gc.auto 0 + /usr/bin/git add --force . + GIT_COMMITTER_DATE=@1721347200 + GIT_AUTHOR_DATE=@1721347200 + /usr/bin/git commit -q --allow-empty -a --author 'rpm-build ' -m 'python-pysaml2-7.4.2 base' + /usr/bin/git checkout --track -b rpm-build Switched to a new branch 'rpm-build' branch 'rpm-build' set up to track 'master'. + /usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/0001-Remove-utility-from-packaging.patch + /usr/bin/git apply --index --reject - Checking patch pyproject.toml... Applied patch pyproject.toml cleanly. + GIT_COMMITTER_DATE=@1721347200 + GIT_AUTHOR_DATE=@1721347200 + /usr/bin/git commit -q -m 0001-Remove-utility-from-packaging.patch --author 'rpm-build ' + sed -i 's|f"""#!/usr/bin/env python|f"""|' src/saml2/tools/parse_xsd2.py + find src -name '*.py' + read source + head -n1 src/utility/metadata.py + grep -F /usr/bin/env + read source + head -n1 src/utility/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/tool.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/status.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/opfunc.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/interaction.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/check.py + grep -F /usr/bin/env + read source + head -n1 src/saml2test/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/xmlenc/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/xmlenc/__init__.py src/saml2/xmlenc/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/xmlenc/__init__.py + touch --ref=src/saml2/xmlenc/__init__.py.ts src/saml2/xmlenc/__init__.py + rm src/saml2/xmlenc/__init__.py.ts + read source + head -n1 src/saml2/xmldsig/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/xmldsig/__init__.py src/saml2/xmldsig/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/xmldsig/__init__.py + touch --ref=src/saml2/xmldsig/__init__.py.ts src/saml2/xmldsig/__init__.py + rm src/saml2/xmldsig/__init__.py.ts + read source + head -n1 src/saml2/xml/schema/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/xml/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ws/wsutil.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wsutil.py src/saml2/ws/wsutil.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wsutil.py + touch --ref=src/saml2/ws/wsutil.py.ts src/saml2/ws/wsutil.py + rm src/saml2/ws/wsutil.py.ts + read source + head -n1 src/saml2/ws/wstrust.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wstrust.py src/saml2/ws/wstrust.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wstrust.py + touch --ref=src/saml2/ws/wstrust.py.ts src/saml2/ws/wstrust.py + rm src/saml2/ws/wstrust.py.ts + read source + head -n1 src/saml2/ws/wssec.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wssec.py src/saml2/ws/wssec.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wssec.py + touch --ref=src/saml2/ws/wssec.py.ts src/saml2/ws/wssec.py + rm src/saml2/ws/wssec.py.ts + read source + head -n1 src/saml2/ws/wspol.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wspol.py src/saml2/ws/wspol.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wspol.py + touch --ref=src/saml2/ws/wspol.py.ts src/saml2/ws/wspol.py + rm src/saml2/ws/wspol.py.ts + read source + head -n1 src/saml2/ws/wsaddr.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ws/wsaddr.py src/saml2/ws/wsaddr.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ws/wsaddr.py + touch --ref=src/saml2/ws/wsaddr.py.ts src/saml2/ws/wsaddr.py + rm src/saml2/ws/wsaddr.py.ts + read source + head -n1 src/saml2/ws/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/virtual_org.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/version.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/validate.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/userinfo/ldapinfo.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/userinfo/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/tools/parse_xsd2.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/parse_xsd2.py src/saml2/tools/parse_xsd2.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/parse_xsd2.py + touch --ref=src/saml2/tools/parse_xsd2.py.ts src/saml2/tools/parse_xsd2.py + rm src/saml2/tools/parse_xsd2.py.ts + read source + head -n1 src/saml2/tools/verify_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/verify_metadata.py src/saml2/tools/verify_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/verify_metadata.py + touch --ref=src/saml2/tools/verify_metadata.py.ts src/saml2/tools/verify_metadata.py + rm src/saml2/tools/verify_metadata.py.ts + read source + head -n1 src/saml2/tools/sync_attrmaps.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/sync_attrmaps.py src/saml2/tools/sync_attrmaps.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/sync_attrmaps.py + touch --ref=src/saml2/tools/sync_attrmaps.py.ts src/saml2/tools/sync_attrmaps.py + rm src/saml2/tools/sync_attrmaps.py.ts + read source + head -n1 src/saml2/tools/merge_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/merge_metadata.py src/saml2/tools/merge_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/merge_metadata.py + touch --ref=src/saml2/tools/merge_metadata.py.ts src/saml2/tools/merge_metadata.py + rm src/saml2/tools/merge_metadata.py.ts + read source + head -n1 src/saml2/tools/mdimport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdimport.py src/saml2/tools/mdimport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdimport.py + touch --ref=src/saml2/tools/mdimport.py.ts src/saml2/tools/mdimport.py + rm src/saml2/tools/mdimport.py.ts + read source + head -n1 src/saml2/tools/mdexport_test.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdexport_test.py src/saml2/tools/mdexport_test.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdexport_test.py + touch --ref=src/saml2/tools/mdexport_test.py.ts src/saml2/tools/mdexport_test.py + rm src/saml2/tools/mdexport_test.py.ts + read source + head -n1 src/saml2/tools/mdexport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/mdexport.py src/saml2/tools/mdexport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/mdexport.py + touch --ref=src/saml2/tools/mdexport.py.ts src/saml2/tools/mdexport.py + rm src/saml2/tools/mdexport.py.ts + read source + head -n1 src/saml2/tools/make_metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/tools/make_metadata.py src/saml2/tools/make_metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/tools/make_metadata.py + touch --ref=src/saml2/tools/make_metadata.py.ts src/saml2/tools/make_metadata.py + rm src/saml2/tools/make_metadata.py.ts + read source + head -n1 src/saml2/time_util.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/time_util.py src/saml2/time_util.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/time_util.py + touch --ref=src/saml2/time_util.py.ts src/saml2/time_util.py + rm src/saml2/time_util.py.ts + read source + head -n1 src/saml2/soap.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/soap.py src/saml2/soap.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/soap.py + touch --ref=src/saml2/soap.py.ts src/saml2/soap.py + rm src/saml2/soap.py.ts + read source + head -n1 src/saml2/sigver.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/server.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/server.py src/saml2/server.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/server.py + touch --ref=src/saml2/server.py.ts src/saml2/server.py + rm src/saml2/server.py.ts + read source + head -n1 src/saml2/sdb.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/schema/wsdl.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/wsdl.py src/saml2/schema/wsdl.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py.ts src/saml2/schema/wsdl.py + rm src/saml2/schema/wsdl.py.ts + read source + head -n1 src/saml2/schema/soapenv.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/soapenv.py src/saml2/schema/soapenv.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/soapenv.py + touch --ref=src/saml2/schema/soapenv.py.ts src/saml2/schema/soapenv.py + rm src/saml2/schema/soapenv.py.ts + read source + head -n1 src/saml2/schema/soap.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/schema/soap.py src/saml2/schema/soap.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/schema/soap.py + touch --ref=src/saml2/schema/soap.py.ts src/saml2/schema/soap.py + rm src/saml2/schema/soap.py.ts + read source + head -n1 src/saml2/schema/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/samlp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/samlp.py src/saml2/samlp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/samlp.py + touch --ref=src/saml2/samlp.py.ts src/saml2/samlp.py + rm src/saml2/samlp.py.ts + read source + head -n1 src/saml2/saml.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/saml.py src/saml2/saml.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/saml.py + touch --ref=src/saml2/saml.py.ts src/saml2/saml.py + rm src/saml2/saml.py.ts + read source + head -n1 src/saml2/s_utils.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/s_utils.py src/saml2/s_utils.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/s_utils.py + touch --ref=src/saml2/s_utils.py.ts src/saml2/s_utils.py + rm src/saml2/s_utils.py.ts + read source + head -n1 src/saml2/s2repoze/plugins/sp.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/ini.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/formswithhidden.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/entitlement.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/s2repoze/plugins/entitlement.py src/saml2/s2repoze/plugins/entitlement.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/s2repoze/plugins/entitlement.py + touch --ref=src/saml2/s2repoze/plugins/entitlement.py.ts src/saml2/s2repoze/plugins/entitlement.py + rm src/saml2/s2repoze/plugins/entitlement.py.ts + read source + head -n1 src/saml2/s2repoze/plugins/challenge_decider.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/plugins/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/s2repoze/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/response.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/response.py src/saml2/response.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/response.py + touch --ref=src/saml2/response.py.ts src/saml2/response.py + rm src/saml2/response.py.ts + read source + head -n1 src/saml2/request.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/profile/samlec.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/profile/paos.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/profile/paos.py src/saml2/profile/paos.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/profile/paos.py + touch --ref=src/saml2/profile/paos.py.ts src/saml2/profile/paos.py + rm src/saml2/profile/paos.py.ts + read source + head -n1 src/saml2/profile/ecp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/profile/ecp.py src/saml2/profile/ecp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/profile/ecp.py + touch --ref=src/saml2/profile/ecp.py.ts src/saml2/profile/ecp.py + rm src/saml2/profile/ecp.py.ts + read source + head -n1 src/saml2/profile/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/population.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/pack.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/mongo_store.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/metadata.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/metadata.py src/saml2/metadata.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/metadata.py + touch --ref=src/saml2/metadata.py.ts src/saml2/metadata.py + rm src/saml2/metadata.py.ts + read source + head -n1 src/saml2/mdstore.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/mdie.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mdie.py src/saml2/mdie.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mdie.py + touch --ref=src/saml2/mdie.py.ts src/saml2/mdie.py + rm src/saml2/mdie.py.ts + read source + head -n1 src/saml2/mdbcache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mdbcache.py src/saml2/mdbcache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mdbcache.py + touch --ref=src/saml2/mdbcache.py.ts src/saml2/mdbcache.py + rm src/saml2/mdbcache.py.ts + read source + head -n1 src/saml2/md.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/md.py src/saml2/md.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/md.py + touch --ref=src/saml2/md.py.ts src/saml2/md.py + rm src/saml2/md.py.ts + read source + head -n1 src/saml2/mcache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/mcache.py src/saml2/mcache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/mcache.py + touch --ref=src/saml2/mcache.py.ts src/saml2/mcache.py + rm src/saml2/mcache.py.ts + read source + head -n1 src/saml2/ident.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/httputil.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/httpbase.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/filter.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/extension/sp_type.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/sp_type.py src/saml2/extension/sp_type.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/sp_type.py + touch --ref=src/saml2/extension/sp_type.py.ts src/saml2/extension/sp_type.py + rm src/saml2/extension/sp_type.py.ts + read source + head -n1 src/saml2/extension/shibmd.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/shibmd.py src/saml2/extension/shibmd.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/shibmd.py + touch --ref=src/saml2/extension/shibmd.py.ts src/saml2/extension/shibmd.py + rm src/saml2/extension/shibmd.py.ts + read source + head -n1 src/saml2/extension/requested_attributes.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/requested_attributes.py src/saml2/extension/requested_attributes.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/requested_attributes.py + touch --ref=src/saml2/extension/requested_attributes.py.ts src/saml2/extension/requested_attributes.py + rm src/saml2/extension/requested_attributes.py.ts + read source + head -n1 src/saml2/extension/reqinit.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/reqinit.py src/saml2/extension/reqinit.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/reqinit.py + touch --ref=src/saml2/extension/reqinit.py.ts src/saml2/extension/reqinit.py + rm src/saml2/extension/reqinit.py.ts + read source + head -n1 src/saml2/extension/pefim.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/pefim.py src/saml2/extension/pefim.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/pefim.py + touch --ref=src/saml2/extension/pefim.py.ts src/saml2/extension/pefim.py + rm src/saml2/extension/pefim.py.ts + read source + head -n1 src/saml2/extension/mdui.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdui.py src/saml2/extension/mdui.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdui.py + touch --ref=src/saml2/extension/mdui.py.ts src/saml2/extension/mdui.py + rm src/saml2/extension/mdui.py.ts + read source + head -n1 src/saml2/extension/mdrpi.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdrpi.py src/saml2/extension/mdrpi.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdrpi.py + touch --ref=src/saml2/extension/mdrpi.py.ts src/saml2/extension/mdrpi.py + rm src/saml2/extension/mdrpi.py.ts + read source + head -n1 src/saml2/extension/mdattr.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/mdattr.py src/saml2/extension/mdattr.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/mdattr.py + touch --ref=src/saml2/extension/mdattr.py.ts src/saml2/extension/mdattr.py + rm src/saml2/extension/mdattr.py.ts + read source + head -n1 src/saml2/extension/idpdisc.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/idpdisc.py src/saml2/extension/idpdisc.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/idpdisc.py + touch --ref=src/saml2/extension/idpdisc.py.ts src/saml2/extension/idpdisc.py + rm src/saml2/extension/idpdisc.py.ts + read source + head -n1 src/saml2/extension/dri.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/dri.py src/saml2/extension/dri.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/dri.py + touch --ref=src/saml2/extension/dri.py.ts src/saml2/extension/dri.py + rm src/saml2/extension/dri.py.ts + read source + head -n1 src/saml2/extension/algsupport.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/extension/algsupport.py src/saml2/extension/algsupport.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/extension/algsupport.py + touch --ref=src/saml2/extension/algsupport.py.ts src/saml2/extension/algsupport.py + rm src/saml2/extension/algsupport.py.ts + read source + head -n1 src/saml2/extension/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/eptid.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/swamid.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/refeds.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/incommon.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/edugain.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/at_egov_pvp2.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity_category/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/entity.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/ecp_client.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ecp_client.py src/saml2/ecp_client.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ecp_client.py + touch --ref=src/saml2/ecp_client.py.ts src/saml2/ecp_client.py + rm src/saml2/ecp_client.py.ts + read source + head -n1 src/saml2/ecp.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/ecp.py src/saml2/ecp.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/ecp.py + touch --ref=src/saml2/ecp.py.ts src/saml2/ecp.py + rm src/saml2/ecp.py.ts + read source + head -n1 src/saml2/discovery.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/templates/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/schemas/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/data/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/symmetric.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/pki.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/errors.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/asymmetric.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cryptography/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/country_codes.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/country_codes.py src/saml2/country_codes.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/country_codes.py + touch --ref=src/saml2/country_codes.py.ts src/saml2/country_codes.py + rm src/saml2/country_codes.py.ts + read source + head -n1 src/saml2/config.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/client_base.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/client_base.py src/saml2/client_base.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/client_base.py + touch --ref=src/saml2/client_base.py.ts src/saml2/client_base.py + rm src/saml2/client_base.py.ts + read source + head -n1 src/saml2/client.py + grep -F /usr/bin/env # !/usr/bin/env python + touch --ref=src/saml2/client.py src/saml2/client.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/client.py + touch --ref=src/saml2/client.py.ts src/saml2/client.py + rm src/saml2/client.py.ts + read source + head -n1 src/saml2/cert.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/cache.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/cache.py src/saml2/cache.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/cache.py + touch --ref=src/saml2/cache.py.ts src/saml2/cache.py + rm src/saml2/cache.py.ts + read source + head -n1 src/saml2/authn_context/timesync.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/timesync.py src/saml2/authn_context/timesync.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/timesync.py + touch --ref=src/saml2/authn_context/timesync.py.ts src/saml2/authn_context/timesync.py + rm src/saml2/authn_context/timesync.py.ts + read source + head -n1 src/saml2/authn_context/sslcert.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/sslcert.py src/saml2/authn_context/sslcert.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/sslcert.py + touch --ref=src/saml2/authn_context/sslcert.py.ts src/saml2/authn_context/sslcert.py + rm src/saml2/authn_context/sslcert.py.ts + read source + head -n1 src/saml2/authn_context/pword.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/pword.py src/saml2/authn_context/pword.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/pword.py + touch --ref=src/saml2/authn_context/pword.py.ts src/saml2/authn_context/pword.py + rm src/saml2/authn_context/pword.py.ts + read source + head -n1 src/saml2/authn_context/ppt.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/ppt.py src/saml2/authn_context/ppt.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/ppt.py + touch --ref=src/saml2/authn_context/ppt.py.ts src/saml2/authn_context/ppt.py + rm src/saml2/authn_context/ppt.py.ts + read source + head -n1 src/saml2/authn_context/mobiletwofactor.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/mobiletwofactor.py src/saml2/authn_context/mobiletwofactor.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/mobiletwofactor.py + touch --ref=src/saml2/authn_context/mobiletwofactor.py.ts src/saml2/authn_context/mobiletwofactor.py + rm src/saml2/authn_context/mobiletwofactor.py.ts + read source + head -n1 src/saml2/authn_context/ippword.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/authn_context/ippword.py src/saml2/authn_context/ippword.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/authn_context/ippword.py + touch --ref=src/saml2/authn_context/ippword.py.ts src/saml2/authn_context/ippword.py + rm src/saml2/authn_context/ippword.py.ts + read source + head -n1 src/saml2/authn_context/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/authn.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/shibboleth_uri.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/saml_uri.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/basic.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/adfs_v20.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/adfs_v1x.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attributemaps/__init__.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/attribute_resolver.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/attribute_resolver.py src/saml2/attribute_resolver.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/attribute_resolver.py + touch --ref=src/saml2/attribute_resolver.py.ts src/saml2/attribute_resolver.py + rm src/saml2/attribute_resolver.py.ts + read source + head -n1 src/saml2/attribute_converter.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/attribute_converter.py src/saml2/attribute_converter.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/attribute_converter.py + touch --ref=src/saml2/attribute_converter.py.ts src/saml2/attribute_converter.py + rm src/saml2/attribute_converter.py.ts + read source + head -n1 src/saml2/assertion.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/assertion.py src/saml2/assertion.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/assertion.py + touch --ref=src/saml2/assertion.py.ts src/saml2/assertion.py + rm src/saml2/assertion.py.ts + read source + head -n1 src/saml2/argtree.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/algsupport.py + grep -F /usr/bin/env + read source + head -n1 src/saml2/__init__.py + grep -F /usr/bin/env #!/usr/bin/env python + touch --ref=src/saml2/__init__.py src/saml2/__init__.py.ts + sed -i '/\/usr\/bin\/env python/{d;q}' src/saml2/__init__.py + touch --ref=src/saml2/__init__.py.ts src/saml2/__init__.py + rm src/saml2/__init__.py.ts + read source + source=src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py src/saml2/schema/wsdl.py.ts + sed -i '1,3{d;q}' src/saml2/schema/wsdl.py + touch --ref=src/saml2/schema/wsdl.py.ts src/saml2/schema/wsdl.py + rm src/saml2/schema/wsdl.py.ts + RPM_EC=0 ++ jobs -p + exit 0 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.9cKKjE + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement not satisfied: poetry_core>=1.0.0 Exiting dependency generation pass: build backend + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires + rm -rfv '*.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.buildreqs.nosrc.rpm INFO: Going to install missing dynamic buildrequires Updating and loading repositories: fedora 100% | 139.0 KiB/s | 24.9 KiB | 00m00s Additional repo http_kojipkgs_fedorapr 100% | 212.7 KiB/s | 3.8 KiB | 00m00s Copr repository 100% | 89.7 KiB/s | 1.5 KiB | 00m00s Copr repository 100% | 2.8 MiB/s | 96.3 KiB | 00m00s Repositories loaded. Package "git-core-2.47.0-1.fc42.x86_64" is already installed. Package "pyproject-rpm-macros-1.15.1-1.fc42.noarch" is already installed. Package "python3-devel-3.13.0-1.fc42.x86_64" is already installed. Package "python3-pymongo-4.2.0-8.fc41.x86_64" is already installed. Package "python3-pytest-8.3.3-2.fc42.noarch" is already installed. Package "python3-responses-0.25.3-2.fc41.noarch" is already installed. Package "python3-sphinx-1:7.3.7-2.fc41.noarch" is already installed. Package "python3-packaging-24.1-2.fc41.noarch" is already installed. Package "xmlsec1-1:1.2.39-4.fc41.x86_64" is already installed. Package "xmlsec1-openssl-1:1.2.39-4.fc41.x86_64" is already installed. Package Arch Version Repository Size Installing: python3-pip noarch 24.2-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 11.4 MiB python3-poetry-core noarch 1.9.0-3.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.0 MiB Installing dependencies: python3-fastjsonschema noarch 2.20.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 190.8 KiB python3-lark noarch 1.2.2-1.fc42 copr_base 1.3 MiB Transaction Summary: Installing: 4 packages Total size of inbound packages is 3 MiB. Need to download 0 B. After this operation, 14 MiB extra will be used (install 14 MiB, remove 0 B). [1/1] python3-pip-0:24.2-2.fc42.noarch 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [1/1] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/2] python3-poetry-core-0:1.9.0-3.fc4 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [2/2] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/3] python3-fastjsonschema-0:2.20.0-1 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [3/3] Total 100% | 0.0 B/s | 0.0 B | 00m00s [1/4] python3-lark-0:1.2.2-1.fc42.noarc 100% | 0.0 B/s | 0.0 B | 00m00s >>> Already downloaded -------------------------------------------------------------------------------- [4/4] Total 100% | 0.0 B/s | 0.0 B | 00m00s Running transaction [1/6] Verify package files 100% | 444.0 B/s | 4.0 B | 00m00s [2/6] Prepare transaction 100% | 250.0 B/s | 4.0 B | 00m00s [3/6] Installing python3-lark-0:1.2.2-1 100% | 263.4 MiB/s | 1.3 MiB | 00m00s [4/6] Installing python3-fastjsonschema 100% | 194.1 MiB/s | 198.8 KiB | 00m00s [5/6] Installing python3-poetry-core-0: 100% | 133.4 MiB/s | 1.1 MiB | 00m00s warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead [6/6] Installing python3-pip-0:24.2-2.f 100% | 191.1 MiB/s | 11.7 MiB | 00m00s Warning: skipped PGP checks for 4 packages from repositories: copr_base, http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch Complete! Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1721347200 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.bONbba + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 1.9.0) Handling tox-current-env >= 0.0.6 from tox itself Requirement not satisfied: tox-current-env >= 0.0.6 Exiting dependency generation pass: tox itself + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires + rm -rfv '*.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.buildreqs.nosrc.rpm INFO: Going to install missing dynamic buildrequires Updating and loading repositories: Copr repository 100% | 117.3 KiB/s | 1.5 KiB | 00m00s Additional repo http_kojipkgs_fedorapr 100% | 225.2 KiB/s | 3.8 KiB | 00m00s fedora 100% | 478.4 KiB/s | 24.9 KiB | 00m00s Repositories loaded. Package "git-core-2.47.0-1.fc42.x86_64" is already installed. Package "pyproject-rpm-macros-1.15.1-1.fc42.noarch" is already installed. Package "python3-devel-3.13.0-1.fc42.x86_64" is already installed. Package "python3-pymongo-4.2.0-8.fc41.x86_64" is already installed. Package "python3-pytest-8.3.3-2.fc42.noarch" is already installed. Package "python3-responses-0.25.3-2.fc41.noarch" is already installed. Package "python3-sphinx-1:7.3.7-2.fc41.noarch" is already installed. Package "python3-packaging-24.1-2.fc41.noarch" is already installed. Package "python3-pip-24.2-2.fc42.noarch" is already installed. Package "python3-poetry-core-1.9.0-3.fc41.noarch" is already installed. Package "xmlsec1-1:1.2.39-4.fc41.x86_64" is already installed. Package "xmlsec1-openssl-1:1.2.39-4.fc41.x86_64" is already installed. Package Arch Version Repository Size Installing: python3-tox-current-env noarch 0.0.12-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 71.7 KiB Installing dependencies: python-setuptools-wheel noarch 69.2.0-8.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 750.4 KiB python-wheel-wheel noarch 1:0.43.0-4.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 65.1 KiB python3-cachetools noarch 5.4.0-6.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 138.7 KiB python3-chardet noarch 5.2.0-14.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.1 MiB python3-colorama noarch 0.4.6-9.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 191.6 KiB python3-distlib noarch 0.3.9-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.2 MiB python3-filelock noarch 3.15.4-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 90.2 KiB python3-platformdirs noarch 4.2.2-2.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 168.6 KiB python3-pyproject-api noarch 1.6.1-5.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 80.6 KiB python3-virtualenv noarch 20.26.6-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 644.9 KiB tox noarch 4.21.2-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.2 MiB Transaction Summary: Installing: 12 packages Total size of inbound packages is 2 MiB. Need to download 2 MiB. After this operation, 7 MiB extra will be used (install 7 MiB, remove 0 B). [ 1/12] python3-tox-current-env-0:0.0.1 100% | 1.6 MiB/s | 30.2 KiB | 00m00s [ 2/12] python3-cachetools-0:5.4.0-6.fc 100% | 1.6 MiB/s | 37.1 KiB | 00m00s [ 3/12] python3-chardet-0:5.2.0-14.fc41 100% | 26.7 MiB/s | 273.4 KiB | 00m00s [ 4/12] python3-colorama-0:0.4.6-9.fc41 100% | 10.3 MiB/s | 63.4 KiB | 00m00s [ 5/12] python3-filelock-0:3.15.4-2.fc4 100% | 12.2 MiB/s | 37.5 KiB | 00m00s [ 6/12] python3-platformdirs-0:4.2.2-2. 100% | 8.0 MiB/s | 41.0 KiB | 00m00s [ 7/12] tox-0:4.21.2-2.fc42.noarch 100% | 10.0 MiB/s | 368.8 KiB | 00m00s [ 8/12] python3-pyproject-api-0:1.6.1-5 100% | 7.3 MiB/s | 37.1 KiB | 00m00s [ 9/12] python-wheel-wheel-1:0.43.0-4.f 100% | 13.9 MiB/s | 71.0 KiB | 00m00s [10/12] python3-virtualenv-0:20.26.6-1. 100% | 21.6 MiB/s | 243.2 KiB | 00m00s [11/12] python-setuptools-wheel-0:69.2. 100% | 51.0 MiB/s | 679.1 KiB | 00m00s [12/12] python3-distlib-0:0.3.9-1.fc42. 100% | 25.3 MiB/s | 259.0 KiB | 00m00s -------------------------------------------------------------------------------- [12/12] Total 100% | 37.3 MiB/s | 2.1 MiB | 00m00s Running transaction [ 1/14] Verify package files 100% | 2.0 KiB/s | 12.0 B | 00m00s [ 2/14] Prepare transaction 100% | 1.1 KiB/s | 12.0 B | 00m00s [ 3/14] Installing python3-platformdirs 100% | 170.9 MiB/s | 175.0 KiB | 00m00s [ 4/14] Installing python3-filelock-0:3 100% | 94.8 MiB/s | 97.1 KiB | 00m00s [ 5/14] Installing python3-distlib-0:0. 100% | 390.7 MiB/s | 1.2 MiB | 00m00s [ 6/14] Installing python-wheel-wheel-1 100% | 0.0 B/s | 65.8 KiB | 00m00s [ 7/14] Installing python-setuptools-wh 100% | 733.5 MiB/s | 751.1 KiB | 00m00s [ 8/14] Installing python3-virtualenv-0 100% | 87.1 MiB/s | 713.6 KiB | 00m00s [ 9/14] Installing python3-pyproject-ap 100% | 84.7 MiB/s | 86.8 KiB | 00m00s [10/14] Installing python3-colorama-0:0 100% | 98.4 MiB/s | 201.5 KiB | 00m00s [11/14] Installing python3-chardet-0:5. 100% | 299.4 MiB/s | 2.1 MiB | 00m00s [12/14] Installing python3-cachetools-0 100% | 138.9 MiB/s | 142.3 KiB | 00m00s [13/14] Installing tox-0:4.21.2-2.fc42. 100% | 158.9 MiB/s | 1.3 MiB | 00m00s warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead [14/14] Installing python3-tox-current- 100% | 5.3 MiB/s | 76.0 KiB | 00m00s Warning: skipped PGP checks for 12 packages from repository: http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch Complete! Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1721347200 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.4erbsR + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 1.9.0) Handling tox-current-env >= 0.0.6 from tox itself Requirement satisfied: tox-current-env >= 0.0.6 (installed: tox-current-env 0.0.12) py313: OK (0.00 seconds) congratulations :) (0.05 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.21.2) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: cryptography (>=3.1) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: defusedxml Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: pyopenssl Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: python-dateutil Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: pytz Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.3) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement not satisfied: xmlschema (>=1.2.1) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/LICENSE' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.buildreqs.nosrc.rpm INFO: Going to install missing dynamic buildrequires Updating and loading repositories: fedora 100% | 241.5 KiB/s | 24.9 KiB | 00m00s Additional repo http_kojipkgs_fedorapr 100% | 212.7 KiB/s | 3.8 KiB | 00m00s Copr repository 100% | 127.1 KiB/s | 1.5 KiB | 00m00s Repositories loaded. Package "git-core-2.47.0-1.fc42.x86_64" is already installed. Package "pyproject-rpm-macros-1.15.1-1.fc42.noarch" is already installed. Package "python3-devel-3.13.0-1.fc42.x86_64" is already installed. Package "python3-pymongo-4.2.0-8.fc41.x86_64" is already installed. Package "python3-pytest-8.3.3-2.fc42.noarch" is already installed. Package "python3-responses-0.25.3-2.fc41.noarch" is already installed. Package "python3-sphinx-1:7.3.7-2.fc41.noarch" is already installed. Package "python3-packaging-24.1-2.fc41.noarch" is already installed. Package "python3-pip-24.2-2.fc42.noarch" is already installed. Package "python3-poetry-core-1.9.0-3.fc41.noarch" is already installed. Package "tox-4.21.2-2.fc42.noarch" is already installed. Package "python3-tox-current-env-0.0.12-1.fc42.noarch" is already installed. Package "xmlsec1-1:1.2.39-4.fc41.x86_64" is already installed. Package "xmlsec1-openssl-1:1.2.39-4.fc41.x86_64" is already installed. Package Arch Version Repository Size Installing: python3-cryptography x86_64 43.0.0-3.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 4.7 MiB python3-dateutil noarch 1:2.8.2-16.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 879.2 KiB python3-defusedxml noarch 0.7.1-17.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 196.4 KiB python3-pyOpenSSL noarch 24.2.1-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 747.1 KiB python3-pytz noarch 2024.2-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 223.7 KiB python3-xmlschema noarch 3.4.2-2.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 3.8 MiB Installing dependencies: python3-cffi x86_64 1.17.1-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 1.3 MiB python3-elementpath noarch 4.5.0-1.fc42 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 2.9 MiB python3-ply noarch 3.11-25.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 568.2 KiB python3-pycparser noarch 2.20-18.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 821.0 KiB python3-six noarch 1.16.0-23.fc41 http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch 118.3 KiB Transaction Summary: Installing: 11 packages Total size of inbound packages is 4 MiB. Need to download 4 MiB. After this operation, 16 MiB extra will be used (install 16 MiB, remove 0 B). [ 1/11] python3-pyOpenSSL-0:24.2.1-1.fc 100% | 5.8 MiB/s | 125.0 KiB | 00m00s [ 2/11] python3-defusedxml-0:0.7.1-17.f 100% | 1.9 MiB/s | 51.3 KiB | 00m00s [ 3/11] python3-dateutil-1:2.8.2-16.fc4 100% | 68.2 MiB/s | 349.0 KiB | 00m00s [ 4/11] python3-pytz-0:2024.2-1.fc42.no 100% | 14.6 MiB/s | 59.8 KiB | 00m00s [ 5/11] python3-elementpath-0:4.5.0-1.f 100% | 59.9 MiB/s | 551.8 KiB | 00m00s [ 6/11] python3-six-0:1.16.0-23.fc41.no 100% | 13.4 MiB/s | 41.2 KiB | 00m00s [ 7/11] python3-cffi-0:1.17.1-1.fc42.x8 100% | 57.9 MiB/s | 296.6 KiB | 00m00s [ 8/11] python3-pycparser-0:2.20-18.fc4 100% | 36.6 MiB/s | 149.9 KiB | 00m00s [ 9/11] python3-cryptography-0:43.0.0-3 100% | 22.3 MiB/s | 1.3 MiB | 00m00s [10/11] python3-xmlschema-0:3.4.2-2.fc4 100% | 19.6 MiB/s | 643.8 KiB | 00m00s [11/11] python3-ply-0:3.11-25.fc41.noar 100% | 32.1 MiB/s | 131.6 KiB | 00m00s -------------------------------------------------------------------------------- [11/11] Total 100% | 59.6 MiB/s | 3.6 MiB | 00m00s Running transaction [ 1/13] Verify package files 100% | 1.1 KiB/s | 11.0 B | 00m00s [ 2/13] Prepare transaction 100% | 550.0 B/s | 11.0 B | 00m00s [ 3/13] Installing python3-ply-0:3.11-2 100% | 280.0 MiB/s | 573.4 KiB | 00m00s [ 4/13] Installing python3-pycparser-0: 100% | 271.0 MiB/s | 832.5 KiB | 00m00s [ 5/13] Installing python3-cffi-0:1.17. 100% | 334.5 MiB/s | 1.3 MiB | 00m00s [ 6/13] Installing python3-cryptography 100% | 265.2 MiB/s | 4.8 MiB | 00m00s [ 7/13] Installing python3-six-0:1.16.0 100% | 117.9 MiB/s | 120.7 KiB | 00m00s [ 8/13] Installing python3-elementpath- 100% | 326.8 MiB/s | 2.9 MiB | 00m00s [ 9/13] Installing python3-xmlschema-0: 100% | 352.7 MiB/s | 3.9 MiB | 00m00s [10/13] Installing python3-dateutil-1:2 100% | 290.7 MiB/s | 892.9 KiB | 00m00s [11/13] Installing python3-pyOpenSSL-0: 100% | 367.7 MiB/s | 753.1 KiB | 00m00s [12/13] Installing python3-pytz-0:2024. 100% | 223.6 MiB/s | 229.0 KiB | 00m00s warning: posix.fork(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.wait(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead warning: posix.exec(): .fork(), .exec(), .wait() and .redirect2null() are deprecated, use rpm.spawn() or rpm.execute() instead [13/13] Installing python3-defusedxml-0 100% | 13.3 MiB/s | 204.6 KiB | 00m00s Warning: skipped PGP checks for 11 packages from repository: http_kojipkgs_fedoraproject_org_repos_rawhide_latest_basearch Complete! Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1721347200 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.cbrjIa + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 1.9.0) Handling tox-current-env >= 0.0.6 from tox itself Requirement satisfied: tox-current-env >= 0.0.6 (installed: tox-current-env 0.0.12) py313: OK (0.00 seconds) congratulations :) (0.05 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.21.2) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: cryptography (>=3.1) (installed: cryptography 43.0.0) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: defusedxml (installed: defusedxml 0.7.1) Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pyopenssl (installed: pyopenssl 24.2.1) Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: python-dateutil (installed: python-dateutil 2.8.2) Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pytz (installed: pytz 2024.2) Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.3) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: xmlschema (>=1.2.1) (installed: xmlschema 3.4.2) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/LICENSE' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Wrote: /builddir/build/SRPMS/python-pysaml2-7.4.2-6.fc42.buildreqs.nosrc.rpm INFO: Going to install missing dynamic buildrequires Updating and loading repositories: Copr repository 100% | 76.3 KiB/s | 1.5 KiB | 00m00s Additional repo http_kojipkgs_fedorapr 100% | 212.7 KiB/s | 3.8 KiB | 00m00s fedora 100% | 84.6 KiB/s | 24.9 KiB | 00m00s Copr repository 100% | 4.5 MiB/s | 97.3 KiB | 00m00s Repositories loaded. Package "git-core-2.47.0-1.fc42.x86_64" is already installed. Package "pyproject-rpm-macros-1.15.1-1.fc42.noarch" is already installed. Package "python3-devel-3.13.0-1.fc42.x86_64" is already installed. Package "python3-pymongo-4.2.0-8.fc41.x86_64" is already installed. Package "python3-pytest-8.3.3-2.fc42.noarch" is already installed. Package "python3-responses-0.25.3-2.fc41.noarch" is already installed. Package "python3-sphinx-1:7.3.7-2.fc41.noarch" is already installed. Package "python3-cryptography-43.0.0-3.fc42.x86_64" is already installed. Package "python3-defusedxml-0.7.1-17.fc42.noarch" is already installed. Package "python3-packaging-24.1-2.fc41.noarch" is already installed. Package "python3-pip-24.2-2.fc42.noarch" is already installed. Package "python3-poetry-core-1.9.0-3.fc41.noarch" is already installed. Package "python3-pyOpenSSL-24.2.1-1.fc42.noarch" is already installed. Package "python3-dateutil-1:2.8.2-16.fc41.noarch" is already installed. Package "python3-pytz-2024.2-1.fc42.noarch" is already installed. Package "tox-4.21.2-2.fc42.noarch" is already installed. Package "python3-tox-current-env-0.0.12-1.fc42.noarch" is already installed. Package "python3-xmlschema-3.4.2-2.fc42.noarch" is already installed. Package "xmlsec1-1:1.2.39-4.fc41.x86_64" is already installed. Package "xmlsec1-openssl-1:1.2.39-4.fc41.x86_64" is already installed. Nothing to do. Building target platforms: x86_64 Building for target x86_64 setting SOURCE_DATE_EPOCH=1721347200 Executing(%generate_buildrequires): /bin/sh -e /var/tmp/rpm-tmp.ZLUrnF + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + cd pysaml2-7.4.2 + echo pyproject-rpm-macros + echo python3-devel + echo 'python3dist(packaging)' + echo 'python3dist(pip) >= 19' + '[' -f pyproject.toml ']' + echo '(python3dist(tomli) if python3-devel < 3.11)' + rm -rfv '*.dist-info/' + '[' -f /usr/bin/python3 ']' + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + echo -n + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/.pyproject-builddir + RPM_TOXENV=py313 + HOSTNAME=rpmbuild + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_buildrequires.py --generate-extras --python3_pkgversion 3 --wheeldir /builddir/build/BUILD/python-pysaml2-7.4.2-build/pyproject-wheeldir --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires -t Handling poetry_core>=1.0.0 from build-system.requires Requirement satisfied: poetry_core>=1.0.0 (installed: poetry_core 1.9.0) Handling tox-current-env >= 0.0.6 from tox itself Requirement satisfied: tox-current-env >= 0.0.6 (installed: tox-current-env 0.0.12) py313: OK (0.00 seconds) congratulations :) (0.05 seconds) Handling tox from tox --print-deps-only: py313 Requirement satisfied: tox (installed: tox 4.21.2) Handling cryptography (>=3.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: cryptography (>=3.1) (installed: cryptography 43.0.0) Handling defusedxml from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: defusedxml (installed: defusedxml 0.7.1) Handling importlib-metadata (>=1.7.0) ; python_version < "3.8" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-metadata (>=1.7.0) ; python_version < "3.8" Handling importlib-resources ; python_version < "3.9" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: importlib-resources ; python_version < "3.9" Handling paste ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: paste ; extra == "s2repoze" Handling pyopenssl from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pyopenssl (installed: pyopenssl 24.2.1) Handling python-dateutil from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: python-dateutil (installed: python-dateutil 2.8.2) Handling pytz from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: pytz (installed: pytz 2024.2) Handling repoze.who ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: repoze.who ; extra == "s2repoze" Handling requests (>=2,<3) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: requests (>=2,<3) (installed: requests 2.32.3) Handling xmlschema (>=1.2.1) from hook generated metadata: Requires-Dist (pysaml2) Requirement satisfied: xmlschema (>=1.2.1) (installed: xmlschema 3.4.2) Handling zope.interface ; extra == "s2repoze" from hook generated metadata: Requires-Dist (pysaml2) Ignoring alien requirement: zope.interface ; extra == "s2repoze" + cat /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-buildrequires + rm -rfv pysaml2-7.4.2.dist-info/ removed 'pysaml2-7.4.2.dist-info/LICENSE' removed 'pysaml2-7.4.2.dist-info/METADATA' removed 'pysaml2-7.4.2.dist-info/WHEEL' removed 'pysaml2-7.4.2.dist-info/entry_points.txt' removed directory 'pysaml2-7.4.2.dist-info/' + RPM_EC=0 ++ jobs -p + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.W4hE7H + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib64: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + VALAFLAGS=-g + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' + LT_SYS_LIBRARY_PATH=/usr/lib64: + CC=gcc + CXX=g++ + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + /usr/bin/python3 -Bs /usr/lib/rpm/redhat/pyproject_wheel.py /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir Processing /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2 Preparing metadata (pyproject.toml): started Running command Preparing metadata (pyproject.toml) Preparing metadata (pyproject.toml): finished with status 'done' Building wheels for collected packages: pysaml2 Building wheel for pysaml2 (pyproject.toml): started Running command Building wheel for pysaml2 (pyproject.toml) Building wheel for pysaml2 (pyproject.toml): finished with status 'done' Created wheel for pysaml2: filename=pysaml2-7.4.2-py3-none-any.whl size=417773 sha256=cbaf636775fca25b472af65bcaeedd1fe655a3d57efae9d46c6e0498b0ec8461 Stored in directory: /builddir/.cache/pip/wheels/01/b9/eb/75f72f6a4448fdc07c5ffc8f00ad2896051c69eedccbfbb041 Successfully built pysaml2 + RPM_EC=0 ++ jobs -p + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.kDNUHz + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + '[' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT '!=' / ']' + rm -rf /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT ++ dirname /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT + mkdir -p /builddir/build/BUILD/python-pysaml2-7.4.2-build + mkdir /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib64: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 ++ ls /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir/pysaml2-7.4.2-py3-none-any.whl ++ xargs basename --multiple ++ sed -E 's/([^-]+)-([^-]+)-.+\.whl/\1==\2/' + specifier=pysaml2==7.4.2 + '[' -z pysaml2==7.4.2 ']' + TMPDIR=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir + /usr/bin/python3 -m pip install --root /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --prefix /usr --no-deps --disable-pip-version-check --progress-bar off --verbose --ignore-installed --no-warn-script-location --no-index --no-cache-dir --find-links /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir pysaml2==7.4.2 Using pip 24.2 from /usr/lib/python3.13/site-packages/pip (python 3.13) Looking in links: /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/pyproject-wheeldir Processing ./pyproject-wheeldir/pysaml2-7.4.2-py3-none-any.whl Installing collected packages: pysaml2 Creating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata to 755 changing mode of /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2 to 755 Successfully installed pysaml2-7.4.2 + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin ']' + '[' -z sP ']' + shebang_flags=-kasP + /usr/bin/python3 -B /usr/lib/rpm/redhat/pathfix.py -pni /usr/bin/python3 -kasP /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/make_metadata: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/mdexport: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/merge_metadata: updating /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/parse_xsd2: updating + rm -rfv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin/__pycache__ + rm -f /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-ghost-distinfo + site_dirs=() + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages ']' + site_dirs+=("/usr/lib/python3.13/site-packages") + '[' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages '!=' /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages ']' + '[' -d /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages ']' + for site_dir in ${site_dirs[@]} + for distinfo in /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT$site_dir/*.dist-info + echo '%ghost /usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info' + sed -i s/pip/rpm/ /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/INSTALLER + PYTHONPATH=/usr/lib/rpm/redhat + /usr/bin/python3 -B /usr/lib/rpm/redhat/pyproject_preprocess_record.py --buildroot /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --record /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD --output /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-record + rm -fv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD removed '/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/RECORD' + rm -fv /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/REQUESTED removed '/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/pysaml2-7.4.2.dist-info/REQUESTED' ++ wc -l /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-ghost-distinfo ++ cut -f1 '-d ' + lines=1 + '[' 1 -ne 1 ']' + RPM_FILES_ESCAPE=4.19 + /usr/bin/python3 /usr/lib/rpm/redhat/pyproject_save_files.py --output-files /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-files --output-modules /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-modules --buildroot /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT --sitelib /usr/lib/python3.13/site-packages --sitearch /usr/lib64/python3.13/site-packages --python-version 3.13 --pyproject-record /builddir/build/BUILD/python-pysaml2-7.4.2-build/python-pysaml2-7.4.2-6.fc42.x86_64-pyproject-record --prefix /usr saml2 saml2test + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s parse_xsd2 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/parse_xsd2.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s make_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/make_metadata.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s mdexport /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/mdexport.py + for bin in parse_xsd2 make_metadata mdexport merge_metadata + ln -s merge_metadata /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/bin/merge_metadata.py + sed -i /alabaster/d docs/conf.py + export PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/lib/python3.13/site-packages + PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT//usr/lib/python3.13/site-packages + sphinx-build-3 docs html Running Sphinx v7.3.7 making output directory... done building [mo]: targets for 0 po files that are out of date writing output... building [html]: targets for 8 source files that are out of date updating environment: [new config] 8 added, 0 changed, 0 removed reading sources... [ 12%] examples/idp reading sources... [ 25%] examples/index reading sources... [ 38%] examples/sp reading sources... [ 50%] howto/config reading sources... [ 62%] howto/index reading sources... [ 75%] index reading sources... [ 88%] install reading sources... [100%] sp_test/internal looking for now-outdated files... none found pickling environment... done checking consistency... done preparing documents... done copying assets... copying static files... done copying extra files... done done writing output... [ 12%] examples/idp writing output... [ 25%] examples/index writing output... [ 38%] examples/sp writing output... [ 50%] howto/config writing output... [ 62%] howto/index writing output... [ 75%] index writing output... [ 88%] install writing output... [100%] sp_test/internal generating indices... genindex done writing additional pages... search done dumping search index in English (code: en)... done dumping object inventory... done build succeeded. The HTML pages are in html. + rm -rf html/.doctrees html/.buildinfo + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-ldconfig + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump + /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/check-rpaths + /usr/lib/rpm/redhat/brp-mangle-shebangs mangling shebang in /usr/lib/python3.13/site-packages/saml2/tools/update_metadata.sh from /bin/sh to #!/usr/bin/sh *** WARNING: ./usr/lib/python3.13/site-packages/saml2/authn_context/timesync.py is executable but has no shebang, removing executable bit + /usr/lib/rpm/brp-remove-la-files + env /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0 -j4 Bytecompiling .py files below /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13 using python3.13 + /usr/lib/rpm/redhat/brp-python-hardlink + /usr/bin/add-determinism --brp -j4 /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/tool.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/opfunc.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/status.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/interaction.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/check.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/time_util.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2test/__pycache__/check.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/virtual_org.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/version.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/soap.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/validate.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/sdb.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/server.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/samlp.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/s_utils.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/sigver.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/metadata.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/saml.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/request.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/population.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/response.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/pack.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mcache.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ident.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdie.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mongo_store.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdbcache.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/httputil.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/md.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/filter.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/httpbase.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/cert.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/client.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/eptid.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/cache.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ecp_client.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/ecp.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/discovery.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/country_codes.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/entity.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/attribute_resolver.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/config.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/argtree.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/mdstore.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/algsupport.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/attribute_converter.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/authn.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/client_base.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/assertion.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xml/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xml/schema/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wsutil.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xmlenc/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wspol.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wssec.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/userinfo/__pycache__/ldapinfo.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/userinfo/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/sync_attrmaps.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wsaddr.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/sync_attrmaps.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/verify_metadata.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/merge_metadata.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdimport.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdexport_test.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/mdexport.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/make_metadata.cpython-313.opt-1.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/xmldsig/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/make_metadata.cpython-313.pyc: replacing with normalized version /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/soapenv.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/ws/__pycache__/wstrust.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/soap.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/challenge_decider.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/ini.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/sp.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/formswithhidden.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/s2repoze/plugins/__pycache__/entitlement.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/schema/__pycache__/wsdl.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/samlec.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/paos.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/profile/__pycache__/ecp.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/reqinit.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/requested_attributes.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/pefim.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/sp_type.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/shibmd.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdattr.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/tools/__pycache__/parse_xsd2.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/idpdisc.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdrpi.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/algsupport.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/refeds.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/swamid.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/incommon.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/edugain.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity_category/__pycache__/at_egov_pvp2.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/templates/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/data/schemas/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/pki.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/dri.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/errors.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/asymmetric.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/__pycache__/symmetric.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/extension/__pycache__/mdui.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/timesync.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/pword.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/sslcert.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/__init__.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/saml_uri.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/basic.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/shibboleth_uri.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/adfs_v20.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/attributemaps/__pycache__/adfs_v1x.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/ppt.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/ippword.cpython-313.opt-1.pyc: rewriting with normalized contents /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/authn_context/__pycache__/mobiletwofactor.cpython-313.opt-1.pyc: rewriting with normalized contents Scanned 49 directories and 434 files, processed 127 inodes, 127 modified (6 replaced + 121 rewritten), 0 unsupported format, 0 errors Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.CUrCbc + umask 022 + cd /builddir/build/BUILD/python-pysaml2-7.4.2-build + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CFLAGS + CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + export CXXFLAGS + FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FFLAGS + FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -I/usr/lib64/gfortran/modules ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes -Clink-arg=-specs=/usr/lib/rpm/redhat/redhat-package-notes --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib64: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd pysaml2-7.4.2 + CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' + LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes ' + PATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin + PYTHONPATH=/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib64/python3.13/site-packages:/builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages + PYTHONDONTWRITEBYTECODE=1 + PYTEST_ADDOPTS=' --ignore=/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/.pyproject-builddir' + PYTEST_XDIST_AUTO_NUM_WORKERS=4 + /usr/bin/pytest ============================= test session starts ============================== platform linux -- Python 3.13.0, pytest-8.3.3, pluggy-1.5.0 -- /usr/bin/python3 cachedir: .pytest_cache rootdir: /builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2 configfile: pyproject.toml testpaths: tests collecting ... collected 785 items tests/test_00_xmldsig.py::TestObject::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestObject::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestMgmtData::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestMgmtData::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKISexp::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKISexp::testUsingTestData PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKIData::testAccessors PASSED [ 0%] tests/test_00_xmldsig.py::TestSPKIData::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestPGPData::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestPGPData::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestX509IssuerSerial::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestX509IssuerSerial::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestX509Data::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestX509Data::testUsingTestData PASSED [ 1%] tests/test_00_xmldsig.py::TestTransform::testAccessors PASSED [ 1%] tests/test_00_xmldsig.py::TestTransform::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestTransforms::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestTransforms::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestRetrievalMethod::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestRetrievalMethod::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestRSAKeyValue::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestRSAKeyValue::testUsingTestData PASSED [ 2%] tests/test_00_xmldsig.py::TestDSAKeyValue::testAccessors PASSED [ 2%] tests/test_00_xmldsig.py::TestDSAKeyValue::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyValue::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyValue::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyName::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyName::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyInfo::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestKeyInfo::testUsingTestData PASSED [ 3%] tests/test_00_xmldsig.py::TestDigestValue::testAccessors PASSED [ 3%] tests/test_00_xmldsig.py::TestDigestValue::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestDigestMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestDigestMethod::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestReference::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestReference::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestSignatureMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestSignatureMethod::testUsingTestData PASSED [ 4%] tests/test_00_xmldsig.py::TestCanonicalizationMethod::testAccessors PASSED [ 4%] tests/test_00_xmldsig.py::TestCanonicalizationMethod::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignedInfo::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignedInfo::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignatureValue::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignatureValue::testUsingTestData PASSED [ 5%] tests/test_00_xmldsig.py::TestSignature::testAccessors PASSED [ 5%] tests/test_00_xmldsig.py::TestSignature::testUsingTestData PASSED [ 5%] tests/test_01_xmlenc.py::test_1 PASSED [ 5%] tests/test_01_xmlenc.py::test_2 PASSED [ 6%] tests/test_01_xmlenc.py::test_3 PASSED [ 6%] tests/test_01_xmlenc.py::test_4 PASSED [ 6%] tests/test_01_xmlenc.py::test_5 PASSED [ 6%] tests/test_01_xmlenc.py::test_6 PASSED [ 6%] tests/test_02_saml.py::TestExtensionElement::test_loadd PASSED [ 6%] tests/test_02_saml.py::TestExtensionElement::test_find_children PASSED [ 6%] tests/test_02_saml.py::TestExtensionContainer::test_find_extensions PASSED [ 7%] tests/test_02_saml.py::TestExtensionContainer::test_add_extension_elements PASSED [ 7%] tests/test_02_saml.py::TestExtensionContainer::test_add_extension_attribute PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_dict PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_str PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_multi_dict PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_to_string_nspair PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_set_text_empty PASSED [ 7%] tests/test_02_saml.py::TestSAMLBase::test_set_text_value PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_text_update_same_type PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_text_cannot_change_value_type PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_xs_type_anytype_unchanged_value PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_set_xs_type_date PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_treat_invalid_types_as_string PASSED [ 8%] tests/test_02_saml.py::TestSAMLBase::test_make_vals_div PASSED [ 8%] tests/test_02_saml.py::TestNameID::testEmptyExtensionsList PASSED [ 8%] tests/test_02_saml.py::TestNameID::testFormatAttribute PASSED [ 9%] tests/test_02_saml.py::TestNameID::testNameIDText PASSED [ 9%] tests/test_02_saml.py::TestNameID::testSPProvidedID PASSED [ 9%] tests/test_02_saml.py::TestNameID::testEmptyNameIDToAndFromStringMatch PASSED [ 9%] tests/test_02_saml.py::TestNameID::testNameIDToAndFromStringMatch PASSED [ 9%] tests/test_02_saml.py::TestNameID::testExtensionAttributes PASSED [ 9%] tests/test_02_saml.py::TestNameID::testname_id_from_string PASSED [ 9%] tests/test_02_saml.py::TestIssuer::testIssuerToAndFromString PASSED [ 9%] tests/test_02_saml.py::TestIssuer::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestSubjectLocality::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestSubjectLocality::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextClassRef::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextClassRef::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDeclRef::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDeclRef::testUsingTestData PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDecl::testAccessors PASSED [ 10%] tests/test_02_saml.py::TestAuthnContextDecl::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthenticatingAuthority::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthenticatingAuthority::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthnContext::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthnContext::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAuthnStatement::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAuthnStatement::testUsingTestData PASSED [ 11%] tests/test_02_saml.py::TestAttributeValue::testAccessors PASSED [ 11%] tests/test_02_saml.py::TestAttributeValue::testUsingTestData PASSED [ 12%] tests/test_02_saml.py::TestAttribute::testAccessors PASSED [ 12%] tests/test_02_saml.py::TestAttribute::testUsingTestData PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_str PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_int PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_base64 PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_boolean_true PASSED [ 12%] tests/test_02_saml.py::TestAttribute::test_basic_boolean_false PASSED [ 12%] tests/test_02_saml.py::TestAttributeStatement::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestAttributeStatement::testUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmationData::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmationData::testUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testAccessors PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testBearerUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubjectConfirmation::testHolderOfKeyUsingTestData PASSED [ 13%] tests/test_02_saml.py::TestSubject::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestSubject::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestCondition::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestCondition::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestAudience::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestAudience::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestAudienceRestriction::testAccessors PASSED [ 14%] tests/test_02_saml.py::TestAudienceRestriction::testUsingTestData PASSED [ 14%] tests/test_02_saml.py::TestOneTimeUse::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestOneTimeUse::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestProxyRestriction::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestProxyRestriction::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestConditions::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestConditions::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestAssertionIDRef::testAccessors PASSED [ 15%] tests/test_02_saml.py::TestAssertionIDRef::testUsingTestData PASSED [ 15%] tests/test_02_saml.py::TestAssertionURIRef::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAssertionURIRef::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAction::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAction::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestEvidence::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestEvidence::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAuthzDecisionStatement::testAccessors PASSED [ 16%] tests/test_02_saml.py::TestAuthzDecisionStatement::testUsingTestData PASSED [ 16%] tests/test_02_saml.py::TestAdvice::testAccessors PASSED [ 17%] tests/test_02_saml.py::TestAdvice::testUsingTestData PASSED [ 17%] tests/test_02_saml.py::TestAssertion::testAccessors PASSED [ 17%] tests/test_02_saml.py::TestAssertion::testUsingTestData PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_nameid PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_issuer PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_locality PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_confirmation_data PASSED [ 17%] tests/test_03_saml2.py::test_create_class_from_xml_string_subject_confirmation PASSED [ 18%] tests/test_03_saml2.py::test_create_class_from_xml_string_wrong_class_spec PASSED [ 18%] tests/test_03_saml2.py::test_create_class_from_xml_string_xxe PASSED [ 18%] tests/test_03_saml2.py::test_ee_1 PASSED [ 18%] tests/test_03_saml2.py::test_ee_2 PASSED [ 18%] tests/test_03_saml2.py::test_ee_3 PASSED [ 18%] tests/test_03_saml2.py::test_ee_4 PASSED [ 18%] tests/test_03_saml2.py::test_ee_5 PASSED [ 18%] tests/test_03_saml2.py::test_ee_6 PASSED [ 19%] tests/test_03_saml2.py::test_nameid_with_extension PASSED [ 19%] tests/test_03_saml2.py::test_subject_confirmation_with_extension PASSED [ 19%] tests/test_03_saml2.py::test_to_fro_string_1 PASSED [ 19%] tests/test_03_saml2.py::test_make_vals_str PASSED [ 19%] tests/test_03_saml2.py::test_make_vals_list_of_strs PASSED [ 19%] tests/test_03_saml2.py::test_attribute_element_to_extension_element PASSED [ 19%] tests/test_03_saml2.py::test_ee_7 PASSED [ 20%] tests/test_03_saml2.py::test_ee_xxe PASSED [ 20%] tests/test_03_saml2.py::test_extension_element_loadd PASSED [ 20%] tests/test_03_saml2.py::test_extensions_loadd PASSED [ 20%] tests/test_04_samlp.py::TestStatusDetail::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusMessage::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusCode::testAccessors PASSED [ 20%] tests/test_04_samlp.py::TestStatusCode::testUsingTestData PASSED [ 20%] tests/test_04_samlp.py::TestStatus::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestStatus::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestResponse::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestResponse::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestNameIDPolicy::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestNameIDPolicy::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestIDPEntry::testAccessors PASSED [ 21%] tests/test_04_samlp.py::TestIDPEntry::testUsingTestData PASSED [ 21%] tests/test_04_samlp.py::TestIDPList::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestIDPList::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestScoping::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestScoping::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestRequestedAuthnContext::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestRequestedAuthnContext::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestAuthnRequest::testAccessors PASSED [ 22%] tests/test_04_samlp.py::TestAuthnRequest::testUsingTestData PASSED [ 22%] tests/test_04_samlp.py::TestLogoutRequest::testAccessors PASSED [ 23%] tests/test_04_samlp.py::TestLogoutRequest::testUsingTestData PASSED [ 23%] tests/test_04_samlp.py::TestLogoutResponse::testAccessors PASSED [ 23%] tests/test_04_samlp.py::TestLogoutResponse::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestEndpointType::testAccessors PASSED [ 23%] tests/test_05_md.py::TestEndpointType::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestIndexedEndpointType::testAccessors PASSED [ 23%] tests/test_05_md.py::TestIndexedEndpointType::testUsingTestData PASSED [ 23%] tests/test_05_md.py::TestExtensions::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationName::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationName::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganizationDisplayName::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationDisplayName::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganizationURL::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganizationURL::testUsingTestData PASSED [ 24%] tests/test_05_md.py::TestOrganization::testAccessors PASSED [ 24%] tests/test_05_md.py::TestOrganization::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestContactPerson::testAccessors PASSED [ 25%] tests/test_05_md.py::TestContactPerson::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestAdditionalMetadataLocation::testAccessors PASSED [ 25%] tests/test_05_md.py::TestAdditionalMetadataLocation::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestEncryptionMethod::testAccessors PASSED [ 25%] tests/test_05_md.py::TestEncryptionMethod::testUsingTestData PASSED [ 25%] tests/test_05_md.py::TestKeyDescriptor::testAccessors PASSED [ 25%] tests/test_05_md.py::TestKeyDescriptor::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestRoleDescriptor::testAccessors PASSED [ 26%] tests/test_05_md.py::TestRoleDescriptor::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestArtifactResolutionService::testAccessors PASSED [ 26%] tests/test_05_md.py::TestArtifactResolutionService::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestSingleLogout::testAccessors PASSED [ 26%] tests/test_05_md.py::TestSingleLogout::testUsingTestData PASSED [ 26%] tests/test_05_md.py::TestManageNameIDService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestManageNameIDService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestNameIDFormat::testAccessors PASSED [ 27%] tests/test_05_md.py::TestNameIDFormat::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestSingleSignOnService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestSingleSignOnService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestNameIDMappingService::testAccessors PASSED [ 27%] tests/test_05_md.py::TestNameIDMappingService::testUsingTestData PASSED [ 27%] tests/test_05_md.py::TestAssertionIDRequestService::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAssertionIDRequestService::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestAttributeProfile::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAttributeProfile::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testAccessors PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testUsingTestData PASSED [ 28%] tests/test_05_md.py::TestIDPSSODescriptor::testUsingScope PASSED [ 28%] tests/test_05_md.py::TestAssertionConsumerService::testAccessors PASSED [ 28%] tests/test_05_md.py::TestAssertionConsumerService::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestRequestedAttribute::testAccessors PASSED [ 29%] tests/test_05_md.py::TestRequestedAttribute::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestServiceName::testAccessors PASSED [ 29%] tests/test_05_md.py::TestServiceName::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestServiceDescription::testAccessors PASSED [ 29%] tests/test_05_md.py::TestServiceDescription::testUsingTestData PASSED [ 29%] tests/test_05_md.py::TestAttributeConsumingService::testAccessors PASSED [ 29%] tests/test_05_md.py::TestAttributeConsumingService::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestSPSSODescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestSPSSODescriptor::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestEntityDescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestEntityDescriptor::testUsingTestData PASSED [ 30%] tests/test_05_md.py::TestEntitiesDescriptor::testAccessors PASSED [ 30%] tests/test_05_md.py::TestEntitiesDescriptor::testUsingTestData PASSED [ 30%] tests/test_06_setarg.py::test_path PASSED [ 30%] tests/test_06_setarg.py::test_set_arg PASSED [ 31%] tests/test_06_setarg.py::test_multi PASSED [ 31%] tests/test_06_setarg.py::test_is_set PASSED [ 31%] tests/test_10_time_util.py::test_f_quotient PASSED [ 31%] tests/test_10_time_util.py::test_modulo PASSED [ 31%] tests/test_10_time_util.py::test_f_quotient_2 PASSED [ 31%] tests/test_10_time_util.py::test_modulo_2 PASSED [ 31%] tests/test_10_time_util.py::test_parse_duration PASSED [ 31%] tests/test_10_time_util.py::test_parse_duration2 PASSED [ 32%] tests/test_10_time_util.py::test_parse_duration_n PASSED [ 32%] tests/test_10_time_util.py::test_add_duration_1 PASSED [ 32%] tests/test_10_time_util.py::test_add_duration_2 PASSED [ 32%] tests/test_10_time_util.py::test_str_to_time PASSED [ 32%] tests/test_10_time_util.py::test_instant PASSED [ 32%] tests/test_10_time_util.py::test_valid PASSED [ 32%] tests/test_10_time_util.py::test_timeout PASSED [ 32%] tests/test_10_time_util.py::test_before PASSED [ 33%] tests/test_10_time_util.py::test_after PASSED [ 33%] tests/test_10_time_util.py::test_not_before PASSED [ 33%] tests/test_10_time_util.py::test_not_on_or_after PASSED [ 33%] tests/test_12_s_utils.py::test_inflate_then_deflate PASSED [ 33%] tests/test_12_s_utils.py::test_status_success PASSED [ 33%] tests/test_12_s_utils.py::test_error_status PASSED [ 33%] tests/test_12_s_utils.py::test_status_from_exception PASSED [ 34%] tests/test_12_s_utils.py::test_status_from_tuple PASSED [ 34%] tests/test_12_s_utils.py::test_status_from_tuple_empty_message PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_sn PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_age PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_onoff PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_base64 PASSED [ 34%] tests/test_12_s_utils.py::test_attribute_statement PASSED [ 34%] tests/test_12_s_utils.py::test_audience PASSED [ 35%] tests/test_12_s_utils.py::test_conditions PASSED [ 35%] tests/test_12_s_utils.py::test_value_1 PASSED [ 35%] tests/test_12_s_utils.py::test_value_2 PASSED [ 35%] tests/test_12_s_utils.py::test_value_3 PASSED [ 35%] tests/test_12_s_utils.py::test_value_4 PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement_0 PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement PASSED [ 35%] tests/test_12_s_utils.py::test_do_attribute_statement_multi PASSED [ 36%] tests/test_12_s_utils.py::test_subject PASSED [ 36%] tests/test_12_s_utils.py::test_parse_attribute_map PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_0 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_1 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_2 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_3 PASSED [ 36%] tests/test_12_s_utils.py::test_identity_attribute_4 PASSED [ 36%] tests/test_12_s_utils.py::test_nameformat_email PASSED [ 37%] tests/test_12_s_utils.py::test_attribute PASSED [ 37%] tests/test_12_s_utils.py::test_attribute_statement_2 PASSED [ 37%] tests/test_12_s_utils.py::test_subject_confirmation_data PASSED [ 37%] tests/test_12_s_utils.py::test_subject_confirmation PASSED [ 37%] tests/test_12_s_utils.py::test_authn_context_class_ref PASSED [ 37%] tests/test_12_s_utils.py::test_authn_context PASSED [ 37%] tests/test_12_s_utils.py::test_authn_statement PASSED [ 37%] tests/test_12_s_utils.py::test_signature PASSED [ 38%] tests/test_12_s_utils.py::test_complex_factory PASSED [ 38%] tests/test_13_validate.py::test_duration PASSED [ 38%] tests/test_13_validate.py::test_unsigned_short PASSED [ 38%] tests/test_13_validate.py::test_valid_non_negative_integer PASSED [ 38%] tests/test_13_validate.py::test_valid_string PASSED [ 38%] tests/test_13_validate.py::test_valid_anyuri PASSED [ 38%] tests/test_13_validate.py::test_valid_instance PASSED [ 38%] tests/test_13_validate.py::test_valid_anytype PASSED [ 39%] tests/test_13_validate.py::test_valid_address PASSED [ 39%] tests/test_19_attribute_converter.py::test_default PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_setup PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_ava_fro_1 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_ava_fro_2 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_to_attrstat_1 PASSED [ 39%] tests/test_19_attribute_converter.py::TestAC::test_to_attrstat_2 PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name_from_unspecified PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_local_name_from_basic PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_to_and_for PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_unspecified_name_format PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_mixed_attributes_1 PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_only_from_defined PASSED [ 40%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_only_to_defined PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_adjust_with_no_mapping_defined PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_from_local_nest_eduPersonTargetedID_in_NameID PASSED [ 41%] tests/test_19_attribute_converter.py::TestAC::test_from_local_eduPersonTargetedID_with_qualifiers PASSED [ 41%] tests/test_19_attribute_converter.py::test_noop_attribute_conversion PASSED [ 41%] tests/test_19_attribute_converter.py::TestSchac::test PASSED [ 41%] tests/test_19_attribute_converter.py::TestEIDAS::test PASSED [ 41%] tests/test_20_assertion.py::test_filter_on_attributes_0 PASSED [ 41%] tests/test_20_assertion.py::test_filter_on_attributes_1 PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_2 PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_without_friendly_name PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_required_attribute PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_optional_attribute PASSED [ 42%] tests/test_20_assertion.py::test_filter_on_attributes_with_missing_name_format PASSED [ 42%] tests/test_20_assertion.py::test_lifetime_1 PASSED [ 42%] tests/test_20_assertion.py::test_lifetime_2 PASSED [ 42%] tests/test_20_assertion.py::test_ava_filter_1 PASSED [ 43%] tests/test_20_assertion.py::test_ava_filter_2 PASSED [ 43%] tests/test_20_assertion.py::test_ava_filter_dont_fail PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_0 PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_1 PASSED [ 43%] tests/test_20_assertion.py::test_filter_attribute_value_assertions_2 PASSED [ 43%] tests/test_20_assertion.py::test_assertion_1 PASSED [ 43%] tests/test_20_assertion.py::test_assertion_2 PASSED [ 43%] tests/test_20_assertion.py::test_filter_values_req_2 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_3 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_4 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_5 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_6 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_0 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_1 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_2 PASSED [ 44%] tests/test_20_assertion.py::test_filter_values_req_opt_4 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_0 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_1 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_2 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_3 PASSED [ 45%] tests/test_20_assertion.py::test_filter_ava_4 PASSED [ 45%] tests/test_20_assertion.py::test_req_opt PASSED [ 45%] tests/test_20_assertion.py::test_filter_on_wire_representation_1 PASSED [ 45%] tests/test_20_assertion.py::test_filter_on_wire_representation_2 PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_noop_attribute_conv PASSED [ 46%] tests/test_20_assertion.py::test_filter_ava_5 PASSED [ 46%] tests/test_20_assertion.py::test_filter_ava_registration_authority_1 PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_zero_attributes PASSED [ 46%] tests/test_20_assertion.py::test_assertion_with_authn_instant PASSED [ 46%] tests/test_20_assertion.py::test_attribute_producer_should_default_to_uri PASSED [ 46%] tests/test_20_assertion.py::test_attribute_consumer_should_default_to_unspecified PASSED [ 47%] tests/test_22_mdie.py::test_construct_contact PASSED [ 47%] tests/test_30_mdstore.py::test_invalid_metadata PASSED [ 47%] tests/test_30_mdstore.py::test_empty_metadata PASSED [ 47%] tests/test_30_mdstore.py::test_swami_1 PASSED [ 47%] tests/test_30_mdstore.py::test_incommon_1 PASSED [ 47%] tests/test_30_mdstore.py::test_ext_2 PASSED [ 47%] tests/test_30_mdstore.py::test_example PASSED [ 47%] tests/test_30_mdstore.py::test_switch_1 PASSED [ 48%] tests/test_30_mdstore.py::test_metadata_file PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_service PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_service_request_timeout PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_single_sign_on_service PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_metadata_freshness_period_not_expired PASSED [ 48%] tests/test_30_mdstore.py::test_mdx_metadata_freshness_period_expired PASSED [ 48%] tests/test_30_mdstore.py::test_load_local_dir PASSED [ 48%] tests/test_30_mdstore.py::test_load_extern_incommon PASSED [ 49%] tests/test_30_mdstore.py::test_load_local PASSED [ 49%] tests/test_30_mdstore.py::test_load_remote_encoding PASSED [ 49%] tests/test_30_mdstore.py::test_load_string PASSED [ 49%] tests/test_30_mdstore.py::test_get_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_unnamed_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_named_certs_from_metadata PASSED [ 49%] tests/test_30_mdstore.py::test_get_certs_from_metadata_without_keydescriptor PASSED [ 49%] tests/test_30_mdstore.py::test_metadata_extension_algsupport PASSED [ 50%] tests/test_30_mdstore.py::test_supported_algorithms PASSED [ 50%] tests/test_30_mdstore.py::test_registration_info PASSED [ 50%] tests/test_30_mdstore.py::test_registration_info_no_policy PASSED [ 50%] tests/test_30_mdstore.py::test_subject_id_requirement PASSED [ 50%] tests/test_30_mdstore.py::test_extension PASSED [ 50%] tests/test_30_mdstore.py::test_shibmd_scope_no_regex_no_descriptor_type PASSED [ 50%] tests/test_30_mdstore.py::test_shibmd_scope_no_regex_all_descriptors PASSED [ 50%] tests/test_30_mdstore_old.py::test_swami_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_incommon_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_ext_2 PASSED [ 51%] tests/test_30_mdstore_old.py::test_example PASSED [ 51%] tests/test_30_mdstore_old.py::test_switch_1 PASSED [ 51%] tests/test_30_mdstore_old.py::test_metadata_file PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_local_dir PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_external PASSED [ 51%] tests/test_30_mdstore_old.py::test_load_string PASSED [ 52%] tests/test_31_config.py::test_1 PASSED [ 52%] tests/test_31_config.py::test_2 PASSED [ 52%] tests/test_31_config.py::test_minimum PASSED [ 52%] tests/test_31_config.py::test_idp_1 PASSED [ 52%] tests/test_31_config.py::test_idp_2 PASSED [ 52%] tests/test_31_config.py::test_wayf PASSED [ 52%] tests/test_31_config.py::test_conf_syslog PASSED [ 52%] tests/test_31_config.py::test_3 PASSED [ 53%] tests/test_31_config.py::test_sp PASSED [ 53%] tests/test_31_config.py::test_dual PASSED [ 53%] tests/test_31_config.py::test_ecp PASSED [ 53%] tests/test_31_config.py::test_assertion_consumer_service PASSED [ 53%] tests/test_31_config.py::test_crypto_backend PASSED [ 53%] tests/test_31_config.py::test_unset_force_authn PASSED [ 53%] tests/test_31_config.py::test_set_force_authn PASSED [ 54%] tests/test_32_cache.py::TestClass::test_set PASSED [ 54%] tests/test_32_cache.py::TestClass::test_add_ava_info PASSED [ 54%] tests/test_32_cache.py::TestClass::test_from_one_target_source PASSED [ 54%] tests/test_32_cache.py::TestClass::test_entities PASSED [ 54%] tests/test_32_cache.py::TestClass::test_remove_info PASSED [ 54%] tests/test_32_cache.py::TestClass::test_active PASSED [ 54%] tests/test_32_cache.py::TestClass::test_subjects PASSED [ 54%] tests/test_32_cache.py::TestClass::test_second_subject PASSED [ 55%] tests/test_32_cache.py::TestClass::test_receivers PASSED [ 55%] tests/test_32_cache.py::TestClass::test_timeout PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_2 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_transient_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_vo_1 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_vo_2 PASSED [ 55%] tests/test_33_identifier.py::TestIdentifier::test_persistent_nameid PASSED [ 56%] tests/test_33_identifier.py::TestIdentifier::test_transient_nameid PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_add_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_extend_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_add_another_person PASSED [ 56%] tests/test_34_population.py::TestPopulationMemoryBased::test_modify_person PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_set_get_1 PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_set_get_2 PASSED [ 56%] tests/test_36_mdbcache.py::TestMongoDBCache::test_remove PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_subjects PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_identity PASSED [ 57%] tests/test_36_mdbcache.py::TestMongoDBCache::test_remove_2 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava2 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava3 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava4 PASSED [ 57%] tests/test_37_entity_categories.py::test_filter_ava5 PASSED [ 58%] tests/test_37_entity_categories.py::test_idp_policy_filter PASSED [ 58%] tests/test_37_entity_categories.py::test_entity_category_import_from_path PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_required_attributes_with_no_friendly_name PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_esi_coco PASSED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_anonymous_access SKIPPED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_pseudonymous_access SKIPPED [ 58%] tests/test_37_entity_categories.py::test_filter_ava_refeds_personalized_access SKIPPED [ 58%] tests/test_38_metadata_filter.py::test_swamid_sp PASSED [ 59%] tests/test_38_metadata_filter.py::test_swamid_idp PASSED [ 59%] tests/test_39_metadata.py::test_requested_attribute_name_format PASSED [ 59%] tests/test_39_metadata.py::test_signed_metadata_proper_str_bytes_handling FAILED [ 59%] tests/test_39_metadata.py::test_cert_trailing_newlines_ignored PASSED [ 59%] tests/test_39_metadata.py::test_invalid_cert_raises_error PASSED [ 59%] tests/test_40_sigver.py::test_cert_from_instance_1 PASSED [ 59%] tests/test_40_sigver.py::test_cert_from_instance_ssp SKIPPED (pyasn1 is not installed) [ 60%] tests/test_40_sigver.py::TestSecurity::test_verify_1 PASSED [ 60%] tests/test_40_sigver.py::TestSecurity::test_non_verify_1 PASSED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_assertion FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_assertion FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_response FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_response FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_response_2 FAILED [ 60%] tests/test_40_sigver.py::TestSecurity::test_sign_verify FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_sign_verify_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_sign_verify_assertion_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurity::test_exception_sign_verify_with_cert_from_instance FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_verify_1 PASSED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_non_verify_1 PASSED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_assertion FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_assertion FAILED [ 61%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_response FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response_2 FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_assertion_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_exception_sign_verify_with_cert_from_instance FAILED [ 62%] tests/test_40_sigver.py::test_xbox FAILED [ 62%] tests/test_40_sigver.py::test_xbox_non_ascii_ava FAILED [ 63%] tests/test_40_sigver.py::test_okta PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_err PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_err_non_ascii_ava PASSED [ 63%] tests/test_40_sigver.py::test_sha256_signing PASSED [ 63%] tests/test_40_sigver.py::test_sha256_signing_non_ascii_ava PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_output_line_parsing PASSED [ 63%] tests/test_40_sigver.py::test_xmlsec_v1_3_x_output_line_parsing PASSED [ 63%] tests/test_40_sigver.py::test_cert_trailing_newlines_ignored PASSED [ 64%] tests/test_40_sigver.py::test_invalid_cert_raises_error PASSED [ 64%] tests/test_40_sigver.py::test_der_certificate_loading PASSED [ 64%] tests/test_41_response.py::TestResponse::test_1 ERROR [ 64%] tests/test_41_response.py::TestResponse::test_2 ERROR [ 64%] tests/test_41_response.py::TestResponse::test_issuer_none ERROR [ 64%] tests/test_41_response.py::TestResponse::test_false_sign ERROR [ 64%] tests/test_41_response.py::TestResponse::test_other_response ERROR [ 64%] tests/test_42_enc.py::test_pre_enc_key_format PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_pregenerated_key PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_generated_key PASSED [ 65%] tests/test_42_enc.py::test_pre_enc_with_named_key PASSED [ 65%] tests/test_42_enc.py::test_reshuffle_response PASSED [ 65%] tests/test_42_enc.py::test_enc1 PASSED [ 65%] tests/test_42_enc.py::test_enc2 PASSED [ 65%] tests/test_43_soap.py::test_parse_soap_envelope PASSED [ 65%] tests/test_43_soap.py::test_make_soap_envelope PASSED [ 66%] tests/test_43_soap.py::test_parse_soap_enveloped_saml_thingy_xxe PASSED [ 66%] tests/test_43_soap.py::test_class_instances_from_soap_enveloped_saml_thingies_xxe PASSED [ 66%] tests/test_43_soap.py::test_open_soap_envelope_xxe PASSED [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_1 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_signed_1 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_parse_2 ERROR [ 66%] tests/test_44_authnresp.py::TestAuthnResponse::test_verify_w_authn ERROR [ 67%] tests/test_44_authnresp.py::TestAuthnResponse::test_unpack_nested_eptid ERROR [ 67%] tests/test_44_authnresp.py::TestAuthnResponse::test_multiple_attribute_statement ERROR [ 67%] tests/test_50_server.py::TestServer1::test_issuer PASSED [ 67%] tests/test_50_server.py::TestServer1::test_assertion PASSED [ 67%] tests/test_50_server.py::TestServer1::test_response PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_faulty_request PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_faulty_request_to_err_status PASSED [ 67%] tests/test_50_server.py::TestServer1::test_parse_ok_request PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_with_identity PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_without_identity PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_response_specific_instant PASSED [ 68%] tests/test_50_server.py::TestServer1::test_sso_failure_response PASSED [ 68%] tests/test_50_server.py::TestServer1::test_authn_response_0 PASSED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response FAILED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response_1 FAILED [ 68%] tests/test_50_server.py::TestServer1::test_signed_response_2 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_signed_response_3 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_1 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_2 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_3 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_signed_response_4 FAILED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_1 PASSED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_2 PASSED [ 69%] tests/test_50_server.py::TestServer1::test_encrypted_response_3 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_4 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_5 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_6 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_7 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_8 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_encrypted_response_9 PASSED [ 70%] tests/test_50_server.py::TestServer1::test_slo_http_post PASSED [ 70%] tests/test_50_server.py::TestServer1::test_slo_soap PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_issuer PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_assertion PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_response PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_faulty_request PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_faulty_request_to_err_status PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_parse_ok_request PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_with_identity PASSED [ 71%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_without_identity PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_response_specific_instant PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_sso_failure_response PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_authn_response_0 PASSED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_1 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_2 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_3 FAILED [ 72%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_1 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_2 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_3 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_4 FAILED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_1 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_2 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_3 PASSED [ 73%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_4 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_5 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_7 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_8 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_9 PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_http_post PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_soap PASSED [ 74%] tests/test_50_server.py::TestServer1NonAsciiAva::test_slo_soap_signed PASSED [ 75%] tests/test_50_server.py::TestServer2::test_do_attribute_reponse PASSED [ 75%] tests/test_50_server.py::TestServerLogout::test_1 PASSED [ 75%] tests/test_50_server.py::TestServerLogout::test_2 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query1 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query2 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_attribute_query_3 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_auth_request_0 PASSED [ 75%] tests/test_51_client.py::TestClient::test_create_auth_request_requested_attributes PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_unset_force_authn_by_default PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_not_true_or_1 PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_true PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_1 PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_nameid_policy_allow_create PASSED [ 76%] tests/test_51_client.py::TestClient::test_create_auth_request_vo PASSED [ 76%] tests/test_51_client.py::TestClient::test_sign_auth_request_0 FAILED [ 76%] tests/test_51_client.py::TestClient::test_logout_response FAILED [ 77%] tests/test_51_client.py::TestClient::test_create_logout_request PASSED [ 77%] tests/test_51_client.py::TestClient::test_response_1 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_2 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_3 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_4 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_5 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_6 FAILED [ 77%] tests/test_51_client.py::TestClient::test_response_7 FAILED [ 78%] tests/test_51_client.py::TestClient::test_response_8 FAILED [ 78%] tests/test_51_client.py::TestClient::test_response_no_name_id PASSED [ 78%] tests/test_51_client.py::TestClient::test_init_values PASSED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 FAILED [ 78%] tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 FAILED [ 78%] tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect FAILED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_passes_if_needs_signed_requests PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_received_unsigned PASSED [ 79%] tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_sigalg_not_matches PASSED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_signed_redirect FAILED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid FAILED [ 79%] tests/test_51_client.py::TestClient::test_do_logout_post FAILED [ 80%] tests/test_51_client.py::TestClient::test_do_logout_redirect_no_cache PASSED [ 80%] tests/test_51_client.py::TestClient::test_do_logout_session_expired FAILED [ 80%] tests/test_51_client.py::TestClient::test_signature_wants FAILED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query1 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query2 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query_3 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_0 PASSED [ 80%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_unset_force_authn PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_set_force_authn PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_nameid_policy_allow_create PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_vo PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_create_logout_request PASSED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 FAILED [ 81%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 FAILED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_no_name_id PASSED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status PASSED [ 82%] tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status_non_standard_status_code PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_init_values PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2 FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_signed_redirect PASSED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect FAILED [ 83%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post FAILED [ 84%] tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired FAILED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_authn PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_negotiated_authn PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_do_attribute_query PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_logout_1 PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_post_sso PASSED [ 84%] tests/test_51_client.py::TestClientWithDummy::test_negotiated_post_sso PASSED [ 84%] tests/test_51_client.py::TestClientNoConfigContext::test_logout_1 PASSED [ 85%] tests/test_51_client.py::test_parse_soap_enveloped_saml_xxe PASSED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response FAILED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 FAILED [ 85%] tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_2 PASSED [ 85%] tests/test_60_sp.py::TestSP::test_setup SKIPPED (s2repoze dependencies not installed) [ 85%] tests/test_60_sp.py::TestSP::test_identify SKIPPED (s2repoze dependencies not installed) [ 85%] tests/test_62_vo.py::TestVirtualOrg::test_mta PASSED [ 85%] tests/test_62_vo.py::TestVirtualOrg::test_unknown_subject PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg::test_id PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg::test_id_unknown PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_mta PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_unknown_subject PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_id PASSED [ 86%] tests/test_62_vo.py::TestVirtualOrg_2::test_id_unknown PASSED [ 86%] tests/test_63_ecp.py::test_complete_flow PASSED [ 87%] tests/test_64_artifact.py::test_create_artifact PASSED [ 87%] tests/test_64_artifact.py::test_create_artifact_resolve PASSED [ 87%] tests/test_64_artifact.py::test_artifact_flow PASSED [ 87%] tests/test_65_authn_query.py::test_basic PASSED [ 87%] tests/test_65_authn_query.py::test_flow PASSED [ 87%] tests/test_66_name_id_mapping.py::test_base_request PASSED [ 87%] tests/test_66_name_id_mapping.py::test_request_response PASSED [ 87%] tests/test_67_manage_name_id.py::test_basic PASSED [ 88%] tests/test_67_manage_name_id.py::test_flow PASSED [ 88%] tests/test_68_assertion_id.py::test_basic_flow PASSED [ 88%] tests/test_69_discovery.py::test_verify PASSED [ 88%] tests/test_69_discovery.py::test_construct_0 PASSED [ 88%] tests/test_69_discovery.py::test_construct_1 PASSED [ 88%] tests/test_69_discovery.py::test_construct_deconstruct_request PASSED [ 88%] tests/test_69_discovery.py::test_construct_deconstruct_response PASSED [ 88%] tests/test_70_redirect_signing.py::test FAILED [ 89%] tests/test_71_authn_request.py::test_authn_request_with_acs_by_index PASSED [ 89%] tests/test_72_eptid.py::test_eptid PASSED [ 89%] tests/test_72_eptid.py::test_eptid_shelve PASSED [ 89%] tests/test_75_mongodb.py::test_flow PASSED [ 89%] tests/test_75_mongodb.py::test_eptid_mongo_db PASSED [ 89%] tests/test_76_metadata_in_mdb.py::test_metadata PASSED [ 89%] tests/test_77_authn_context.py::test_passwd PASSED [ 89%] tests/test_77_authn_context.py::test_factory PASSED [ 90%] tests/test_77_authn_context.py::test_authn_decl_in_authn_context PASSED [ 90%] tests/test_77_authn_context.py::test_authn_1 PASSED [ 90%] tests/test_77_authn_context.py::test_authn_2 PASSED [ 90%] tests/test_77_authn_context.py::test_authn_3 PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_expire PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_passphrase PASSED [ 90%] tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert PASSED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_sp_type_true PASSED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_sp_type_false PASSED [ 91%] tests/test_83_md_extensions.py::TestMDExt::test_entity_attributes PASSED [ 91%] tests/test_88_nsprefix.py::test_nsprefix PASSED [ 91%] tests/test_88_nsprefix.py::test_nsprefix2 PASSED [ 91%] tests/test_89_http_post_relay_state.py::test_relay_state PASSED [ 91%] tests/test_92_aes.py::TestAES::test_aes_defaults PASSED [ 91%] tests/test_92_aes.py::TestAES::test_aes_128_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_128_cfb PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_192_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_192_cfb PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_256_cbc PASSED [ 92%] tests/test_92_aes.py::TestAES::test_aes_256_cfb PASSED [ 92%] tests/test_93_hok.py::TestHolderOfKeyResponse::test_valid_hok_response_is_parsed PASSED [ 92%] tests/test_93_hok.py::TestHolderOfKeyResponse::test_invalid_hok_response_fails_verification PASSED [ 92%] tests/test_94_read_cert.py::test_read_single_cert PASSED [ 93%] tests/test_94_read_cert.py::test_read_cert_chain PASSED [ 93%] tests/test_94_read_cert.py::test_read_cert_chain_with_linebreaks PASSED [ 93%] tests/test_schema_validator.py::test_invalid_saml_metadata_doc[invalid_metadata_file.xml] PASSED [ 93%] tests/test_schema_validator.py::test_invalid_saml_metadata_doc[empty_metadata_file.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[InCommon-metadata.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp.xml] PASSED [ 93%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_2.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_aa.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_all.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_example.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_soap.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re_nren.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_rs.xml] PASSED [ 94%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_sfs_hei.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_esi_and_coco_sp.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_no_friendly_name_sp.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[extended.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_slo_redirect.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_uiinfo.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.aaitest.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.xml] PASSED [ 95%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_cert.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_example.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1_no_encryption.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_2.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[metasp.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[pdp_meta.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[servera.xml] PASSED [ 96%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp_slo_redirect.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[urn-mace-swami.se-swamid-test-1.0-metadata.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[uu.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_metadata_doc[vo_metadata.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[attribute_response.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[okta_response.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[simplesamlphp_authnresponse.xml] PASSED [ 97%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml2_response.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_false_signed.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok_invalid.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_signed.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_response_doc[saml_unsigned.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_saml_partial_doc[encrypted_attribute_statement.xml] PASSED [ 98%] tests/test_schema_validator.py::test_valid_eidas_saml_response_doc[eidas_response.xml] PASSED [ 98%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_response_with_hmac_should_fail PASSED [ 99%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_hmac_should_fail PASSED [ 99%] tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored FAILED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_wrapper_should_fail PASSED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_extensions_should_fail PASSED [ 99%] tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_assertion_should_fail PASSED [ 99%] tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_assertion_first_sig_should_fail PASSED [ 99%] tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_response_first_sig_should_fail PASSED [100%] ==================================== ERRORS ==================================== ____________________ ERROR at setup of TestResponse.test_1 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=429b9b8b0a96705961e1e64860b13d51e4560b424879b9a0c26f31fee5c52838urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yYqWOPFtyty3gZm9Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpezmm6fhv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpezmm6fhv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=429b9b8b0a96705961e1e64860b13d51e4560b424879b9a0c26f31fee5c52838urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yYqWOPFtyty3gZm9Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yYqWOPFtyty3gZm9Y', '--output', '/tmp/tmph4oa5j7r.xml', '/tmp/tmpezmm6fhv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log setup ------------------------------ ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpezmm6fhv.xml" output= ____________________ ERROR at setup of TestResponse.test_2 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=429b9b8b0a96705961e1e64860b13d51e4560b424879b9a0c26f31fee5c52838urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yYqWOPFtyty3gZm9Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpezmm6fhv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpezmm6fhv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=429b9b8b0a96705961e1e64860b13d51e4560b424879b9a0c26f31fee5c52838urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yYqWOPFtyty3gZm9Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yYqWOPFtyty3gZm9Y', '--output', '/tmp/tmph4oa5j7r.xml', '/tmp/tmpezmm6fhv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _______________ ERROR at setup of TestResponse.test_issuer_none ________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=429b9b8b0a96705961e1e64860b13d51e4560b424879b9a0c26f31fee5c52838urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yYqWOPFtyty3gZm9Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpezmm6fhv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpezmm6fhv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=429b9b8b0a96705961e1e64860b13d51e4560b424879b9a0c26f31fee5c52838urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yYqWOPFtyty3gZm9Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yYqWOPFtyty3gZm9Y', '--output', '/tmp/tmph4oa5j7r.xml', '/tmp/tmpezmm6fhv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ________________ ERROR at setup of TestResponse.test_false_sign ________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=429b9b8b0a96705961e1e64860b13d51e4560b424879b9a0c26f31fee5c52838urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yYqWOPFtyty3gZm9Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpezmm6fhv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpezmm6fhv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=429b9b8b0a96705961e1e64860b13d51e4560b424879b9a0c26f31fee5c52838urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yYqWOPFtyty3gZm9Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yYqWOPFtyty3gZm9Y', '--output', '/tmp/tmph4oa5j7r.xml', '/tmp/tmpezmm6fhv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ______________ ERROR at setup of TestResponse.test_other_response ______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=429b9b8b0a96705961e1e64860b13d51e4560b424879b9a0c26f31fee5c52838urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yYqWOPFtyty3gZm9Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpezmm6fhv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpezmm6fhv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server("idp_conf")) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, in_response_to="id12", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=name_id, sign_assertion=True, ) tests/test_41_response.py:53: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=429b9b8b0a96705961e1e64860b13d51e4560b424879b9a0c26f31fee5c52838urn:mace:example.com:saml:roland:spstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-yYqWOPFtyty3gZm9Y' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yYqWOPFtyty3gZm9Y', '--output', '/tmp/tmph4oa5j7r.xml', '/tmp/tmpezmm6fhv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ______________ ERROR at setup of TestAuthnResponse.test_verify_1 _______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpbzcu8bgm.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpbzcu8bgm.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log setup ------------------------------ ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpbzcu8bgm.xml" output= ___________ ERROR at setup of TestAuthnResponse.test_verify_signed_1 ___________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpbzcu8bgm.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpbzcu8bgm.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _______________ ERROR at setup of TestAuthnResponse.test_parse_2 _______________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpbzcu8bgm.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpbzcu8bgm.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ___________ ERROR at setup of TestAuthnResponse.test_verify_w_authn ____________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpbzcu8bgm.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpbzcu8bgm.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError _________ ERROR at setup of TestAuthnResponse.test_unpack_nested_eptid _________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpbzcu8bgm.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpbzcu8bgm.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ____ ERROR at setup of TestAuthnResponse.test_multiple_attribute_statement _____ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpbzcu8bgm.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpbzcu8bgm.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN, ) > self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN, ) tests/test_44_authnresp.py:48: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114010866723a50d5988abeda4af980401e95edbee21aaff1c7a9ca302c0ed3furn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginstaffmemberJeterDerekfoo@gmail.comshortstop' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KkjcUdkjng1Ncopc9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError =================================== FAILURES =================================== ________________ test_signed_metadata_proper_str_bytes_handling ________________ self = statement = 'MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==Rolands SP' node_name = 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = None def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', ...] extra_args = ['/tmp/tmp934zbez3.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp934zbez3.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_signed_metadata_proper_str_bytes_handling(): sp_conf_2 = sp_conf.copy() sp_conf_2["key_file"] = full_path("test.key") sp_conf_2["cert_file"] = full_path("inc-md-cert.pem") # requires xmlsec binaries per https://pysaml2.readthedocs.io/en/latest/examples/sp.html sp_conf_2["xmlsec_binary"] = sigver.get_xmlsec_binary(["/opt/local/bin"]) cnf = SPConfig().load(sp_conf_2) # This will raise TypeError if string/bytes handling is not correct > sp_metadata = create_metadata_string("", config=cnf, sign=True) tests/test_39_metadata.py:66: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/metadata.py:118: in create_metadata_string eid, xmldoc = sign_entity_descriptor(eid, mid, secc, sign_alg, digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/metadata.py:851: in sign_entity_descriptor xmldoc = secc.sign_statement(f"{edesc}", class_name(edesc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNpZ25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSpg4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQKCNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcATPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0moC1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2VWOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWqDh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==Rolands SP' node_name = 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = None def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', '--output', '/tmp/tmp5yeoh0ub.xml', '/tmp/tmp934zbez3.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; issuer=/C=US/O=InCommon LLC/CN=InCommon Federation Metadata Signing Key; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp934zbez3.xml" output= _______________________ TestSecurity.test_sign_assertion _______________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp_95jezrp.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp_95jezrp.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_assertion(self): ass = self._assertion print(ass) > sign_ass = self.sec.sign_assertion(f"{ass}", node_id=ass.id) tests/test_40_sigver.py:186: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1710: in sign_assertion return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp_txx3htj.xml', '/tmp/tmp_95jezrp.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp_95jezrp.xml" output= _______________ TestSecurity.test_multiple_signatures_assertion ________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp1r72rk4s.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1r72rk4s.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_assertion(self): ass = self._assertion # basic test with two of the same to_sign = [(ass, ass.id), (ass, ass.id)] > sign_ass = self.sec.multiple_signatures(str(ass), to_sign) tests/test_40_sigver.py:205: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpf821s9k2.xml', '/tmp/tmp1r72rk4s.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1r72rk4s.xml" output= ________________ TestSecurity.test_multiple_signatures_response ________________ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp82jj2gmy.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp82jj2gmy.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) # order is important, we can't validate if the signatures are made # in the reverse order to_sign = [(self._assertion, self._assertion.id), (response, response.id)] > s_response = self.sec.multiple_signatures(str(response), to_sign) tests/test_40_sigver.py:233: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpd7sxw1bw.xml', '/tmp/tmp82jj2gmy.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp82jj2gmy.xml" output= _______________________ TestSecurity.test_sign_response ________________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpp776kwte.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpp776kwte.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:270: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpi0ahth0k.xml', '/tmp/tmpp776kwte.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpp776kwte.xml" output= ______________________ TestSecurity.test_sign_response_2 _______________________ self = statement = b'the-isser-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpeebowlq7.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpeebowlq7.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response_2(self): assertion2 = factory( saml.Assertion, version="2.0", id="id-11122", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11122", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Fox", ""), ("name:givenName", "nameformat", "givenName"): ("Bear", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser-2"), status=success_status_factory(), assertion=assertion2, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(assertion2), assertion2.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:314: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isser-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmpkedw5d95.xml', '/tmp/tmpeebowlq7.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpeebowlq7.xml" output= ________________________ TestSecurity.test_sign_verify _________________________ self = statement = b'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpusnkeqao.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpusnkeqao.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify(self): response = factory( samlp.Response, assertion=self._assertion, id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:341: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpn3apazzk.xml', '/tmp/tmpusnkeqao.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpusnkeqao.xml" output= ____________ TestSecurity.test_sign_verify_with_cert_from_instance _____________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp3sb6hfhg.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp3sb6hfhg.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_with_cert_from_instance(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:363: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpfn40v8vv.xml', '/tmp/tmp3sb6hfhg.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp3sb6hfhg.xml" output= _______ TestSecurity.test_sign_verify_assertion_with_cert_from_instance ________ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp9l2ied3f.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp9l2ied3f.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_assertion_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11100", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Fox", ""), ("name:givenName", "nameformat", "givenName"): ("Bear", ""), } ), ) to_sign = [(class_name(assertion), assertion.id)] > s_assertion = sigver.signed_instance_factory(assertion, self.sec, to_sign) tests/test_40_sigver.py:395: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FoxBear' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmp50uam5a9.xml', '/tmp/tmp9l2ied3f.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp9l2ied3f.xml" output= _______ TestSecurity.test_exception_sign_verify_with_cert_from_instance ________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp98h877w0.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp98h877w0.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_exception_sign_verify_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Foo", ""), ("name:givenName", "nameformat", "givenName"): ("Bar", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:436: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpiejbkdxr.xml', '/tmp/tmp98h877w0.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp98h877w0.xml" output= _________________ TestSecurityNonAsciiAva.test_sign_assertion __________________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpam0zjcuc.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpam0zjcuc.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_assertion(self): ass = self._assertion print(ass) > sign_ass = self.sec.sign_assertion(f"{ass}", node_id=ass.id) tests/test_40_sigver.py:491: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1710: in sign_assertion return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp356hi10k.xml', '/tmp/tmpam0zjcuc.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpam0zjcuc.xml" output= __________ TestSecurityNonAsciiAva.test_multiple_signatures_assertion __________ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmplsjcudn7.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmplsjcudn7.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_assertion(self): ass = self._assertion # basic test with two of the same to_sign = [(ass, ass.id), (ass, ass.id)] > sign_ass = self.sec.multiple_signatures(str(ass), to_sign) tests/test_40_sigver.py:511: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpi5x8d7g9.xml', '/tmp/tmplsjcudn7.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmplsjcudn7.xml" output= __________ TestSecurityNonAsciiAva.test_multiple_signatures_response ___________ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpvzltvdqc.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpvzltvdqc.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_multiple_signatures_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) # order is important, we can't validate if the signatures are made # in the reverse order to_sign = [(self._assertion, self._assertion.id), (response, response.id)] > s_response = self.sec.multiple_signatures(str(response), to_sign) tests/test_40_sigver.py:539: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1751: in multiple_signatures statement = self.sign_statement( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmppr85y7fc.xml', '/tmp/tmpvzltvdqc.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpvzltvdqc.xml" output= __________________ TestSecurityNonAsciiAva.test_sign_response __________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpnvz9njma.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpnvz9njma.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:576: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpatqvo8p2.xml', '/tmp/tmpnvz9njma.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpnvz9njma.xml" output= _________________ TestSecurityNonAsciiAva.test_sign_response_2 _________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmphck5s0za.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmphck5s0za.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_response_2(self): assertion2 = factory( saml.Assertion, version="2.0", id="id-11122", issuer=saml.Issuer(text="the-issuer-2"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11122", self.sec.my_cert), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Räv", ""), ("name:givenName", "nameformat", "givenName"): ("Björn", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion2, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(assertion2), assertion2.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuer-2MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11122' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmpid9212no.xml', '/tmp/tmphck5s0za.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmphck5s0za.xml" output= ___________________ TestSecurityNonAsciiAva.test_sign_verify ___________________ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpvbwmzsas.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpvbwmzsas.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22233", signature=sigver.pre_signature_part("id-22233", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:648: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmprwclnvup.xml', '/tmp/tmpvbwmzsas.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpvbwmzsas.xml" output= _______ TestSecurityNonAsciiAva.test_sign_verify_with_cert_from_instance _______ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpegoswpjl.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpegoswpjl.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_with_cert_from_instance(self): response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=self._assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(self._assertion), self._assertion.id), (class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:670: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=F\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpy16qqz_a.xml', '/tmp/tmpegoswpjl.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpegoswpjl.xml" output= __ TestSecurityNonAsciiAva.test_sign_verify_assertion_with_cert_from_instance __ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp8lhs2dn2.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp8lhs2dn2.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_verify_assertion_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11100", self.sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Räv", ""), ("name:givenName", "nameformat", "givenName"): ("Björn", ""), } ), ) to_sign = [(class_name(assertion), assertion.id)] > s_assertion = sigver.signed_instance_factory(assertion, self.sec, to_sign) tests/test_40_sigver.py:702: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-issuerMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=R\xc3\xa4vBj\xc3\xb6rn' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11100' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmpxlipmpem.xml', '/tmp/tmp8lhs2dn2.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp8lhs2dn2.xml" output= __ TestSecurityNonAsciiAva.test_exception_sign_verify_with_cert_from_instance __ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerF\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp2ho9p29x.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp2ho9p29x.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_exception_sign_verify_with_cert_from_instance(self): assertion = factory( saml.Assertion, version="2.0", id="id-11100", issuer=saml.Issuer(text="the-issuer"), issue_instant="2009-10-30T13:20:28Z", attribute_statement=do_attribute_statement( { ("name:surName", "nameformat", "surName"): ("Föö", ""), ("name:givenName", "nameformat", "givenName"): ("Bär", ""), } ), ) response = factory( samlp.Response, issuer=saml.Issuer(text="the-isser"), status=success_status_factory(), assertion=assertion, version="2.0", issue_instant="2099-10-30T13:20:28Z", id="id-22222", signature=sigver.pre_signature_part("id-22222", self.sec.my_cert), ) to_sign = [(class_name(response), response.id)] > s_response = sigver.signed_instance_factory(response, self.sec, to_sign) tests/test_40_sigver.py:743: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'the-isserMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=the-issuerF\xc3\xb6\xc3\xb6B\xc3\xa4r' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-22222' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpz1fhmgix.xml', '/tmp/tmp2ho9p29x.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp2ho9p29x.xml" output= __________________________________ test_xbox ___________________________________ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmprp_t97pp.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmprp_t97pp.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_xbox(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="id-11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("", "", "surName"): ("Foo", ""), ("", "", "givenName"): ("Bar", ""), } ), ) > sigass = sec.sign_statement( assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id, ) tests/test_40_sigver.py:843: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FooBar' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp26rig2yf.xml', '/tmp/tmprp_t97pp.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmprp_t97pp.xml" output= ___________________________ test_xbox_non_ascii_ava ____________________________ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpc3ycxifg.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpc3ycxifg.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: def test_xbox_non_ascii_ava(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="id-11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("id-11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("", "", "surName"): ("Föö", ""), ("", "", "givenName"): ("Bär", ""), } ), ) > sigass = sec.sign_statement( assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id, ) tests/test_40_sigver.py:901: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=FööBär' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-11111' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmps_9rbgjf.xml', '/tmp/tmpc3ycxifg.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpc3ycxifg.xml" output= _______________________ TestServer1.test_signed_response _______________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a511783b7cec922a774f05f4f9d4f5cfac8d8672162bc0cd142f1e5ecbe1537furn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-NlgiixIFqRd9KEZAq' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpe7pjw4hi.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpe7pjw4hi.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_50_server.py:441: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=a511783b7cec922a774f05f4f9d4f5cfac8d8672162bc0cd142f1e5ecbe1537furn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-NlgiixIFqRd9KEZAq' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-NlgiixIFqRd9KEZAq', '--output', '/tmp/tmptjrhiwvl.xml', '/tmp/tmpe7pjw4hi.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpe7pjw4hi.xml" output= ______________________ TestServer1.test_signed_response_1 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-vzA4e0yxOLJdGsHiN' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpjy6y3wwx.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpjy6y3wwx.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_50_server.py:464: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-vzA4e0yxOLJdGsHiN' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-vzA4e0yxOLJdGsHiN', '--output', '/tmp/tmpq5zwwrud.xml', '/tmp/tmpjy6y3wwx.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpjy6y3wwx.xml" output= ______________________ TestServer1.test_signed_response_2 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ruc2yCTlBDhSpcCoo' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpujga8xj9.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpujga8xj9.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_2(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, ) tests/test_50_server.py:495: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ruc2yCTlBDhSpcCoo' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-ruc2yCTlBDhSpcCoo', '--output', '/tmp/tmp9fqwhyyu.xml', '/tmp/tmpujga8xj9.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpujga8xj9.xml" output= ______________________ TestServer1.test_signed_response_3 ______________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-uvIUygvIFAasZMLQa' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpezvd2qia.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpezvd2qia.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_3(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=True, ) tests/test_50_server.py:519: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-uvIUygvIFAasZMLQa' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uvIUygvIFAasZMLQa', '--output', '/tmp/tmpmp0me1ca.xml', '/tmp/tmpezvd2qia.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpezvd2qia.xml" output= _________________ TestServer1.test_encrypted_signed_response_1 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjQ4WhcNMzQxMDI3MTAzNjQ4WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEArE1sflLd/JLquQcAOyBfQaC5P/e8geXITH3ftxIWKQ8pjIDdHfrWPbKG\nsqNH6ozDrDqDqiTc7XRfnuvcRJbRfFGzle4f5f3pCRQipOXdTc+OUjJh9vXW9Mhp\nmxMnV4eckifBcjW4/jUz4sgNOwWNPrmrIVScvyBDJhTD8Z0HH7HasYf3G945dhnU\np7PfIFVZOE+UaHoqyKbxO4uwnsT3zH5yYQGAvLm4fQj4SF7AmmiKB5Ol0UxocqeN\nH2AtZMJ0UZ//ziTMZiHuVriYzUXyIXa9FXkdSAy8aUWoMBASA73XuNl6rHcyPErA\nEYw5hHORjBP/4jTWAzAM5OkMSy/zswIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAEY3\nubgd9bFZD2OzRTLH9fzVtRJdDjq9iR01JCeiyfBUbBaRjnoVdUzIvcOKllH16cGZ\nay3uQd0WR/tzo24s6npcZ6IoDKbi3HUwKnq1kTTZjHTtsAkfohloYg8KutsGKOnd\nB1HvYirRD7GTzG2wxyVIyjxqwgs2XctHcZpyAka3AsWzrxmX7oyiPpCda3kEyDlmAYw1i1JFQmPvUb7RxdZiwEcw5X3ssHz4pDaGQWfd\nrLKoG5uhedbESvFl22G9kn+BRbO8G6AAIAXOOD5tl+X1af/Z2lp/ow8OagczB64U\n0g0J2t+a7j+FTk0y1KSRB/rk5gtZf9ZcwjBq9bK2HjEYrn7BaKa2S/NKsLfwihcE\ndfWd5+r9IziRsbstO4gjSWHtaUrqID4fXvCUZXcNJOl0id+Q7B72+QCAwBYQYzgr\ndz5ewbuvFt4tymHvLQIcsL5G29UmCD6VX+17MiBuZuXWX8TwLI+ALOx0VZNKdWuM\nDNENvGvHKGkR6I2tVrhloA==bOJqRY9+P92xu8DeBTuvKm2S9eSIiQ0gB22++/Y0WFstHkUqWn6BSg9Q37OWwAZz\noPjhtmSKKhPexh2lIu+Sz6QndqlVg/+alg+K77Wa8EU2kbRuSu7bT3BlYtWJjQfG\nU77zG5n0sT3C8rGcPHXm22eAg8pukL5St8Xj2go9rIntNs9EdLnqJqcig/CTUUqK\n1fywfXuI3wyOfCxVv7uhduoZpWlAq4aSLuj5dxBbTUb8Kk8TNX/adowufUMiDERh\nnqfLHEWw5WlmLZdxPxagjchb9khq5m9AsDjCi22cHR0Xwezq6GCQ1kW/IIJ6lstg\nOZDf1wuSFG7vVR4JLNNEqyQIrdJ+1fnSsvmS3l43W9dYggAjP8YD9ZscFeAfUMkx\nZaerDXaMxdb7wqcvzG6QJAyxDqcGjStx90NUzsjwp/kzN2x6oXnCN76T2lYYJc2P\nPJbXNWF0FUlyaCZVqoTmKuKbKXWIfh2IbFO1Dpa0ncMTV1Rfx62dFwarIDN4h3/p\ntR2OsBlyLdoZyEIm4l82zoj/NCsKqHAXJpfpw2rE1FxlC8KIRYTPNSOpQDYrkO0n\n8J0a7fJB5fs0GXYYp6PnaEwVlUvAjr/fdWXQm6M2ylSc+RcN5mkNyP+bXWOCT1vn\nQhf7B3p4UM6mLO3GYvEFv53zansXA1HbpkASdgF27NZrsuhG9DETh0Uh9PTKd0N4\nO8eIbm7C2L78fUmU7V1htRaNHMReVLi40h7bniFcVWCpjSakHbeA2Qn3RjA/zr/s\nusXnRGrTcLBbVB5aEY72aNMhv++KoOU64iwL8/xJ3Bnym2oqO2+hwHKac3/+E/G7\neoeoXSj4Nz+kNesXNBR8Cijir6zsP4C6vUPrps+K9GqNQc2WPP7QbJKnO9qKcb1Y\njfSkky61GYhM2pWQ5tB1gmXqmFCPWhUSO3D5APHGTwnJ9GFxlZXTfTrrTHL3JWhP\ns2Hl0megVjYJDDtMXXpuEDGHbYSBQP313KCQ1NVMw5soRdwveZbFTYEUYeT2jboy\nTAZpt/0n0Na73V46cppgOOoznpqsWuUtpvv+hwNH7RMt3NF8F2JjWYk5464c2jV3\nqwlJalZj2FDB8MAb2y22LVBGpX3cC63psxJ4Esa3cKoypwn2Y/JwDoFvgta5mHZq\nOHYc7d8xMbX68zfVEW73dyzvRT2suMnXLPDMCardJ928va8q2jQoVJwO1rUJVrV9\ndPb4K1W1zvxEYz8Oi0df98BqVvqMIMhjZ4CgGY0bMjbW+Kd8BA5otynYOwq1C2iL\ngWxR6SyQvi5PLujue8zHKXFn0DNr/F0QU3RAcd4UkGIen9CW9e6to+B777X/dWoJ\nj4JkADocPmduLj93bnQLA0JbjDrxii9vKQgeUKJIDEZaTlu9hRqsmZr+3o8YEVHe\nRehahGjWMHRADq4fnRcZ3q2gMUv/erAAzubHd64QkS5wVgOlj0haBV5nOoZbY2LV\njWrhpAfNK9NHgl+bK3aYfw1BuKC6An26fZuIlNE56RnUDSYCIYdH0RghxMbbfdXa\n5DYOve1oFrrGqcd3QMsV6cNhyG1dQZPsizFUuIxNJJH+Pq0ehT+vSHBAH6jlV7CW\np+laD7+U47nCXHAlLN6/OrKEQhyjdvvZhX9S6baduKWQgmYX4PNCRswKNnVtQtPi\n7qDSUhTRzA/WNK5CVnTaXKzuCieOPmmZ4aDLs0KOUShNNmFlpfjT6vitJ8sUhi+r\n/GZOFkGVdLF8zb1So8pcDL/FGZc4SwK3X9sSy4TuhXZT1V+8qulpNB58BG+GWDix\nUh4i1/XAwzBEXeBaIXzeSIBYSllHFJEDQ/uAJbHTSN0d/XK1bDomtSz+fDOAkkKk\ni2Z5NCKFjdd2qFGexp+kKMIWuc/8QTq/URoYpeRbwugOfqUeN8SjzZyBcZv3QZaT\nIdcFJE+o0zkamtQ5NNLXQNq+rsAn16tVeFPDKsk4aMLzY+aTvkhXGgmm9KECu1Gd\nQMP9bs3HWL9zwawBeZ5iTca4W6j/JvTazvB8m06diTaJee5QoL8Ub4o01sP6BQis\nG/xfmxFjLeiMYq1rctOvPN0UU1ecb4ypO0CEWRfF69a7QG8mQ88wxTYbm/VCxKLE\nf2dW5Nit0T12u4lX5uFDIN9FYxb4XOpEgHW1leurAUfuGUA1WnCvmq9Wrw7k0YGK\nflDJ2w3avf9snsRjHZAbrqPFgBWMb8pgWCDpWeiCD+P6abpsSh+PrQGY1BKj7zOR\n0j58VdSFYUhAecNjEFv2PZXGJXgjTmnz+nYDC+0+U7hUh0EmNm5KC0q4byUs4r4F\niBdXUGKRLN/2t5HZQxfVN5FbcmzWMNn0lhKUXl1kL6kdyqNT+IF+09WZPHGHG/ym\npqbE/C1eyPh4+gwxekmVO7Ep9xvGitXyr1eLZIIfvmkO3ucH4W3u7g==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-pSwJ3EHB6Zrql5d66' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpucjiisjg.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpucjiisjg.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_1(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:547: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjQ4WhcNMzQxMDI3MTAzNjQ4WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEArE1sflLd/JLquQcAOyBfQaC5P/e8geXITH3ftxIWKQ8pjIDdHfrWPbKG\nsqNH6ozDrDqDqiTc7XRfnuvcRJbRfFGzle4f5f3pCRQipOXdTc+OUjJh9vXW9Mhp\nmxMnV4eckifBcjW4/jUz4sgNOwWNPrmrIVScvyBDJhTD8Z0HH7HasYf3G945dhnU\np7PfIFVZOE+UaHoqyKbxO4uwnsT3zH5yYQGAvLm4fQj4SF7AmmiKB5Ol0UxocqeN\nH2AtZMJ0UZ//ziTMZiHuVriYzUXyIXa9FXkdSAy8aUWoMBASA73XuNl6rHcyPErA\nEYw5hHORjBP/4jTWAzAM5OkMSy/zswIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAEY3\nubgd9bFZD2OzRTLH9fzVtRJdDjq9iR01JCeiyfBUbBaRjnoVdUzIvcOKllH16cGZ\nay3uQd0WR/tzo24s6npcZ6IoDKbi3HUwKnq1kTTZjHTtsAkfohloYg8KutsGKOnd\nB1HvYirRD7GTzG2wxyVIyjxqwgs2XctHcZpyAka3AsWzrxmX7oyiPpCda3kEyDlmAYw1i1JFQmPvUb7RxdZiwEcw5X3ssHz4pDaGQWfd\nrLKoG5uhedbESvFl22G9kn+BRbO8G6AAIAXOOD5tl+X1af/Z2lp/ow8OagczB64U\n0g0J2t+a7j+FTk0y1KSRB/rk5gtZf9ZcwjBq9bK2HjEYrn7BaKa2S/NKsLfwihcE\ndfWd5+r9IziRsbstO4gjSWHtaUrqID4fXvCUZXcNJOl0id+Q7B72+QCAwBYQYzgr\ndz5ewbuvFt4tymHvLQIcsL5G29UmCD6VX+17MiBuZuXWX8TwLI+ALOx0VZNKdWuM\nDNENvGvHKGkR6I2tVrhloA==bOJqRY9+P92xu8DeBTuvKm2S9eSIiQ0gB22++/Y0WFstHkUqWn6BSg9Q37OWwAZz\noPjhtmSKKhPexh2lIu+Sz6QndqlVg/+alg+K77Wa8EU2kbRuSu7bT3BlYtWJjQfG\nU77zG5n0sT3C8rGcPHXm22eAg8pukL5St8Xj2go9rIntNs9EdLnqJqcig/CTUUqK\n1fywfXuI3wyOfCxVv7uhduoZpWlAq4aSLuj5dxBbTUb8Kk8TNX/adowufUMiDERh\nnqfLHEWw5WlmLZdxPxagjchb9khq5m9AsDjCi22cHR0Xwezq6GCQ1kW/IIJ6lstg\nOZDf1wuSFG7vVR4JLNNEqyQIrdJ+1fnSsvmS3l43W9dYggAjP8YD9ZscFeAfUMkx\nZaerDXaMxdb7wqcvzG6QJAyxDqcGjStx90NUzsjwp/kzN2x6oXnCN76T2lYYJc2P\nPJbXNWF0FUlyaCZVqoTmKuKbKXWIfh2IbFO1Dpa0ncMTV1Rfx62dFwarIDN4h3/p\ntR2OsBlyLdoZyEIm4l82zoj/NCsKqHAXJpfpw2rE1FxlC8KIRYTPNSOpQDYrkO0n\n8J0a7fJB5fs0GXYYp6PnaEwVlUvAjr/fdWXQm6M2ylSc+RcN5mkNyP+bXWOCT1vn\nQhf7B3p4UM6mLO3GYvEFv53zansXA1HbpkASdgF27NZrsuhG9DETh0Uh9PTKd0N4\nO8eIbm7C2L78fUmU7V1htRaNHMReVLi40h7bniFcVWCpjSakHbeA2Qn3RjA/zr/s\nusXnRGrTcLBbVB5aEY72aNMhv++KoOU64iwL8/xJ3Bnym2oqO2+hwHKac3/+E/G7\neoeoXSj4Nz+kNesXNBR8Cijir6zsP4C6vUPrps+K9GqNQc2WPP7QbJKnO9qKcb1Y\njfSkky61GYhM2pWQ5tB1gmXqmFCPWhUSO3D5APHGTwnJ9GFxlZXTfTrrTHL3JWhP\ns2Hl0megVjYJDDtMXXpuEDGHbYSBQP313KCQ1NVMw5soRdwveZbFTYEUYeT2jboy\nTAZpt/0n0Na73V46cppgOOoznpqsWuUtpvv+hwNH7RMt3NF8F2JjWYk5464c2jV3\nqwlJalZj2FDB8MAb2y22LVBGpX3cC63psxJ4Esa3cKoypwn2Y/JwDoFvgta5mHZq\nOHYc7d8xMbX68zfVEW73dyzvRT2suMnXLPDMCardJ928va8q2jQoVJwO1rUJVrV9\ndPb4K1W1zvxEYz8Oi0df98BqVvqMIMhjZ4CgGY0bMjbW+Kd8BA5otynYOwq1C2iL\ngWxR6SyQvi5PLujue8zHKXFn0DNr/F0QU3RAcd4UkGIen9CW9e6to+B777X/dWoJ\nj4JkADocPmduLj93bnQLA0JbjDrxii9vKQgeUKJIDEZaTlu9hRqsmZr+3o8YEVHe\nRehahGjWMHRADq4fnRcZ3q2gMUv/erAAzubHd64QkS5wVgOlj0haBV5nOoZbY2LV\njWrhpAfNK9NHgl+bK3aYfw1BuKC6An26fZuIlNE56RnUDSYCIYdH0RghxMbbfdXa\n5DYOve1oFrrGqcd3QMsV6cNhyG1dQZPsizFUuIxNJJH+Pq0ehT+vSHBAH6jlV7CW\np+laD7+U47nCXHAlLN6/OrKEQhyjdvvZhX9S6baduKWQgmYX4PNCRswKNnVtQtPi\n7qDSUhTRzA/WNK5CVnTaXKzuCieOPmmZ4aDLs0KOUShNNmFlpfjT6vitJ8sUhi+r\n/GZOFkGVdLF8zb1So8pcDL/FGZc4SwK3X9sSy4TuhXZT1V+8qulpNB58BG+GWDix\nUh4i1/XAwzBEXeBaIXzeSIBYSllHFJEDQ/uAJbHTSN0d/XK1bDomtSz+fDOAkkKk\ni2Z5NCKFjdd2qFGexp+kKMIWuc/8QTq/URoYpeRbwugOfqUeN8SjzZyBcZv3QZaT\nIdcFJE+o0zkamtQ5NNLXQNq+rsAn16tVeFPDKsk4aMLzY+aTvkhXGgmm9KECu1Gd\nQMP9bs3HWL9zwawBeZ5iTca4W6j/JvTazvB8m06diTaJee5QoL8Ub4o01sP6BQis\nG/xfmxFjLeiMYq1rctOvPN0UU1ecb4ypO0CEWRfF69a7QG8mQ88wxTYbm/VCxKLE\nf2dW5Nit0T12u4lX5uFDIN9FYxb4XOpEgHW1leurAUfuGUA1WnCvmq9Wrw7k0YGK\nflDJ2w3avf9snsRjHZAbrqPFgBWMb8pgWCDpWeiCD+P6abpsSh+PrQGY1BKj7zOR\n0j58VdSFYUhAecNjEFv2PZXGJXgjTmnz+nYDC+0+U7hUh0EmNm5KC0q4byUs4r4F\niBdXUGKRLN/2t5HZQxfVN5FbcmzWMNn0lhKUXl1kL6kdyqNT+IF+09WZPHGHG/ym\npqbE/C1eyPh4+gwxekmVO7Ep9xvGitXyr1eLZIIfvmkO3ucH4W3u7g==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-pSwJ3EHB6Zrql5d66' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-pSwJ3EHB6Zrql5d66', '--output', '/tmp/tmpognjkwwo.xml', '/tmp/tmpucjiisjg.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpucjiisjg.xml" output= _________________ TestServer1.test_encrypted_signed_response_2 _________________ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==nv90oaX9NIYSjsecDtT+Ts2LpZPgSExRjlQllxD2HOcTdCHKAB9waMAZ+AzhQyR2\nNFwWkHzbbD7dZbolsErXwBuAQp0pUTXnvCCfJWsZ2bpbokRsvKz61KSI86aMTPs8\n4gwc8kbbJnUI1tK7Qpe+GMUbGmAoFuNoWqTt+L+dcKM=uLSCLmF/ZfoxxIRYrh7DnIfxa/kW8EslNMboj5Jp7q52X7xX64AGBFEmikaHMOAl\nEwFpLTLVlth1mLwO4yAX+0gP5gmPyG2m2UXuHZpJBUrdvC8p/QVXAi1aoKUjc2Oo\n2DqcRWYQT+Wyq6qQ6m1OkYgRXPk4mjnCsyQvghT0pRi/Q8i6S9CB97jVyomnszdm\nIqO7imHGBdEqIgJXnM7ZuG6sBT+7G+T2e8qKVq4jj2+/+j6l41KcPzu0xXUCPLFb\nu0aYQytrn7derB7VYOX2GJEx5kzzPu9hFv/AAv5+9ZE0WpP+FrpGN/5JJG05m4KR\nIPGT3aW+S3gjvKKgI5ZCZ9ik3O9c1WPS/6XLC9Oi4acMD/Neh76eTLytC5xx1pKC\nvgP+w/GHK+9TTEL7LUOgHBy/doMG4nC3MUi3rmr27bJqNviwfP/D3YMGkD0+bGGf\nJx3d5qqbCYLSJOqxy1YWe2DZc/wpXTTK1dFTUEh45epPJ2hYLyR4kKVBndtMLfCB\ny20mrnderhqh4F80hGUamiTXG35A4AAtfoqLs6PtZIpUYUHG2SO8b/A/YN/nYY6I\nnBOpJ7xLYiGmdmRnqxGEnWSwYgqfYN2I9ICQOn7s273lB+Cs0rjjUMll7ANYktWX\nnqMDZUzl9eh4/s++mknWoHpQWI7E0f62UfGmgqYOEQNZ4RdWLyoUXlz4fU5tz0Dl\npBwCX1vO+z4cgh0NS6wSOAANqAT3H0OwUze4lQ/OPU6xUsxWh5lQLWiqO4jBCkL7\nroFjum64TGBudDouvkK5BiCSCaVwmv5Bbm1nxT0peB9RysyO/tLDaU6yns0X652a\n8e/Y1w03MRB3j+GW+ZWqRO6mCNSrFCcObG793Yh39c3d3fmdH9lLWN8wa2bYOe/3\np1JgVfijOWDj0mFtlr2W8N7HfqHg3YGAf9AmOOtk+CZmrHOVxEPT+whEG8b4JpfQ\ntFmjds/3AvQfOVQyZ+b0jjP5d5Cxic1DYYVaUSBPJbfJ9kvIA15wKsq5HnTQyD5u\nv19cWN3uDgj3UKD0jJmNISH7wLOJaFzsoOojupdribzdnYnbIu9V1MvNSzvzpTHd\n/TIfPPC7qaK97H1BD9+7R3yTEthJuR3+JvzxRoie6MjttiBj50mq8dwjVVztaBwO\n++arSNFda6c29Fj5wM8Tdl0TcsXRvSFmUUlkzbQ4LwsCHns20XiOxbB9ntqZfXHV\nw195B/zYg/OHZc9axJD3xtGJqOUZbo0ZePG01tcOLg25V6qZxTX8yie/DgqaJesm\n0Q6KQm4NHA2DNLEF++Cl+XkfEunK0aU+f7Z6b7I2fsKV3p0XM90KUd5dceWSNnsN\nszy06iB4iL2DexmKg9ZNrKQFstwaNIPW4Ix8hCDFCkgYUZeL1nOHYmf9Bam2krgA\nqUF5l6L64Hos0qmCNzJp0vNba0VXvzEjOpGdhTnwCZnPPBDcpUv/c49H6TWjxyy/\nIfu0iohLQmH2NrmmN86kQdpIl2asJCG/SY/dC9g50wDJMHhdf4G3UDsaMHX1V82i\nucCV1oQ29tjz6ufuY3iBUGD6J8+U0bMLD1S2L/xoF+MnluI5gKry8h3eTp69PCBT\nevbBlDXAAgbLXyl4SO13ps+Ez12oOhO1jiZluXABiRO2BezimPiIEsJuMYahyKhs\nYBiSB2s/vBROoj8cKQbr237aXBF3uG6MPfuC314jmMQK32YtAzNMVRE2KCR+kqWb\nsmsxt0jhePHOuawSGJ+yuA47q36G2RTvLuxE8ScO0T/TK+vSZ2HETEr+VK0Xklc1\nUniAbW78n5Nxe41FE1xIms2xFeM3k+L4j83PaSvDs8rulyHEhSE9/xMEQSxGJBKb\nOx9swGeKiiI9vBkoTLaGI0Tj/dPRNgif/VxPY4su4BVhHcxi3WydNa57iLE/oSlP\nqGdiWWABrjBy6BgaHo9y91xhC6EUZrjAR4PYP42QfjfrSZSaYW0VidjRzrpdRO1Y\nh17LMHvLwOBv0W8lepKbwRD7CojVr/Bw8zDPkEMzYRzHuS/vGzPCJWiCeN/3LQKs\n0z0AXW0C/BXBjMtEZHT6lZB9MBRpK5kc9ey+17VZTtbZU0P1foZnCUK9EfSRk/rt\nVY2sFOou+MA5A3xH3XDm3d50mHn7Q5Ri4xSY9CpQOdFLvqY72X60JyXTWQOWcVwy\nQ6Oo7OHIG/O4ZtmaD6cZG6PCV9CFeHVxIJkHS4Sog8Edaf+kPZyea8NYbclRB3yB\nQ/rQGUDFfEJKWT9kNtjJTeFVptBpSVnLUdE0gcfx4uPd+v8s6Mjrs0qDH3tSc1Lg\n120ecdFYbqXmXdnIiU8tZcgKCbNMJYau3j3Kj9clWPm8MJAoJ8zIptDnCeB/QErS\n6b0/nSP9gMeL3Yk9jr3yYRh/UGxcquJEchr+/CfjjcQwy0idj8LD2ixkYSLHs5+6\ncQ7dPvPR0djUUusMuhJH7ZEalCN0uZIE2C/qYXovXnEXpXbXkU9EKpTIBX7JZ7QG\n6x/+Vbb2kogURF4+QaXrSX9484ksPMo2DYHM2xRTevFpXymvHQE1yQSa8twiD72c\nd2IPd7D/H7FXJLLUQpkxB/hGduW7X6ivn71u6fpLrI7RyrVgwflFZENqA3koOPVU\nwDtHhEjpRqwnShfuqvFmjgxlrW5+p8RnbiRulZtwO1+dGoPgS4QPjolzRDw347A4\nCj27+VgLy3dy7KghupocSAPYmKSyPn/xBOeLGxjp9gWJBJ/lHxobbOQ49JsE7Wcm\nzOg1oFk0gmsjRoKISA6MijQ2ST99XaalAjtZs1Eaj3l/ArsKuS/4HJAk+zZyW9Al\nhn8LJ0H1e9PzQ7tJTlEl3rN+frZKKN+dB1WxLtIlHOKwgw5O1zfLPlKYfHypwLDh\njqY/gXkyMhylnZvwLcNtL1u3fta/jiT1/pbLK1QgxnwsH6rwHgvqKQ==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-hl8gJepw9NSvUfxfX' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpo_cd1o1m.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpo_cd1o1m.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_2(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, ) tests/test_50_server.py:605: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:912: in _response return signed_instance_factory(response, self.sec, sign_class) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==nv90oaX9NIYSjsecDtT+Ts2LpZPgSExRjlQllxD2HOcTdCHKAB9waMAZ+AzhQyR2\nNFwWkHzbbD7dZbolsErXwBuAQp0pUTXnvCCfJWsZ2bpbokRsvKz61KSI86aMTPs8\n4gwc8kbbJnUI1tK7Qpe+GMUbGmAoFuNoWqTt+L+dcKM=uLSCLmF/ZfoxxIRYrh7DnIfxa/kW8EslNMboj5Jp7q52X7xX64AGBFEmikaHMOAl\nEwFpLTLVlth1mLwO4yAX+0gP5gmPyG2m2UXuHZpJBUrdvC8p/QVXAi1aoKUjc2Oo\n2DqcRWYQT+Wyq6qQ6m1OkYgRXPk4mjnCsyQvghT0pRi/Q8i6S9CB97jVyomnszdm\nIqO7imHGBdEqIgJXnM7ZuG6sBT+7G+T2e8qKVq4jj2+/+j6l41KcPzu0xXUCPLFb\nu0aYQytrn7derB7VYOX2GJEx5kzzPu9hFv/AAv5+9ZE0WpP+FrpGN/5JJG05m4KR\nIPGT3aW+S3gjvKKgI5ZCZ9ik3O9c1WPS/6XLC9Oi4acMD/Neh76eTLytC5xx1pKC\nvgP+w/GHK+9TTEL7LUOgHBy/doMG4nC3MUi3rmr27bJqNviwfP/D3YMGkD0+bGGf\nJx3d5qqbCYLSJOqxy1YWe2DZc/wpXTTK1dFTUEh45epPJ2hYLyR4kKVBndtMLfCB\ny20mrnderhqh4F80hGUamiTXG35A4AAtfoqLs6PtZIpUYUHG2SO8b/A/YN/nYY6I\nnBOpJ7xLYiGmdmRnqxGEnWSwYgqfYN2I9ICQOn7s273lB+Cs0rjjUMll7ANYktWX\nnqMDZUzl9eh4/s++mknWoHpQWI7E0f62UfGmgqYOEQNZ4RdWLyoUXlz4fU5tz0Dl\npBwCX1vO+z4cgh0NS6wSOAANqAT3H0OwUze4lQ/OPU6xUsxWh5lQLWiqO4jBCkL7\nroFjum64TGBudDouvkK5BiCSCaVwmv5Bbm1nxT0peB9RysyO/tLDaU6yns0X652a\n8e/Y1w03MRB3j+GW+ZWqRO6mCNSrFCcObG793Yh39c3d3fmdH9lLWN8wa2bYOe/3\np1JgVfijOWDj0mFtlr2W8N7HfqHg3YGAf9AmOOtk+CZmrHOVxEPT+whEG8b4JpfQ\ntFmjds/3AvQfOVQyZ+b0jjP5d5Cxic1DYYVaUSBPJbfJ9kvIA15wKsq5HnTQyD5u\nv19cWN3uDgj3UKD0jJmNISH7wLOJaFzsoOojupdribzdnYnbIu9V1MvNSzvzpTHd\n/TIfPPC7qaK97H1BD9+7R3yTEthJuR3+JvzxRoie6MjttiBj50mq8dwjVVztaBwO\n++arSNFda6c29Fj5wM8Tdl0TcsXRvSFmUUlkzbQ4LwsCHns20XiOxbB9ntqZfXHV\nw195B/zYg/OHZc9axJD3xtGJqOUZbo0ZePG01tcOLg25V6qZxTX8yie/DgqaJesm\n0Q6KQm4NHA2DNLEF++Cl+XkfEunK0aU+f7Z6b7I2fsKV3p0XM90KUd5dceWSNnsN\nszy06iB4iL2DexmKg9ZNrKQFstwaNIPW4Ix8hCDFCkgYUZeL1nOHYmf9Bam2krgA\nqUF5l6L64Hos0qmCNzJp0vNba0VXvzEjOpGdhTnwCZnPPBDcpUv/c49H6TWjxyy/\nIfu0iohLQmH2NrmmN86kQdpIl2asJCG/SY/dC9g50wDJMHhdf4G3UDsaMHX1V82i\nucCV1oQ29tjz6ufuY3iBUGD6J8+U0bMLD1S2L/xoF+MnluI5gKry8h3eTp69PCBT\nevbBlDXAAgbLXyl4SO13ps+Ez12oOhO1jiZluXABiRO2BezimPiIEsJuMYahyKhs\nYBiSB2s/vBROoj8cKQbr237aXBF3uG6MPfuC314jmMQK32YtAzNMVRE2KCR+kqWb\nsmsxt0jhePHOuawSGJ+yuA47q36G2RTvLuxE8ScO0T/TK+vSZ2HETEr+VK0Xklc1\nUniAbW78n5Nxe41FE1xIms2xFeM3k+L4j83PaSvDs8rulyHEhSE9/xMEQSxGJBKb\nOx9swGeKiiI9vBkoTLaGI0Tj/dPRNgif/VxPY4su4BVhHcxi3WydNa57iLE/oSlP\nqGdiWWABrjBy6BgaHo9y91xhC6EUZrjAR4PYP42QfjfrSZSaYW0VidjRzrpdRO1Y\nh17LMHvLwOBv0W8lepKbwRD7CojVr/Bw8zDPkEMzYRzHuS/vGzPCJWiCeN/3LQKs\n0z0AXW0C/BXBjMtEZHT6lZB9MBRpK5kc9ey+17VZTtbZU0P1foZnCUK9EfSRk/rt\nVY2sFOou+MA5A3xH3XDm3d50mHn7Q5Ri4xSY9CpQOdFLvqY72X60JyXTWQOWcVwy\nQ6Oo7OHIG/O4ZtmaD6cZG6PCV9CFeHVxIJkHS4Sog8Edaf+kPZyea8NYbclRB3yB\nQ/rQGUDFfEJKWT9kNtjJTeFVptBpSVnLUdE0gcfx4uPd+v8s6Mjrs0qDH3tSc1Lg\n120ecdFYbqXmXdnIiU8tZcgKCbNMJYau3j3Kj9clWPm8MJAoJ8zIptDnCeB/QErS\n6b0/nSP9gMeL3Yk9jr3yYRh/UGxcquJEchr+/CfjjcQwy0idj8LD2ixkYSLHs5+6\ncQ7dPvPR0djUUusMuhJH7ZEalCN0uZIE2C/qYXovXnEXpXbXkU9EKpTIBX7JZ7QG\n6x/+Vbb2kogURF4+QaXrSX9484ksPMo2DYHM2xRTevFpXymvHQE1yQSa8twiD72c\nd2IPd7D/H7FXJLLUQpkxB/hGduW7X6ivn71u6fpLrI7RyrVgwflFZENqA3koOPVU\nwDtHhEjpRqwnShfuqvFmjgxlrW5+p8RnbiRulZtwO1+dGoPgS4QPjolzRDw347A4\nCj27+VgLy3dy7KghupocSAPYmKSyPn/xBOeLGxjp9gWJBJ/lHxobbOQ49JsE7Wcm\nzOg1oFk0gmsjRoKISA6MijQ2ST99XaalAjtZs1Eaj3l/ArsKuS/4HJAk+zZyW9Al\nhn8LJ0H1e9PzQ7tJTlEl3rN+frZKKN+dB1WxLtIlHOKwgw5O1zfLPlKYfHypwLDh\njqY/gXkyMhylnZvwLcNtL1u3fta/jiT1/pbLK1QgxnwsH6rwHgvqKQ==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-hl8gJepw9NSvUfxfX' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-hl8gJepw9NSvUfxfX', '--output', '/tmp/tmpobypsor1.xml', '/tmp/tmpo_cd1o1m.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpo_cd1o1m.xml" output= _________________ TestServer1.test_encrypted_signed_response_3 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-M79CGPJLEnCE0IWNB' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpnyp5avex.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpnyp5avex.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_3(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=False, encrypt_cert_assertion=cert_str, ) tests/test_50_server.py:650: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-M79CGPJLEnCE0IWNB' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-M79CGPJLEnCE0IWNB', '--output', '/tmp/tmpan2b5ax4.xml', '/tmp/tmpnyp5avex.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpnyp5avex.xml" output= _________________ TestServer1.test_encrypted_signed_response_4 _________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjQ4WhcNMzQxMDI3MTAzNjQ4WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAu6Gaavq9QJkoG5fXSXCpBKYLxXuljlbjehMyd5Rx61+Z7Rn4EzFkj5jL\nolJHSGGwMUi0NbqLEttcZhAk0dmBE69ZBrwHcFnNeJVvS2ENQ+WMw+41fXEytnqn\nHotarZCHSKn343vKOxUJYD5b1pRD2G0X1NmFT6lNLR5CRHjz+rBN2cHfCZJ3t/fG\nbZJRm/T68dHVtXoufyAy6FLJv527ZoMzjaaUrAmCLAR0NRJiMmXsdj0YMJR0TRIA\nbvr7yrsmmZbhstJ5UGIUxnZvLr1Ee++Ijv6XD2omFMEGbaFcjq1iH2xrkwxtfqwJ\nRDWGIjuW8NB553n7/3q60j4hKnFfIQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFBv\nfxFRPEEIMSpwCkOu1NGgI/wu9xXdU8AYn4Pg1VnrN/YvtuWa+PNA8S14XOeeWHBS\npKLM34L6TIUaM9IjRE9/z21PES7DfhDX5L3MVac4S969aTz94WID6YePdsSxzSDD\nFuRYu3gsxz1pvFHCoe9Q8lrLNBiNw/uMAUK32w9gmSWPNypsJ5GllrmhbKlJAZhqEyzptmdHl9RoftwZmFw1zjImu5BV/zZtYEB+YnOl\ng14Iy9nrDgaafHpEwyrTnqvCOEAgZUVnQF1izWwWVTfb7cTBFSWyYjf9/5rGJexl\nnwdW7Lv7y47WEt+S6kOI4m7RMogmvjEs/l7aHY15N2HFz+HRnIW7aSzfKdeN/xKL\nJvhEGaG3EUGsG2enFc129UCn50c4WvRXcrhCo/TS8ew2IU2VblqiWYtLraIiG6xT\nVDYGWExNBe/0hoYleobgjx8zITeDGZjrf1Fzh1rDOTqluromnbfRBArJcPA13tPd\nWvBCjGExByaYKY5nmW6lVg==cbMZrBgb1KtR1TEwOkXsq8VjUX9fSeyZt9L1QumiEQsbYF5LgYtJqkKyRPDW5IJu\nVMtGV62z9DxOs5IOu0Xc7gZmpdrw2K4ngJYJVYkhJ1WXbm8M70AduibjyJ9vwOAP\nwB9tkrAMRhdgN2HNbh3VqmbzmSRt7b+H20SYd4FFbRniGR4O9b1KZAYkPsBq23u+\nzcai8d+ykUouODlDXeXWSW1UF5/NOieuvuRcGKKlI8311x6LNYYlteN4PJreS0vP\np/HA4Aq23qgahNHWebdQ9QXs8xzBBGga1AewvwGM2P/FA2j76q8xCweEs2iWGcc0\nwhM7/1PsYiUSUH+BkVfAS/16WIAvXrpjpV918LaFKDrUA8ftlaiLKdNSlcCBe5ye\nKV4Ib0OwrKuDhlaDkt5AqS5QkaRfwH4WjPqC9ErNENhSQJTWhzyFxNmhtL6MotpP\n+HE7SG+4gkk8Sixgs6VpmS8FvIpnV/XrXiu01QOi1pFf77u5huSTi5sH8/EEw+HG\nHkl+M6jqwv8D9kYQwRWUqnh968B/zwDcxuaXnMMbB3hZw2mePWUSDuTD4559th6+\nDvD/6qHclalhu8C7OW0fCtaqGBJmvFCvfWZHSqi3VQu84WCuML7XCf0Y0fJ/uFCe\nvs2HWdteS44CO3IBtdH57IggNxwlheHQ2GjhRaInn+5faRQSxBlMnf9ELdEryeWx\nRy5i7Nhy9BHw4ozblJpExlNXJkJus9YPZsC0Zrj1sjN7iwb1il/mOxcqkaEnujHC\nfKVpUr7aE1SX1RbjU9atxge9pRGadWUCwcvUWQiVA8WbwE2mc8AUHpNJM4eMEQ1e\nlzdmLvcx4cS90pXRBWDYVCD04hu7Jx3he9KjuxZXn/xLPDGYt81ic7bIE488kVWK\nmAu3ci5anuvB1JGyb88zgOytOaP4gJ1mJyOdZ0BPzpekbWJxyqsF3tujeCCmtYpl\nVuIe8oylXTvcPA/PFjhj27LxRa4uUXSRork0y21PEHWt5/dnxC8umvx5qJ4Ff/+E\n23gtMGCQ3fnUP1J55eWzXt9l3iPTjinceERbBz3Ebdv+amTE3dnBh+BQhxS7W+lB\nsLH3r1Utvx5hMhU85xYSh0/aorsTwuQgbCqv2lzHOXZlbOvhas1uKZ2KHcRKRiua\nbiJFe/TvyexjZZjSgusVUos5E6LiVSo+0KNnpplfw7d3DWdQWk3rlpP+YCIRwGOs\n54xRCmfuOKTaVanBL+IqvNzDzcJ+nUztAbCLgfcwQeAVoTK4ekWijenkYSH9vo6r\nJv/fvCXFr8eKGDtH4v/RkucJ4vC4bw8Qdf8BZdlxC6NM4GSFsZm7unL8y5iGGqQk\nXw6wc2f0K+K7K6RisWZwyeqrfjhM+MrCY5a9RlyetQdTio+1Zlem4msH7M0JsnMs\nb5NleQ0ra4arUAQc7RVWsMrEgK0ECRUP7LmL4T8TCSWYE/ciSN2xd37HEP9zJ+op\nfOr/FTMtFpYvPaGHm+CkAikfkZcv7mAj2VM4Wr8mGnQ23sVk+DmrJkWHjWOIlS5t\nDw5K6KVQd1CyVEbo123L4K8xkq1G07Y68PD1Sm1fRnembFMzpraP96YyGRJ6+zq2\nmMfK8kZDTrdw3soMF51J5T8ZciDWA0UVtuPmI4ipaxobwVmj1qLfMlJETT0GoBv/\nBeeTUjFnwFbLbmw0AChFBfJYrbn49bXrBlQ3GKsbvEcESEIh8rveqwdP/H3H3/Q5\n1V2bqCSNuNPBWkWNZw7mlmh7eHv1L4HS206OQbpjjzYe03gjbubN30WjcmsAwLyB\nn079O8tIn4wcIqKN/CHaQN0JYNz4NJlfHY5Kj5QZdxz0IKojyA3PwXfuTqd6ExN9\n6ia+4Xz+znPqXrb+NyWlTbrh+09HZ13qE51H4d24why3kXoTKrfUwvL6QpDuW2/H\nZt64D9Flw54YQu0gYgub2kAGObokh+rDgSy0EGvgt7YTz8ZbTIY4r/rCJxgtHVdr\nG3M3iUQ6irH8CtzcbN0UF9qXmgBwH7u9ThF+mRVXpj7QbaEXEyMQ6FGw01TI9UWK\nUIA0Pq32BkgWqS1RLrH+8vzJlFrnKHOrivbMnDdDHDylhJkllVLva29DQZOnrNqr\nKJasXCLdbcVLMsgiv09oDpi4XD0TkCZ5g6SkYaN/bR8lj9xw6OgsjNxtGYdp4VtF\n/ssB3AFcRrFt4fZBmXNmPhYndHfcYNVLCsq3VNpaUpPw0V3ij+mSc41JEC/Op3Us\nv+7jTc2eq6dXTb9NzFQX6c6I5WTuobdu0a1s81f5EUxTMrqIoBbZ0QcxZdcag2FV\nvenM0coBTJHfNvr8Q+Pv1bPBZJjSUZ0s2Ef0Rc4GoT6oHMlkDCkgGuJb2kijnj/w\ndGSG6zOVx8cvBhfBSC0sff4FzObnHIHy4U5KTmG9CnC6pqq7KuFVaQ==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ntg8v5hKpUQSafB2k' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp1b44e7qr.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1b44e7qr.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_4(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:697: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=6528e293a0290844359231fcbb1a62ae567fbdd97446bda1d7c1d39b7a07ff4burn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjQ4WhcNMzQxMDI3MTAzNjQ4WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAu6Gaavq9QJkoG5fXSXCpBKYLxXuljlbjehMyd5Rx61+Z7Rn4EzFkj5jL\nolJHSGGwMUi0NbqLEttcZhAk0dmBE69ZBrwHcFnNeJVvS2ENQ+WMw+41fXEytnqn\nHotarZCHSKn343vKOxUJYD5b1pRD2G0X1NmFT6lNLR5CRHjz+rBN2cHfCZJ3t/fG\nbZJRm/T68dHVtXoufyAy6FLJv527ZoMzjaaUrAmCLAR0NRJiMmXsdj0YMJR0TRIA\nbvr7yrsmmZbhstJ5UGIUxnZvLr1Ee++Ijv6XD2omFMEGbaFcjq1iH2xrkwxtfqwJ\nRDWGIjuW8NB553n7/3q60j4hKnFfIQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFBv\nfxFRPEEIMSpwCkOu1NGgI/wu9xXdU8AYn4Pg1VnrN/YvtuWa+PNA8S14XOeeWHBS\npKLM34L6TIUaM9IjRE9/z21PES7DfhDX5L3MVac4S969aTz94WID6YePdsSxzSDD\nFuRYu3gsxz1pvFHCoe9Q8lrLNBiNw/uMAUK32w9gmSWPNypsJ5GllrmhbKlJAZhqEyzptmdHl9RoftwZmFw1zjImu5BV/zZtYEB+YnOl\ng14Iy9nrDgaafHpEwyrTnqvCOEAgZUVnQF1izWwWVTfb7cTBFSWyYjf9/5rGJexl\nnwdW7Lv7y47WEt+S6kOI4m7RMogmvjEs/l7aHY15N2HFz+HRnIW7aSzfKdeN/xKL\nJvhEGaG3EUGsG2enFc129UCn50c4WvRXcrhCo/TS8ew2IU2VblqiWYtLraIiG6xT\nVDYGWExNBe/0hoYleobgjx8zITeDGZjrf1Fzh1rDOTqluromnbfRBArJcPA13tPd\nWvBCjGExByaYKY5nmW6lVg==cbMZrBgb1KtR1TEwOkXsq8VjUX9fSeyZt9L1QumiEQsbYF5LgYtJqkKyRPDW5IJu\nVMtGV62z9DxOs5IOu0Xc7gZmpdrw2K4ngJYJVYkhJ1WXbm8M70AduibjyJ9vwOAP\nwB9tkrAMRhdgN2HNbh3VqmbzmSRt7b+H20SYd4FFbRniGR4O9b1KZAYkPsBq23u+\nzcai8d+ykUouODlDXeXWSW1UF5/NOieuvuRcGKKlI8311x6LNYYlteN4PJreS0vP\np/HA4Aq23qgahNHWebdQ9QXs8xzBBGga1AewvwGM2P/FA2j76q8xCweEs2iWGcc0\nwhM7/1PsYiUSUH+BkVfAS/16WIAvXrpjpV918LaFKDrUA8ftlaiLKdNSlcCBe5ye\nKV4Ib0OwrKuDhlaDkt5AqS5QkaRfwH4WjPqC9ErNENhSQJTWhzyFxNmhtL6MotpP\n+HE7SG+4gkk8Sixgs6VpmS8FvIpnV/XrXiu01QOi1pFf77u5huSTi5sH8/EEw+HG\nHkl+M6jqwv8D9kYQwRWUqnh968B/zwDcxuaXnMMbB3hZw2mePWUSDuTD4559th6+\nDvD/6qHclalhu8C7OW0fCtaqGBJmvFCvfWZHSqi3VQu84WCuML7XCf0Y0fJ/uFCe\nvs2HWdteS44CO3IBtdH57IggNxwlheHQ2GjhRaInn+5faRQSxBlMnf9ELdEryeWx\nRy5i7Nhy9BHw4ozblJpExlNXJkJus9YPZsC0Zrj1sjN7iwb1il/mOxcqkaEnujHC\nfKVpUr7aE1SX1RbjU9atxge9pRGadWUCwcvUWQiVA8WbwE2mc8AUHpNJM4eMEQ1e\nlzdmLvcx4cS90pXRBWDYVCD04hu7Jx3he9KjuxZXn/xLPDGYt81ic7bIE488kVWK\nmAu3ci5anuvB1JGyb88zgOytOaP4gJ1mJyOdZ0BPzpekbWJxyqsF3tujeCCmtYpl\nVuIe8oylXTvcPA/PFjhj27LxRa4uUXSRork0y21PEHWt5/dnxC8umvx5qJ4Ff/+E\n23gtMGCQ3fnUP1J55eWzXt9l3iPTjinceERbBz3Ebdv+amTE3dnBh+BQhxS7W+lB\nsLH3r1Utvx5hMhU85xYSh0/aorsTwuQgbCqv2lzHOXZlbOvhas1uKZ2KHcRKRiua\nbiJFe/TvyexjZZjSgusVUos5E6LiVSo+0KNnpplfw7d3DWdQWk3rlpP+YCIRwGOs\n54xRCmfuOKTaVanBL+IqvNzDzcJ+nUztAbCLgfcwQeAVoTK4ekWijenkYSH9vo6r\nJv/fvCXFr8eKGDtH4v/RkucJ4vC4bw8Qdf8BZdlxC6NM4GSFsZm7unL8y5iGGqQk\nXw6wc2f0K+K7K6RisWZwyeqrfjhM+MrCY5a9RlyetQdTio+1Zlem4msH7M0JsnMs\nb5NleQ0ra4arUAQc7RVWsMrEgK0ECRUP7LmL4T8TCSWYE/ciSN2xd37HEP9zJ+op\nfOr/FTMtFpYvPaGHm+CkAikfkZcv7mAj2VM4Wr8mGnQ23sVk+DmrJkWHjWOIlS5t\nDw5K6KVQd1CyVEbo123L4K8xkq1G07Y68PD1Sm1fRnembFMzpraP96YyGRJ6+zq2\nmMfK8kZDTrdw3soMF51J5T8ZciDWA0UVtuPmI4ipaxobwVmj1qLfMlJETT0GoBv/\nBeeTUjFnwFbLbmw0AChFBfJYrbn49bXrBlQ3GKsbvEcESEIh8rveqwdP/H3H3/Q5\n1V2bqCSNuNPBWkWNZw7mlmh7eHv1L4HS206OQbpjjzYe03gjbubN30WjcmsAwLyB\nn079O8tIn4wcIqKN/CHaQN0JYNz4NJlfHY5Kj5QZdxz0IKojyA3PwXfuTqd6ExN9\n6ia+4Xz+znPqXrb+NyWlTbrh+09HZ13qE51H4d24why3kXoTKrfUwvL6QpDuW2/H\nZt64D9Flw54YQu0gYgub2kAGObokh+rDgSy0EGvgt7YTz8ZbTIY4r/rCJxgtHVdr\nG3M3iUQ6irH8CtzcbN0UF9qXmgBwH7u9ThF+mRVXpj7QbaEXEyMQ6FGw01TI9UWK\nUIA0Pq32BkgWqS1RLrH+8vzJlFrnKHOrivbMnDdDHDylhJkllVLva29DQZOnrNqr\nKJasXCLdbcVLMsgiv09oDpi4XD0TkCZ5g6SkYaN/bR8lj9xw6OgsjNxtGYdp4VtF\n/ssB3AFcRrFt4fZBmXNmPhYndHfcYNVLCsq3VNpaUpPw0V3ij+mSc41JEC/Op3Us\nv+7jTc2eq6dXTb9NzFQX6c6I5WTuobdu0a1s81f5EUxTMrqIoBbZ0QcxZdcag2FV\nvenM0coBTJHfNvr8Q+Pv1bPBZJjSUZ0s2Ef0Rc4GoT6oHMlkDCkgGuJb2kijnj/w\ndGSG6zOVx8cvBhfBSC0sff4FzObnHIHy4U5KTmG9CnC6pqq7KuFVaQ==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ntg8v5hKpUQSafB2k' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ntg8v5hKpUQSafB2k', '--output', '/tmp/tmp0eet4_u7.xml', '/tmp/tmp1b44e7qr.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1b44e7qr.xml" output= _________________ TestServer1NonAsciiAva.test_signed_response __________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=57240aad62b1dff44ff6f0abb48948097e2eca91b88212343442162cae82f44furn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-J9rViRl3yoz3KLqfi' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6g9taveb.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6g9taveb.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_50_server.py:1517: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=57240aad62b1dff44ff6f0abb48948097e2eca91b88212343442162cae82f44furn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-J9rViRl3yoz3KLqfi' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-J9rViRl3yoz3KLqfi', '--output', '/tmp/tmpu2lm1tch.xml', '/tmp/tmp6g9taveb.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp6g9taveb.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_1 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-HzgeeRK3JEr6N1p0a' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpr7q9fvyv.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpr7q9fvyv.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_50_server.py:1540: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-HzgeeRK3JEr6N1p0a' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-HzgeeRK3JEr6N1p0a', '--output', '/tmp/tmp_vjxg1iw.xml', '/tmp/tmpr7q9fvyv.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpr7q9fvyv.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_2 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-fZtfS9XCXM0RAUrfI' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpjsipli_p.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpjsipli_p.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_2(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, ) tests/test_50_server.py:1571: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-fZtfS9XCXM0RAUrfI' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-fZtfS9XCXM0RAUrfI', '--output', '/tmp/tmp_8ddkd_e.xml', '/tmp/tmpjsipli_p.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpjsipli_p.xml" output= ________________ TestServer1NonAsciiAva.test_signed_response_3 _________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-BVOSBzxKCBB2XS4m7' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpkfg_n07g.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkfg_n07g.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_3(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=False, sign_assertion=True, ) tests/test_50_server.py:1595: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-BVOSBzxKCBB2XS4m7' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-BVOSBzxKCBB2XS4m7', '--output', '/tmp/tmp_knbll4g.xml', '/tmp/tmpkfg_n07g.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpkfg_n07g.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_1 ____________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjQ5WhcNMzQxMDI3MTAzNjQ5WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAjIAzfAnHyemnuEbraTKHF1ULnhaOw6+/uEmh+/whRMhRgbNTp7uukzHF\neGLhkx3jVJRpRmACwM5A3sj04AI4p3o4DecUYfmye4HODih9HRLbKQg7sRbdRKv5\nAZkFR4DBmasDhfNiVcqCkpr+G1c/ToVolsrHDjOlH+1FVmxTfsrXw7/lririXda8\nPME/Oipl6AK48epFjWVVx7eO9p16CLRpFRLXheObDzYqNnREtqs34M+XVafNmSku\nwQdKVwJMgdXvJiWxiXV012JFUFBxSHtQdEeDmTB3+mm6/WNemaOWrirslolBHyzr\noTOvx3VCTGvGA9X/SYSEnpharEPJxQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACCx\nyIErwlQcp2mZvqA8PRenmyyG6yY0082ElqTyUCKcQ9mXZ3Q4sP8rTLjD2tndqLix\ngISfioW+D3DMFaHoSLnWpkY9qVxkQs0rhxb/pWex1Z72v7HlJUgsUu0ri5G6fSo7\n5z4PhDd8hDJF+RuvS7PGn5JREAShsmDx1vflJwH9H+0zmDDaqDxLXuJTLJdC04Kb0s6bl8BV4+uQ8Upx+JjbxNkopGIgMgWG+VAycdRu\n+BVh/kyVkBDnHn2nYhPKvW04Xr34tJlE7hNtK/K0JfaHtD91DQPTlVQ7L6LPY/my\nyTGaNjOo63lJeyvCo0JyU1pUL68c6sIV9uKLEWmerjl+ElggDy+2IyzGGcl/gfFo\nJuF8J47GcQ73lNUPHWQs3zsTJ09eTKSSgzSKRrYttHxce60VWQQyOJYjl5ikWqFU\nc2DPk/cMJYG4E6SIuouQjSpxhPOXdKg1Ez+UtYH4TDp9fjpK1jVm/AtEFtmjke6J\nTnbgLG3fPiq260ZHwjz3YA==3d8p8VDG+oR2rmdXhLUZVcdNXqiU/5ND9rlukKVMygmEiNMpuR3ZVtfKrr+Fg0nh\n7zIKPm//iwSj6V/8E5fblJuVI/tKKYw0Apd1ebboOXORu0bIiK/w02lHZNe/kL81\nRfZldOloUHWM+xULo23h1MaYlN8fV11hfU5zO1QJ5w939yfeUQlE6W4mawtWReDa\niCVJXypb28gcuH6JbH9Uj8ykB1bnuW+fcOUqToLEhGQ1UJ8FBGQtAh1meyerDMSb\nrhxvL4gLyn7PZna4G7o+dc0kgKAzWMKJaCcUDF+5w7qSBEpgJZkQ7JADgQknDTDz\n+rvMs7lcXsloqyesO5hE1SQDUN5ANEre3f5hj0ItYM0aNsMEG8GT5oA1fDncCelI\nMVM7PtDVkeiEe5SY8XvMZT7WCxZSb71nrt3NrcgmH8vnearp7fcCIFWan5hbG4Hb\nuFBwCTGc4KhA6Aly6fXBlRXZnun3+TR/g0JOVbQenzofsJHpR7K6EJA+1GEWbw3v\nO5yEXY6H1KfrpoeHCZTWUP7yfPNLD4rBsuizKAzhOMS/xt5TWdIbc1twZWfBlqik\nMSH3r/SZ8cS+Osd53ELzrqJXWpIGuGneLhMmAMXoD8K8gf4Ef4qx4+xFppVoRpz2\n6+yEFZCvBVEEAqpmAgchr+ehK6bkbSX3WqAYj4T510PkdyNYsEPzc577XP6aQAUo\nB8iKt6v0mGfY4HVoxi9/eNNBXWB4nfzJsDWxclmD/mBi5Av5BEWWLcEQqLaSEhtZ\nH1zeIFSOSgGyLXBbQovyUhYKTMMV3suf1E8Eqqs8wHWgc6Fm4a414/8J5yNI7hSn\nk5Pjp+zevP08e6AqJjVj47Z1FucPR/tWdTxLSfNEjE6tiMiWeX4z5dn52r3NbDNf\nyYwnEYSgbBJaj4DFxlMStM8ec+2eMi4t0+cD/jYe+bVVOqVY167YIAb4y07c/wtG\ndhgRX80K5ccvFkC/KvmUBZ+++j6E7vzKVjiGgwNYl+T+yvNiywDvZkOHdCV+A8Dp\nSTcEg98fI4eC2E1dIvj+78ndQpJMYPpmtxsxGRrGm4amcPEc+ZyJXrZzN9U9oyIk\neglJCasys16KbMFQg67qF2JaIu36ofdexdiHqmq1a9hNZ+AhLzkbqs0cKQ47ktVl\nTwlroHRSz3hIvbWVv3yh/drEctgzELH7n3OU8XJ9aCl1Z6KhqPsvTpTulX2E23ms\nZp3UWYpEc025zqotas8kINiaw0auUP/6vaCKMY29x2CPomWjVTA7Ge7d8Na5AisL\n73TDdr9W6AORuLu1UZcx0N69+O0d/1F4R4uQI6KVYNQHzFTYCj/ZuMCbJtvI3Sz3\nipl3kCru3GHGma3gB0SJGs2sfttnYTPY0WlCi5REIj9B07X7xeTfqH4jFffu02h8\nEef2tTYfWGmaim/RRGcWPTSXMdrk4/Ji9VwCB8zgQJJDc/bYWSgpNzlDVXrCwmzk\npgaiabldwCptUY+19OAvBTI7XmjCQfnlctahzne+FEyVeo6wBms3QyGhdCsyRFyM\noz4bFke0gg3sVnfbBrKk3ypCUez90TFAULP87tKAcJSTZsNqWnn408vcMxNiwGB8\n7JpbQrHYTSq8Mrmvfy0dAB1VszfNn0LBCgibFaq53Ht8b2Ldg8tssdxbGNUCfmjv\nQwWFIPq59QNhzjEYrxl7lwaP7vlN6YLczhX4kCwdpk/ye7F4mkcgD6Xvt2aLznah\n66N87D+CflMT1LiD4Zb3UXMvbwMAZdN0n7nzJkVWOsjV3zvgN0HtJClmJTKW1vYA\nulNAeiuq4thXtK6j5+1wnYN8CUdZgHykZoh7NBR8RCLkS9ki3nLlQYA4V4LK0EGv\nMAlDJKgASbgyL4TzdJG0YI7XkrqBq7n2Ns/m0zUno64hZUKUOVb3nQnLCfe26Gfv\nfU1YFTb7tMq2TwNR4wN7+ODZihGRk1tE236dpFIr/W+LILN/GR3LJZjn3TZwP27w\n5sg6nDgIfQc+9gS0jzJlU/HP6jmw35JmOzPWNmiV6O6hLFSUOOlEU79AiX0YON7F\nwMttk2lBdlBKcNdEUVZIIm+90QumXVYAlZ9c02HxsuQIPWro3lXwGj8/xiE8U9tU\nRc9fvu4zdE+0S3rjCnl9qbnR4kqn9zdxclvSdCl0N2/wSa39jNSGbuNE6dDsGr9a\n3CE+97TumqaRgOg8HWbRzxJWdgkzosk/tLiJCR+xUEgixNAtTs/2Q4Es4RPIA2WB\n7Ch6J9GONF4RybEfz+FdIar1C/iJ9XKhCS0uu2rkKvmYT0JsZJFpGpxy/NHpRhcL\nz/guCBy+7xvOpC7zIcTr+52o1q+xn3nirPQZgL2n8UAFsbEz0xY/gSJDDuxgrtAJ\ns4Q3nwGCOXpwvMk05gCkYI9URJvbI18XAuRXmCUELMgfKYhkBMnz7w==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-lS5gaLM2RND59lPkw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp6k7ssx3x.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6k7ssx3x.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_1(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:1623: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjQ5WhcNMzQxMDI3MTAzNjQ5WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAjIAzfAnHyemnuEbraTKHF1ULnhaOw6+/uEmh+/whRMhRgbNTp7uukzHF\neGLhkx3jVJRpRmACwM5A3sj04AI4p3o4DecUYfmye4HODih9HRLbKQg7sRbdRKv5\nAZkFR4DBmasDhfNiVcqCkpr+G1c/ToVolsrHDjOlH+1FVmxTfsrXw7/lririXda8\nPME/Oipl6AK48epFjWVVx7eO9p16CLRpFRLXheObDzYqNnREtqs34M+XVafNmSku\nwQdKVwJMgdXvJiWxiXV012JFUFBxSHtQdEeDmTB3+mm6/WNemaOWrirslolBHyzr\noTOvx3VCTGvGA9X/SYSEnpharEPJxQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACCx\nyIErwlQcp2mZvqA8PRenmyyG6yY0082ElqTyUCKcQ9mXZ3Q4sP8rTLjD2tndqLix\ngISfioW+D3DMFaHoSLnWpkY9qVxkQs0rhxb/pWex1Z72v7HlJUgsUu0ri5G6fSo7\n5z4PhDd8hDJF+RuvS7PGn5JREAShsmDx1vflJwH9H+0zmDDaqDxLXuJTLJdC04Kb0s6bl8BV4+uQ8Upx+JjbxNkopGIgMgWG+VAycdRu\n+BVh/kyVkBDnHn2nYhPKvW04Xr34tJlE7hNtK/K0JfaHtD91DQPTlVQ7L6LPY/my\nyTGaNjOo63lJeyvCo0JyU1pUL68c6sIV9uKLEWmerjl+ElggDy+2IyzGGcl/gfFo\nJuF8J47GcQ73lNUPHWQs3zsTJ09eTKSSgzSKRrYttHxce60VWQQyOJYjl5ikWqFU\nc2DPk/cMJYG4E6SIuouQjSpxhPOXdKg1Ez+UtYH4TDp9fjpK1jVm/AtEFtmjke6J\nTnbgLG3fPiq260ZHwjz3YA==3d8p8VDG+oR2rmdXhLUZVcdNXqiU/5ND9rlukKVMygmEiNMpuR3ZVtfKrr+Fg0nh\n7zIKPm//iwSj6V/8E5fblJuVI/tKKYw0Apd1ebboOXORu0bIiK/w02lHZNe/kL81\nRfZldOloUHWM+xULo23h1MaYlN8fV11hfU5zO1QJ5w939yfeUQlE6W4mawtWReDa\niCVJXypb28gcuH6JbH9Uj8ykB1bnuW+fcOUqToLEhGQ1UJ8FBGQtAh1meyerDMSb\nrhxvL4gLyn7PZna4G7o+dc0kgKAzWMKJaCcUDF+5w7qSBEpgJZkQ7JADgQknDTDz\n+rvMs7lcXsloqyesO5hE1SQDUN5ANEre3f5hj0ItYM0aNsMEG8GT5oA1fDncCelI\nMVM7PtDVkeiEe5SY8XvMZT7WCxZSb71nrt3NrcgmH8vnearp7fcCIFWan5hbG4Hb\nuFBwCTGc4KhA6Aly6fXBlRXZnun3+TR/g0JOVbQenzofsJHpR7K6EJA+1GEWbw3v\nO5yEXY6H1KfrpoeHCZTWUP7yfPNLD4rBsuizKAzhOMS/xt5TWdIbc1twZWfBlqik\nMSH3r/SZ8cS+Osd53ELzrqJXWpIGuGneLhMmAMXoD8K8gf4Ef4qx4+xFppVoRpz2\n6+yEFZCvBVEEAqpmAgchr+ehK6bkbSX3WqAYj4T510PkdyNYsEPzc577XP6aQAUo\nB8iKt6v0mGfY4HVoxi9/eNNBXWB4nfzJsDWxclmD/mBi5Av5BEWWLcEQqLaSEhtZ\nH1zeIFSOSgGyLXBbQovyUhYKTMMV3suf1E8Eqqs8wHWgc6Fm4a414/8J5yNI7hSn\nk5Pjp+zevP08e6AqJjVj47Z1FucPR/tWdTxLSfNEjE6tiMiWeX4z5dn52r3NbDNf\nyYwnEYSgbBJaj4DFxlMStM8ec+2eMi4t0+cD/jYe+bVVOqVY167YIAb4y07c/wtG\ndhgRX80K5ccvFkC/KvmUBZ+++j6E7vzKVjiGgwNYl+T+yvNiywDvZkOHdCV+A8Dp\nSTcEg98fI4eC2E1dIvj+78ndQpJMYPpmtxsxGRrGm4amcPEc+ZyJXrZzN9U9oyIk\neglJCasys16KbMFQg67qF2JaIu36ofdexdiHqmq1a9hNZ+AhLzkbqs0cKQ47ktVl\nTwlroHRSz3hIvbWVv3yh/drEctgzELH7n3OU8XJ9aCl1Z6KhqPsvTpTulX2E23ms\nZp3UWYpEc025zqotas8kINiaw0auUP/6vaCKMY29x2CPomWjVTA7Ge7d8Na5AisL\n73TDdr9W6AORuLu1UZcx0N69+O0d/1F4R4uQI6KVYNQHzFTYCj/ZuMCbJtvI3Sz3\nipl3kCru3GHGma3gB0SJGs2sfttnYTPY0WlCi5REIj9B07X7xeTfqH4jFffu02h8\nEef2tTYfWGmaim/RRGcWPTSXMdrk4/Ji9VwCB8zgQJJDc/bYWSgpNzlDVXrCwmzk\npgaiabldwCptUY+19OAvBTI7XmjCQfnlctahzne+FEyVeo6wBms3QyGhdCsyRFyM\noz4bFke0gg3sVnfbBrKk3ypCUez90TFAULP87tKAcJSTZsNqWnn408vcMxNiwGB8\n7JpbQrHYTSq8Mrmvfy0dAB1VszfNn0LBCgibFaq53Ht8b2Ldg8tssdxbGNUCfmjv\nQwWFIPq59QNhzjEYrxl7lwaP7vlN6YLczhX4kCwdpk/ye7F4mkcgD6Xvt2aLznah\n66N87D+CflMT1LiD4Zb3UXMvbwMAZdN0n7nzJkVWOsjV3zvgN0HtJClmJTKW1vYA\nulNAeiuq4thXtK6j5+1wnYN8CUdZgHykZoh7NBR8RCLkS9ki3nLlQYA4V4LK0EGv\nMAlDJKgASbgyL4TzdJG0YI7XkrqBq7n2Ns/m0zUno64hZUKUOVb3nQnLCfe26Gfv\nfU1YFTb7tMq2TwNR4wN7+ODZihGRk1tE236dpFIr/W+LILN/GR3LJZjn3TZwP27w\n5sg6nDgIfQc+9gS0jzJlU/HP6jmw35JmOzPWNmiV6O6hLFSUOOlEU79AiX0YON7F\nwMttk2lBdlBKcNdEUVZIIm+90QumXVYAlZ9c02HxsuQIPWro3lXwGj8/xiE8U9tU\nRc9fvu4zdE+0S3rjCnl9qbnR4kqn9zdxclvSdCl0N2/wSa39jNSGbuNE6dDsGr9a\n3CE+97TumqaRgOg8HWbRzxJWdgkzosk/tLiJCR+xUEgixNAtTs/2Q4Es4RPIA2WB\n7Ch6J9GONF4RybEfz+FdIar1C/iJ9XKhCS0uu2rkKvmYT0JsZJFpGpxy/NHpRhcL\nz/guCBy+7xvOpC7zIcTr+52o1q+xn3nirPQZgL2n8UAFsbEz0xY/gSJDDuxgrtAJ\ns4Q3nwGCOXpwvMk05gCkYI9URJvbI18XAuRXmCUELMgfKYhkBMnz7w==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-lS5gaLM2RND59lPkw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-lS5gaLM2RND59lPkw', '--output', '/tmp/tmpwgts9tut.xml', '/tmp/tmp6k7ssx3x.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp6k7ssx3x.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_2 ____________ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==jagEfWhcZAdR6W5+Y6dOo4dtFw3K7FLAqHx7hDtZvQVsNCDLdVyitFLP3nfYwPnI\npJ0nidf0p9JFbbyDy3yX9CJV9Bx5QKkcyg71QpUVInaA+j5TAsBWK5Vo3DRzLu4S\ntA0bv1m94AAxcBvlhoq97BMZ5PaUeo/UlKHKo4EuXEk=5q6VlGp5mzsusaB48MusJ3nGum43uPvTjI+sJ4NwpIPRW3YDtYOpOmdIwEzFiLrh\nPp55rTCB07q5ACcz4VfQ69S/ivlThEML2B5/0menA92QvxkJcZPQUPP5YkJ0QNpE\nfovPwxDzHMjlXahqHGjKWizjgurp95IGi7ntx4FtNtdzG9e92V0j6vHqUxpzNTEK\n+5mfGNSTPp1S/JWvkL1fKwgmr8sk/eJO7mRkjOgRVQBNgHX86jIIr3OhdvTJ4PkY\nHg++d8zJn5VPnIcKaJY2HyIML0QyEAqm2RS8xjXNOwI8m+4obQI+uvmmV+r8Xl5I\nl0uyj9VBRMuB0MGLat0XXEeUh87x5HObnbDCLkG6tJa313LEEeZMpBc/m9MPOcz4\nGDa63nCeO6oOQPyPxTZk7aWCYORCC9a4t76DeDlH7sW5tU42YqzUYLYwjg/hTMVS\nDg4NbRF7MlUKIpnFvdTCQbJaajQxX/OmP+2xKMK8sAPcDe58IxD9JcYWydpB1tKm\nlbrXJve0gaoTGTMOfCIegWjQkQqfXOzDJiCoTYBlgrAkyZvk3KJsAF43ld8zKrS2\npFJc/i+QMEZ2iG0j4iSS6ywT1M55S6c3YBdJyh9Sr+w+sEqUxctngDE5C6pVgIwR\nuH4bxCqDUROwlgUwTB3p79PnKOvdsnmUmcOtrOaGi7WBWjGQsJJAaBYSqzlb5IkX\n5l6Qo6OnFSdlN1rkaROjpWxz0TzpsJjU92zme5kyh7OP7DcJfFSHeooPWwQg5b8g\nzI9VbiBfQNBfCm1kCG/ownlkJgMBM9O/W5TGOgABOfmjadYaR4mVCLau6I7p6qDQ\ncxUN1Wh/g6gIIhFuMQSd1F0m2jdGtPhlBNZJXAufa7VRTe5F6iY84Nj0qzOnbo/c\nFqA4D9PhWQ0shHJIUVkUyYZA4r+2nSuVIP8YV7aiM7b5KjZFWfhaMb8k7jsM1Z6d\nBF6r64Pm2gHgSVQ1Y4bj2DPGAz8muDzK1U/kEu/PnUxvaLaI3c/6chuB/shtCsz7\nv3HWDG3DiaNe3LjjEb2TTlNNKzmsrWNCdJVA93ekASAAhvZzUfuRqnAFS7TwWEtF\nVmJotN1X++70+jmRDKrAWiUVIqA8KUCfdfjbAkW0R/wLHWCKRDva/Owg8X5t1Wta\nVY3UMksToJ4tMHgtmjHheAqXiJsUCbTY+uJS26RXuYH4mK+BTfE6YcoGGLfgw0Vx\n0zF/WBfWyGvAPNIwGYAbuEMx4WwE/zbVLXgL4z5AQIW7fI6EV0Mk/YNf9LR79A8l\nqEyFOcV2eJNtVzSlLAyBmP5H4GN7gaB3xAK6JQlTzS+taNLchioUKLfHHUv8ieoQ\niXwvCwffuuOEmQh30J84redeYUajoJ0cgotClQ8fhQUrw76QpneoZlPKTnpnizIH\nEr0wBL0A/0Llj4Wbj8/rbzmTfEbbFMZLCk6nHc77lGbIqJBhEMZ/DgtwDnLh6pNc\nXScppTXFLTzBKN/HerqqK32PQ4lO9HugcYrYgEpE8g03Kc4Xla8FzNzk6eaEjTuh\nvuErojn+F2lyoSsa3KBefDE/CG4JJDQrTbPwwaULymGGIDDhnWAKYfG41sWt5Xy0\nJBWY6W3Xoi3iAaC89mY49rHWEVE+IQuI11EZRTltc7cx0dZzKgSbTDk2AXHSPJiu\nAore3P3XYOpuT0gjCFxzI0hR3V4yvxxTHkYZ8m8exwTPh6uOaz2tmVcxBgSKynAg\nghnvGTBatIhMYxydtrNp0ST8MOZYEpHKWXNhKbTSGJ59VuJmLND2W31nHHmodSxc\nMNepkKHEC4YLP7NoFT7PlkUMZ4sYd+r2HowplBu29wucALkHN5I+UY126TawDbRD\n07JSHLHV7054OKQri/JsjlDzEboPy+4dm2usisF6hzt/VKNykNcm5a8nodDgFRml\nb2kS193T2Srr0RHuSLbigq4QBJ1qG9QX1RVeHaaDYHmg+GBD1D1s6fSDeLqcm34a\nr/Qqu74Q+XpFcFGYPkxqkU4wCjbmknvzmYnCg3ZSffSFjTarEDEIeW2DwU73YrWu\nwvjKC1L1LUFFFPfsZJyhxZfhSeyXviIMiyYtnstHw+ISRAxUtfr7qpbzZb70nW2l\ni/srauv6AWQxNNo/xGBwFtezXy3vCVouR3DxRAY4fFFG8/k56TOyxFCNfYz7gA4d\np8wgz/eAflMlwei09L1THxozsY7u1ZLRS9miR5d8e1DSY0FxPJsgZmxhW7qkmqSs\nmDeDf/A0iruWW6kCxS3AHYB38+om/T306ijPCGLMJxcS+QabaJquThSa/ydHG/M5\nePKia6jEMiSKgB7SeHAe7dV82wiyAX4pIvQ7FFYsyWm7vFSq04xzN8H+3obucYg7\nPkAh7OuLhhTsDAj4xcUk7tD8oY9NkdGw4cneHqHdHyMhTsAhgi+pA6HbXFnHWQ+l\n3VdNLNnyoHDirzYsMMvzPfSjSYv0Lg7YwI893oEeYGZnAj/p/NhaOu3j3cwVLo+R\nFNRLR1IqGXjxiHxKts0vah3GTBp/IjWJjvefaY4zFkn5fGyrxwPHnAAC1DnnfVah\n6hGFY20fKwUJODxZXGRai5WRiEIQGOhw9sV8MQtFNyATIf/CC8IkaHuhik9GK6Bb\nr/FJFTNYonsU/dZsbAeqrTpS/wycAoLDXi182+isDwAUldVHgwcRHi622qbkb+co\nkhjWUrqKE7WWo+i5dK30w8hVdTfcX673zaScO2qEvaJCJVDPWmx0MJo14VoWRf1O\nnP1RWbhDq/ArxXoDnYL10qwJsyBspPxtdkyOZm8RZztfpCaAHZY+AvqwBeda8JCb\n1eUkjxYoqxIAQBNQ14+oSJINqHLrt/b0CeAnuucIlaaVwbImohaCGw5zEYDp1Fkn\ntMXdNPwRAKGTRSIRTbmUJONFn4kRRXVE9wpN3QmYXMgSL2QWY+NI5A==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ZFlqKo9e2CPAvClom' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpu6lnzrvh.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpu6lnzrvh.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_2(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=False, encrypt_assertion=True, encrypt_assertion_self_contained=True, ) tests/test_50_server.py:1681: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:912: in _response return signed_instance_factory(response, self.sec, sign_class) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = '\nurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==jagEfWhcZAdR6W5+Y6dOo4dtFw3K7FLAqHx7hDtZvQVsNCDLdVyitFLP3nfYwPnI\npJ0nidf0p9JFbbyDy3yX9CJV9Bx5QKkcyg71QpUVInaA+j5TAsBWK5Vo3DRzLu4S\ntA0bv1m94AAxcBvlhoq97BMZ5PaUeo/UlKHKo4EuXEk=5q6VlGp5mzsusaB48MusJ3nGum43uPvTjI+sJ4NwpIPRW3YDtYOpOmdIwEzFiLrh\nPp55rTCB07q5ACcz4VfQ69S/ivlThEML2B5/0menA92QvxkJcZPQUPP5YkJ0QNpE\nfovPwxDzHMjlXahqHGjKWizjgurp95IGi7ntx4FtNtdzG9e92V0j6vHqUxpzNTEK\n+5mfGNSTPp1S/JWvkL1fKwgmr8sk/eJO7mRkjOgRVQBNgHX86jIIr3OhdvTJ4PkY\nHg++d8zJn5VPnIcKaJY2HyIML0QyEAqm2RS8xjXNOwI8m+4obQI+uvmmV+r8Xl5I\nl0uyj9VBRMuB0MGLat0XXEeUh87x5HObnbDCLkG6tJa313LEEeZMpBc/m9MPOcz4\nGDa63nCeO6oOQPyPxTZk7aWCYORCC9a4t76DeDlH7sW5tU42YqzUYLYwjg/hTMVS\nDg4NbRF7MlUKIpnFvdTCQbJaajQxX/OmP+2xKMK8sAPcDe58IxD9JcYWydpB1tKm\nlbrXJve0gaoTGTMOfCIegWjQkQqfXOzDJiCoTYBlgrAkyZvk3KJsAF43ld8zKrS2\npFJc/i+QMEZ2iG0j4iSS6ywT1M55S6c3YBdJyh9Sr+w+sEqUxctngDE5C6pVgIwR\nuH4bxCqDUROwlgUwTB3p79PnKOvdsnmUmcOtrOaGi7WBWjGQsJJAaBYSqzlb5IkX\n5l6Qo6OnFSdlN1rkaROjpWxz0TzpsJjU92zme5kyh7OP7DcJfFSHeooPWwQg5b8g\nzI9VbiBfQNBfCm1kCG/ownlkJgMBM9O/W5TGOgABOfmjadYaR4mVCLau6I7p6qDQ\ncxUN1Wh/g6gIIhFuMQSd1F0m2jdGtPhlBNZJXAufa7VRTe5F6iY84Nj0qzOnbo/c\nFqA4D9PhWQ0shHJIUVkUyYZA4r+2nSuVIP8YV7aiM7b5KjZFWfhaMb8k7jsM1Z6d\nBF6r64Pm2gHgSVQ1Y4bj2DPGAz8muDzK1U/kEu/PnUxvaLaI3c/6chuB/shtCsz7\nv3HWDG3DiaNe3LjjEb2TTlNNKzmsrWNCdJVA93ekASAAhvZzUfuRqnAFS7TwWEtF\nVmJotN1X++70+jmRDKrAWiUVIqA8KUCfdfjbAkW0R/wLHWCKRDva/Owg8X5t1Wta\nVY3UMksToJ4tMHgtmjHheAqXiJsUCbTY+uJS26RXuYH4mK+BTfE6YcoGGLfgw0Vx\n0zF/WBfWyGvAPNIwGYAbuEMx4WwE/zbVLXgL4z5AQIW7fI6EV0Mk/YNf9LR79A8l\nqEyFOcV2eJNtVzSlLAyBmP5H4GN7gaB3xAK6JQlTzS+taNLchioUKLfHHUv8ieoQ\niXwvCwffuuOEmQh30J84redeYUajoJ0cgotClQ8fhQUrw76QpneoZlPKTnpnizIH\nEr0wBL0A/0Llj4Wbj8/rbzmTfEbbFMZLCk6nHc77lGbIqJBhEMZ/DgtwDnLh6pNc\nXScppTXFLTzBKN/HerqqK32PQ4lO9HugcYrYgEpE8g03Kc4Xla8FzNzk6eaEjTuh\nvuErojn+F2lyoSsa3KBefDE/CG4JJDQrTbPwwaULymGGIDDhnWAKYfG41sWt5Xy0\nJBWY6W3Xoi3iAaC89mY49rHWEVE+IQuI11EZRTltc7cx0dZzKgSbTDk2AXHSPJiu\nAore3P3XYOpuT0gjCFxzI0hR3V4yvxxTHkYZ8m8exwTPh6uOaz2tmVcxBgSKynAg\nghnvGTBatIhMYxydtrNp0ST8MOZYEpHKWXNhKbTSGJ59VuJmLND2W31nHHmodSxc\nMNepkKHEC4YLP7NoFT7PlkUMZ4sYd+r2HowplBu29wucALkHN5I+UY126TawDbRD\n07JSHLHV7054OKQri/JsjlDzEboPy+4dm2usisF6hzt/VKNykNcm5a8nodDgFRml\nb2kS193T2Srr0RHuSLbigq4QBJ1qG9QX1RVeHaaDYHmg+GBD1D1s6fSDeLqcm34a\nr/Qqu74Q+XpFcFGYPkxqkU4wCjbmknvzmYnCg3ZSffSFjTarEDEIeW2DwU73YrWu\nwvjKC1L1LUFFFPfsZJyhxZfhSeyXviIMiyYtnstHw+ISRAxUtfr7qpbzZb70nW2l\ni/srauv6AWQxNNo/xGBwFtezXy3vCVouR3DxRAY4fFFG8/k56TOyxFCNfYz7gA4d\np8wgz/eAflMlwei09L1THxozsY7u1ZLRS9miR5d8e1DSY0FxPJsgZmxhW7qkmqSs\nmDeDf/A0iruWW6kCxS3AHYB38+om/T306ijPCGLMJxcS+QabaJquThSa/ydHG/M5\nePKia6jEMiSKgB7SeHAe7dV82wiyAX4pIvQ7FFYsyWm7vFSq04xzN8H+3obucYg7\nPkAh7OuLhhTsDAj4xcUk7tD8oY9NkdGw4cneHqHdHyMhTsAhgi+pA6HbXFnHWQ+l\n3VdNLNnyoHDirzYsMMvzPfSjSYv0Lg7YwI893oEeYGZnAj/p/NhaOu3j3cwVLo+R\nFNRLR1IqGXjxiHxKts0vah3GTBp/IjWJjvefaY4zFkn5fGyrxwPHnAAC1DnnfVah\n6hGFY20fKwUJODxZXGRai5WRiEIQGOhw9sV8MQtFNyATIf/CC8IkaHuhik9GK6Bb\nr/FJFTNYonsU/dZsbAeqrTpS/wycAoLDXi182+isDwAUldVHgwcRHi622qbkb+co\nkhjWUrqKE7WWo+i5dK30w8hVdTfcX673zaScO2qEvaJCJVDPWmx0MJo14VoWRf1O\nnP1RWbhDq/ArxXoDnYL10qwJsyBspPxtdkyOZm8RZztfpCaAHZY+AvqwBeda8JCb\n1eUkjxYoqxIAQBNQ14+oSJINqHLrt/b0CeAnuucIlaaVwbImohaCGw5zEYDp1Fkn\ntMXdNPwRAKGTRSIRTbmUJONFn4kRRXVE9wpN3QmYXMgSL2QWY+NI5A==\n' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ZFlqKo9e2CPAvClom' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-ZFlqKo9e2CPAvClom', '--output', '/tmp/tmpqaxrwwyh.xml', '/tmp/tmpu6lnzrvh.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpu6lnzrvh.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_3 ____________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-lMT72l0JUdJxSM9Yn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp_o0ub1lc.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp_o0ub1lc.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_3(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=False, encrypt_cert_assertion=cert_str, ) tests/test_50_server.py:1726: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spDaveConcepci\xc3\xb3ndave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-lMT72l0JUdJxSM9Yn' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-lMT72l0JUdJxSM9Yn', '--output', '/tmp/tmp3ffu34oc.xml', '/tmp/tmp_o0ub1lc.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp_o0ub1lc.xml" output= ___________ TestServer1NonAsciiAva.test_encrypted_signed_response_4 ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjUwWhcNMzQxMDI3MTAzNjUwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAoBLavgmDLzxvq8+DC+LdRDtwl7QNaZq1bh2h9Ls7gldCdklHcp7weqQ0\niogaO3b9cMHJuLvgIoFIZ1mMSGK7g7hnXGHvTza3WTg/PFS9jRo8BeJ+KjkwRVEs\ng0ROs65FRW1gSbrwgFErgivohdV5RK/3T1UBykywp2OybEKpNrknlM07KFXRQVFD\nTphNvFQSeVTclkPP2EcXeiMxqawofuEFfSiwnrUe10hdFkxUciH8URfCHchcmYKf\nV2j5a+32OppmagCiE5r1e51QazgLPWHRuj9l3Gmdq7xJ+WrQZMXqDX5NrQ1OUWSB\nmK5UUU4Karb+G7h3O0jlivT3y0/2kQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACBD\npeCBfSYAyBG5kIi9jWAzChgo1rppJmeZLtM+3Sk+JMo6eKl6MqDcuGD9sHO5JiSL\nA1wFjVmP2uyT0No2dvSTFq5TEGcPwlXlbYs7VUGLN29bbqMVLcD4Qr8eTGqJTFfF\nZUj/XklMANvx+e6v4Zs3+GWhYoGfV3i4Gs2KUHzKGTCmrZz/FGN1dvJjeqZAD1XMh4oh1Gi+DhIT5T2Ddzp8Jjf5T8yCZaj/MrghHRdb\nj7NU9Aj6q38gn3RHyAnBriy0wyrWxNIOQbOAgyKi4HwKl/Il43PigGT7vPnVar2I\nC5WRLFc6BmoIeTNn+jFYYO5VFJG0OUacHbKb3s7j4s71oPSgS2kHNTeQVxXZg+R0\nfLv5RgwwAp+zs8xVnJwqcnZPiVAebp4QRRkpFkdfxsvt010iYUqPAAqQtOIOIqkJ\nZwuYpsHjkzd3LT76ZM8Fy4RbGIf4VBBe54hwAzOROhv5Xaak2TrCOawA7ZwwNPIu\nQPFVPxf56RFcMa2VQ5Cn+g==bedZNaPcTRzygLJF9Dri0A+qcdgS+HP/6UIBOJUsxqYyhAbcPmcJyZRyU3czBj7v\nFB1IZzwJldxZPDQeKHF2marjzVizYR1XadI1NVgBS3p9Tk+rXsUBYjPtmW1Gvkq2\nHHUaSY/Ne6xFVm2cSO/Oncdo5xWFfwewipa0nUVoohtEIPCqd1An36zDrr27snqx\nuC2ZvT3OFHIvGgKtSyT8PGoysOxHP6/c2KKuCymRNmf55HmlVWcfv5v76pWyMCEO\nQ2oii6wPLc/qTVyOGdmlSIG7YrO2ztPZgEVEZ+dwaxhMl78UYumOrqieRZQnv6n0\nW4T9xtlCfDRY2oubUt9i1YQG4BnwcgYTxZVXjpiTDz/ZMiDXvzF4oWUqDzdgi5Ss\nvH5KXzfOxr5kmv8qAIJOysRN1qfwcD41uWmwkCS31DXBselVc1rAOazGtRpyhw5f\njqbK0ccRHjn4tWxvQgj0rezJMGaW5Rpa89l3PFPfC16w1gARmLQJgBOfjpTMl7pj\nQw5nsypanPpZLclDF9WjRfyWAWoYSkDX8FVl2tU9kJhNkXLbU+xPlMbaCDFsIyiZ\neUjfSpSvJZljcWwCmyvTb3k2KVlkdkkjZ6M/Yc2tIaHWbMWB90qiv65ez9tF2lGE\nypB25WaP1yiRjqZPXNFKIf0YOw0KTXqUU4PTK8byU6mr2Kw3MDlUjsg7CYRfowEH\nIdt9MfCcWRVwJ5QolHb8+/lNW4BSyUggS3GFCyIXos01T4Rk/fV9aFlCdYVWU5QI\nbWxlfLdRQtzCM4gH5vRPtIwGYvRTZNaeew44BdCrK3vg+NEoZAkL5IrvOJCRGazv\n5be0sVAKIA8BUU8maGDuI+dxxLRGXEEMa379aJwDVFiz+64qE8hQ3eT0EnliIZ+i\n/UHgtQl8OUzxwepQIltCQIeIIpJGI9CazsxeVLmW1YZFQ542mHEY2376y8ioRjgI\nxn8tOwKEjwLkHF40AifxQwnst48y12OxIciAPSED/YmdjBskK5CFzLdU/0hVUZt/\nTueTCln7X7W02k5kvt9lIY4L4DqwRiugicHdv3e7tOXAnzfW8i1Tm348fpzY4m1n\nA+Y5YJkUD9UgCuNJ7zJlTFVPzMu5nL6CG9Mm3CWIOCTqNeTcNcppJD6Ii7L6MU4C\n2aPUa+RyCz8ZfKTbxWVVviRRLw6v0LL6UiEOHhQPbwDsspJUoxXLWHg9SlCciYE4\ni7WJqLA7xMrKpz0UNfMCVUBra7wW5Ch2ZQwHpmr7guCYlgnknQFYOb16JhRLJt06\nOB5Rreg2oQ5dFoOgmbRSVJnTPF2/g5T1I9Ny0hKGWjEnm5cP7aywXwJtMOQ2yu/g\nSj0xfp9tcFbXndoF3eAuaZQdhXLLjt+MPKHDBvM2cLNusjsPIcUKaHxy8/WMA/Zo\nHIRV3tvFS3gJ2CF1+60XIB99CqTOF73lx5EWfG32gKhexsKZ1/YuN1cZrDSnNc50\nc2OQPGcUx3UQXJ9+w4C2esU2a/wm/Eyi66GsY7ccOzDyGjKDLqqL4Fci/abTZw5t\n+TOc8+V/+u6bclsgrs1d+tuUjE+WuKETKlQz0T28emjYmiikXe9Uy6BLe0V5Y0c6\nUW0KmuT352gBkKfXxympQGVzL1MFoZJvBoABgNTRukaYGDZVjhMXlCiPCi6yBMmv\nXygeQsN10XYV+SIo/pNHHIXPGmC68l0bbvlulrtrLtpYZInsrtcogpUpcvYL6BHn\nSJVxVYtzM6XhLCYSZ1oP42n+N0ogXqtmHcHKLHrJj9Y0z1SY75WzGqTk/OpbQjIO\n3XdKjWMGp1A3Zxq2/Kyf6J6Plat8UuaWDl0MDi5JsjHWxK7DOp3f2JdNyU/+Z/fT\nOs5gmtvU2NhM9ODsWCGNPWBsfcGpekw94r/OusvfxoP6EmGPxYqgU+PcEc0FMZ+E\ncb/RBiJancdjhJ8jKmYbPtygwDOAxqaYbw4KHRNRh5lE6NA8pP5uX/vrLK+Q6Vex\n0QD/u2CehGLCcvbA0i4EIMtTT7t75vyVUPBfqH8Gu/d1J/dvYFwCsEpF9oMViCVx\nRM/hQgM8TblStvQ5qMlqJZwrsL70oadws7m18yaYbEa4r6U7xFIW4iDL8SkMzrGD\n1j8rNL7FXxRmns9FLxRBQ6sEScd1r9FA+W7RIvOFkxFxiNcD+U2JkVssk5jZqi99\n1R1QyEVSYrXjb3XK4Gt750u1NVtmShJ1O4glB7IiuEuFuRswoNIiSS3jVvopS7DW\nCxIiqtAEUgvWqtC2hmT1FaoWF7rP0dvJnMlwONZV0Wtmeq16sg3DysgVt+QCLeE6\n0MGD7QInRAOYTI1J6ndU6BLmA+O4UOyxcR/lywkkByUcXjzLQUyV2Mv/RCGkYg47\ngz1rODZq7vCzwdYMOgLo2iBW2nrWUqSifqtNf4mKNC5eeldZzACbOA==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wwECWM9zwpiCvJhKt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpoj1zez56.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpoj1zez56.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_encrypted_signed_response_4(self): cert_str, cert_key_str = generate_cert() > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_50_server.py:1773: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=329732703d5e4385a7f2ae853415ef3646f087016a710e75effa90b125fc3108urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjUwWhcNMzQxMDI3MTAzNjUwWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAoBLavgmDLzxvq8+DC+LdRDtwl7QNaZq1bh2h9Ls7gldCdklHcp7weqQ0\niogaO3b9cMHJuLvgIoFIZ1mMSGK7g7hnXGHvTza3WTg/PFS9jRo8BeJ+KjkwRVEs\ng0ROs65FRW1gSbrwgFErgivohdV5RK/3T1UBykywp2OybEKpNrknlM07KFXRQVFD\nTphNvFQSeVTclkPP2EcXeiMxqawofuEFfSiwnrUe10hdFkxUciH8URfCHchcmYKf\nV2j5a+32OppmagCiE5r1e51QazgLPWHRuj9l3Gmdq7xJ+WrQZMXqDX5NrQ1OUWSB\nmK5UUU4Karb+G7h3O0jlivT3y0/2kQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACBD\npeCBfSYAyBG5kIi9jWAzChgo1rppJmeZLtM+3Sk+JMo6eKl6MqDcuGD9sHO5JiSL\nA1wFjVmP2uyT0No2dvSTFq5TEGcPwlXlbYs7VUGLN29bbqMVLcD4Qr8eTGqJTFfF\nZUj/XklMANvx+e6v4Zs3+GWhYoGfV3i4Gs2KUHzKGTCmrZz/FGN1dvJjeqZAD1XMh4oh1Gi+DhIT5T2Ddzp8Jjf5T8yCZaj/MrghHRdb\nj7NU9Aj6q38gn3RHyAnBriy0wyrWxNIOQbOAgyKi4HwKl/Il43PigGT7vPnVar2I\nC5WRLFc6BmoIeTNn+jFYYO5VFJG0OUacHbKb3s7j4s71oPSgS2kHNTeQVxXZg+R0\nfLv5RgwwAp+zs8xVnJwqcnZPiVAebp4QRRkpFkdfxsvt010iYUqPAAqQtOIOIqkJ\nZwuYpsHjkzd3LT76ZM8Fy4RbGIf4VBBe54hwAzOROhv5Xaak2TrCOawA7ZwwNPIu\nQPFVPxf56RFcMa2VQ5Cn+g==bedZNaPcTRzygLJF9Dri0A+qcdgS+HP/6UIBOJUsxqYyhAbcPmcJyZRyU3czBj7v\nFB1IZzwJldxZPDQeKHF2marjzVizYR1XadI1NVgBS3p9Tk+rXsUBYjPtmW1Gvkq2\nHHUaSY/Ne6xFVm2cSO/Oncdo5xWFfwewipa0nUVoohtEIPCqd1An36zDrr27snqx\nuC2ZvT3OFHIvGgKtSyT8PGoysOxHP6/c2KKuCymRNmf55HmlVWcfv5v76pWyMCEO\nQ2oii6wPLc/qTVyOGdmlSIG7YrO2ztPZgEVEZ+dwaxhMl78UYumOrqieRZQnv6n0\nW4T9xtlCfDRY2oubUt9i1YQG4BnwcgYTxZVXjpiTDz/ZMiDXvzF4oWUqDzdgi5Ss\nvH5KXzfOxr5kmv8qAIJOysRN1qfwcD41uWmwkCS31DXBselVc1rAOazGtRpyhw5f\njqbK0ccRHjn4tWxvQgj0rezJMGaW5Rpa89l3PFPfC16w1gARmLQJgBOfjpTMl7pj\nQw5nsypanPpZLclDF9WjRfyWAWoYSkDX8FVl2tU9kJhNkXLbU+xPlMbaCDFsIyiZ\neUjfSpSvJZljcWwCmyvTb3k2KVlkdkkjZ6M/Yc2tIaHWbMWB90qiv65ez9tF2lGE\nypB25WaP1yiRjqZPXNFKIf0YOw0KTXqUU4PTK8byU6mr2Kw3MDlUjsg7CYRfowEH\nIdt9MfCcWRVwJ5QolHb8+/lNW4BSyUggS3GFCyIXos01T4Rk/fV9aFlCdYVWU5QI\nbWxlfLdRQtzCM4gH5vRPtIwGYvRTZNaeew44BdCrK3vg+NEoZAkL5IrvOJCRGazv\n5be0sVAKIA8BUU8maGDuI+dxxLRGXEEMa379aJwDVFiz+64qE8hQ3eT0EnliIZ+i\n/UHgtQl8OUzxwepQIltCQIeIIpJGI9CazsxeVLmW1YZFQ542mHEY2376y8ioRjgI\nxn8tOwKEjwLkHF40AifxQwnst48y12OxIciAPSED/YmdjBskK5CFzLdU/0hVUZt/\nTueTCln7X7W02k5kvt9lIY4L4DqwRiugicHdv3e7tOXAnzfW8i1Tm348fpzY4m1n\nA+Y5YJkUD9UgCuNJ7zJlTFVPzMu5nL6CG9Mm3CWIOCTqNeTcNcppJD6Ii7L6MU4C\n2aPUa+RyCz8ZfKTbxWVVviRRLw6v0LL6UiEOHhQPbwDsspJUoxXLWHg9SlCciYE4\ni7WJqLA7xMrKpz0UNfMCVUBra7wW5Ch2ZQwHpmr7guCYlgnknQFYOb16JhRLJt06\nOB5Rreg2oQ5dFoOgmbRSVJnTPF2/g5T1I9Ny0hKGWjEnm5cP7aywXwJtMOQ2yu/g\nSj0xfp9tcFbXndoF3eAuaZQdhXLLjt+MPKHDBvM2cLNusjsPIcUKaHxy8/WMA/Zo\nHIRV3tvFS3gJ2CF1+60XIB99CqTOF73lx5EWfG32gKhexsKZ1/YuN1cZrDSnNc50\nc2OQPGcUx3UQXJ9+w4C2esU2a/wm/Eyi66GsY7ccOzDyGjKDLqqL4Fci/abTZw5t\n+TOc8+V/+u6bclsgrs1d+tuUjE+WuKETKlQz0T28emjYmiikXe9Uy6BLe0V5Y0c6\nUW0KmuT352gBkKfXxympQGVzL1MFoZJvBoABgNTRukaYGDZVjhMXlCiPCi6yBMmv\nXygeQsN10XYV+SIo/pNHHIXPGmC68l0bbvlulrtrLtpYZInsrtcogpUpcvYL6BHn\nSJVxVYtzM6XhLCYSZ1oP42n+N0ogXqtmHcHKLHrJj9Y0z1SY75WzGqTk/OpbQjIO\n3XdKjWMGp1A3Zxq2/Kyf6J6Plat8UuaWDl0MDi5JsjHWxK7DOp3f2JdNyU/+Z/fT\nOs5gmtvU2NhM9ODsWCGNPWBsfcGpekw94r/OusvfxoP6EmGPxYqgU+PcEc0FMZ+E\ncb/RBiJancdjhJ8jKmYbPtygwDOAxqaYbw4KHRNRh5lE6NA8pP5uX/vrLK+Q6Vex\n0QD/u2CehGLCcvbA0i4EIMtTT7t75vyVUPBfqH8Gu/d1J/dvYFwCsEpF9oMViCVx\nRM/hQgM8TblStvQ5qMlqJZwrsL70oadws7m18yaYbEa4r6U7xFIW4iDL8SkMzrGD\n1j8rNL7FXxRmns9FLxRBQ6sEScd1r9FA+W7RIvOFkxFxiNcD+U2JkVssk5jZqi99\n1R1QyEVSYrXjb3XK4Gt750u1NVtmShJ1O4glB7IiuEuFuRswoNIiSS3jVvopS7DW\nCxIiqtAEUgvWqtC2hmT1FaoWF7rP0dvJnMlwONZV0Wtmeq16sg3DysgVt+QCLeE6\n0MGD7QInRAOYTI1J6ndU6BLmA+O4UOyxcR/lywkkByUcXjzLQUyV2Mv/RCGkYg47\ngz1rODZq7vCzwdYMOgLo2iBW2nrWUqSifqtNf4mKNC5eeldZzACbOA==' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-wwECWM9zwpiCvJhKt' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wwECWM9zwpiCvJhKt', '--output', '/tmp/tmpzvjm30fo.xml', '/tmp/tmpoj1zez56.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpoj1zez56.xml" output= _____________________ TestClient.test_sign_auth_request_0 ______________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', ...] extra_args = ['/tmp/tmp9w59t0hb.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp9w59t0hb.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_auth_request_0(self): > req_id, areq = self.client.create_authn_request("http://www.example.com/sso", sign=True, message_id="id1") tests/test_51_client.py:396: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client_base.py:445: in create_authn_request msg = self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpdpw5b3gx.xml', '/tmp/tmp9w59t0hb.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp9w59t0hb.xml" output= _______________________ TestClient.test_logout_response ________________________ self = def test_logout_response(self): req_id, req = self.server.create_logout_request( "http://localhost:8088/slo", "urn:mace:example.com:saml:roland:sp", name_id=nid, reason="Tired", expire=in_a_while(minutes=15), session_indexes=["_foo"], ) info = self.client.apply_binding(BINDING_HTTP_POST, req, destination="", relay_state="relay2") _dic_info = unpack_form(info["data"], "SAMLRequest") samlreq = _dic_info["SAMLRequest"] > resphttp = self.client.handle_logout_request(samlreq, nid, BINDING_HTTP_POST) tests/test_51_client.py:429: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = request = 'PG5zMDpMb2dvdXRSZXF1ZXN0IHhtbG5zOm5zMD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQtdjNHME9ub1hCWTZVWnpjangiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDI0LTEwLTI5VDEwOjM2OjUwWiIgRGVzdGluYXRpb249Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4OC9zbG8iIFJlYXNvbj0iVGlyZWQiIE5vdE9uT3JBZnRlcj0iMjAyNC0xMC0yOVQxMDo1MTo1MFoiPjxzYW1sOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+dXJuOm1hY2U6ZXhhbXBsZS5jb206c2FtbDpyb2xhbmQ6aWRwPC9zYW1sOklzc3Vlcj48c2FtbDpOYW1lSUQgTmFtZVF1YWxpZmllcj0iZm9vIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+MTIzNDU2PC9zYW1sOk5hbWVJRD48bnMwOlNlc3Npb25JbmRleD5fZm9vPC9uczA6U2Vzc2lvbkluZGV4PjwvbnMwOkxvZ291dFJlcXVlc3Q+' name_id = binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', sign = True sign_alg = None, digest_alg = None, relay_state = None, sigalg = None signature = None def handle_logout_request( self, request, name_id, binding, sign=None, sign_alg=None, digest_alg=None, relay_state=None, sigalg=None, signature=None, ): """ Deal with a LogoutRequest :param request: The request as text string :param name_id: The id of the current user :param binding: Which binding the message came in over :param sign: Whether the response will be signed or not :param sign_alg: The signing algorithm for the response :param digest_alg: The digest algorithm for the the response :param relay_state: The relay state of the request :param sigalg: The SigAlg query param of the request :param signature: The Signature query param of the request :return: Keyword arguments which can be used to send the response what's returned follow different patterns for different bindings. If the binding is BINDIND_SOAP, what is returned looks like this:: { "data": "url": "", 'headers': [('content-type', 'application/soap+xml')] 'method': "POST } """ logger.debug("logout request: %s", request) _req = self.parse_logout_request( xmlstr=request, binding=binding, relay_state=relay_state, sigalg=sigalg, signature=signature, ) if _req.message.name_id == name_id: try: if self.local_logout(name_id): status = success_status_factory() else: status = status_message_factory("Server error", STATUS_REQUEST_DENIED) except KeyError: status = status_message_factory("Server error", STATUS_REQUEST_DENIED) else: status = status_message_factory("Wrong user", STATUS_UNKNOWN_PRINCIPAL) response_bindings = { BINDING_SOAP: [BINDING_SOAP], BINDING_HTTP_POST: [BINDING_HTTP_POST, BINDING_HTTP_REDIRECT], BINDING_HTTP_REDIRECT: [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST], }.get(binding, []) for response_binding in response_bindings: sign = sign if sign is not None else self.logout_responses_signed sign_redirect = sign and response_binding == BINDING_HTTP_REDIRECT sign_post = sign and not sign_redirect try: response = self.create_logout_response( _req.message, bindings=[response_binding], status=status, sign=sign_post, sign_alg=sign_alg, digest_alg=digest_alg, ) rinfo = self.response_args(_req.message, [response_binding]) return self.apply_binding( rinfo["binding"], response, rinfo["destination"], relay_state, response=True, sign=sign_redirect, sigalg=sign_alg, ) except Exception: continue log_ctx = { "message": "No supported bindings found to create LogoutResponse", "issuer": _req.issuer.text, "response_bindings": response_bindings, } > raise SAMLError(log_ctx) E saml2.SAMLError: {'message': 'No supported bindings found to create LogoutResponse', 'issuer': 'urn:mace:example.com:saml:roland:idp', 'response_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']} ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:733: SAMLError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpkt2yqpvy.xml" output= ERROR saml2.mdstore:mdstore.py:1184 Unsupported binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (urn:mace:example.com:saml:roland:idp) ERROR saml2.entity:entity.py:352 Failed to find consumer URL: urn:mace:example.com:saml:roland:idp, ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'], idpsso __________________________ TestClient.test_response_1 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp7b9ea39a069e90283c3c52690d393329e9d8273dcafa0dbf568f0f5f83d5a65curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-jzrQq7R4qzBX09CCi' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmp82c3_1la.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp82c3_1la.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_1(self): IDP = "urn:mace:example.com:saml:roland:idp" ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id_policy=nameid_policy, sign_response=True, userid="foba0001@example.com", authn=AUTHN, ) tests/test_51_client.py:469: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp7b9ea39a069e90283c3c52690d393329e9d8273dcafa0dbf568f0f5f83d5a65curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-jzrQq7R4qzBX09CCi' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-jzrQq7R4qzBX09CCi', '--output', '/tmp/tmpa51zpp_q.xml', '/tmp/tmp82c3_1la.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp82c3_1la.xml" output= __________________________ TestClient.test_response_2 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=09eb1e11f60e6bb5985c1bcbbd4e67a33c5747af1592cb833d89666fab4a525furn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjUxWhcNMzQxMDI3MTAzNjUxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAxNTv6lzfqK/3280OpHnMsUF2qzuI9YyUc1NDJr/oJH7eYX4l9P8niCN8\n8OoVF/CYmvtjkkuZAOLI2glr+qXVt2w41VMGhAbHn8I24NOSLgQCWv7XBLuV6K7q\nuUhSrt7WNoMzcGNW8lDl5UkimOcVvLnfvRFjqBfrlXdHJljyfseu0GYKy6v10vef\nUzcPp+O0edeAYMKZksMYlzjHnmp34U0PXroTmUuAOkp3npOt5jn8+/cpeFvHmV/R\nPdQhphtasTt6GWjyIcOICTHEXIlnoNccqf1tF21OyCf2x5POmMYZ5Z1LmSW2bd5r\n5xLqUkAl8ISVD9yUUICbDXf39Ut4wQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFsB\nvCHfNAMftRChcQ2suaYnIbQ3l7jhZd7tm+nPM4fkuLgdintXDN6Lu/1WrwpcG/y/\nIbYaZxAY1SYBxT/kKpt1ZMEFjHkFtm1diTTgv441MfFp1voQcNYrBONi2oA6NL0L\nQURXWBdFdR0UI89gfCc27haoBfzdY9Vhr+5zwEKkOX1yvoHniYDYHgJQV9PFhF/v+GX5SfkV0f6wyYObcnPtinh1vIu2fXF7tVOkdfPP\nCL7l5ixa8z6u8MH23P9bH/+mefPMUQu5SrInRnBna3CPNBbR1f2dXZrPAxT296KD\nbjn2P7u5N1al4GaICQD6xuBQ74S+gQ5+yQzq0N6cMWy/FYtfbekNVwMwAWVra4Bs\nxTTRVpOLGZiAyLUjLtaxANT9UdkeX7o3cP7dHRbf2DRMLm9oj7ANCoxH2xBKn/Sd\ncG4zMkh3uKZ3KxfY6p0xNOIG4kYax8tY9Sssa3Die8YLwbK0VAf3KftNWTossjR2\nPWeE/lvCYYgGOrX1Bujbyg==F8AUtMyGIyXQ+yI0JspcZjBjsMBsW4m2WePLQ5OMl+K4KlRKAPxPVJ6NB+AgRoK7\nUhQliOlZzpgQFQ0HsZGVf1nQpgONpJomM9Vn9qR3cq2BMoQbHyJr3fLPiZq9iKoB\nZ0JC3gCKYjMwNAIFexoh2RsRmZaJUsvLn4xg99cFZeX112Yw6IKmuAkHw/AisAFn\nMKGibpmxOeuGt2iK5VLam+X5tKGW/aQFLcp6ZabAc/hTZ47qn/6Gm4FxYEASn6hn\nd3MVm3gu8/cP/FqbPI5aA9eRzqoPzsvkK3z6l5FdDRNd6kDKvN0SwI3m0euGTdhA\nDVZYR3QZeLglq/K3tNLfL9AR7ieaeBDpum4iLHYD+tRbG68fjFJee52Cs+58K8vT\nWMrpYi3SqFRmfK4EHYY6mePRvjFZARLvT6hsc1ErlGzx0X9ravsuaZwhHDkehd9a\n8Iw88QfuSOVRHsabs6MKiM8Dsf0y9unrBOWZMNLNCcyeBjPzW8bLfSOq4LHYbOkg\n7MfdGZLDxUngYVPmDp3Q/wNVIbUyEK9ONzDXZhA90ZpdcWu2Cvc5IBjv6sXHMb/x\nJrdF27frRh8k20TWOS0neH8DWzpQBj7hvA/RFBzcR5m+evMt1PD37jXW36J1cUOI\nuvb77s7kiWd8WGf+7OULPSSizuzXRFNjQluwH+Se7PekrEZsIUaH3qfuzoy/4do6\nSq5UlYORElKF6M/6e7L6sTjYb7EpOLA6MBHh0XxMVIeBx0Qa11Xd6Uw5dWnsnXND\nXCABEDWX/kWK3hl1XJJn1X9zibpYJUKw7oK9GgOHMHSXvJyePB4QTR4MP5dAWonC\n9vBGaxzdzD6skHJz38tKrkW+aXTUkdN/zNGrkN5uMqYccafdZudSnT+pTNZ/p0wG\nDdLwMwKhWipNj98O+uNVOKVM834pJb4L2CO0RqR3QtGvGFtDEEOMVLKKi6D2OUN+\nitxSelLn98Dq2wBcZ6y3Yeh9QtDkJmYmn/5WUW+mJgTbJ7zwM0sF4KojeSDCBDXb\nPxvyQMCBPlgFaXsNxXLkpYPhurkNwWdOoxau2fCqSPDOPjIaf4YgIw4fAl2V+PdT\nJYJXomxpud6PdHdh7YYQBjLpNLOSmbv5NjyrB5LE7393tNzAp2T0yP+TtRM5jXJR\nJI/o8Nc87+B8wNqcFL2Pr5Lvuuy6MCCilO03P+1c/XRv1xNjO2cM+t45X/pq1aEr\nh/Bnpb8A4WORpFpfjKaDDvQcLMUfOb/KBjs0EyloLtpEdK+7fswFcTshfDnWdt/7\nZsBv9yNd9zPWeIQkqo86TZxKnS+rbHlsBxJGKcnbD6YRZGrJVueUe/hP5/GlY7ir\nAZ4RbJQy9JKcY02ZJ0JFDpkqSoiBi8gMi5aYORDqIdw6Pa0Y0KuS5TF+ibPML7mq\nPJ1WcndZPiFoc2MNgVFgn0U6PijLPGVV5tOXSBQYt1vzl1VYCqY+oZzqT1t3eQfv\nV5FXf78UDTb9wQEJPuNmshptmDTdFWOBpbHtOz/upQJ85QCl6w7v9JkaB9PspMAD\nQh+fmYC0VbyXXtr92oAt75H8MRgdU7S4PA2cKyxoD8hBo152p2WjGwhK+QxiwPtS\njrwnNbSYyLVo069+dF0L6IFc8aY9LMU7E4DvWPgjv38P634BwAtSZj44sVMBOClm\naYc2nk/6c/Y1N5Y+WYX6CAc2enmVWCfcMZETaU/CleIeAfFTbTTKVWlv9YuP+9aR\njetAmFOJMIpndzow8U6tk5ga7vgr7XlSAh+bFXW7EvCutncA6pziOpVpVvmxV3vp\nS7pea5Ajh6gjYNKfwqGOTaf215p/z1xXco5C3/uGMxu0MncP5Ge8ay0qe89arh3a\nbEY5FLMOMn8I2XZDxg/J/0zxnXEQ7JDMkB0cqScJxFICKW0/AbMf0jFahdyCifsU\ndv0ufLIo+X1t0KmvWFrAofSMbE1j656UKqTAefmvthOSttuQYwEMlrqi7Qvj2qeW\niiM5yxs/gNpRYygsIiwpSHgGuqPf5gxigJUvKVZzlZ7Hsb/yQsyQvMPkE744ORc+\niQAt/cQFslaKahSr7cbmZuXScVIeewrkrEbQv7dOKTYFP46aZgcQantxT4nRd+Dq\nZ96fXa6fmcozU1XdZ+Y6hA0fHNsqmqFOjGOOOdOZOFvCVMd8qgX129HHHFWjt37+\n7SSUoLQRUMBNli/T6YsqxDE4h2TnMgpLPYecDS6+DCVLQLlEIbjkmlHp8pFrLdSL\nFhjhalTwJxNaNMz0mq6mmzncLLMFw8w2Dh9WMNw3Gy8hk2BgcTq9CFro0j/P+8Tj\n9bilXBTEEqY2JL9qsBbd6J3MH2Hpgm66fc2LKQvnAFE/EUrHA+Piajt6mLdAw+tU\nJK0xi/Fx31lvb4iGu1d+xm+5IC79Tl606BDYdgoqetiBRifvAl/MuQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-5TrYyT0B4clXh3Pne' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpc2ic_p3p.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpc2ic_p3p.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_2(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_51_client.py:549: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=09eb1e11f60e6bb5985c1bcbbd4e67a33c5747af1592cb833d89666fab4a525furn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjUxWhcNMzQxMDI3MTAzNjUxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAxNTv6lzfqK/3280OpHnMsUF2qzuI9YyUc1NDJr/oJH7eYX4l9P8niCN8\n8OoVF/CYmvtjkkuZAOLI2glr+qXVt2w41VMGhAbHn8I24NOSLgQCWv7XBLuV6K7q\nuUhSrt7WNoMzcGNW8lDl5UkimOcVvLnfvRFjqBfrlXdHJljyfseu0GYKy6v10vef\nUzcPp+O0edeAYMKZksMYlzjHnmp34U0PXroTmUuAOkp3npOt5jn8+/cpeFvHmV/R\nPdQhphtasTt6GWjyIcOICTHEXIlnoNccqf1tF21OyCf2x5POmMYZ5Z1LmSW2bd5r\n5xLqUkAl8ISVD9yUUICbDXf39Ut4wQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFsB\nvCHfNAMftRChcQ2suaYnIbQ3l7jhZd7tm+nPM4fkuLgdintXDN6Lu/1WrwpcG/y/\nIbYaZxAY1SYBxT/kKpt1ZMEFjHkFtm1diTTgv441MfFp1voQcNYrBONi2oA6NL0L\nQURXWBdFdR0UI89gfCc27haoBfzdY9Vhr+5zwEKkOX1yvoHniYDYHgJQV9PFhF/v+GX5SfkV0f6wyYObcnPtinh1vIu2fXF7tVOkdfPP\nCL7l5ixa8z6u8MH23P9bH/+mefPMUQu5SrInRnBna3CPNBbR1f2dXZrPAxT296KD\nbjn2P7u5N1al4GaICQD6xuBQ74S+gQ5+yQzq0N6cMWy/FYtfbekNVwMwAWVra4Bs\nxTTRVpOLGZiAyLUjLtaxANT9UdkeX7o3cP7dHRbf2DRMLm9oj7ANCoxH2xBKn/Sd\ncG4zMkh3uKZ3KxfY6p0xNOIG4kYax8tY9Sssa3Die8YLwbK0VAf3KftNWTossjR2\nPWeE/lvCYYgGOrX1Bujbyg==F8AUtMyGIyXQ+yI0JspcZjBjsMBsW4m2WePLQ5OMl+K4KlRKAPxPVJ6NB+AgRoK7\nUhQliOlZzpgQFQ0HsZGVf1nQpgONpJomM9Vn9qR3cq2BMoQbHyJr3fLPiZq9iKoB\nZ0JC3gCKYjMwNAIFexoh2RsRmZaJUsvLn4xg99cFZeX112Yw6IKmuAkHw/AisAFn\nMKGibpmxOeuGt2iK5VLam+X5tKGW/aQFLcp6ZabAc/hTZ47qn/6Gm4FxYEASn6hn\nd3MVm3gu8/cP/FqbPI5aA9eRzqoPzsvkK3z6l5FdDRNd6kDKvN0SwI3m0euGTdhA\nDVZYR3QZeLglq/K3tNLfL9AR7ieaeBDpum4iLHYD+tRbG68fjFJee52Cs+58K8vT\nWMrpYi3SqFRmfK4EHYY6mePRvjFZARLvT6hsc1ErlGzx0X9ravsuaZwhHDkehd9a\n8Iw88QfuSOVRHsabs6MKiM8Dsf0y9unrBOWZMNLNCcyeBjPzW8bLfSOq4LHYbOkg\n7MfdGZLDxUngYVPmDp3Q/wNVIbUyEK9ONzDXZhA90ZpdcWu2Cvc5IBjv6sXHMb/x\nJrdF27frRh8k20TWOS0neH8DWzpQBj7hvA/RFBzcR5m+evMt1PD37jXW36J1cUOI\nuvb77s7kiWd8WGf+7OULPSSizuzXRFNjQluwH+Se7PekrEZsIUaH3qfuzoy/4do6\nSq5UlYORElKF6M/6e7L6sTjYb7EpOLA6MBHh0XxMVIeBx0Qa11Xd6Uw5dWnsnXND\nXCABEDWX/kWK3hl1XJJn1X9zibpYJUKw7oK9GgOHMHSXvJyePB4QTR4MP5dAWonC\n9vBGaxzdzD6skHJz38tKrkW+aXTUkdN/zNGrkN5uMqYccafdZudSnT+pTNZ/p0wG\nDdLwMwKhWipNj98O+uNVOKVM834pJb4L2CO0RqR3QtGvGFtDEEOMVLKKi6D2OUN+\nitxSelLn98Dq2wBcZ6y3Yeh9QtDkJmYmn/5WUW+mJgTbJ7zwM0sF4KojeSDCBDXb\nPxvyQMCBPlgFaXsNxXLkpYPhurkNwWdOoxau2fCqSPDOPjIaf4YgIw4fAl2V+PdT\nJYJXomxpud6PdHdh7YYQBjLpNLOSmbv5NjyrB5LE7393tNzAp2T0yP+TtRM5jXJR\nJI/o8Nc87+B8wNqcFL2Pr5Lvuuy6MCCilO03P+1c/XRv1xNjO2cM+t45X/pq1aEr\nh/Bnpb8A4WORpFpfjKaDDvQcLMUfOb/KBjs0EyloLtpEdK+7fswFcTshfDnWdt/7\nZsBv9yNd9zPWeIQkqo86TZxKnS+rbHlsBxJGKcnbD6YRZGrJVueUe/hP5/GlY7ir\nAZ4RbJQy9JKcY02ZJ0JFDpkqSoiBi8gMi5aYORDqIdw6Pa0Y0KuS5TF+ibPML7mq\nPJ1WcndZPiFoc2MNgVFgn0U6PijLPGVV5tOXSBQYt1vzl1VYCqY+oZzqT1t3eQfv\nV5FXf78UDTb9wQEJPuNmshptmDTdFWOBpbHtOz/upQJ85QCl6w7v9JkaB9PspMAD\nQh+fmYC0VbyXXtr92oAt75H8MRgdU7S4PA2cKyxoD8hBo152p2WjGwhK+QxiwPtS\njrwnNbSYyLVo069+dF0L6IFc8aY9LMU7E4DvWPgjv38P634BwAtSZj44sVMBOClm\naYc2nk/6c/Y1N5Y+WYX6CAc2enmVWCfcMZETaU/CleIeAfFTbTTKVWlv9YuP+9aR\njetAmFOJMIpndzow8U6tk5ga7vgr7XlSAh+bFXW7EvCutncA6pziOpVpVvmxV3vp\nS7pea5Ajh6gjYNKfwqGOTaf215p/z1xXco5C3/uGMxu0MncP5Ge8ay0qe89arh3a\nbEY5FLMOMn8I2XZDxg/J/0zxnXEQ7JDMkB0cqScJxFICKW0/AbMf0jFahdyCifsU\ndv0ufLIo+X1t0KmvWFrAofSMbE1j656UKqTAefmvthOSttuQYwEMlrqi7Qvj2qeW\niiM5yxs/gNpRYygsIiwpSHgGuqPf5gxigJUvKVZzlZ7Hsb/yQsyQvMPkE744ORc+\niQAt/cQFslaKahSr7cbmZuXScVIeewrkrEbQv7dOKTYFP46aZgcQantxT4nRd+Dq\nZ96fXa6fmcozU1XdZ+Y6hA0fHNsqmqFOjGOOOdOZOFvCVMd8qgX129HHHFWjt37+\n7SSUoLQRUMBNli/T6YsqxDE4h2TnMgpLPYecDS6+DCVLQLlEIbjkmlHp8pFrLdSL\nFhjhalTwJxNaNMz0mq6mmzncLLMFw8w2Dh9WMNw3Gy8hk2BgcTq9CFro0j/P+8Tj\n9bilXBTEEqY2JL9qsBbd6J3MH2Hpgm66fc2LKQvnAFE/EUrHA+Piajt6mLdAw+tU\nJK0xi/Fx31lvb4iGu1d+xm+5IC79Tl606BDYdgoqetiBRifvAl/MuQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-5TrYyT0B4clXh3Pne' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-5TrYyT0B4clXh3Pne', '--output', '/tmp/tmpf7e70g6r.xml', '/tmp/tmpc2ic_p3p.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpc2ic_p3p.xml" output= __________________________ TestClient.test_response_3 __________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=13164660b5e2c1e6cc0d8b44e28393da71906dc52793c4645f9d2a1398d6bd65urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==U3FLDCVynnoRIqMk+2rXmZbNytX7b8Cj0IvU5RutKCag5QRDgWi1WXlPxaIFeCmB\n5sf4MkltE/OFsw5AeaHP3w70hZ23HeOeswFSMYqk3yxPWeble0E0EfQ97iRqploO\nMiJM2yxzL6GLxxdxNjZadS5dQwZBBBFu+jjpAkERR2w=Em/j3r7i5qVxz7RvuH8LAeU10NZLmTUkGoxgUJMesZt5Hui+LyvCHR2/sutdbZ3B\nTCouxtCoc7+bH23B/ZiT/gzVgIJ+KFZQt+CN82QWNnWl1CU3+rGv5NnMcz/4c12G\n40vrWriHWh/uCFNYdzeJ1uxvvgJTrySCn2SJMYCL3k4eOPmg7PAZysbOCL0GKR1r\n8ce1m5rEy/G8M4j//wYopQcttnf92sW/4OymULLPyw6iE7Npd+/l1BjskcpnIH0n\n1FQUCSTtv8IfIhVMXcI5PFoIQJf7v5a1ZH03Fk3CnHGXKzaYNFccKpDJGqDe4TQB\nez8X7/VlCCStqJtBqQ+Zy0/lq5Qv8fhrhSu62sI5xNCbCxIJHUSU9Dgx+Xdlxn4G\n48zWu0VCUDwcz2Tz4cJQ913IM0ydynT96M7w9aA/QwlcFC3uExSiO6R3qeJffMdW\nxnWbkFha26M1XVknocaHGYDrQW7P4ODkuF+VAtudqiCrCmATxr/sikIpCvJr5U4N\n6HH0ebcJGG+uY0p4XJHWDFD3plduTcVPWavZIQTGrgNaDTk2eJPxHSIJwOW71qcz\nw0KNuNSK3C5RUPE+IpdUFPAM6QvUB6ez52wVCMQWUPDNWcqYOYfnHk1Iq2O8H0sM\njEx5/MhyTB5mqkYE+qAbps+DBQLV3hsMH++vVCEVKMQTbIa0XvGktX7RMvsMWBlN\nVvgYd+lPJEn63cOxzpAD9SwjnNHRjaRSXQTdKcNTtmqYm0uUOqx2z7352hbubFmq\ng50mb/+nV96Zn1zUhf89nYRmK9A4hwf0Us3CMQmgwbATVKaeiMGXEkOjiE5MhbQA\n3yHVzd6zFyoqfHYqEp9LKSw3UPB7VccQzPIKAZZ605MKlWI5PjDMib9KuQAy9znF\nQkNK5QDzx8PtWbe69GC4ClQYyjUZ9nYSCAn+5f5Ka5426wLxeNIskesIshJYq4qR\noScvBPkW2eTUbb3njE88+LZKxp0CEX31GW858IC5zXEr2kaMTVowUkaZy65wjPJB\nJQEb4N04WW69q42B89QJVx7P+Z41qHf3VxmmsSppvSswF1/VgE15P5JaOSoYfGN+\nSpEvMaWXMJPr9+BNJtoebP+gI/Dyssif2UGZhidPxDeWt5qS+41P3jnRkFLKEIjk\nz9K0LQTsKuqOx+ETUZauEYPy6012mxx/fmR3siwMiQw+EC7JVuBeLirvdJkbXnXI\nP/2Z9TL+tIqyC7cf3uEtxCFC7gf35KCtMB3I+9v7Knhcv0UiROw3XMVFXFAlf6on\nbyl78wq+TDAwOnqymK4Sj8fEB9SVI7MMbd4JfklvaG5abMo9zgZE5wV2AzrLikGT\nP9sLvrtvky1WY5SLPZsHHowFRyyvfV4W4dKWS7wHkOs5evrOn0WGYeI45tb+jYJM\nOtAHHBL+OYEft5bizR67giPiUl+/fFy2nYAv60i3sL2qblkGfu6U8riMHdTsmGYV\nXYt5LSX0S6tQXQV6qqc7G1GkKf+qwmKlRKOk59iGgoe78+9qprM+zvM1osb85IT1\nFpMgEA1Y2kLxDxZIdox/RSb0b84Pf/ie4B4U2wCClGOA4VL9b4LXavUjJf5Rg3JD\nnms9liMCND2ZBrFqCo2U7y+gREHyVAatrH6e0lq11PyS/LrMMY5D1vCkXb35RR/h\nTVEBdz4L6jaGNf0SwzCakp8SNXbFlhNpOzcAN/3k20hVon+uGcXbYHOAcofDaa6Z\nellvj7AA4iv6oYNniMS/yNgrCuOmkm+mwGXooIQBkUXTl5y1YC/wnednNOwC4HQT\nsD/siqs4z3KUFaDTI53xxG4++Y35xIECd6grJO50uXqRG12Il5tvk2WluFZI27An\nFaLjiLzgz5c5RFerF7ScM2o0bVhPVLZ3M4Mb2Y7ONhK4uj9uFNsXhEzcZjYfcjLc\nAb6Q2a9woYG+U4MKh2pVcUAa6gBbGogwil36+CMUs2EsFj7xBB27zxfEGPqjDxHz\nN3hgA6FNsAX+U2Uzgg92RloySMWXFjAoLq5SJk8UWj8pypHEY+3yRGbA7Ea8QgFo\nM6PV3ty5zEGkZ+H7ETO+UIR6mgvzLELBQGKrqsFKHhwP9IheHchXtBZZCMtfQrvo\ndi3pg5fKHUQ/+9Rg8HuqfGTaLBslvafEGKWJT8oWjWy7QCog0apFlxuN4YIYAza0\nWQ396ltwp+VnAtRPfNU0jG1Zl606kCwgu/Tsj9D2OswQMuj6KUibZrJniDuHfU0y\nqnA8YZhMCjC5Q65J4/ruf0JudCiMViOSCHiTP+qjowFBcAHTYoVAuwFOrrDPEFkQ\nCAa/GDjVbno76FGWRerYDNngmrfwWjqa8gMIeBSMOg6jKtl54mX1/vSPly1+L4hS\nDtQoqVVz0vXjwcwgb8QwqTIyCf4NmkmdYCm6QeVVYb80FAsWtbSHow==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ziDSiGP9lpiVmZ2d7' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpu9s3206g.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpu9s3206g.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_3(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:584: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=13164660b5e2c1e6cc0d8b44e28393da71906dc52793c4645f9d2a1398d6bd65urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==U3FLDCVynnoRIqMk+2rXmZbNytX7b8Cj0IvU5RutKCag5QRDgWi1WXlPxaIFeCmB\n5sf4MkltE/OFsw5AeaHP3w70hZ23HeOeswFSMYqk3yxPWeble0E0EfQ97iRqploO\nMiJM2yxzL6GLxxdxNjZadS5dQwZBBBFu+jjpAkERR2w=Em/j3r7i5qVxz7RvuH8LAeU10NZLmTUkGoxgUJMesZt5Hui+LyvCHR2/sutdbZ3B\nTCouxtCoc7+bH23B/ZiT/gzVgIJ+KFZQt+CN82QWNnWl1CU3+rGv5NnMcz/4c12G\n40vrWriHWh/uCFNYdzeJ1uxvvgJTrySCn2SJMYCL3k4eOPmg7PAZysbOCL0GKR1r\n8ce1m5rEy/G8M4j//wYopQcttnf92sW/4OymULLPyw6iE7Npd+/l1BjskcpnIH0n\n1FQUCSTtv8IfIhVMXcI5PFoIQJf7v5a1ZH03Fk3CnHGXKzaYNFccKpDJGqDe4TQB\nez8X7/VlCCStqJtBqQ+Zy0/lq5Qv8fhrhSu62sI5xNCbCxIJHUSU9Dgx+Xdlxn4G\n48zWu0VCUDwcz2Tz4cJQ913IM0ydynT96M7w9aA/QwlcFC3uExSiO6R3qeJffMdW\nxnWbkFha26M1XVknocaHGYDrQW7P4ODkuF+VAtudqiCrCmATxr/sikIpCvJr5U4N\n6HH0ebcJGG+uY0p4XJHWDFD3plduTcVPWavZIQTGrgNaDTk2eJPxHSIJwOW71qcz\nw0KNuNSK3C5RUPE+IpdUFPAM6QvUB6ez52wVCMQWUPDNWcqYOYfnHk1Iq2O8H0sM\njEx5/MhyTB5mqkYE+qAbps+DBQLV3hsMH++vVCEVKMQTbIa0XvGktX7RMvsMWBlN\nVvgYd+lPJEn63cOxzpAD9SwjnNHRjaRSXQTdKcNTtmqYm0uUOqx2z7352hbubFmq\ng50mb/+nV96Zn1zUhf89nYRmK9A4hwf0Us3CMQmgwbATVKaeiMGXEkOjiE5MhbQA\n3yHVzd6zFyoqfHYqEp9LKSw3UPB7VccQzPIKAZZ605MKlWI5PjDMib9KuQAy9znF\nQkNK5QDzx8PtWbe69GC4ClQYyjUZ9nYSCAn+5f5Ka5426wLxeNIskesIshJYq4qR\noScvBPkW2eTUbb3njE88+LZKxp0CEX31GW858IC5zXEr2kaMTVowUkaZy65wjPJB\nJQEb4N04WW69q42B89QJVx7P+Z41qHf3VxmmsSppvSswF1/VgE15P5JaOSoYfGN+\nSpEvMaWXMJPr9+BNJtoebP+gI/Dyssif2UGZhidPxDeWt5qS+41P3jnRkFLKEIjk\nz9K0LQTsKuqOx+ETUZauEYPy6012mxx/fmR3siwMiQw+EC7JVuBeLirvdJkbXnXI\nP/2Z9TL+tIqyC7cf3uEtxCFC7gf35KCtMB3I+9v7Knhcv0UiROw3XMVFXFAlf6on\nbyl78wq+TDAwOnqymK4Sj8fEB9SVI7MMbd4JfklvaG5abMo9zgZE5wV2AzrLikGT\nP9sLvrtvky1WY5SLPZsHHowFRyyvfV4W4dKWS7wHkOs5evrOn0WGYeI45tb+jYJM\nOtAHHBL+OYEft5bizR67giPiUl+/fFy2nYAv60i3sL2qblkGfu6U8riMHdTsmGYV\nXYt5LSX0S6tQXQV6qqc7G1GkKf+qwmKlRKOk59iGgoe78+9qprM+zvM1osb85IT1\nFpMgEA1Y2kLxDxZIdox/RSb0b84Pf/ie4B4U2wCClGOA4VL9b4LXavUjJf5Rg3JD\nnms9liMCND2ZBrFqCo2U7y+gREHyVAatrH6e0lq11PyS/LrMMY5D1vCkXb35RR/h\nTVEBdz4L6jaGNf0SwzCakp8SNXbFlhNpOzcAN/3k20hVon+uGcXbYHOAcofDaa6Z\nellvj7AA4iv6oYNniMS/yNgrCuOmkm+mwGXooIQBkUXTl5y1YC/wnednNOwC4HQT\nsD/siqs4z3KUFaDTI53xxG4++Y35xIECd6grJO50uXqRG12Il5tvk2WluFZI27An\nFaLjiLzgz5c5RFerF7ScM2o0bVhPVLZ3M4Mb2Y7ONhK4uj9uFNsXhEzcZjYfcjLc\nAb6Q2a9woYG+U4MKh2pVcUAa6gBbGogwil36+CMUs2EsFj7xBB27zxfEGPqjDxHz\nN3hgA6FNsAX+U2Uzgg92RloySMWXFjAoLq5SJk8UWj8pypHEY+3yRGbA7Ea8QgFo\nM6PV3ty5zEGkZ+H7ETO+UIR6mgvzLELBQGKrqsFKHhwP9IheHchXtBZZCMtfQrvo\ndi3pg5fKHUQ/+9Rg8HuqfGTaLBslvafEGKWJT8oWjWy7QCog0apFlxuN4YIYAza0\nWQ396ltwp+VnAtRPfNU0jG1Zl606kCwgu/Tsj9D2OswQMuj6KUibZrJniDuHfU0y\nqnA8YZhMCjC5Q65J4/ruf0JudCiMViOSCHiTP+qjowFBcAHTYoVAuwFOrrDPEFkQ\nCAa/GDjVbno76FGWRerYDNngmrfwWjqa8gMIeBSMOg6jKtl54mX1/vSPly1+L4hS\nDtQoqVVz0vXjwcwgb8QwqTIyCf4NmkmdYCm6QeVVYb80FAsWtbSHow==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-ziDSiGP9lpiVmZ2d7' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ziDSiGP9lpiVmZ2d7', '--output', '/tmp/tmp3c2xuyxo.xml', '/tmp/tmpu9s3206g.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpu9s3206g.xml" output= __________________________ TestClient.test_response_4 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=4d080c8d6921d2938ee345ce6cbebcfc6e892d8685233a2c0e11f449eb00486eurn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==3tD1VzUq99ASBMY/ejj8AL+faknyTgKZXIEiG8XSLCA8n+Koo/jXzlPwsubygrkD\nTbnaDhFZIpzLnRVXFGCEPWB/cw9MS9xIoMibGvGVLd2ZEL4B9lZwfCMmZ9X3V3w6\nTmfb5JqjWk4CgGEF2HVMvM7yqnm5DCkuIfxts63hFtE=0HLBBvzcgicH2l5QRJp9UXTumtu7LDz+y2eEprDV/VHe7LvVvwFNjwnMb85MV0rc\n1ETS/1uwDEMHwUeEeZg9BW8eXGNNepVflYcV5s5MZfFHJy9x4ktrulUvqPKfGHIu\ngGNS1Gjf3zqJ2ROv+T2TUEA1Uc0oZ7Dufu5gSBvymOdzqPrTfoxYsTGCGi5olo0h\nncg/XcWLewZqlfm1A6IM9Ub6EFAKlhPsuUH8YmB0MfY4RJuncgCX88S/nxvi190B\ngKoxFvXVsIrNR2t3PV8gp6JM5GMQzN9wYW8ljnciWuDG3fy6/aOyT0xT6GCyyugs\nM8R1PiVt2wr7aNPhw1pzf2CRJPzakhbC/vts+L1OGdBb28GcB+x5fd+YOeR6f0LJ\nnzRd0zM8tgwRq97Yeh0uGdNCj9O/GZnxgrNWt68uhCYbRqaPvRqUCpDq9mxg2pnI\nQ2ndHz98npPcSZ2hFDj42JS9ASFnN8my7ybW81JpgiywIq0lO7Zs4zlF8TA0BAys\nlwn/1XvjzPscuak2lF5aQJY4RBWSiwuilu5w9U0WcwsDFZWHQfczR3vAVmihBTYn\njXxrvwptehwSn6JV3Et1upIS7pR80rOYzOrVIp4lWhpNoS3XsJqv7GyXQ06nCf6/\nXuEOLzMB7ysPWc2fx9Q64ZRI7qx+fR9GAuwCeUeqWoSfbuO3Al60lTyXNYU5xtvw\n3LDXJJGvGodE97HHffUZv5yIjyD+zv7TxTIdDZ+Nw7aRl5t1+hso15+a7d39kDGD\nxfV5GdeV/QQG6fPYGqYuP0Rk466OOANeLDak3r419f4MPsrN0QSKl3ywHs7RjSt+\nYRpbGmOte3+mYrL268iReTD6Ht4t1xRnpuKoPZVO75XGzJylC0Yfu9xIux6ccK8x\nw6Mlfcv5jjr/rZqeVnp7cYyHXBZRM9IH3+cxA2dG30aq3qkbLn3c74t129WTHjZw\nSxmZr+jCa1fd3cRUSwND4DIZ9qX2k7UEbVoM1A+zakmIxaw1l97ppaGaU4T77gZc\njYJZmDGeG6484lNrVBCIaA2El2wEOsIPMMyH/I5teI8FXxJVEkfjFOSNjdOc57Pk\nBpLuW/XOXB0r6iSP+J1y8YgI7RH6MS1A+wSc68c2FW+/bkTOEElEELj3F1Ng9yMv\nfaLvP1UT+D1ZRjnfNLBO3f+HsNYBtXcvyYqMPfGVUKNvjfUEhtl4LeFSVKUcful4\nkfU8mpn4/tCyTwSXWV6mv7jDB9WYgNMuNMj248khKL+Uz378NuDOZOf/2Sa9RIRj\ntP9SDo3oXX7DSBRiSCmXrpiEP21fbDDrj9RxbLATjiUDfYDANOLrFJ0UuCK0ojoj\nB3mjmTRPgY+vNoCiOHDVkboticoptqPvaKuOFqr2Q7Yld3UBau26pMm8SHft7Jc8\nLQfSg7oh8WfqAdqoncLkqQ6vGpxCUtvu0UTTEiKKUxrt4QwbgptZM39B3eIowHI5\nIJab/kXwZkl5mc1eGhheQCRuFv56YfabfeLh4FtC8AF/U+iE50u0bPidh5ybofCx\niH77lYQaArYF+VL8d4AKRdG1X3qnfruwPU28vFCiILwqQI9IL3d0jFaN0LFco7xz\nbelXMD5T9kJCCp0PUh2fW80E3Ufe5/W+QiyMmy7jfn/EfznSy1aoxtI+X1tqbs7I\nqkXNXfX1xTbN5EAcYrf7dqpCgNK3xKE+tqL6StbVTF+ZNWnYAS8ZJ+pvM1caXfFi\n0IkmgfSsKBtKtCgKoyGM7s9olNmpmEM8ccClfsMPLNQ7Bk8OARad7FRm2PdevRj3\nKVscAKGfLvTZV9DA2Bc7IqXbPocWnrW7IsjfUYPfCX7o7xg4XxDU6jeDDZZawCxi\nB9Ur6KhE0OKRgeH8HZVE4KU3jOcNmr9KauEhBiJYLRMbsYxxJuivx1kLLnKeonOt\nHbxGQSaW/geN/xfYRoU0zgqSC40bh1UusA4/ktTYLteM/S678yA75apkB2EhZLLW\nJEhJpbtpTg5Dqp6ER/OMdEIUgSsg9CLSh8sFQt3YgGXD8PbMTnjyO4ej9JH2X6mn\nD70g2WE6PI4kVH4zx5q5MOlJ5EvGZrpGqg2kv6/TDW3T7iBAXTISWCFSJ5n3sGjm\nCHlpfdnvor4vmsv+71MvJgfbLik6qQagtjm8KR/2OhDnz5rZ0mqXH5Z2VQLku35a\nGgyOOU4P8KTsslDDZHcqI8Plt2wpY2lczk8kxv9TwNnTVJ9zpAOkfycuhDF2vtO8\nsFDNpWOAK6/9azYjIlraptS863VbNeOqe4AIiU3Jt4uV79sF5PjXpDJuJJLYoFMQ\n/9u0enz+ry3JMsArUqlEM7rpIvy9lJQBEEva3g3KlAnmjSmrxQLj8WM3UnI56anS\nm+0yI0eV5RNA7/7fV3DbaIK4Ijf+r1/9cwN02668/4GAn9e5j3H/0A==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sriwiv8sRcwIDdpv5' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp7mf3b0j7.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp7mf3b0j7.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_4(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:618: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=4d080c8d6921d2938ee345ce6cbebcfc6e892d8685233a2c0e11f449eb00486eurn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==3tD1VzUq99ASBMY/ejj8AL+faknyTgKZXIEiG8XSLCA8n+Koo/jXzlPwsubygrkD\nTbnaDhFZIpzLnRVXFGCEPWB/cw9MS9xIoMibGvGVLd2ZEL4B9lZwfCMmZ9X3V3w6\nTmfb5JqjWk4CgGEF2HVMvM7yqnm5DCkuIfxts63hFtE=0HLBBvzcgicH2l5QRJp9UXTumtu7LDz+y2eEprDV/VHe7LvVvwFNjwnMb85MV0rc\n1ETS/1uwDEMHwUeEeZg9BW8eXGNNepVflYcV5s5MZfFHJy9x4ktrulUvqPKfGHIu\ngGNS1Gjf3zqJ2ROv+T2TUEA1Uc0oZ7Dufu5gSBvymOdzqPrTfoxYsTGCGi5olo0h\nncg/XcWLewZqlfm1A6IM9Ub6EFAKlhPsuUH8YmB0MfY4RJuncgCX88S/nxvi190B\ngKoxFvXVsIrNR2t3PV8gp6JM5GMQzN9wYW8ljnciWuDG3fy6/aOyT0xT6GCyyugs\nM8R1PiVt2wr7aNPhw1pzf2CRJPzakhbC/vts+L1OGdBb28GcB+x5fd+YOeR6f0LJ\nnzRd0zM8tgwRq97Yeh0uGdNCj9O/GZnxgrNWt68uhCYbRqaPvRqUCpDq9mxg2pnI\nQ2ndHz98npPcSZ2hFDj42JS9ASFnN8my7ybW81JpgiywIq0lO7Zs4zlF8TA0BAys\nlwn/1XvjzPscuak2lF5aQJY4RBWSiwuilu5w9U0WcwsDFZWHQfczR3vAVmihBTYn\njXxrvwptehwSn6JV3Et1upIS7pR80rOYzOrVIp4lWhpNoS3XsJqv7GyXQ06nCf6/\nXuEOLzMB7ysPWc2fx9Q64ZRI7qx+fR9GAuwCeUeqWoSfbuO3Al60lTyXNYU5xtvw\n3LDXJJGvGodE97HHffUZv5yIjyD+zv7TxTIdDZ+Nw7aRl5t1+hso15+a7d39kDGD\nxfV5GdeV/QQG6fPYGqYuP0Rk466OOANeLDak3r419f4MPsrN0QSKl3ywHs7RjSt+\nYRpbGmOte3+mYrL268iReTD6Ht4t1xRnpuKoPZVO75XGzJylC0Yfu9xIux6ccK8x\nw6Mlfcv5jjr/rZqeVnp7cYyHXBZRM9IH3+cxA2dG30aq3qkbLn3c74t129WTHjZw\nSxmZr+jCa1fd3cRUSwND4DIZ9qX2k7UEbVoM1A+zakmIxaw1l97ppaGaU4T77gZc\njYJZmDGeG6484lNrVBCIaA2El2wEOsIPMMyH/I5teI8FXxJVEkfjFOSNjdOc57Pk\nBpLuW/XOXB0r6iSP+J1y8YgI7RH6MS1A+wSc68c2FW+/bkTOEElEELj3F1Ng9yMv\nfaLvP1UT+D1ZRjnfNLBO3f+HsNYBtXcvyYqMPfGVUKNvjfUEhtl4LeFSVKUcful4\nkfU8mpn4/tCyTwSXWV6mv7jDB9WYgNMuNMj248khKL+Uz378NuDOZOf/2Sa9RIRj\ntP9SDo3oXX7DSBRiSCmXrpiEP21fbDDrj9RxbLATjiUDfYDANOLrFJ0UuCK0ojoj\nB3mjmTRPgY+vNoCiOHDVkboticoptqPvaKuOFqr2Q7Yld3UBau26pMm8SHft7Jc8\nLQfSg7oh8WfqAdqoncLkqQ6vGpxCUtvu0UTTEiKKUxrt4QwbgptZM39B3eIowHI5\nIJab/kXwZkl5mc1eGhheQCRuFv56YfabfeLh4FtC8AF/U+iE50u0bPidh5ybofCx\niH77lYQaArYF+VL8d4AKRdG1X3qnfruwPU28vFCiILwqQI9IL3d0jFaN0LFco7xz\nbelXMD5T9kJCCp0PUh2fW80E3Ufe5/W+QiyMmy7jfn/EfznSy1aoxtI+X1tqbs7I\nqkXNXfX1xTbN5EAcYrf7dqpCgNK3xKE+tqL6StbVTF+ZNWnYAS8ZJ+pvM1caXfFi\n0IkmgfSsKBtKtCgKoyGM7s9olNmpmEM8ccClfsMPLNQ7Bk8OARad7FRm2PdevRj3\nKVscAKGfLvTZV9DA2Bc7IqXbPocWnrW7IsjfUYPfCX7o7xg4XxDU6jeDDZZawCxi\nB9Ur6KhE0OKRgeH8HZVE4KU3jOcNmr9KauEhBiJYLRMbsYxxJuivx1kLLnKeonOt\nHbxGQSaW/geN/xfYRoU0zgqSC40bh1UusA4/ktTYLteM/S678yA75apkB2EhZLLW\nJEhJpbtpTg5Dqp6ER/OMdEIUgSsg9CLSh8sFQt3YgGXD8PbMTnjyO4ej9JH2X6mn\nD70g2WE6PI4kVH4zx5q5MOlJ5EvGZrpGqg2kv6/TDW3T7iBAXTISWCFSJ5n3sGjm\nCHlpfdnvor4vmsv+71MvJgfbLik6qQagtjm8KR/2OhDnz5rZ0mqXH5Z2VQLku35a\nGgyOOU4P8KTsslDDZHcqI8Plt2wpY2lczk8kxv9TwNnTVJ9zpAOkfycuhDF2vtO8\nsFDNpWOAK6/9azYjIlraptS863VbNeOqe4AIiU3Jt4uV79sF5PjXpDJuJJLYoFMQ\n/9u0enz+ry3JMsArUqlEM7rpIvy9lJQBEEva3g3KlAnmjSmrxQLj8WM3UnI56anS\nm+0yI0eV5RNA7/7fV3DbaIK4Ijf+r1/9cwN02668/4GAn9e5j3H/0A==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sriwiv8sRcwIDdpv5' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sriwiv8sRcwIDdpv5', '--output', '/tmp/tmpecoeu293.xml', '/tmp/tmp7mf3b0j7.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp7mf3b0j7.xml" output= __________________________ TestClient.test_response_5 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114fca3b2475d4761c1cca79b24a0e7ac2476be958dda8f4460156676ea32287urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==3z0C92NAHoWi/zdp7sKBFpHHSIv+oIzYfxBTxLVQ+EuBKpUvAl3RtkhXxbqeAfjC\nagByKylfHZ9ahJViGVe3Ycn117cDKeOb446N+PzkxqeUA21xqV00FGyQaI5an4IE\nsWBo9AMfkzuHCAz88bkTpm/F0HSSnG+GNiuNHolaGfA=300H5+YDGttNGfd/luL3ZAjt5Gb3RgI/zoWBdQeRYMQ/7jRmYINkHUvdx1IkWW4q\ntDgZ1YA41MbbhPKpsJg5VrgUgkPadT2Be4mzNmd27djgJw89nxTp4Qn5MMqzkFc0\n0D3039fkOPFoRycZ1MhaCbB4BW9EgzeFgOmP88ItjSSpkKiy3ER4kICJnIN6o/TD\njqqdr6V0NgxVsC5MWJLk+gy5ovJrJiClRbrVooug6FFPvyZoX+8zdxvbO4mhSler\nxB7zM8tCjwOccSVcarzEwvR4giqTXTVz9JYTslVg+LXOMosP2XnfNpSe174kQyfD\n4LuSrtbCXirqre0kIMZsCAwS8uHfI+iayfzbrsgtdXnAAmYcyIj2mXdzi4IKOOfi\nQdrEFYkQ4oTvcLiwZrMxxDgt/nC6YeNbLeOOLzTG9ozq3Yu0ciPayVtrO4o1aJrf\n5bSri28llojM4xtVmp4AJWvNot6YkdWTUWSib/jA8n7IM7+S4i6VpblifzonNWTI\nutcZm/GCyp2wz9HtVchlAHKoej0Jatehnz1Q4vfFqjDu4Rv+lNDKtpxiZA91sbK/\ngIFtmQgy220Wx0hjhjI5ceB6+QZrcDhQxIfmN2EEQ+UyKjby0DZSP9AczpOKnaZ0\nvQJVJcnwTBtmN4XQpR5OROFfuUQSF3Zm/DupPno3gfwtrgzFtO5T4n0vUnMgR+ZW\nk1WXjoLvw0Augn0l2OVKqVLk5A/A2D+vNI318vYB30Cvb+TEIQRchI3foYSUNbKe\n/yuL1K0hzU/DaHWr3Ius9ncJ+A3mZLUCtp0utCTh30NztN0drgAaeB851DFX7sNe\nZHY1UtOVjLOMsAVV8mCUuEFyTfbKYWIBAtTjBeiRVoCiufzSGVizdDpHcIquIB/p\njpfAstUgmQVYohq2QsHMF0PRF3WrEvn3nuLmnC2nYdNke0eKbumX4F5LqzNEHE7c\n8a5T1JHXQv5m+6X25xNIi2Bl8n8N4Flg9Qeupa3noqxM4wFXzFZ0UwCIpL9UjZUk\nAljXQsQ7s6WSts5qiCH3S0kvaObhueStl7TaqNxOnM8b2qYzPoMzoqgYDQaJq4sd\nWheXq6mZ0WT2GFPsfoTdTKLmeTPgWKk6mTBfcjTOoNvFDCW9xiFqGqpCMF4t2oYb\nOmYAZoibfvJ24xXxSanoeW3pKw0wd1jRUb+NJ7dLcGtcqNco1Wd7Agz3yEm+K18H\nbjbBLvXY0vX0C2CTgz4cUMvbEO5XyITGW3PLMshJUf/neP+thYLpXyLb1+xXGaFR\n8AdTdi4CKyms8SHq7/acIYOaXimrYz+HJSsCLT1UroJErDolihO49xpkA25NHEef\nz9aVgiFUT+gi3vc17GdEVkFPsNi+0PPvYfQ0mDElnyg3+v9mdP5c516GUXQpQ9uq\n6ovFlj1cAzgDD5asBFlzk8vTcA6a0cOsubHoHAdERQC5D3ud7V980cb6rtf3ku+d\nryZd0vjk+v3L/Nl1jGOuBd4WIL1tzTj9k0nuOwga071ERWxnGOlBovxsE5y8yFl6\nEtnJMCUcTfoQPuZXqyuCofF0ZwwwLUeHzJg3qBlRzfsx5tz6I7ynzsHvAGyG5lRA\n4EwXCpCwqtBf0RgIfEgG2DEiqpzt4PIPH/qUD5l+Jseo1HX1WIQ+a308sQlq7uaq\nN7QoEzxQr8Uw/pHFkJG+XJeDxgkbRjLr/b/e399/Sacev9kxcEiNqNYA/c0blWOK\npz05Ei+FHYukIldAHkFjckY15wiRYAHgsOc7gxiLiPn07LMz4E1gEB73nMMomUIO\nQ4Q/wC6Q4Nzv/SvpLAb1qWGE6Yd+YiGSkVVjhmigH9AM6bUJwadQ/8Wld+RHV7iM\nB+qB+tZIWQ8SNJ8bvVnyAD3ztY1h0oHRi0SbjV8DZbOqzxRALqu+Rco3r6JwbvxM\nTzbk17yepsIDx2cyxJ2S04nAyM3lys4KxNB9c2NFSGa1ReivPnmaxpCqVLUfvH66\n6zrEvxYoDd5lMuboNZhRQ6ditXznPz/srQc8A8epnFyQ8cx5Cx2twaAuEPAIg5y2\nVERXlN4i0aXO+tPh0b7BxJEhceaoWDOMQI/wTxJ92UnGkuowMmEcsJesdqVBDRFv\nL0cToDU8kW4H8cSiR4oE3+IIc7BJoAMnnGbNwrNxeOHSQt1UOhC04+xRy2doxpu8\nJvhnwfcy1ffuRZ5DaXunbzEIJMCQ5aFRNULkGNxb6yx7Z8W4LEVU1cMV13dVjkPS\napeyJVhR98Lnd2nieXIPjPwI3DEKwG0yPvBJAnMmjueDpFyrA3+5SeFTbDtKbXTL\nfpWN9abQ76jLXlvWX1v5UoQzicqHHN9nq2g9mD9YDvbL57gM8QPM6ouq84OsD+pz\nU+kzy4QAswPcedDIB+WtRR8xwqeoJyJlIv1vr85h7cLhjHx6iRdz8w==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-OyeeHuMy6qb9JLoYR' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp7n6irn_j.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp7n6irn_j.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_5(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:656: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=114fca3b2475d4761c1cca79b24a0e7ac2476be958dda8f4460156676ea32287urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==3z0C92NAHoWi/zdp7sKBFpHHSIv+oIzYfxBTxLVQ+EuBKpUvAl3RtkhXxbqeAfjC\nagByKylfHZ9ahJViGVe3Ycn117cDKeOb446N+PzkxqeUA21xqV00FGyQaI5an4IE\nsWBo9AMfkzuHCAz88bkTpm/F0HSSnG+GNiuNHolaGfA=300H5+YDGttNGfd/luL3ZAjt5Gb3RgI/zoWBdQeRYMQ/7jRmYINkHUvdx1IkWW4q\ntDgZ1YA41MbbhPKpsJg5VrgUgkPadT2Be4mzNmd27djgJw89nxTp4Qn5MMqzkFc0\n0D3039fkOPFoRycZ1MhaCbB4BW9EgzeFgOmP88ItjSSpkKiy3ER4kICJnIN6o/TD\njqqdr6V0NgxVsC5MWJLk+gy5ovJrJiClRbrVooug6FFPvyZoX+8zdxvbO4mhSler\nxB7zM8tCjwOccSVcarzEwvR4giqTXTVz9JYTslVg+LXOMosP2XnfNpSe174kQyfD\n4LuSrtbCXirqre0kIMZsCAwS8uHfI+iayfzbrsgtdXnAAmYcyIj2mXdzi4IKOOfi\nQdrEFYkQ4oTvcLiwZrMxxDgt/nC6YeNbLeOOLzTG9ozq3Yu0ciPayVtrO4o1aJrf\n5bSri28llojM4xtVmp4AJWvNot6YkdWTUWSib/jA8n7IM7+S4i6VpblifzonNWTI\nutcZm/GCyp2wz9HtVchlAHKoej0Jatehnz1Q4vfFqjDu4Rv+lNDKtpxiZA91sbK/\ngIFtmQgy220Wx0hjhjI5ceB6+QZrcDhQxIfmN2EEQ+UyKjby0DZSP9AczpOKnaZ0\nvQJVJcnwTBtmN4XQpR5OROFfuUQSF3Zm/DupPno3gfwtrgzFtO5T4n0vUnMgR+ZW\nk1WXjoLvw0Augn0l2OVKqVLk5A/A2D+vNI318vYB30Cvb+TEIQRchI3foYSUNbKe\n/yuL1K0hzU/DaHWr3Ius9ncJ+A3mZLUCtp0utCTh30NztN0drgAaeB851DFX7sNe\nZHY1UtOVjLOMsAVV8mCUuEFyTfbKYWIBAtTjBeiRVoCiufzSGVizdDpHcIquIB/p\njpfAstUgmQVYohq2QsHMF0PRF3WrEvn3nuLmnC2nYdNke0eKbumX4F5LqzNEHE7c\n8a5T1JHXQv5m+6X25xNIi2Bl8n8N4Flg9Qeupa3noqxM4wFXzFZ0UwCIpL9UjZUk\nAljXQsQ7s6WSts5qiCH3S0kvaObhueStl7TaqNxOnM8b2qYzPoMzoqgYDQaJq4sd\nWheXq6mZ0WT2GFPsfoTdTKLmeTPgWKk6mTBfcjTOoNvFDCW9xiFqGqpCMF4t2oYb\nOmYAZoibfvJ24xXxSanoeW3pKw0wd1jRUb+NJ7dLcGtcqNco1Wd7Agz3yEm+K18H\nbjbBLvXY0vX0C2CTgz4cUMvbEO5XyITGW3PLMshJUf/neP+thYLpXyLb1+xXGaFR\n8AdTdi4CKyms8SHq7/acIYOaXimrYz+HJSsCLT1UroJErDolihO49xpkA25NHEef\nz9aVgiFUT+gi3vc17GdEVkFPsNi+0PPvYfQ0mDElnyg3+v9mdP5c516GUXQpQ9uq\n6ovFlj1cAzgDD5asBFlzk8vTcA6a0cOsubHoHAdERQC5D3ud7V980cb6rtf3ku+d\nryZd0vjk+v3L/Nl1jGOuBd4WIL1tzTj9k0nuOwga071ERWxnGOlBovxsE5y8yFl6\nEtnJMCUcTfoQPuZXqyuCofF0ZwwwLUeHzJg3qBlRzfsx5tz6I7ynzsHvAGyG5lRA\n4EwXCpCwqtBf0RgIfEgG2DEiqpzt4PIPH/qUD5l+Jseo1HX1WIQ+a308sQlq7uaq\nN7QoEzxQr8Uw/pHFkJG+XJeDxgkbRjLr/b/e399/Sacev9kxcEiNqNYA/c0blWOK\npz05Ei+FHYukIldAHkFjckY15wiRYAHgsOc7gxiLiPn07LMz4E1gEB73nMMomUIO\nQ4Q/wC6Q4Nzv/SvpLAb1qWGE6Yd+YiGSkVVjhmigH9AM6bUJwadQ/8Wld+RHV7iM\nB+qB+tZIWQ8SNJ8bvVnyAD3ztY1h0oHRi0SbjV8DZbOqzxRALqu+Rco3r6JwbvxM\nTzbk17yepsIDx2cyxJ2S04nAyM3lys4KxNB9c2NFSGa1ReivPnmaxpCqVLUfvH66\n6zrEvxYoDd5lMuboNZhRQ6ditXznPz/srQc8A8epnFyQ8cx5Cx2twaAuEPAIg5y2\nVERXlN4i0aXO+tPh0b7BxJEhceaoWDOMQI/wTxJ92UnGkuowMmEcsJesdqVBDRFv\nL0cToDU8kW4H8cSiR4oE3+IIc7BJoAMnnGbNwrNxeOHSQt1UOhC04+xRy2doxpu8\nJvhnwfcy1ffuRZ5DaXunbzEIJMCQ5aFRNULkGNxb6yx7Z8W4LEVU1cMV13dVjkPS\napeyJVhR98Lnd2nieXIPjPwI3DEKwG0yPvBJAnMmjueDpFyrA3+5SeFTbDtKbXTL\nfpWN9abQ76jLXlvWX1v5UoQzicqHHN9nq2g9mD9YDvbL57gM8QPM6ouq84OsD+pz\nU+kzy4QAswPcedDIB+WtRR8xwqeoJyJlIv1vr85h7cLhjHx6iRdz8w==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-OyeeHuMy6qb9JLoYR' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-OyeeHuMy6qb9JLoYR', '--output', '/tmp/tmpzxahb745.xml', '/tmp/tmp7n6irn_j.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp7n6irn_j.xml" output= __________________________ TestClient.test_response_6 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d805017637387aae277eff0eb5d502679299afe173d27ef91d81612c8a72d43burn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjUxWhcNMzQxMDI3MTAzNjUxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAxI5oB0r6iL6ILKGVRFj6cFH+Mw34jDfvotDC1L1/7r4TJn36jkyFi46I\ng3xv80ksjfRMhjFkVDBlogTDq45g5NqD229hgVJ8dTHppW+jZXVL719zxPDI44wy\nHYJamts+wEJ76xCMQdHVzhE1QHSeW0hlOyL7ywFXT9eb0t2ky2F6Zvg+qlK2XTpU\n6SVsJduz6krMAuaQSirgt7ObMArYukpga4B0Wg865wU7bipIxIjn03yUFKNZuagG\nU/xV2QwLYT+K9WKEyBpYr7B/qkMIb9toVfEvZFR+1HhL9vMPHp2EmyBIx4O0jS6q\nJ5NXf7TEAqlvJEvTEPgTX2BuKSD1QwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIJn\nrSAsnSQ8C8eLmBlnUxvYaYSulz1MjZadKGqG7bVrQ8k5P6dfTj2QZHWOzDcbVU+c\n3NhqVt3VdfDyi7PhXFPkR/RLNmgUBq1OiWvoqHWFL0tHixbpzPQ3G4Ahn7DpC/oX\niO7IGqQT/Q9T9d+NcoEtCAHGbT3lcppon8yyDUkOdmQYHu6+AtSFdPHJy76/W39oIreUADD3eW6dDhekWviodJBhInt1qdwWelAflKdF\nIwT59jBuEvMlolinqqGpQZ+/1E3qUD8W+sauQY5KgeJAilO4+GTqKNro3gD9CFim\n/urNNCWQMgCzDGU4XcW4d08A7Y7qY2aQUCmbCq5U8H5fQ7TnXl49s/RPijj2sQiE\n5OuTEgsH9gApV8Ca+eqgSbsQVaIlXfilGO8rSgtr6/GW4zVon7RtXMSjkcgbck3g\naMV8CmKoBq5foaFyVK+V9w/O4WZyCiyMJWn4HuxEjow36j3KtyPs6DRsjICiw0dW\ngrnL84UX88XSpW8vCHlgOg==W3wXifWCe+2C1S+LIifGkC8aos+HJtqJ6rhf96wyJGCol2A3BbvjRq+i7SzvClwk\ngdyJBz1UF8C+6ekU9c7Xzu2WZV7rxShs5LZSbXd/HaJnJ/ks48BWrG3QnDvgOGWo\nKhFEUhPHDYNfE266NqdWRYnwIXM1CgLeY2x326AB9uSq42Yywj1lteFmwpPbSM2r\nQnY6F0tIrvi7Ly7rg3cwop+qCuC1xmrpOhpujsngom86sepSlTcQW0gj3wn1e29Z\noMGzQG3c82IuFRHRQjBvmSYTNRxpNMc9Y3+VZqmtUK63EUcEZHpybMZi9hwap03q\n2T+xwVkONBNYsRt/GZgPY43bXIBbEegEyF0jJr9PN3AcT0OfEPJsPq1WOiEe9HRR\n1hE2a3bQnz7iMsrnFA1d9scuAmraH+EQeu71hOlFdsQIT7J6hWxL7kEwF3oyy2i8\nepq2jFaOuY+1DJmNt6b/eaBL+csVu07nT9W9MbBJx0HQO+pQS7QPwm/uHvS8Il14\nDbLPDS7LWRkn2abPdg1vZSQRtEILTIprpuzs1NjwLctgC8KcYXCkGCK0yhKGStvb\nDBQJjC6xwA2wyVOKrcrXx1R9ALmLQo86z6wfBXlcUwxU3oNPqC4hvJna0h7gdeTr\ntY1VoYVF4ng9cIAjtvrtGjc1HiWIwtmiHit0uepNMzIXUV5lNJBuuYnyqwNq1QWG\ntvGUmYKl7NLpLeDQ1cassgxO9CN3Gaqz+2Lc1z/gtQ52+ybBMNKHniA5m/H4hzJe\nXmts4Hi8TaXYGFum5fdGVWYcC/9s87JOsbyeHzabq/ydONexKOglhoy15qO0d6Sx\nvqfqrK3GzHqfEY7WoNCrX1QJrwHTZeN8Z4FNaebw3hGBH5hEnHUDGXOUVHWO3OGv\nxMDucCsR2T20pmR2eBTiZ++UXujbvYdd1fWZRWqI2o5PXXIDkQJjxRqi3UnXEge/\n0iicM1Ib8Kl96dGpAy9qLeH1gxzMZKQDE6UYSGpay+3MSqge93ADUDykp+9BoKzF\nKtuOaCKCxoPt+QOe6quOEDTyAC9spqqqSP8aSx21ooSaR49y7ZuFiFEqXigwC6m2\nZRNIYll+Jiab8t8fllcc0QKMDPQLhiannCfHAr1S9VTMkFydZp+UjFdP0eogkYGd\nipGGlOC/g6VsGYTW6Pw9JnzsnexOubzaQAvbVS9L0P6biPKXUGUFAjGKlcEMlAfr\nn1aqvsbwYkHaGZIPnHMypB5J6icI3rnt7iDXXNTM/ozkoWPhiFmmm87o25T/4p14\nJBH7TJLO2JQ7dojIBQc8VJKnGnp6fib0lv97tsP2bD9iB/7NyHvAHQsJr71oM3lb\n+7oFRn86AEtVBPZMtt2r+2YTBIw11MO/mGmD/NXOaDiuqmjh8i1EL4PYk7sqaOoB\nbRXvsaE1KVkCmvdSAJ+2fLEbXBEwNQvNnJ6VU7nFCypBiuCUVZ6ZdhQOYuGKqT7c\nykCN5evxeWFoPEEL9BD0G3ulfR6jXxoIRj+WuiKwDFgpQsqOt/6V+zyB37lddQjb\n3a1UiCXYHJr5re+agZilsbqCdiC0IOnpEd1PPl7JAu3VfLH8gUdIbD29p+rMZ6Zf\n3pxA/k0uNY0suJfr5oWTAHYc2g+2eD5M8sT2cco5Jyb1DfZWg3DgC0M4LI0ClumK\nQ6CCWj9xxdNMZ0S7eKJYThX0Ou0XffWbWtaM8ub/MuHuAIdt2Cpgszk1IkXi7qVs\nlMJzPgLavojddIs+xzdO6Ziz5s3gf/MR3jjnbojJh8ixNfvb1XPKTI13iuxxoMlx\nCFt4aBw7lK9bRXplxUX+qbx22T/2ufcFpTwUC19Ifr9AKKB0AcI6nsZgUVQtO/tn\nTlOHAkKc2r1bP3wo39STUgf8rOmdmmu6bk3I2100J0FFth9kdhQZvsFrX0HSN/ia\nBkVWR0KLk2b3LEOLywMUrLMFgqo0r9/IYnZeUD0COTkUFjlsQaNYMRGIKgFt4C59\nmiQJkJ8DiGWS5CYZAM51Lq3tdzNsKnzxzE4xcRicPljImgGBRFlB1gIAsG0xP9qY\nzwU/GwHEDFa492yu4MmVdtvC/xhVBa4lMYNQHu9bAXAogtvOUNRsGo1xRT8xin/r\nDbd4Zfoesz7uNyKxNN06sVzEhk6pO1giVYD4Y923k/534k/vrggn87K4KO5UbQyA\n+uGMZwofk/3vU5+C/eQn2uOF3iWYrCg3q53+uMzIBZ00C622IVtnLpag0zTx5YnN\njRWI8dq9FKPUODDf1xop4H9/8IR5dF4VOozzUqKkRXmdKskiCie803/tUEDXRAVe\nR2ymfcouwnObvuyAZ5m9lY/K3Ab4LT0WlPr4kAxbS6tjH5qdEQageLPsbgjiUyjl\nb2m+/0Hrf4zdvpy27c3/AAp7aAEt8cljGX1PJpkt2Apg4ErnZRxfDQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-PpfBHqbjt7wKttRva' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpkr130bqy.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpkr130bqy.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_6(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_assertion_str, cert_key_assertion_str = generate_cert() cert_assertion = {"cert": cert_assertion_str, "key": cert_key_assertion_str} cert_advice_str, cert_key_advice_str = generate_cert() cert_advice = {"cert": cert_advice_str, "key": cert_key_advice_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_assertion_str, encrypt_cert_advice=cert_advice_str, ) tests/test_51_client.py:699: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=d805017637387aae277eff0eb5d502679299afe173d27ef91d81612c8a72d43burn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjUxWhcNMzQxMDI3MTAzNjUxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAxI5oB0r6iL6ILKGVRFj6cFH+Mw34jDfvotDC1L1/7r4TJn36jkyFi46I\ng3xv80ksjfRMhjFkVDBlogTDq45g5NqD229hgVJ8dTHppW+jZXVL719zxPDI44wy\nHYJamts+wEJ76xCMQdHVzhE1QHSeW0hlOyL7ywFXT9eb0t2ky2F6Zvg+qlK2XTpU\n6SVsJduz6krMAuaQSirgt7ObMArYukpga4B0Wg865wU7bipIxIjn03yUFKNZuagG\nU/xV2QwLYT+K9WKEyBpYr7B/qkMIb9toVfEvZFR+1HhL9vMPHp2EmyBIx4O0jS6q\nJ5NXf7TEAqlvJEvTEPgTX2BuKSD1QwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIJn\nrSAsnSQ8C8eLmBlnUxvYaYSulz1MjZadKGqG7bVrQ8k5P6dfTj2QZHWOzDcbVU+c\n3NhqVt3VdfDyi7PhXFPkR/RLNmgUBq1OiWvoqHWFL0tHixbpzPQ3G4Ahn7DpC/oX\niO7IGqQT/Q9T9d+NcoEtCAHGbT3lcppon8yyDUkOdmQYHu6+AtSFdPHJy76/W39oIreUADD3eW6dDhekWviodJBhInt1qdwWelAflKdF\nIwT59jBuEvMlolinqqGpQZ+/1E3qUD8W+sauQY5KgeJAilO4+GTqKNro3gD9CFim\n/urNNCWQMgCzDGU4XcW4d08A7Y7qY2aQUCmbCq5U8H5fQ7TnXl49s/RPijj2sQiE\n5OuTEgsH9gApV8Ca+eqgSbsQVaIlXfilGO8rSgtr6/GW4zVon7RtXMSjkcgbck3g\naMV8CmKoBq5foaFyVK+V9w/O4WZyCiyMJWn4HuxEjow36j3KtyPs6DRsjICiw0dW\ngrnL84UX88XSpW8vCHlgOg==W3wXifWCe+2C1S+LIifGkC8aos+HJtqJ6rhf96wyJGCol2A3BbvjRq+i7SzvClwk\ngdyJBz1UF8C+6ekU9c7Xzu2WZV7rxShs5LZSbXd/HaJnJ/ks48BWrG3QnDvgOGWo\nKhFEUhPHDYNfE266NqdWRYnwIXM1CgLeY2x326AB9uSq42Yywj1lteFmwpPbSM2r\nQnY6F0tIrvi7Ly7rg3cwop+qCuC1xmrpOhpujsngom86sepSlTcQW0gj3wn1e29Z\noMGzQG3c82IuFRHRQjBvmSYTNRxpNMc9Y3+VZqmtUK63EUcEZHpybMZi9hwap03q\n2T+xwVkONBNYsRt/GZgPY43bXIBbEegEyF0jJr9PN3AcT0OfEPJsPq1WOiEe9HRR\n1hE2a3bQnz7iMsrnFA1d9scuAmraH+EQeu71hOlFdsQIT7J6hWxL7kEwF3oyy2i8\nepq2jFaOuY+1DJmNt6b/eaBL+csVu07nT9W9MbBJx0HQO+pQS7QPwm/uHvS8Il14\nDbLPDS7LWRkn2abPdg1vZSQRtEILTIprpuzs1NjwLctgC8KcYXCkGCK0yhKGStvb\nDBQJjC6xwA2wyVOKrcrXx1R9ALmLQo86z6wfBXlcUwxU3oNPqC4hvJna0h7gdeTr\ntY1VoYVF4ng9cIAjtvrtGjc1HiWIwtmiHit0uepNMzIXUV5lNJBuuYnyqwNq1QWG\ntvGUmYKl7NLpLeDQ1cassgxO9CN3Gaqz+2Lc1z/gtQ52+ybBMNKHniA5m/H4hzJe\nXmts4Hi8TaXYGFum5fdGVWYcC/9s87JOsbyeHzabq/ydONexKOglhoy15qO0d6Sx\nvqfqrK3GzHqfEY7WoNCrX1QJrwHTZeN8Z4FNaebw3hGBH5hEnHUDGXOUVHWO3OGv\nxMDucCsR2T20pmR2eBTiZ++UXujbvYdd1fWZRWqI2o5PXXIDkQJjxRqi3UnXEge/\n0iicM1Ib8Kl96dGpAy9qLeH1gxzMZKQDE6UYSGpay+3MSqge93ADUDykp+9BoKzF\nKtuOaCKCxoPt+QOe6quOEDTyAC9spqqqSP8aSx21ooSaR49y7ZuFiFEqXigwC6m2\nZRNIYll+Jiab8t8fllcc0QKMDPQLhiannCfHAr1S9VTMkFydZp+UjFdP0eogkYGd\nipGGlOC/g6VsGYTW6Pw9JnzsnexOubzaQAvbVS9L0P6biPKXUGUFAjGKlcEMlAfr\nn1aqvsbwYkHaGZIPnHMypB5J6icI3rnt7iDXXNTM/ozkoWPhiFmmm87o25T/4p14\nJBH7TJLO2JQ7dojIBQc8VJKnGnp6fib0lv97tsP2bD9iB/7NyHvAHQsJr71oM3lb\n+7oFRn86AEtVBPZMtt2r+2YTBIw11MO/mGmD/NXOaDiuqmjh8i1EL4PYk7sqaOoB\nbRXvsaE1KVkCmvdSAJ+2fLEbXBEwNQvNnJ6VU7nFCypBiuCUVZ6ZdhQOYuGKqT7c\nykCN5evxeWFoPEEL9BD0G3ulfR6jXxoIRj+WuiKwDFgpQsqOt/6V+zyB37lddQjb\n3a1UiCXYHJr5re+agZilsbqCdiC0IOnpEd1PPl7JAu3VfLH8gUdIbD29p+rMZ6Zf\n3pxA/k0uNY0suJfr5oWTAHYc2g+2eD5M8sT2cco5Jyb1DfZWg3DgC0M4LI0ClumK\nQ6CCWj9xxdNMZ0S7eKJYThX0Ou0XffWbWtaM8ub/MuHuAIdt2Cpgszk1IkXi7qVs\nlMJzPgLavojddIs+xzdO6Ziz5s3gf/MR3jjnbojJh8ixNfvb1XPKTI13iuxxoMlx\nCFt4aBw7lK9bRXplxUX+qbx22T/2ufcFpTwUC19Ifr9AKKB0AcI6nsZgUVQtO/tn\nTlOHAkKc2r1bP3wo39STUgf8rOmdmmu6bk3I2100J0FFth9kdhQZvsFrX0HSN/ia\nBkVWR0KLk2b3LEOLywMUrLMFgqo0r9/IYnZeUD0COTkUFjlsQaNYMRGIKgFt4C59\nmiQJkJ8DiGWS5CYZAM51Lq3tdzNsKnzxzE4xcRicPljImgGBRFlB1gIAsG0xP9qY\nzwU/GwHEDFa492yu4MmVdtvC/xhVBa4lMYNQHu9bAXAogtvOUNRsGo1xRT8xin/r\nDbd4Zfoesz7uNyKxNN06sVzEhk6pO1giVYD4Y923k/534k/vrggn87K4KO5UbQyA\n+uGMZwofk/3vU5+C/eQn2uOF3iWYrCg3q53+uMzIBZ00C622IVtnLpag0zTx5YnN\njRWI8dq9FKPUODDf1xop4H9/8IR5dF4VOozzUqKkRXmdKskiCie803/tUEDXRAVe\nR2ymfcouwnObvuyAZ5m9lY/K3Ab4LT0WlPr4kAxbS6tjH5qdEQageLPsbgjiUyjl\nb2m+/0Hrf4zdvpy27c3/AAp7aAEt8cljGX1PJpkt2Apg4ErnZRxfDQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-PpfBHqbjt7wKttRva' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-PpfBHqbjt7wKttRva', '--output', '/tmp/tmpzxqp2rff.xml', '/tmp/tmpkr130bqy.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpkr130bqy.xml" output= __________________________ TestClient.test_response_7 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=64d5ab2ff3458d7a33105acbd413af2f8fb3f9919f5da874e59c26182f86653durn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6E3D4zxfZm5h3CxiU' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpwvw3ns84.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpwvw3ns84.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_7(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypted_advice_attributes=True, ) tests/test_51_client.py:738: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=64d5ab2ff3458d7a33105acbd413af2f8fb3f9919f5da874e59c26182f86653durn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-6E3D4zxfZm5h3CxiU' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-6E3D4zxfZm5h3CxiU', '--output', '/tmp/tmpvzlqvwg1.xml', '/tmp/tmpwvw3ns84.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpwvw3ns84.xml" output= __________________________ TestClient.test_response_8 __________________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=0b75b01ace115275fc4c971a58db3d73be5f6dc0065b5fdcb592500067a84f01urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-5Kwy95f1KeXniustp' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp1276gfpk.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1276gfpk.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_8(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:776: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=0b75b01ace115275fc4c971a58db3d73be5f6dc0065b5fdcb592500067a84f01urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-5Kwy95f1KeXniustp' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-5Kwy95f1KeXniustp', '--output', '/tmp/tmpjxikt00n.xml', '/tmp/tmp1276gfpk.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1276gfpk.xml" output= _________________ TestClient.test_sign_then_encrypt_assertion __________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-EnlfL1llOR93273Wx' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpe2q3tnci.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpe2q3tnci.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion(self): # Begin with the IdPs side _sec = self.server.sec assertion = s_utils.assertion_factory( subject=factory(saml.Subject, text="_aaa", name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)), attribute_statement=do_attribute_statement( { ("", "", "sn"): ("Jeter", ""), ("", "", "givenName"): ("Derek", ""), } ), issuer=self.server._issuer(), ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id ) tests/test_51_client.py:906: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-EnlfL1llOR93273Wx' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-EnlfL1llOR93273Wx', '--output', '/tmp/tmpq64p9w95.xml', '/tmp/tmpe2q3tnci.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpe2q3tnci.xml" output= _________________ TestClient.test_sign_then_encrypt_assertion2 _________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-WLsXswBAOh7DokeGl' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpto_i49je.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpto_i49je.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Derek", "sn": "Jeter"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=self.client.sec.key_file, node_id=assertion.id ) tests/test_51_client.py:979: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-WLsXswBAOh7DokeGl' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-WLsXswBAOh7DokeGl', '--output', '/tmp/tmpctbd4rf4.xml', '/tmp/tmpto_i49je.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpto_i49je.xml" output= _____________ TestClient.test_sign_then_encrypt_assertion_advice_1 _____________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-HkNJZNWphHaXq6uyL' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpj4g9tzk3.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpj4g9tzk3.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_1(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Derek", "sn": "Jeter"}) subject_confirmation_specs = { "recipient": "http://lingon.catalogix.se:8087/", "in_response_to": "_012345", "subject_confirmation_method": saml.SCM_BEARER, } name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), name_id=name_id, authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"}) a_assertion = a_asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion.signature = sigver.pre_signature_part(a_assertion.id, _sec.my_cert, 1) assertion.advice = Advice() assertion.advice.encrypted_assertion = [] assertion.advice.encrypted_assertion.append(EncryptedAssertion()) assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion.append(assertion) > response = _sec.sign_statement( f"{response}", class_name(a_assertion), key_file=self.client.sec.key_file, node_id=a_assertion.id ) tests/test_51_client.py:1081: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeter' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-HkNJZNWphHaXq6uyL' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-HkNJZNWphHaXq6uyL', '--output', '/tmp/tmp4gjejbcz.xml', '/tmp/tmpj4g9tzk3.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpj4g9tzk3.xml" output= _____________ TestClient.test_sign_then_encrypt_assertion_advice_2 _____________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-iOU6GTxhhb0gmK7OO' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpo_c7kfiw.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpo_c7kfiw.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser_1 = Assertion({"givenName": "Derek"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) assertion_1 = asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) asser_2 = Assertion({"sn": "Jeter"}) assertion_2 = asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_1 = Assertion({"uid": "test01"}) a_assertion_1 = a_asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_2 = Assertion({"email": "test.testsson@test.se"}) a_assertion_2 = a_asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_3 = Assertion({"street": "street"}) a_assertion_3 = a_asser_3.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_4 = Assertion({"title": "title"}) a_assertion_4 = a_asser_4.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion_1.signature = sigver.pre_signature_part(a_assertion_1.id, _sec.my_cert, 1) a_assertion_2.signature = sigver.pre_signature_part(a_assertion_2.id, _sec.my_cert, 1) a_assertion_3.signature = sigver.pre_signature_part(a_assertion_3.id, _sec.my_cert, 1) a_assertion_4.signature = sigver.pre_signature_part(a_assertion_4.id, _sec.my_cert, 1) assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1) assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion = assertion_1 response.assertion.advice = Advice() response.assertion.advice.encrypted_assertion = [] response.assertion.advice.encrypted_assertion.append(EncryptedAssertion()) response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1) advice_tag = response.assertion.advice._to_element_tree().tag assertion_tag = a_assertion_1._to_element_tree().tag response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion( assertion_tag, advice_tag ) > response = _sec.sign_statement( f"{response}", class_name(a_assertion_1), key_file=self.server.sec.key_file, node_id=a_assertion_1.id ) tests/test_51_client.py:1242: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-iOU6GTxhhb0gmK7OO' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-iOU6GTxhhb0gmK7OO', '--output', '/tmp/tmpx7ngfrnj.xml', '/tmp/tmpo_c7kfiw.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpo_c7kfiw.xml" output= ______________ TestClient.test_signed_with_default_algo_redirect _______________ self = def test_signed_with_default_algo_redirect(self): # Revert configuration change to disallow unsinged responses self.client.want_response_signed = True reqid, req = self.client.create_authn_request("http://localhost:8088/sso", message_id="id1") msg_str = str(req) > info = self.client.apply_binding( BINDING_HTTP_REDIRECT, msg_str, destination="", relay_state="relay2", sign=True, ) tests/test_51_client.py:1389: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=tZRvb9owEMa%2FiuX3cf7QdtQiSGxdNaSuQ4Xtxd6Z%2BIDTEjvznSv67acEaKeKIjZtyiuf7%2FJ7nvPZI0eZnkTeuAf4GYFYbJvakXaUlTIGp70hJO1MA6S50vPJ5ztdqEy3wbOvfC2fC4pSbphbnaaA1pCCGHxrFMSUTFMnsGVwhN7RoaQLn4YYIgiM3kkxvSkl2lyKbxC6v5SyUJkUU6IIU0dsHJeyyIqLJM%2BS4nqRZ3pwpS%2BL71LcADE6w33VXmLtK1NvPLEeZsNhSuSlmO0tvUdn0a1PS1vukkh%2FWixmyezLfCHF5CD3g3cUGwhzCI9YwdeHuxcwurV3qjJsar%2FGrSLoJLxLe%2F4jWgj3poEdvDEVaNiapq1BVb7pW6aDr42zmlo5HvWBvglB3PrQGD4tu4ugTVZ9qgbHyE9yfAZrlP6GGo%2B6sfn4fKLdutD7CQI7YQ64jAxvbogXjx6tztVAXalcXahcXV4XA5X3XyH7vHN8GebQRQ%2FOYkApbgOCs%2FXTDgY2ziCQd%2FdY%2FehypUDqpGEAW8qVqQmkSM%2BQ3LfKYuip%2FWZiYaWPAP5W%2FtIQVn9ogEP8R%2FrnlW%2FBTlYrrNHsrt%2F%2FMXIEdPxI0jfnK309ienrF238Cw%3D%3D&RelayState=relay2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm __________________ TestClient.test_do_logout_signed_redirect ___________________ self = def test_do_logout_signed_redirect(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT ) tests/test_51_client.py:1527: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVJLa8JAEP4ry941a3xgBxOwiCBYpfaB9LYkm7plM2N3JtT660tSD6UFDz0NDN9zmBmygTW9UiM79944FnWqAzIgm0w3EYEsewa0tWOQAh7md2tI%2BwaOkYQKCvpCYFuH6wzL7KJ4Qq1Wi0z7srfe47lcPu3jh93d%2BrczavXsInvCTKd9o9WKuXErZLEomU5NOuoNTC%2B9eRwYGE5gnL5otXAsHq10rIPIEZIkUGHDgVhgaqbThANptXOWW8ijj67UakOyxW2cV%2BLib%2BnRoJPOZ20p6EJEtaRYW7lesd34sld1UHAoXj513jJqWzhwJ1sfg%2BsXVHf3gkjBYgl8nCU%2FrC6%2BG1u71UK1476xwVe%2BTVoR6X9kkWiRvUPR%2BSAdjsaTi%2BO3ST5L%2FjxC%2FgU%3D&RelayState=id-LXnzdFUXrwaRBijzn%7C1730198212%7C7de641a3a9e932742852cfcfe4aacbabbfebe3f9&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm ______________ TestClient.test_do_logout_signed_redirect_invalid _______________ self = def test_do_logout_signed_redirect_invalid(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT, ) tests/test_51_client.py:1565: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVJLa8JAEP4ry941DzXokAQEKQSstlY89LYkG92yu5PuTED%2FfUnqobTgoaeB4XsOk3uKYYtn7PmgP3tNLK7OegJPcSH74AEVGQKvnCbgGt7Wz1tIpzF0ARlrtPJOIOXsY4Yi0oENeimqTSFNMzFnV50%2BKHux2ep0bnY3KU46kEFfyHQaS1ER9bryxMpzIdM4nU%2BSeJKujkkMswwW6bsUG01svOKRdWHuIIos1spekBiW8XIZkUUpDlrRADmaoBspdsh7vw%2FrlnX4LT1PRukyH0rBGCKIJwxO8eOKw8Y0k3aEgvZs%2BCbLgeFUrUFfleusntboxntBQKt8A9Tl0Q%2Bru%2B9OOV1txDBee2VNa4akLaL8RxYOypPRnmWZpLP5Irs7fpuUefTnEcov&RelayState=id-igmIVjs6Pl69VgdNy%7C1730198212%7Ca096bc6d59bcf0489fcaf89f5d797f30147cd053&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm ________________________ TestClient.test_do_logout_post ________________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-x3Mlzhyio90ShFaaw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmp6f7fc6zp.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp6f7fc6zp.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_post(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:1609: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-x3Mlzhyio90ShFaaw' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-x3Mlzhyio90ShFaaw', '--output', '/tmp/tmpf3ightx2.xml', '/tmp/tmp6f7fc6zp.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp6f7fc6zp.xml" output= __________________ TestClient.test_do_logout_session_expired ___________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-dd0KypovU6wAjQQMQ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmprkteq7iz.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmprkteq7iz.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_session_expired(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": a_while_ago(minutes=15), "ava": {"givenName": "Anders", "sn": "Andersson", "mail": "anders.andersson@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:1661: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-dd0KypovU6wAjQQMQ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-dd0KypovU6wAjQQMQ', '--output', '/tmp/tmppfcxtq9b.xml', '/tmp/tmprkteq7iz.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmprkteq7iz.xml" output= _______________________ TestClient.test_signature_wants ________________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp7b9ea39a069e90283c3c52690d393329e9d8273dcafa0dbf568f0f5f83d5a65curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-c9jthdukybUldgsyS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmprvsaa7o2.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmprvsaa7o2.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signature_wants(self): ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": ["The man"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) kwargs = { "identity": ava, "in_response_to": "id1", "destination": "http://lingon.catalogix.se:8087/", "sp_entity_id": "urn:mace:example.com:saml:roland:sp", "name_id_policy": nameid_policy, "userid": "foba0001@example.com", "authn": AUTHN, } outstanding = {"id1": "http://foo.example.com/service"} def create_authn_response(**kwargs): return b64encode(str(self.server.create_authn_response(**kwargs)).encode()) def parse_authn_response(response): self.client.parse_authn_request_response(response, BINDING_HTTP_POST, outstanding) def set_client_want(response, assertion, either): self.client.want_response_signed = response self.client.want_assertions_signed = assertion self.client.want_assertions_or_response_signed = either # Response is signed but assertion is not. kwargs["sign_response"] = True kwargs["sign_assertion"] = False > response = create_authn_response(**kwargs) tests/test_51_client.py:1706: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/test_51_client.py:1693: in create_authn_response return b64encode(str(self.server.create_authn_response(**kwargs)).encode()) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp7b9ea39a069e90283c3c52690d393329e9d8273dcafa0dbf568f0f5f83d5a65curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-c9jthdukybUldgsyS' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-c9jthdukybUldgsyS', '--output', '/tmp/tmpeuq026en.xml', '/tmp/tmprvsaa7o2.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmprvsaa7o2.xml" output= ________________ TestClientNonAsciiAva.test_sign_auth_request_0 ________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', ...] extra_args = ['/tmp/tmplsp1hnzp.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmplsp1hnzp.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_auth_request_0(self): > req_id, areq = self.client.create_authn_request("http://www.example.com/sso", sign=True, message_id="id1") tests/test_51_client.py:2023: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client_base.py:445: in create_authn_request msg = self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id1' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmp0s5r3tx9.xml', '/tmp/tmplsp1hnzp.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmplsp1hnzp.xml" output= ____________________ TestClientNonAsciiAva.test_response_1 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp7b9ea39a069e90283c3c52690d393329e9d8273dcafa0dbf568f0f5f83d5a65curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepci\xc3\xb3nDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Al7Sow2SLy6JxRe9p' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', ...] extra_args = ['/tmp/tmpb7qv0lqf.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpb7qv0lqf.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_1(self): IDP = "urn:mace:example.com:saml:roland:idp" ava = {"givenName": ["Dave"], "sn": ["Concepción"], "mail": ["Dave@cnr.mlb.com"], "title": ["#13"]} nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id_policy=nameid_policy, sign_response=True, userid="foba0001@example.com", authn=AUTHN, ) tests/test_51_client.py:2066: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idp7b9ea39a069e90283c3c52690d393329e9d8273dcafa0dbf568f0f5f83d5a65curn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepci\xc3\xb3nDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:Response' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Al7Sow2SLy6JxRe9p' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-Al7Sow2SLy6JxRe9p', '--output', '/tmp/tmpxif4mprv.xml', '/tmp/tmpb7qv0lqf.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpb7qv0lqf.xml" output= ____________________ TestClientNonAsciiAva.test_response_2 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=967fb36b2db754c0561d9c90a6ef102723eacf32c95d753528060b76e6e4fa9furn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjUzWhcNMzQxMDI3MTAzNjUzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA1TDjp+uj6BLEPA5QzOIuR9G9CARl1ng3UQ7a5fZML8PWgkEoU971ToA+\nYe82njuR5DApSaNwC9BZoJRBS8pOzBqVCM1MryUf+mhUP9INzWpaqejBZJvpuRJF\nsgJIZ7G9Evddg4CRGq7m1Vx9iL8WJZWHoTmG7pn2hODPQT3WvUDwzMSkVGT4ffro\nPe11DEXcjOTiIlsQZe+OD1Wd/b0C4SY94ndmE8UT72QGwn3TzMvPKSEHx1a7USrE\nrsaHO/Q1uW8laGIAKQfuTJ50NOjRp3cL+WUfGUfflQkN0iKBlwZE3mxo5UASeFvn\nJW/r6u8n1lFoWePGdnu9ohyAAbbpmQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAEQr\nU+ituAgvfqUT/soCT04Dufbu4QMv3SCqM79d8vrW50tL5fM/XSuO+4O/i37uBEsl\n0l4OybYX6EKMWD9x3S+6t9pynQCKvxFHQn26CYbCYl88Y27JVXfyVXdUt6zzJicS\nyvC5/hHwgjNwZvIMO7f6jdr8ud+G/1Y7TTkxbmrDMqRW1ZX2zcsiOGcxzX+yJTyQI885ewQ/OAYilxUI6XT+AeDMHmDshmwfItKWXlEy\nG9kHSM9GjX75/Z6mxa3oZw/R6NvPkkjc/WJb7dTPaVlfbMSITZLNrEK1kXP+orWc\n8vC0SdzL2HXNsega3KgYw+LDUDOEyha72YaEPZ77DjxKFsHL8GM1lm54NjowA8+J\nPdIVt+EHOD7jkV3oUvEgobhHMFBcmfhMXbvlEE+CUqbCTRcWn9zD7YxUAQREXlQD\nRHB/v4siASvmcfgz2/bNiN8pXokBcZh7R5PEBmCJdzZnX3zY+E8ygwDgxQwDlxj9\nl0Q/KJHSd0rNaLqWC5Avqg==mhiFV+oeKe/aOyzxoY/lc8Fv6PBgChJTuS1Z+kFIHRQV7xoQAtDzfpfo6mGb9+Uh\nSCLxBmCIFr/B0gosORkRxuf+62a5ytWlZGjf+qobK+QJaXVyHWaTS2YpxBdcnbIb\nOLpwwUm4QRQjT3KAn5rhbIc41wzRmxZ7ynlqZjvvYJcWvASGrn6O/YpTYmvdT6mu\n62ctPXA+PffP8oG+ZPTNneMqygo0fi/pNBHj2u8Ser5IndrRF8UV6XavV9O8+Gog\n4o6sOXqZ1fEzn38E0nUauzEI2HSmXzmpRU92UVIvuTiCAq13+e8bT2oiwWMK+SqR\nqH4td2BxIK1Qt8sB8X7Zfy2uGV1VvYx5VXK89ysc+bIoqHegvpXfn4R8qiyS39Zl\nOfWw7O+A4D4ZSFue87xgML9iQidQTXppmVZ7gB+RS3M1TB/CzeODmknELgz/NFPh\neW34Qw82CgjoUH7Ke/xBwxf6O4bvyOyIcpMcutH+UTaAQFsKkGjJ9CmfYzgLN9OG\niWIu1P0H/AJTpO5uYh38q/L6TKtrXGO8LE+eX2Sj8sLxAb2ldFXfK0r0mHbv+RdL\n2tzlD/E/e9gSs4+VvwUWDPTh1wiXW1GuDmd4Wz1z5eBHokQAqZl/C0RxvQm7n8kH\nQDhXBAXQmbGsPazpIFcjW+II5Ns2TK9eQ3YmA1mStvzfMLcAIotuA97m9nsH2xNb\nA6T4SYOyDWJ49UaRGJBjewNZEY9/Dwggw8UnEZWIzeIQWQlPMICdsWZUAenliZZL\nNf0ymejhOwvgHBkYoz/WD2jubfF1bpauovYMiyjMH8L1ZiQ7WvO9kcgMU23uDayk\ninD3JSdfTILdyY/KJhvYIv4U6SwR/W/DhqecA5d8a5H08LTDkT/IJhF7+JvMdcRO\naTyuPRIyAL5vJB0vG9T3Wa7/RHmhSh2xs65Lnb0ukeeyOUcRvezxqVe6DNupdl2o\n0RzEKxm7GZ5rJWI/0MJjOZ/rPikxjYQFri5iBUK27hTbL4r8i5cE1uS1Y1xh/4ze\nX5ssavZzxaV5z3FntgZdNk1xdtmsOdWsmIaGt8OCgczGUKzomCHrKLWUQpt1ZAJG\n97CNJmdXvrwohLdzAnMfVqYqzTC70idgK8W5QQZYLM2XBz9Y8v856b5yBpRejPKl\nvuMheyPmqlH0j37Zg/fCtdNRdtaiWKvQQjoIOfMg7gz6iyytMbeubR6Np1jruUSV\nIkbUn77YExR2eH5J+cn5I9HD8NNT0U6M0QS9HjzsYj8gEwy41rc6tzKe1tYZILQg\nTDZuU1AW89J1CAWyBD5TGJw8Vy6bZZr1l/2N0ltq2aNfOp5vpNdrIyQbZNjtk/pE\nOty8i54ePFqlDpSX2+Ut0xo1bEGkktEgU9H9+0Sto5LmQ/1eahTQhd4ZKhoOHC1d\nyHRRcqGbPNZww2MJMrbadilVRLOu9CuhgWUZUsvsBG8iU2mdF+LGNBcbQ3if8rE5\nY7P4W2opgHLDLK+30d0dMDMa+zWRzNjQ/8pjzL7NePqxok2jI3CPtICyrfi1sS8A\nuvdoCVwJYziO8c9QCi4jtPDmRWlNjSWKaLu8F16xuYq8/kcWjP28/GRPT4bQ/+aE\nFD7qePQKw+/elIsSNfuevdqdxrRYAuUed+nKuJQzI6PbeX1FiMN2zcxKSsf3ftsZ\nZmEDdUYaQe4HuRDglzpOmk89fHrAcz4DunrlOZXViq883IHG+XUdYcU0JJjonNFo\nxMIWANSe3gFJ9OE2zf4lwdaOt9QPi8EVTIh2H6jrjxtuQEj7QlL41mQF+Fjtmeok\npHLLNn2Nz47b8rwIMPGwv2XrnsnlX1kgwCxYA4I1VAXFU3ehV/hvR2HhlE1CwfdJ\n0oiTUKeKx8IgwW6gcOL+6VY2WbxH3awmzkPkxJaEimJbYLRTuoGJPQC6JGx2+E/e\nnLkIyBNnvwemg9OXvuvBQgt2kYDZCWIdEanyjBOgeXyRv0g3VRdfXGohbFuoMtdc\n7srShJTAu0WtN4XKGtD//vAJDT6LOPWdFkTilHK/AlAibYrmifAGApgjzcHuXuHF\n2xx1cFWA4oIf1jM49Lv4B6GdHbATteovgFnJKGM3313JpT5xnZjB/IHXsMUeVeCb\njlgGrZkyvY/RbKt8ziGn1Z3THzqZITtAXaHAzUOk87hZefGPBUydDem8WkxXD/yH\n6r8e3zWn7IiBZzZw0kAEZ+m5AIB8rUGRNeMwp5Zz7Wf6gbaipRJ+zvjHCuVK6HFc\n2geIVp5pEBd49lZuVxuHQ+zDmSXUN/HsY6AqiG27n0kBFPcdN/dFIZMkKOEnhngU\n6HvcTj3sOTJozZRo4Nq+DWmzCoFHSmzGudkgPfzSVtTvh49m74lwDE3Lox1TnDUF\n4XQ79X59Jc5Ixv4XiG1wfgpnh7+zQCewCrD8MGS5FN9myA9gsqnbbA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-iZxaU9IefMzpd0voF' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmprnacadtw.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmprnacadtw.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_2(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_advice=cert_str, ) tests/test_51_client.py:2146: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=967fb36b2db754c0561d9c90a6ef102723eacf32c95d753528060b76e6e4fa9furn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjUzWhcNMzQxMDI3MTAzNjUzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA1TDjp+uj6BLEPA5QzOIuR9G9CARl1ng3UQ7a5fZML8PWgkEoU971ToA+\nYe82njuR5DApSaNwC9BZoJRBS8pOzBqVCM1MryUf+mhUP9INzWpaqejBZJvpuRJF\nsgJIZ7G9Evddg4CRGq7m1Vx9iL8WJZWHoTmG7pn2hODPQT3WvUDwzMSkVGT4ffro\nPe11DEXcjOTiIlsQZe+OD1Wd/b0C4SY94ndmE8UT72QGwn3TzMvPKSEHx1a7USrE\nrsaHO/Q1uW8laGIAKQfuTJ50NOjRp3cL+WUfGUfflQkN0iKBlwZE3mxo5UASeFvn\nJW/r6u8n1lFoWePGdnu9ohyAAbbpmQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAEQr\nU+ituAgvfqUT/soCT04Dufbu4QMv3SCqM79d8vrW50tL5fM/XSuO+4O/i37uBEsl\n0l4OybYX6EKMWD9x3S+6t9pynQCKvxFHQn26CYbCYl88Y27JVXfyVXdUt6zzJicS\nyvC5/hHwgjNwZvIMO7f6jdr8ud+G/1Y7TTkxbmrDMqRW1ZX2zcsiOGcxzX+yJTyQI885ewQ/OAYilxUI6XT+AeDMHmDshmwfItKWXlEy\nG9kHSM9GjX75/Z6mxa3oZw/R6NvPkkjc/WJb7dTPaVlfbMSITZLNrEK1kXP+orWc\n8vC0SdzL2HXNsega3KgYw+LDUDOEyha72YaEPZ77DjxKFsHL8GM1lm54NjowA8+J\nPdIVt+EHOD7jkV3oUvEgobhHMFBcmfhMXbvlEE+CUqbCTRcWn9zD7YxUAQREXlQD\nRHB/v4siASvmcfgz2/bNiN8pXokBcZh7R5PEBmCJdzZnX3zY+E8ygwDgxQwDlxj9\nl0Q/KJHSd0rNaLqWC5Avqg==mhiFV+oeKe/aOyzxoY/lc8Fv6PBgChJTuS1Z+kFIHRQV7xoQAtDzfpfo6mGb9+Uh\nSCLxBmCIFr/B0gosORkRxuf+62a5ytWlZGjf+qobK+QJaXVyHWaTS2YpxBdcnbIb\nOLpwwUm4QRQjT3KAn5rhbIc41wzRmxZ7ynlqZjvvYJcWvASGrn6O/YpTYmvdT6mu\n62ctPXA+PffP8oG+ZPTNneMqygo0fi/pNBHj2u8Ser5IndrRF8UV6XavV9O8+Gog\n4o6sOXqZ1fEzn38E0nUauzEI2HSmXzmpRU92UVIvuTiCAq13+e8bT2oiwWMK+SqR\nqH4td2BxIK1Qt8sB8X7Zfy2uGV1VvYx5VXK89ysc+bIoqHegvpXfn4R8qiyS39Zl\nOfWw7O+A4D4ZSFue87xgML9iQidQTXppmVZ7gB+RS3M1TB/CzeODmknELgz/NFPh\neW34Qw82CgjoUH7Ke/xBwxf6O4bvyOyIcpMcutH+UTaAQFsKkGjJ9CmfYzgLN9OG\niWIu1P0H/AJTpO5uYh38q/L6TKtrXGO8LE+eX2Sj8sLxAb2ldFXfK0r0mHbv+RdL\n2tzlD/E/e9gSs4+VvwUWDPTh1wiXW1GuDmd4Wz1z5eBHokQAqZl/C0RxvQm7n8kH\nQDhXBAXQmbGsPazpIFcjW+II5Ns2TK9eQ3YmA1mStvzfMLcAIotuA97m9nsH2xNb\nA6T4SYOyDWJ49UaRGJBjewNZEY9/Dwggw8UnEZWIzeIQWQlPMICdsWZUAenliZZL\nNf0ymejhOwvgHBkYoz/WD2jubfF1bpauovYMiyjMH8L1ZiQ7WvO9kcgMU23uDayk\ninD3JSdfTILdyY/KJhvYIv4U6SwR/W/DhqecA5d8a5H08LTDkT/IJhF7+JvMdcRO\naTyuPRIyAL5vJB0vG9T3Wa7/RHmhSh2xs65Lnb0ukeeyOUcRvezxqVe6DNupdl2o\n0RzEKxm7GZ5rJWI/0MJjOZ/rPikxjYQFri5iBUK27hTbL4r8i5cE1uS1Y1xh/4ze\nX5ssavZzxaV5z3FntgZdNk1xdtmsOdWsmIaGt8OCgczGUKzomCHrKLWUQpt1ZAJG\n97CNJmdXvrwohLdzAnMfVqYqzTC70idgK8W5QQZYLM2XBz9Y8v856b5yBpRejPKl\nvuMheyPmqlH0j37Zg/fCtdNRdtaiWKvQQjoIOfMg7gz6iyytMbeubR6Np1jruUSV\nIkbUn77YExR2eH5J+cn5I9HD8NNT0U6M0QS9HjzsYj8gEwy41rc6tzKe1tYZILQg\nTDZuU1AW89J1CAWyBD5TGJw8Vy6bZZr1l/2N0ltq2aNfOp5vpNdrIyQbZNjtk/pE\nOty8i54ePFqlDpSX2+Ut0xo1bEGkktEgU9H9+0Sto5LmQ/1eahTQhd4ZKhoOHC1d\nyHRRcqGbPNZww2MJMrbadilVRLOu9CuhgWUZUsvsBG8iU2mdF+LGNBcbQ3if8rE5\nY7P4W2opgHLDLK+30d0dMDMa+zWRzNjQ/8pjzL7NePqxok2jI3CPtICyrfi1sS8A\nuvdoCVwJYziO8c9QCi4jtPDmRWlNjSWKaLu8F16xuYq8/kcWjP28/GRPT4bQ/+aE\nFD7qePQKw+/elIsSNfuevdqdxrRYAuUed+nKuJQzI6PbeX1FiMN2zcxKSsf3ftsZ\nZmEDdUYaQe4HuRDglzpOmk89fHrAcz4DunrlOZXViq883IHG+XUdYcU0JJjonNFo\nxMIWANSe3gFJ9OE2zf4lwdaOt9QPi8EVTIh2H6jrjxtuQEj7QlL41mQF+Fjtmeok\npHLLNn2Nz47b8rwIMPGwv2XrnsnlX1kgwCxYA4I1VAXFU3ehV/hvR2HhlE1CwfdJ\n0oiTUKeKx8IgwW6gcOL+6VY2WbxH3awmzkPkxJaEimJbYLRTuoGJPQC6JGx2+E/e\nnLkIyBNnvwemg9OXvuvBQgt2kYDZCWIdEanyjBOgeXyRv0g3VRdfXGohbFuoMtdc\n7srShJTAu0WtN4XKGtD//vAJDT6LOPWdFkTilHK/AlAibYrmifAGApgjzcHuXuHF\n2xx1cFWA4oIf1jM49Lv4B6GdHbATteovgFnJKGM3313JpT5xnZjB/IHXsMUeVeCb\njlgGrZkyvY/RbKt8ziGn1Z3THzqZITtAXaHAzUOk87hZefGPBUydDem8WkxXD/yH\n6r8e3zWn7IiBZzZw0kAEZ+m5AIB8rUGRNeMwp5Zz7Wf6gbaipRJ+zvjHCuVK6HFc\n2geIVp5pEBd49lZuVxuHQ+zDmSXUN/HsY6AqiG27n0kBFPcdN/dFIZMkKOEnhngU\n6HvcTj3sOTJozZRo4Nq+DWmzCoFHSmzGudkgPfzSVtTvh49m74lwDE3Lox1TnDUF\n4XQ79X59Jc5Ixv4XiG1wfgpnh7+zQCewCrD8MGS5FN9myA9gsqnbbA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-iZxaU9IefMzpd0voF' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-iZxaU9IefMzpd0voF', '--output', '/tmp/tmpf85w5w3l.xml', '/tmp/tmprnacadtw.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmprnacadtw.xml" output= ____________________ TestClientNonAsciiAva.test_response_3 _____________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=00b131b5fda5a8ed5d4dae9fae02d8b5d8f201331599af3647ba1e9d97340165urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==psMXQWbbv00vYkwx8KRN1H8ye/bobDcKkyLwOkOheNmUP2SZwN+WeH1ndQDgOKDR\nq1j1WTwXEs/L6tzyDX8TJazJMGZZmg04udZnGd/1yOFXeu3+VTuI+mcUjPzwlKZ0\nMDW267s3ZvyJCaYzsbmSXp9ZBmXlTQnfR7f0BSmeaY8=tu5uy8vBE0isLnIOOpdBlSMTj7r4PpbkkmciLIhMuqhJuo4qP/C85wPY+odb85Qa\nCLQEKkvWOYdPo2XX8V8tOVzM/TSsySovs4K9wY/kSGMq+5HqGiKBci8mrVYaYasT\nvCjdy8pptwvga+qe7KrHiMmUQ3MbaYIUfpaiVA4BPJCLURVgCECdeMRKvzcJFGI1\nysvi3/d9dHxjoeS9c2WAFSmoBHgB1LKgdeXIspSl+FKTzvRXxxKz1rnCzdAsFkP+\nJcObgvVuC2WzUeRqmqMR6+mrs11z+oUZx58ZOtQIeLi6cS5Xc47Lg+9xlQB9AA2S\ntG7NOWDEnzBq8Y5VTcrZfrCBYv9zXbKskafDoWPehGSjI3olk9BZqKO7Vxkj1a1E\nNuAomHzV5nKes/X5hZb3NXHY2nWgIchq5z8J8ZjNvo4fyzIpqONcX9SVfHAA6V5D\nMLVujJtk5CYGiPLM9PMhHURKSmxQJhfFkzYgjgDNbWhK6/lu6LBeKFTsN75/uo4m\nfUH0hM+IQ0pjSnWI7QxqZP13vB9C+TZzcnzs2pJv2u1yTAmypIsWojksYDtaOGX5\nvxmTOu8UMPI3OAjZwECr3DmHLmRYe7JopgzhpWDvd71+2rrnGlUlmU9nCTA3K5E0\nfG3maJFb5fB7OGLp+GOEh48ufzDADmppKNEN+JFPdlUOpPMif2vylNzBWiBFKpjj\n9CrDnPM6yKj97aheOx2QAzGmIYlKtaWaU6yA9qYtK9QfbRnkMe7Y7ATuisiz0+zN\nLZDaG5Gj19lMxgVvCQbvtn8INqtKR3y9KG1yIzoQrf2T3ZfCQzQ1k8HTSmfIXfrz\nOgv8MyKKTLR97z2HvBVqw/1PIOJis8I5ppi0tBpmu9KOmYAkx06NwNYN0b9YkJqg\nM16yQqnIy9N29A/bCLLHbC94CwrwxFdaEDoY4PmdHKGrMbo++3fLZA9vBKTPqVnd\nowNSvGPscgudwakWGoW86niIzLBwgRJGxX2SAiG1F3wsUX0NgR39YeFpCMEQHQmY\nTUc5+kg4raeHALks0eFHwUA3s+cigEud6eLSm1xm4v+gMe9y6ABOjsTPKvv8CCb/\nAx3Hrb41Bcw1L8dEL04qQ0ahmffhVBblyvP+d/V75SFtCXdLm9T2NVtrIRTLym4I\noCXtYfFqarAPQlKWKOSzY/PN7D1UfP9zNWCJrqK4MScZ6Ab2iY3uUBTK7HTQqPpN\nwa43Xk3tXpXbtMdy1d3lgOh2+RQLkQenztP+THtgIpiKafHZCm6lWwY0DqF8tOqP\nxB38tSPbm/qR4y6g+oKFiHU+PRZzDMPd5cqKXA5b6COWwwNpCaTERwYFpvcBROrQ\nnvfK7DB/tSQOtsIeyPqqn4QVcnDDYtvYVbIoHpOHh8/hHUZzpCGWiroYCR6Xh81F\ntlOrzr37F8bm/H17UEFoKaAHw9ICMmobdtfqE857MgdDt91WYHv21OXf5PmdFjyG\nlFEKr2FsNUk/rCsJ4jNnjVNsaGNc3QyfCB9hg1abwAxByMN2rFjcWo6NhOtV7Xdp\nagBmnjcaWm60r8kCImnlmxgvluotKVhsq/gOP99qMB3+/QqAZz6Fmkx/L0fArbx1\n5uKEuq3fQJJ9HOSf7WS3dUAAtezWx7SvdjyH28+gtDYUMnAx2pniuW8l4tjwFbOj\nl6Opfv2H4EWBHmJ9e5Pyb8chzJ3buwmDlEWh84ysXU3cMdyzqNI0FS4Gui96KG4n\ndyz3WaDLUVqT85BHPA2VWeK/Bf4PslYfrYgJ0YcnVoA6DYmJXGnlYnaKH9bCzEKH\nmwdGfsYUKs8BRI/CcaO//OauvH0LTXOnE8H4vD1n+Q8A8AnHbrmBuK3ODMpjnL8C\n/H7Sd5KONM7t22Sv3LpyRTKp3bvIJeRcg0Ld3x+5ZZn5Aqiz++izWO8zj2bE/LHj\nK23do0QD2LEbHXX61SfAFDkSypGhS2DNFCgIQrScHcied8V1hbLEGkxRD5B9pRBv\nxqzukSPJNm0m2aDwb1q/ria/cAh69662uOhd6DJrfsSaYuCCl51VrNt7+RFAv/2+\npV/ED9uc11dZChqRONmAaKG++g9W5ch/ytGNhXTbKVt7z9Gr99tSBHiikKqqjBcc\nX283MvQvaY7VBWhRbHL+tV45Hdwb7AHTxj/38VriGOiJ5dEJ/MIAxpiPKZJ4OFQH\nws5pqKcUENUKCTcraaWKXEYeHSrJf9RMTvV8s/wToF2upY3NgcABiLbjU2kVOI4I\nUqkjHTN+J2L9GfBrnUcK7APdtQhoZ76vpoZWVguPvZ7wYzFmO42+1OYKabeTD5EK\nbtAQwpkd5nAgGTsjQ8YkvqstMjHgowurHds/a6hBiIIR3WMspCR+Q+hHFyW+o/a1\n4rrai6Ad/8fbQbKTCBC3KJ0jh4mH2qnyPYj3Xfa9FdPnE7a475c/oQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sMx0Rj902w3GzPmub' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmps8xiut53.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmps8xiut53.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_3(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=False, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:2181: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:907: in _response response = signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=00b131b5fda5a8ed5d4dae9fae02d8b5d8f201331599af3647ba1e9d97340165urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==psMXQWbbv00vYkwx8KRN1H8ye/bobDcKkyLwOkOheNmUP2SZwN+WeH1ndQDgOKDR\nq1j1WTwXEs/L6tzyDX8TJazJMGZZmg04udZnGd/1yOFXeu3+VTuI+mcUjPzwlKZ0\nMDW267s3ZvyJCaYzsbmSXp9ZBmXlTQnfR7f0BSmeaY8=tu5uy8vBE0isLnIOOpdBlSMTj7r4PpbkkmciLIhMuqhJuo4qP/C85wPY+odb85Qa\nCLQEKkvWOYdPo2XX8V8tOVzM/TSsySovs4K9wY/kSGMq+5HqGiKBci8mrVYaYasT\nvCjdy8pptwvga+qe7KrHiMmUQ3MbaYIUfpaiVA4BPJCLURVgCECdeMRKvzcJFGI1\nysvi3/d9dHxjoeS9c2WAFSmoBHgB1LKgdeXIspSl+FKTzvRXxxKz1rnCzdAsFkP+\nJcObgvVuC2WzUeRqmqMR6+mrs11z+oUZx58ZOtQIeLi6cS5Xc47Lg+9xlQB9AA2S\ntG7NOWDEnzBq8Y5VTcrZfrCBYv9zXbKskafDoWPehGSjI3olk9BZqKO7Vxkj1a1E\nNuAomHzV5nKes/X5hZb3NXHY2nWgIchq5z8J8ZjNvo4fyzIpqONcX9SVfHAA6V5D\nMLVujJtk5CYGiPLM9PMhHURKSmxQJhfFkzYgjgDNbWhK6/lu6LBeKFTsN75/uo4m\nfUH0hM+IQ0pjSnWI7QxqZP13vB9C+TZzcnzs2pJv2u1yTAmypIsWojksYDtaOGX5\nvxmTOu8UMPI3OAjZwECr3DmHLmRYe7JopgzhpWDvd71+2rrnGlUlmU9nCTA3K5E0\nfG3maJFb5fB7OGLp+GOEh48ufzDADmppKNEN+JFPdlUOpPMif2vylNzBWiBFKpjj\n9CrDnPM6yKj97aheOx2QAzGmIYlKtaWaU6yA9qYtK9QfbRnkMe7Y7ATuisiz0+zN\nLZDaG5Gj19lMxgVvCQbvtn8INqtKR3y9KG1yIzoQrf2T3ZfCQzQ1k8HTSmfIXfrz\nOgv8MyKKTLR97z2HvBVqw/1PIOJis8I5ppi0tBpmu9KOmYAkx06NwNYN0b9YkJqg\nM16yQqnIy9N29A/bCLLHbC94CwrwxFdaEDoY4PmdHKGrMbo++3fLZA9vBKTPqVnd\nowNSvGPscgudwakWGoW86niIzLBwgRJGxX2SAiG1F3wsUX0NgR39YeFpCMEQHQmY\nTUc5+kg4raeHALks0eFHwUA3s+cigEud6eLSm1xm4v+gMe9y6ABOjsTPKvv8CCb/\nAx3Hrb41Bcw1L8dEL04qQ0ahmffhVBblyvP+d/V75SFtCXdLm9T2NVtrIRTLym4I\noCXtYfFqarAPQlKWKOSzY/PN7D1UfP9zNWCJrqK4MScZ6Ab2iY3uUBTK7HTQqPpN\nwa43Xk3tXpXbtMdy1d3lgOh2+RQLkQenztP+THtgIpiKafHZCm6lWwY0DqF8tOqP\nxB38tSPbm/qR4y6g+oKFiHU+PRZzDMPd5cqKXA5b6COWwwNpCaTERwYFpvcBROrQ\nnvfK7DB/tSQOtsIeyPqqn4QVcnDDYtvYVbIoHpOHh8/hHUZzpCGWiroYCR6Xh81F\ntlOrzr37F8bm/H17UEFoKaAHw9ICMmobdtfqE857MgdDt91WYHv21OXf5PmdFjyG\nlFEKr2FsNUk/rCsJ4jNnjVNsaGNc3QyfCB9hg1abwAxByMN2rFjcWo6NhOtV7Xdp\nagBmnjcaWm60r8kCImnlmxgvluotKVhsq/gOP99qMB3+/QqAZz6Fmkx/L0fArbx1\n5uKEuq3fQJJ9HOSf7WS3dUAAtezWx7SvdjyH28+gtDYUMnAx2pniuW8l4tjwFbOj\nl6Opfv2H4EWBHmJ9e5Pyb8chzJ3buwmDlEWh84ysXU3cMdyzqNI0FS4Gui96KG4n\ndyz3WaDLUVqT85BHPA2VWeK/Bf4PslYfrYgJ0YcnVoA6DYmJXGnlYnaKH9bCzEKH\nmwdGfsYUKs8BRI/CcaO//OauvH0LTXOnE8H4vD1n+Q8A8AnHbrmBuK3ODMpjnL8C\n/H7Sd5KONM7t22Sv3LpyRTKp3bvIJeRcg0Ld3x+5ZZn5Aqiz++izWO8zj2bE/LHj\nK23do0QD2LEbHXX61SfAFDkSypGhS2DNFCgIQrScHcied8V1hbLEGkxRD5B9pRBv\nxqzukSPJNm0m2aDwb1q/ria/cAh69662uOhd6DJrfsSaYuCCl51VrNt7+RFAv/2+\npV/ED9uc11dZChqRONmAaKG++g9W5ch/ytGNhXTbKVt7z9Gr99tSBHiikKqqjBcc\nX283MvQvaY7VBWhRbHL+tV45Hdwb7AHTxj/38VriGOiJ5dEJ/MIAxpiPKZJ4OFQH\nws5pqKcUENUKCTcraaWKXEYeHSrJf9RMTvV8s/wToF2upY3NgcABiLbjU2kVOI4I\nUqkjHTN+J2L9GfBrnUcK7APdtQhoZ76vpoZWVguPvZ7wYzFmO42+1OYKabeTD5EK\nbtAQwpkd5nAgGTsjQ8YkvqstMjHgowurHds/a6hBiIIR3WMspCR+Q+hHFyW+o/a1\n4rrai6Ad/8fbQbKTCBC3KJ0jh4mH2qnyPYj3Xfa9FdPnE7a475c/oQ==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sMx0Rj902w3GzPmub' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sMx0Rj902w3GzPmub', '--output', '/tmp/tmpj3x5v_9x.xml', '/tmp/tmps8xiut53.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmps8xiut53.xml" output= ____________________ TestClientNonAsciiAva.test_response_4 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=f1992b3c0311dd6ee59c3f165999536832beabe76a40deaf96bb0a8e332c3e1eurn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==MlR2y3hay1lbJlKSGHtpR3IMbddiESsX0eEqXcPbMF1N0Jc3mHiTfDSRe+23EjLf\nkSaPwZHTV6QSWS+Po6LtZj6pde9Z9FeInRXCQxKk6qOW2SOEo9xTcF+ep0L4Vim+\nUPNVdRsqQiqNpwf9zVs6b37WH4lA4TJK35mIqp56YIU=ACKA77mZTM0McKtn3sh/oSon1ZUafFwauom/dOwWg4m1Hj+EFTQoJ6h3ALWqHtzE\nxugOoqsDzLZ0DSfBZSC1/LQt8zmOH5WWMJcLVBJNJ+rs28+/ZodGSHohyWSifAEC\n2jpPEI42xV4jZwz1DJMgoHxLXxeZYzRR+fcbMko024xG9/HMwHNKc38htaoMy5ec\nv4g22f51yPyu4rSI3oPYZwhCOdTAWcXelk5ppc/fQpnat4MrVF1LgkoYeN9RgdbC\n3P4EFSGIU1kAafEqjqRUnkGrtpG7Wd+MN/M6deCd2s0A8zyLTrwOD87YqEVo1km6\nOJF2OzP67Fzw5Ia7G2ibQVBO4SBQosOILHKgg1cNjYhbGcu4Q0MpwgKA6+ivQ3nC\nCKWv2e0szc56JZiiFhmVn0I+GWLc5l3Zg0/jayAVbOo6uXNBb3jm61w5YQvD5Shd\n+SLD1qcl7KCDqyoH/eGLSpOEklZZNNjtMN3DPhw1ghqPLnBSqpnzNSym1SJnGwpu\nnwuOVY8JweCbNqt7/uf0bDRrLAlYu5Qh19ux9VyPQAhGLEJ7CXz+ZoUoJjuNTKV0\nbPqjpNfId3XPoWgKLnKacU7ldg6Qdl+dF0VBI3rar/qbrRk4p8sM9kV4YNO46ipn\nlRgqtVl4tMKvYK1Z5hO5hmK1ISNfuR+BYp6qZbvC2PeQ0hkRhQBhSWIFO4b2mMUL\nuclcusbL/EceT/SMRh3DvyN8Ho6nNZQgsP2aDITzqZLQGgx19hzczJy2NhNSUYkn\nXwXexYaP2WfL8ie0tBOFC5/kAL22NMl4aUjDbKBNepPDuSD4Gc8UsBtu3Fd2/jLL\n2ahLXkrG1S/FMIfVxE3JG8CDjHJBSXyT3uJ4ZcHLMa6xBRsGFhNC2VXtdkXYvAQ2\nTysEU3m+wuMSbFm0Ui8F2esyNaGMNMU7JfwEDzLX+8QkJ141+aBlJ64g+Hu2JM3K\nCJtVH/cVtB34FQBKOg80O33KNuHeW72sfuJGfljltKItSZhB0nO+/DAhRcDpDZWo\nLbwsI/ollDMgBTnPDshVlV3CJJOyLMWeohOHxSPbTAXKjWdTjf4fk53lz831veka\n7WwO7sz5R+6UrdoGsh66ixqdAQJUe/m0q7GacW2XvnBduF0xMUyaQbSyW8PdyETn\nMssj+rnb3//V14fVbFZ81zeU2i9QG5iWw0EX0hWPCvxoxO1drZE1eVhwyd3V92Jt\n7uSzDGqHPg2gtCaEhXHcQiWupKIrgSHr8S267hVGnfci16LD0DDBV/jFg5nt2vlY\njBPp12xpUOsoR2PIuxDMFEEkKOE4xhu2cOAkPMQSd3FCdupgvPpusyWTwcyxV8L2\n75U26l+zrcQqqo5M967P5koc/WPzcZVXTjTBwSGpr1v6lxhpWRM/eGjzrTxPGOZ+\nYTQiqqoreL0ItYghhxFA2La3yjnbMwC8ZZCGqdmtG4MKtjfW86G91kYfxQIWeLlu\n42gfzDpa8ISJr80PcpmHSOP155bUwBQ07nPR57oun7YTH9/7Ot3VqoFMWzMFTkAl\nI3zmBpF5TKyb0WevzfZi0QrWvN+n28Mwy9tXG5d5Q3ixH0VhYnbiuxDmT18amQqQ\nuIJFO1XlCT4PaM5M5AejdWa4t5e3rt26AUUt4oVIKKdaKfx22U8B/c/BWlfBMHRr\n5AQOIIts0yG+v5AYQkqtRR9Sr7HZIWFqX/WIH7+pCSUQUKJcs4LLsLdjB6NLgCyI\neltwIZiKvXLIT0J7rTzfEZC+xDmEQKDaITfdQNFapuORJ9yCK+qpQmNEinfTkWYg\nBZUlCJEvMfPK1BWoLmsjud/SBjckvZzUcAPoIZheEKkA/bmvlxcucF4aGcZ2G0d3\nuXsrZxaUYr0qUuV5wk4ch2enHrCQNmpNmnwQ9tceq+TJ843mxDTp5p9y8YR8jcvP\nfRi0dF0XYR/IUc5zI03HGFi4QRu1l6gx7xtd3AyBO9mZZAW+A4F3qgs4/igS3IXR\nkUl7RYj5MRzOU5/U5qsK/JgUQwkfN0nCJ8XvpDrYpwCfiRbSR6zvct7/oDP6EkPB\nyek8kQr1YJhsUzKrug0xUDaObWL7ZTVmjJmEude6dqStib/0gzINK//3OATKXr2e\nAM1DV3xbj/YAsFfQZ5Fixs89C6V1GPfrpBV/nAaB+tb9XgXICSBmQ0BP/oHzjxTW\no2jhZluCUGSKfWcZqx2jMsIN5+cn9T9qwBUTdL12Px0ShRH882gh10+a6OWb5D2V\nJnccpyhsXxfcd3KhYyuciXejN2GgAofozaeceNn3rtoaWbved/kRcfzzr7bARdpo\nJKKZlKQKjMiJxZEqd0Y7xRWYhXQuQIGS0HcD4KCcrUfWIWGaHIp7/vKm8AFEILLk\nm9GKhqOyuZLJWsd4saxWjadAMXfgTTVVGi2OfmUy/+HeT3Ps7qlmDA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-X3qtqjUDuPKS0eNli' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpte74ekqh.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpte74ekqh.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_4(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, ) tests/test_51_client.py:2215: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=f1992b3c0311dd6ee59c3f165999536832beabe76a40deaf96bb0a8e332c3e1eurn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==MlR2y3hay1lbJlKSGHtpR3IMbddiESsX0eEqXcPbMF1N0Jc3mHiTfDSRe+23EjLf\nkSaPwZHTV6QSWS+Po6LtZj6pde9Z9FeInRXCQxKk6qOW2SOEo9xTcF+ep0L4Vim+\nUPNVdRsqQiqNpwf9zVs6b37WH4lA4TJK35mIqp56YIU=ACKA77mZTM0McKtn3sh/oSon1ZUafFwauom/dOwWg4m1Hj+EFTQoJ6h3ALWqHtzE\nxugOoqsDzLZ0DSfBZSC1/LQt8zmOH5WWMJcLVBJNJ+rs28+/ZodGSHohyWSifAEC\n2jpPEI42xV4jZwz1DJMgoHxLXxeZYzRR+fcbMko024xG9/HMwHNKc38htaoMy5ec\nv4g22f51yPyu4rSI3oPYZwhCOdTAWcXelk5ppc/fQpnat4MrVF1LgkoYeN9RgdbC\n3P4EFSGIU1kAafEqjqRUnkGrtpG7Wd+MN/M6deCd2s0A8zyLTrwOD87YqEVo1km6\nOJF2OzP67Fzw5Ia7G2ibQVBO4SBQosOILHKgg1cNjYhbGcu4Q0MpwgKA6+ivQ3nC\nCKWv2e0szc56JZiiFhmVn0I+GWLc5l3Zg0/jayAVbOo6uXNBb3jm61w5YQvD5Shd\n+SLD1qcl7KCDqyoH/eGLSpOEklZZNNjtMN3DPhw1ghqPLnBSqpnzNSym1SJnGwpu\nnwuOVY8JweCbNqt7/uf0bDRrLAlYu5Qh19ux9VyPQAhGLEJ7CXz+ZoUoJjuNTKV0\nbPqjpNfId3XPoWgKLnKacU7ldg6Qdl+dF0VBI3rar/qbrRk4p8sM9kV4YNO46ipn\nlRgqtVl4tMKvYK1Z5hO5hmK1ISNfuR+BYp6qZbvC2PeQ0hkRhQBhSWIFO4b2mMUL\nuclcusbL/EceT/SMRh3DvyN8Ho6nNZQgsP2aDITzqZLQGgx19hzczJy2NhNSUYkn\nXwXexYaP2WfL8ie0tBOFC5/kAL22NMl4aUjDbKBNepPDuSD4Gc8UsBtu3Fd2/jLL\n2ahLXkrG1S/FMIfVxE3JG8CDjHJBSXyT3uJ4ZcHLMa6xBRsGFhNC2VXtdkXYvAQ2\nTysEU3m+wuMSbFm0Ui8F2esyNaGMNMU7JfwEDzLX+8QkJ141+aBlJ64g+Hu2JM3K\nCJtVH/cVtB34FQBKOg80O33KNuHeW72sfuJGfljltKItSZhB0nO+/DAhRcDpDZWo\nLbwsI/ollDMgBTnPDshVlV3CJJOyLMWeohOHxSPbTAXKjWdTjf4fk53lz831veka\n7WwO7sz5R+6UrdoGsh66ixqdAQJUe/m0q7GacW2XvnBduF0xMUyaQbSyW8PdyETn\nMssj+rnb3//V14fVbFZ81zeU2i9QG5iWw0EX0hWPCvxoxO1drZE1eVhwyd3V92Jt\n7uSzDGqHPg2gtCaEhXHcQiWupKIrgSHr8S267hVGnfci16LD0DDBV/jFg5nt2vlY\njBPp12xpUOsoR2PIuxDMFEEkKOE4xhu2cOAkPMQSd3FCdupgvPpusyWTwcyxV8L2\n75U26l+zrcQqqo5M967P5koc/WPzcZVXTjTBwSGpr1v6lxhpWRM/eGjzrTxPGOZ+\nYTQiqqoreL0ItYghhxFA2La3yjnbMwC8ZZCGqdmtG4MKtjfW86G91kYfxQIWeLlu\n42gfzDpa8ISJr80PcpmHSOP155bUwBQ07nPR57oun7YTH9/7Ot3VqoFMWzMFTkAl\nI3zmBpF5TKyb0WevzfZi0QrWvN+n28Mwy9tXG5d5Q3ixH0VhYnbiuxDmT18amQqQ\nuIJFO1XlCT4PaM5M5AejdWa4t5e3rt26AUUt4oVIKKdaKfx22U8B/c/BWlfBMHRr\n5AQOIIts0yG+v5AYQkqtRR9Sr7HZIWFqX/WIH7+pCSUQUKJcs4LLsLdjB6NLgCyI\neltwIZiKvXLIT0J7rTzfEZC+xDmEQKDaITfdQNFapuORJ9yCK+qpQmNEinfTkWYg\nBZUlCJEvMfPK1BWoLmsjud/SBjckvZzUcAPoIZheEKkA/bmvlxcucF4aGcZ2G0d3\nuXsrZxaUYr0qUuV5wk4ch2enHrCQNmpNmnwQ9tceq+TJ843mxDTp5p9y8YR8jcvP\nfRi0dF0XYR/IUc5zI03HGFi4QRu1l6gx7xtd3AyBO9mZZAW+A4F3qgs4/igS3IXR\nkUl7RYj5MRzOU5/U5qsK/JgUQwkfN0nCJ8XvpDrYpwCfiRbSR6zvct7/oDP6EkPB\nyek8kQr1YJhsUzKrug0xUDaObWL7ZTVmjJmEude6dqStib/0gzINK//3OATKXr2e\nAM1DV3xbj/YAsFfQZ5Fixs89C6V1GPfrpBV/nAaB+tb9XgXICSBmQ0BP/oHzjxTW\no2jhZluCUGSKfWcZqx2jMsIN5+cn9T9qwBUTdL12Px0ShRH882gh10+a6OWb5D2V\nJnccpyhsXxfcd3KhYyuciXejN2GgAofozaeceNn3rtoaWbved/kRcfzzr7bARdpo\nJKKZlKQKjMiJxZEqd0Y7xRWYhXQuQIGS0HcD4KCcrUfWIWGaHIp7/vKm8AFEILLk\nm9GKhqOyuZLJWsd4saxWjadAMXfgTTVVGi2OfmUy/+HeT3Ps7qlmDA==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-X3qtqjUDuPKS0eNli' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-X3qtqjUDuPKS0eNli', '--output', '/tmp/tmpx_b7btok.xml', '/tmp/tmpte74ekqh.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpte74ekqh.xml" output= ____________________ TestClientNonAsciiAva.test_response_5 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5dbfd6c28ec11c59669df7289cd37daf41c1b7d02ef6ff794c7060d750753593urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==MOTcwHaZ65giP7grPncfPP+wGXbDlRpm3494/Se/2gAZH/kY4V8fY+FS9p3GtJOS\n5PWARMnIUQ1xRKlokwjNWruldLCXyYzV/5uL8+pE7z81dkJ6jnmLGE/gu7XG90Er\nRPZghG8MEIdbRHUuVPhpF4R0fopD2qPCXl381NaGhKo=bR0Q1Hdo1cRqaeufWzvso3qeKy35DrqPCOC6jPgK/fB59f9b/PwH2M7RWrE1QS7w\nqBnobcUxTJwSRdv6/DEnT9BZm6S9WDaITNdD7WJEpPfeU7TxDUXwE8NbLv3AeClf\nWgy31u6AzcoiYb+PXDePlYKIQnN7RLYzSpcWLHeDDMzRe0PBplKAGYq08jivWtNR\nj5N1rOU/Etj4w9mmBSUwF2e7AZUh7qkgpveqXkDA724stPSameXAOwRTOunnMfKE\nj96rT4Xl8bJebaPCcaGmvEGsnrPwAUvM+TMABeNAusXXqYWdPnXa11tY2vx9NdBv\ngddzTo4OZ8N5o1Imcbl9fcoeQ2ISIZEVNLF+me7FqKZxYYRSkwH2YPdAzelcIt2t\ntDwjT27xhU2jyd3LuPzIG1R0w/LOsFXEV9dRz9e74hzlW0A6+jtT26j83EjB8jtZ\n/OlnbmwG56G/E/UE8SpMYA4j+7ZuaR4iESmxuseWCBpoi86h5j2ZWxlif4cNEpzI\nj8GGyFeaqY93JiRlOUSjH9XNlgLE3RWMWB/jncwajfO1iudKdMiTDU96gwBdTl07\nAzzOdGGRDhghxi5SjJxu4ByRJZS4vcIbiQy+zfgziFUb8eRl1uPUY306CyZJcBju\nSmoyeWaOgoePXdbaQI9G0V1DvUezD8/aSINm/5zV82iDHIA5o2e4+SScoGDGhH6o\nURYU0bb5eSaI2ZUItN0IlCVq+rqmDy/9Fh1XOKCJTFDOKWaOtT3lK6weSfkVOeFh\nrUXGIBDiJmdnD/ofULmSl1dWqX8hqk2zSu5SigzyjP1R1WNc2F2jPlHevqeLKeHX\ni7NaM/4yWGWNYFVvIqNQ3cR4OfPJED24fxJa1PdkiyucQU+vgXmiLTiuCv0D3Wl5\nJt15QmD3KLYkACm1QPzVJRxO84a6rKT0S1VD18WcQCuf3E10RZjK9gEvltguPfya\nN+I+8u/eSMcP/PmcedV979NMFlsUha43EBM6H5slABBf8b2WqNtpzl61Co1bKGv8\n4BpPyY9kbwC2D5coKhsC5y5JbDHlrSeiwyNt+auaaJh0aipX51IrPYFEQBtzNDkl\n+SOQvoLXiLjrmykQrfrZTGbz5O+YI/86UepyFOsNKQexmqdq1PznoThNIT6GfKZL\nXRj1fDwFe5JPc7e/FmIMXSFTFzLWieHgat8V+HvQS2OhSFnPzOzCDRzlAqOKB2SD\nphv8zDdbs42wQ771RbnM7GbBBXjmS5onkfnk+8DcEgOaMmjeyIpAh70KHmFg1v/t\n/LyaVjhWFF1UDVD9MJPmzQnAeSWR7agbxaTXP2pcDMmOPa15ZHjCWqiAAKV8horj\ntbsiaz+u3t5vpiTMi52InMueeNst62UPyzRV5u0somG7pPZjp3ClFhY22Z/9D1nu\n0Tf24AWEGpgvqnfDtfscYqn0+Q6bG1z21JBKuZ7QvoH29cfynOGp09G/xruWtHcK\nzWzDfSuwz64sc3aXDhfaM6fFtGtTp4J5MoyuG5q9UQzmdp3HLTMIB0iFFGjs5Bex\noHxfFweVQRDLEle6RHT2SentoWwB0SKG3uJOXOE+p4siS6DKxHctEnLJY+5Oheas\nnz2gjG998BpZAwB+5ywlS6HX7J0tUfYu58rbt79cwVxqTj2ijkRafxhW0h/38W4l\nn3GsYB0Ka69WS2t/tWYXPqpXCS7M1E5MBZawi7J2gmSWIdtMh7/Jx6Tyz0Zwasqf\nIDAfqq4zk5/r0jYk1YmEHw9Q74VN73eSByXOJy0+fDrGMc3GbDdj4z2uVL+KHjjk\n7kCjKNV7XfbXezmEHBjMYHt/wE/UHG+wElZ7BMF6MM8BozCyDPDZ7CuI9xRCcOon\ntsqb3IE9sVGmNenGNSYioWwOjAThf6Fliw+/lYaHcxwId7pXLO21UHeiyoH2Yarj\nbPAu7Isiw6dt2FdM4xDcP9f/1xpDeri7ekAyA5z7zoJ0RVPm7TKSi7TcnGqp3/lQ\nk+2yKa6Nx1D+CK0ay3Om1rzEK2OXakpCKtSyuUrjChFwrtDMKbfoaQbtLvDGZNbC\nLqopr1m1nQxHW9llGpEjkTakySrSIM3Z+6sRdryCjKA3hz9Vm9h1CTCfgAlN+Dp+\neOOVsRYQPc/yuq27A403Y3qDtodz5b3fEH4WMzFfnpcrePC2C3tAxKRVtQMzyDkg\nmvdI56lu3e8MEiAFunUiZlQfKrES6+HxTpQW26NOxQ7NLT7/3BZP/eUKJy+5s2Xj\niaj+iVCNLW7XVa6ohNItOhrRTYcHPlt1SuDnTMxj6rEx0eOradNcoXYCIEuyjHAh\nTrD2Fz2snaZyMY0MA+uLqlOFyhMM8hObNPwKByVcGdrCoRDqNfGN1gyxk9V9CR8e\n4d4KlIOZNwQqcZ6gckb0YMWe4yXvjjsRxYOWLPnJgyaBW6BPff3Gww==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-fQClrNGbjQ4rZw2xK' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpl2qwzx79.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpl2qwzx79.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_5(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:2253: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=5dbfd6c28ec11c59669df7289cd37daf41c1b7d02ef6ff794c7060d750753593urn:mace:example.com:saml:roland:spMIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV\nBAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF\nWnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0\nMzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox\nDjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB\nnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM\nEzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME\nIG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI\np8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy\nCZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR\n6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh\n2wz3u7waz/GypMeA/suhoEfxew==MOTcwHaZ65giP7grPncfPP+wGXbDlRpm3494/Se/2gAZH/kY4V8fY+FS9p3GtJOS\n5PWARMnIUQ1xRKlokwjNWruldLCXyYzV/5uL8+pE7z81dkJ6jnmLGE/gu7XG90Er\nRPZghG8MEIdbRHUuVPhpF4R0fopD2qPCXl381NaGhKo=bR0Q1Hdo1cRqaeufWzvso3qeKy35DrqPCOC6jPgK/fB59f9b/PwH2M7RWrE1QS7w\nqBnobcUxTJwSRdv6/DEnT9BZm6S9WDaITNdD7WJEpPfeU7TxDUXwE8NbLv3AeClf\nWgy31u6AzcoiYb+PXDePlYKIQnN7RLYzSpcWLHeDDMzRe0PBplKAGYq08jivWtNR\nj5N1rOU/Etj4w9mmBSUwF2e7AZUh7qkgpveqXkDA724stPSameXAOwRTOunnMfKE\nj96rT4Xl8bJebaPCcaGmvEGsnrPwAUvM+TMABeNAusXXqYWdPnXa11tY2vx9NdBv\ngddzTo4OZ8N5o1Imcbl9fcoeQ2ISIZEVNLF+me7FqKZxYYRSkwH2YPdAzelcIt2t\ntDwjT27xhU2jyd3LuPzIG1R0w/LOsFXEV9dRz9e74hzlW0A6+jtT26j83EjB8jtZ\n/OlnbmwG56G/E/UE8SpMYA4j+7ZuaR4iESmxuseWCBpoi86h5j2ZWxlif4cNEpzI\nj8GGyFeaqY93JiRlOUSjH9XNlgLE3RWMWB/jncwajfO1iudKdMiTDU96gwBdTl07\nAzzOdGGRDhghxi5SjJxu4ByRJZS4vcIbiQy+zfgziFUb8eRl1uPUY306CyZJcBju\nSmoyeWaOgoePXdbaQI9G0V1DvUezD8/aSINm/5zV82iDHIA5o2e4+SScoGDGhH6o\nURYU0bb5eSaI2ZUItN0IlCVq+rqmDy/9Fh1XOKCJTFDOKWaOtT3lK6weSfkVOeFh\nrUXGIBDiJmdnD/ofULmSl1dWqX8hqk2zSu5SigzyjP1R1WNc2F2jPlHevqeLKeHX\ni7NaM/4yWGWNYFVvIqNQ3cR4OfPJED24fxJa1PdkiyucQU+vgXmiLTiuCv0D3Wl5\nJt15QmD3KLYkACm1QPzVJRxO84a6rKT0S1VD18WcQCuf3E10RZjK9gEvltguPfya\nN+I+8u/eSMcP/PmcedV979NMFlsUha43EBM6H5slABBf8b2WqNtpzl61Co1bKGv8\n4BpPyY9kbwC2D5coKhsC5y5JbDHlrSeiwyNt+auaaJh0aipX51IrPYFEQBtzNDkl\n+SOQvoLXiLjrmykQrfrZTGbz5O+YI/86UepyFOsNKQexmqdq1PznoThNIT6GfKZL\nXRj1fDwFe5JPc7e/FmIMXSFTFzLWieHgat8V+HvQS2OhSFnPzOzCDRzlAqOKB2SD\nphv8zDdbs42wQ771RbnM7GbBBXjmS5onkfnk+8DcEgOaMmjeyIpAh70KHmFg1v/t\n/LyaVjhWFF1UDVD9MJPmzQnAeSWR7agbxaTXP2pcDMmOPa15ZHjCWqiAAKV8horj\ntbsiaz+u3t5vpiTMi52InMueeNst62UPyzRV5u0somG7pPZjp3ClFhY22Z/9D1nu\n0Tf24AWEGpgvqnfDtfscYqn0+Q6bG1z21JBKuZ7QvoH29cfynOGp09G/xruWtHcK\nzWzDfSuwz64sc3aXDhfaM6fFtGtTp4J5MoyuG5q9UQzmdp3HLTMIB0iFFGjs5Bex\noHxfFweVQRDLEle6RHT2SentoWwB0SKG3uJOXOE+p4siS6DKxHctEnLJY+5Oheas\nnz2gjG998BpZAwB+5ywlS6HX7J0tUfYu58rbt79cwVxqTj2ijkRafxhW0h/38W4l\nn3GsYB0Ka69WS2t/tWYXPqpXCS7M1E5MBZawi7J2gmSWIdtMh7/Jx6Tyz0Zwasqf\nIDAfqq4zk5/r0jYk1YmEHw9Q74VN73eSByXOJy0+fDrGMc3GbDdj4z2uVL+KHjjk\n7kCjKNV7XfbXezmEHBjMYHt/wE/UHG+wElZ7BMF6MM8BozCyDPDZ7CuI9xRCcOon\ntsqb3IE9sVGmNenGNSYioWwOjAThf6Fliw+/lYaHcxwId7pXLO21UHeiyoH2Yarj\nbPAu7Isiw6dt2FdM4xDcP9f/1xpDeri7ekAyA5z7zoJ0RVPm7TKSi7TcnGqp3/lQ\nk+2yKa6Nx1D+CK0ay3Om1rzEK2OXakpCKtSyuUrjChFwrtDMKbfoaQbtLvDGZNbC\nLqopr1m1nQxHW9llGpEjkTakySrSIM3Z+6sRdryCjKA3hz9Vm9h1CTCfgAlN+Dp+\neOOVsRYQPc/yuq27A403Y3qDtodz5b3fEH4WMzFfnpcrePC2C3tAxKRVtQMzyDkg\nmvdI56lu3e8MEiAFunUiZlQfKrES6+HxTpQW26NOxQ7NLT7/3BZP/eUKJy+5s2Xj\niaj+iVCNLW7XVa6ohNItOhrRTYcHPlt1SuDnTMxj6rEx0eOradNcoXYCIEuyjHAh\nTrD2Fz2snaZyMY0MA+uLqlOFyhMM8hObNPwKByVcGdrCoRDqNfGN1gyxk9V9CR8e\n4d4KlIOZNwQqcZ6gckb0YMWe4yXvjjsRxYOWLPnJgyaBW6BPff3Gww==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-fQClrNGbjQ4rZw2xK' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-fQClrNGbjQ4rZw2xK', '--output', '/tmp/tmp7i6buu7y.xml', '/tmp/tmpl2qwzx79.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpl2qwzx79.xml" output= ____________________ TestClientNonAsciiAva.test_response_6 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=00e1059d959f43a0b1a517725d5eea6bea45c3e3318af58698698a0e5cb52292urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjUzWhcNMzQxMDI3MTAzNjUzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwCm1MFqre1b1WnwfSFVWIT7tRM2Fg/mFooCQI6oEa61VINPMAmeGaLtI\nzaz68tBsj5PceFJ7u9Ckq1yHFqKb/FFuPVIlTXBEm+ob71ZJ1k6RW8TaScKSKLDi\nwxkclF9/qnG76MzHquyTveMx4KGoOxYq7GkK3lAqoAvLkAJlaY/2TFLd0hmZEWZ9\nCgTxCaSzmSG/9KDVl81T40VeoV/zlSQpynPRxe+WRJVm1WBVk7wnpupD/wH5SKAU\nM2ySJGesU0eiCHuPeG8+oVF3z5BHWIcCAcADKVHjC1tts+ZXQIuJ2VvKIsxbnSIk\n2cDJq/xleSQfOUtMZT6rzPf6iANSswIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAADV\nO6cDFcwUYV4sUcrpIsifj3yuaqabV0uQsa3cl58GSzgVFGO1cx5te83FwZpQHwiD\nagmcAN0rNjefllKpA2wj8h4CYonHaYGT8MNe2Emwr4HD7FpJSIv4XEHuE1IBJEsZ\n/tLN890kY0m1gpGZsbDneMPubaWZmjdAYjbJ4LKrmWYFTyfN+T+mqCwcxvz/zzbzXRuHh/31lxLOvtOmoGN6DANl2MRSwyDfuaiSl2+b\nGl/5Vxrh2BMb991RjOvVvBH6xVT8ce67eqY/S0rsSaM/kZ9AYM+ulFAby/cIBxwV\nrWXytrQlMrn4zkBoGK+VEPfF2Bo8A0jkYgm1Ye8HEQlpNpcfN7Gl0kz0lqqEnryA\nwqQg+WdQmtckS4L3vYU2qSr1Nv4woA4IJCTTqSaSndCW1JE1IpUR+jC6qou8iSBi\na6rlQpMXYz/0AEzQBf13Mier9VVcK1lQz7WEPBcGHnG4dvV2m8Nk7gUjDDr4MFMD\nLns/InTRZz0F4su/QKKwMw==dJ+xIXB7tVpSjhXg80ZmM3KhYGwe1GMF0P9WIMOxE9WAF4RYueRyT95+qdQ0hXyY\nJT907D30A1a65pyOgxgSazh4WjyI3z8LN2jC/B4yVWR2u2IBc5immqMmSKvVTJTc\nikUigd2AZyZXfAVmXBWqjABDDXz1IoQFMHuRbpfPxbsdjKihrfZv2s2bSlwU/x1Z\nlcT1aWlz9A9dT51wZAnCYaQBBUorz3wavdhGq316T+VT/pKWCYDlQ1Yrq9ivc31s\nKK4DabUsojgLECl9QkiYtV1bMjAf+PLTiPFP3eLt5UqMEbPRBJIPpfYa7r5BsCDV\np/Isws3DIdbE8Jts6Kmp/F5UNBQTDNwj4i5lv+B0HUI3V5yazmBBSwYqtjB/BT0F\nDaroROHzusiBWTBLqsUs3AbfH54MVk6UPqy5NJLXYQcnew0/iMdstC2dyb9Zj9XR\nuaHzuWqwDAFQbM/sZLYtNkyOI3GI1wGghMpPB7tdBT4ps+kfMa62FXd95Nn5vmnK\nCs+yxiYoHmZA32Et85AJbeEZdJnUuwa47JH/HagQzGXFWtfcR73C2nrLCBvrqORC\n0AedFP81sazuarPfsMEuvCrfzCTYjyKnmPVmMkDFiV5OE5i8S+8knX2fNSD1qvPt\njIpnwKQYHpmYRwmX6gCEr3T37x7jN6S2eRn9OxmVsFkyKCwYkQg53CrJGvX18Mg9\nIGHOGcGrmr3+vjX9hdhG6GjnxI9L7lfI5Qqofd+Xfxzmd6IVnH2McFWfGNHUEyvZ\nnSA0M3Vi48JIhFjLdQbgUxd3j0Tdl2FVTcPf+k+5fLe6AZUC02Xyu9XRcvUoUeZw\niGxeuEjfIsW3+/7FU4dSb8YwrrTEoGvEHAzakYRbL3KJqmY44uBTfM+fi6vmI6n1\n+21+bZbkJ/+XG7xesAk6nHd/Jfni3TKGDByNANTo+oY/TdSk+Bt1yj6jlPHjbcVP\neUZW/T9HUMf9eqPnXVkW9OeBtd2XSV3Pze1np19bsmHxEniXZvS1EQL8OtTg8W8l\nz4/Q9Qy3UtCPU4cWPNF17bwWLqzIftUdds5e+US7GC+WVNpw1N4kgG6EUI6zGshR\nL1rQdR/a30OHRnb9rwYQfxoCAKl2gspVbndnzbOgcNZnDWY7XLco4V8xOjAcpVjp\nlV6wpJWbz3RqP1OV801FSIut2v/WtrG74ktV1Yyz3OBAXQ3u16Pyf2T+SZLE+8Nl\nEdJGgmTxiYXdd4Mdql3Cfqxf7IbeJpxwOTXAip2sZ21SvJsT4ysIft3MH6zp/ukT\nJtSz4afVJhaMzocyIE0htIAo+jcVkQ2BCUBOm+FU+DvoHcUS8XVdG9MPkThSdwo0\nrGN7OTNUs1xELnbbA300kVg7wX0vrklkh7gYG8qxlItFGMv6dII2SPrsXPi9sDe4\nNcu625Dvcl5ZCvwwYVgOhxXccVYzpF+F7UEBlaaTbcBH+2bA7eucSe/tQcyoB2+N\nVgvWhZrcmsxMVsIfn4v+InUHomvOgG7g1V6AoHDPdK3NtLYoQjAIL0NiD9B3b4S/\nVQcDMbrb58VUEoy90o150VI9KZlqS7KSkFAPAmQCtyuDr2r03JpqTlSmnAVwEhoK\nMHHqZmlGg4k47bn3/PJwLUgiaVABpNcYLK9U5Z+z9hePJimxLvyKA3NICEcf8qqK\nmRvQB3X0gVANqgRlk+QFYZt9TI4eKFkPSeew48w6rVs+6w02w13AdFWd7il4Q8hs\n34oXauy/SROzBuZoT0b77OxMejfoaVn93HA0P+vsWtb777Y/Z0pkcKpgP5KfvwpR\nw9W4b1x6zCXqtdTJHgrdotg8lMwFYoAbDcTbChso8txDbmcr60zRM7mhI+qwflXe\nZVKBHH+3TyTgd2R71AJy3QV9RfOkdB/WcZokVxf64kXu65eETKd8psgzEG/wCni+\n0anZLl34kbdLqQoiNjuMBQ8/6J8M5ZRL+bCbcQUUTpY+8dtPZzqHMj+/F/2Z6qXy\nqBNd0j18EIzrFqoqrOelGr70PmiXdi82VYKPRgq2W4iSoL7aiHiFDbZxmLgGNZdz\nHYWNPcx5Qer895sxbDUWXYJCN5+J7DFSmaYnG/mEQgYEvpjkiOPucZ7Wt+3iQcJU\nuCBXKMMykTuOTWNz4aVfT4oJ94KxW14fz9gZrDeyVpjeF+wxNRCoMuFUTQ60pcG1\ngHa2kco8cLMxVIXa7JemaWTdm+BR/f7Fj8KJqhLKL5hpknz1lzeCUcBMjlVD5A5r\nO9mgZoTbmuAFQIO+MLXnQ7dDXsarSoOCVgIWVlBgbkHB3ThTnkxokAob4c6tZD4S\nDLibQ15/ShpWpEE1+pWuzthhSOxTxUzix/fKpzQ7cy11XDg621ORTndZlj7JTO3+\np/Q/0XjUjpkUxPXMgqWlLDA3PhsriIRKnCb4lCCd+tB84Yx/AUntew==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-T4PQsqtwX8S3XfBcU' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpenu6mc63.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpenu6mc63.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_6(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_assertion_str, cert_key_assertion_str = generate_cert() cert_assertion = {"cert": cert_assertion_str, "key": cert_key_assertion_str} cert_advice_str, cert_key_advice_str = generate_cert() cert_advice = {"cert": cert_advice_str, "key": cert_key_advice_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, pefim=True, encrypt_cert_assertion=cert_assertion_str, encrypt_cert_advice=cert_advice_str, ) tests/test_51_client.py:2296: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=00e1059d959f43a0b1a517725d5eea6bea45c3e3318af58698698a0e5cb52292urn:mace:example.com:saml:roland:spMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMDI5MTAzNjUzWhcNMzQxMDI3MTAzNjUzWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwCm1MFqre1b1WnwfSFVWIT7tRM2Fg/mFooCQI6oEa61VINPMAmeGaLtI\nzaz68tBsj5PceFJ7u9Ckq1yHFqKb/FFuPVIlTXBEm+ob71ZJ1k6RW8TaScKSKLDi\nwxkclF9/qnG76MzHquyTveMx4KGoOxYq7GkK3lAqoAvLkAJlaY/2TFLd0hmZEWZ9\nCgTxCaSzmSG/9KDVl81T40VeoV/zlSQpynPRxe+WRJVm1WBVk7wnpupD/wH5SKAU\nM2ySJGesU0eiCHuPeG8+oVF3z5BHWIcCAcADKVHjC1tts+ZXQIuJ2VvKIsxbnSIk\n2cDJq/xleSQfOUtMZT6rzPf6iANSswIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAADV\nO6cDFcwUYV4sUcrpIsifj3yuaqabV0uQsa3cl58GSzgVFGO1cx5te83FwZpQHwiD\nagmcAN0rNjefllKpA2wj8h4CYonHaYGT8MNe2Emwr4HD7FpJSIv4XEHuE1IBJEsZ\n/tLN890kY0m1gpGZsbDneMPubaWZmjdAYjbJ4LKrmWYFTyfN+T+mqCwcxvz/zzbzXRuHh/31lxLOvtOmoGN6DANl2MRSwyDfuaiSl2+b\nGl/5Vxrh2BMb991RjOvVvBH6xVT8ce67eqY/S0rsSaM/kZ9AYM+ulFAby/cIBxwV\nrWXytrQlMrn4zkBoGK+VEPfF2Bo8A0jkYgm1Ye8HEQlpNpcfN7Gl0kz0lqqEnryA\nwqQg+WdQmtckS4L3vYU2qSr1Nv4woA4IJCTTqSaSndCW1JE1IpUR+jC6qou8iSBi\na6rlQpMXYz/0AEzQBf13Mier9VVcK1lQz7WEPBcGHnG4dvV2m8Nk7gUjDDr4MFMD\nLns/InTRZz0F4su/QKKwMw==dJ+xIXB7tVpSjhXg80ZmM3KhYGwe1GMF0P9WIMOxE9WAF4RYueRyT95+qdQ0hXyY\nJT907D30A1a65pyOgxgSazh4WjyI3z8LN2jC/B4yVWR2u2IBc5immqMmSKvVTJTc\nikUigd2AZyZXfAVmXBWqjABDDXz1IoQFMHuRbpfPxbsdjKihrfZv2s2bSlwU/x1Z\nlcT1aWlz9A9dT51wZAnCYaQBBUorz3wavdhGq316T+VT/pKWCYDlQ1Yrq9ivc31s\nKK4DabUsojgLECl9QkiYtV1bMjAf+PLTiPFP3eLt5UqMEbPRBJIPpfYa7r5BsCDV\np/Isws3DIdbE8Jts6Kmp/F5UNBQTDNwj4i5lv+B0HUI3V5yazmBBSwYqtjB/BT0F\nDaroROHzusiBWTBLqsUs3AbfH54MVk6UPqy5NJLXYQcnew0/iMdstC2dyb9Zj9XR\nuaHzuWqwDAFQbM/sZLYtNkyOI3GI1wGghMpPB7tdBT4ps+kfMa62FXd95Nn5vmnK\nCs+yxiYoHmZA32Et85AJbeEZdJnUuwa47JH/HagQzGXFWtfcR73C2nrLCBvrqORC\n0AedFP81sazuarPfsMEuvCrfzCTYjyKnmPVmMkDFiV5OE5i8S+8knX2fNSD1qvPt\njIpnwKQYHpmYRwmX6gCEr3T37x7jN6S2eRn9OxmVsFkyKCwYkQg53CrJGvX18Mg9\nIGHOGcGrmr3+vjX9hdhG6GjnxI9L7lfI5Qqofd+Xfxzmd6IVnH2McFWfGNHUEyvZ\nnSA0M3Vi48JIhFjLdQbgUxd3j0Tdl2FVTcPf+k+5fLe6AZUC02Xyu9XRcvUoUeZw\niGxeuEjfIsW3+/7FU4dSb8YwrrTEoGvEHAzakYRbL3KJqmY44uBTfM+fi6vmI6n1\n+21+bZbkJ/+XG7xesAk6nHd/Jfni3TKGDByNANTo+oY/TdSk+Bt1yj6jlPHjbcVP\neUZW/T9HUMf9eqPnXVkW9OeBtd2XSV3Pze1np19bsmHxEniXZvS1EQL8OtTg8W8l\nz4/Q9Qy3UtCPU4cWPNF17bwWLqzIftUdds5e+US7GC+WVNpw1N4kgG6EUI6zGshR\nL1rQdR/a30OHRnb9rwYQfxoCAKl2gspVbndnzbOgcNZnDWY7XLco4V8xOjAcpVjp\nlV6wpJWbz3RqP1OV801FSIut2v/WtrG74ktV1Yyz3OBAXQ3u16Pyf2T+SZLE+8Nl\nEdJGgmTxiYXdd4Mdql3Cfqxf7IbeJpxwOTXAip2sZ21SvJsT4ysIft3MH6zp/ukT\nJtSz4afVJhaMzocyIE0htIAo+jcVkQ2BCUBOm+FU+DvoHcUS8XVdG9MPkThSdwo0\nrGN7OTNUs1xELnbbA300kVg7wX0vrklkh7gYG8qxlItFGMv6dII2SPrsXPi9sDe4\nNcu625Dvcl5ZCvwwYVgOhxXccVYzpF+F7UEBlaaTbcBH+2bA7eucSe/tQcyoB2+N\nVgvWhZrcmsxMVsIfn4v+InUHomvOgG7g1V6AoHDPdK3NtLYoQjAIL0NiD9B3b4S/\nVQcDMbrb58VUEoy90o150VI9KZlqS7KSkFAPAmQCtyuDr2r03JpqTlSmnAVwEhoK\nMHHqZmlGg4k47bn3/PJwLUgiaVABpNcYLK9U5Z+z9hePJimxLvyKA3NICEcf8qqK\nmRvQB3X0gVANqgRlk+QFYZt9TI4eKFkPSeew48w6rVs+6w02w13AdFWd7il4Q8hs\n34oXauy/SROzBuZoT0b77OxMejfoaVn93HA0P+vsWtb777Y/Z0pkcKpgP5KfvwpR\nw9W4b1x6zCXqtdTJHgrdotg8lMwFYoAbDcTbChso8txDbmcr60zRM7mhI+qwflXe\nZVKBHH+3TyTgd2R71AJy3QV9RfOkdB/WcZokVxf64kXu65eETKd8psgzEG/wCni+\n0anZLl34kbdLqQoiNjuMBQ8/6J8M5ZRL+bCbcQUUTpY+8dtPZzqHMj+/F/2Z6qXy\nqBNd0j18EIzrFqoqrOelGr70PmiXdi82VYKPRgq2W4iSoL7aiHiFDbZxmLgGNZdz\nHYWNPcx5Qer895sxbDUWXYJCN5+J7DFSmaYnG/mEQgYEvpjkiOPucZ7Wt+3iQcJU\nuCBXKMMykTuOTWNz4aVfT4oJ94KxW14fz9gZrDeyVpjeF+wxNRCoMuFUTQ60pcG1\ngHa2kco8cLMxVIXa7JemaWTdm+BR/f7Fj8KJqhLKL5hpknz1lzeCUcBMjlVD5A5r\nO9mgZoTbmuAFQIO+MLXnQ7dDXsarSoOCVgIWVlBgbkHB3ThTnkxokAob4c6tZD4S\nDLibQ15/ShpWpEE1+pWuzthhSOxTxUzix/fKpzQ7cy11XDg621ORTndZlj7JTO3+\np/Q/0XjUjpkUxPXMgqWlLDA3PhsriIRKnCb4lCCd+tB84Yx/AUntew==urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/login' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-T4PQsqtwX8S3XfBcU' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-T4PQsqtwX8S3XfBcU', '--output', '/tmp/tmp4wnr177c.xml', '/tmp/tmpenu6mc63.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpenu6mc63.xml" output= ____________________ TestClientNonAsciiAva.test_response_7 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=cfc67236ab4bd2bd248fb7e8137131da1d560ed89e771e238a1c12f6c09fe7c0urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-CvGRlsZ1OQHMHe0v9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp_l2ecd_w.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp_l2ecd_w.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_7(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypted_advice_attributes=True, ) tests/test_51_client.py:2335: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=cfc67236ab4bd2bd248fb7e8137131da1d560ed89e771e238a1c12f6c09fe7c0urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-CvGRlsZ1OQHMHe0v9' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-CvGRlsZ1OQHMHe0v9', '--output', '/tmp/tmpikso9je6.xml', '/tmp/tmp_l2ecd_w.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp_l2ecd_w.xml" output= ____________________ TestClientNonAsciiAva.test_response_8 _____________________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=4444391b8c2719ee57806238bf5f2afdebcc39d5712a40d993a59295c9611ff1urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-i95ah0uOhu7tYldkQ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpdjl_ahcp.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpdjl_ahcp.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_response_8(self): conf = config.SPConfig() conf.load_file("server_conf") _client = Saml2Client(conf) idp, ava, ava_verify, nameid_policy = self.setup_verify_authn_response() self.name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id1") cert_str, cert_key_str = generate_cert() cert = {"cert": cert_str, "key": cert_key_str} > resp = self.server.create_authn_response( identity=ava, in_response_to="id1", destination="http://lingon.catalogix.se:8087/", sp_entity_id="urn:mace:example.com:saml:roland:sp", name_id=self.name_id, userid="foba0001@example.com", authn=AUTHN, sign_response=True, sign_assertion=True, encrypt_assertion=True, encrypt_assertion_self_contained=True, encrypt_cert_assertion=cert_str, ) tests/test_51_client.py:2373: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:900: in _response response = signed_instance_factory(response, self.sec, to_sign_assertion) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=4444391b8c2719ee57806238bf5f2afdebcc39d5712a40d993a59295c9611ff1urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepciónDave@cnr.mlb.com#13' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-i95ah0uOhu7tYldkQ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-i95ah0uOhu7tYldkQ', '--output', '/tmp/tmpabtlljjn.xml', '/tmp/tmpdjl_ahcp.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpdjl_ahcp.xml" output= ____________ TestClientNonAsciiAva.test_sign_then_encrypt_assertion ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sbtjUZSc04kEGGNts' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpl3z1r78o.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpl3z1r78o.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion(self): # Begin with the IdPs side _sec = self.server.sec assertion = s_utils.assertion_factory( subject=factory(saml.Subject, text="_aaa", name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT)), attribute_statement=do_attribute_statement( { ("", "", "sn"): ("Jeter", ""), ("", "", "givenName"): ("Derek", ""), } ), issuer=self.server._issuer(), ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id ) tests/test_51_client.py:2557: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=_aaaJeterDerek' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-sbtjUZSc04kEGGNts' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sbtjUZSc04kEGGNts', '--output', '/tmp/tmp5kdxcj_z.xml', '/tmp/tmpl3z1r78o.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpl3z1r78o.xml" output= ___________ TestClientNonAsciiAva.test_sign_then_encrypt_assertion2 ____________ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KdFgWGwzWPsKNIgKJ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpvog2p6rw.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpvog2p6rw.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion2(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Dave", "sn": "Concepción"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), name_id=factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) assertion.signature = sigver.pre_signature_part(assertion.id, _sec.my_cert, 1) > sigass = _sec.sign_statement( assertion, class_name(assertion), key_file=self.client.sec.key_file, node_id=assertion.id ) tests/test_51_client.py:2628: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-KdFgWGwzWPsKNIgKJ' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KdFgWGwzWPsKNIgKJ', '--output', '/tmp/tmpwyqtqar2.xml', '/tmp/tmpvog2p6rw.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpvog2p6rw.xml" output= _______ TestClientNonAsciiAva.test_sign_then_encrypt_assertion_advice_1 ________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-vuuPiW1GebRPjFvUH' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpcknqbajt.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpcknqbajt.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_1(self): # Begin with the IdPs side _sec = self.server.sec nameid_policy = samlp.NameIDPolicy(allow_create="false", format=saml.NAMEID_FORMAT_PERSISTENT) asser = Assertion({"givenName": "Dave", "sn": "Concepción"}) subject_confirmation_specs = { "recipient": "http://lingon.catalogix.se:8087/", "in_response_to": "_012345", "subject_confirmation_method": saml.SCM_BEARER, } name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) assertion = asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), name_id=name_id, authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", farg=farg["assertion"], ) a_asser = Assertion({"uid": "test01", "email": "test.testsson@test.se"}) a_assertion = a_asser.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion.signature = sigver.pre_signature_part(a_assertion.id, _sec.my_cert, 1) assertion.advice = Advice() assertion.advice.encrypted_assertion = [] assertion.advice.encrypted_assertion.append(EncryptedAssertion()) assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion.append(assertion) > response = _sec.sign_statement( f"{response}", class_name(a_assertion), key_file=self.client.sec.key_file, node_id=a_assertion.id ) tests/test_51_client.py:2730: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01test.testsson@test.seurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDaveConcepción' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-vuuPiW1GebRPjFvUH' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-vuuPiW1GebRPjFvUH', '--output', '/tmp/tmpr76bs_u7.xml', '/tmp/tmpcknqbajt.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpcknqbajt.xml" output= _______ TestClientNonAsciiAva.test_sign_then_encrypt_assertion_advice_2 ________ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDave' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-9vjmh8e2DhyWGmhV0' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpyw13lhds.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpyw13lhds.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_sign_then_encrypt_assertion_advice_2(self): # Begin with the IdPs side _sec = self.server.sec asser_1 = Assertion({"givenName": "Dave"}) farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER]) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "in_response_to", "_012345"], ) add_path( farg["assertion"]["subject"]["subject_confirmation"], ["subject_confirmation_data", "recipient", "http://lingon.catalogix.se:8087/"], ) name_id = factory(saml.NameID, format=NAMEID_FORMAT_TRANSIENT) assertion_1 = asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) asser_2 = Assertion({"sn": "Concepción"}) assertion_2 = asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_1 = Assertion({"uid": "test01"}) a_assertion_1 = a_asser_1.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_2 = Assertion({"email": "test.testsson@test.se"}) a_assertion_2 = a_asser_2.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_3 = Assertion({"street": "street"}) a_assertion_3 = a_asser_3.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_asser_4 = Assertion({"title": "title"}) a_assertion_4 = a_asser_4.construct( self.client.config.entityid, self.server.config.attribute_converters, self.server.config.getattr("policy", "idp"), issuer=self.server._issuer(), authn_class=INTERNETPROTOCOLPASSWORD, authn_auth="http://www.example.com/login", name_id=name_id, farg=farg["assertion"], ) a_assertion_1.signature = sigver.pre_signature_part(a_assertion_1.id, _sec.my_cert, 1) a_assertion_2.signature = sigver.pre_signature_part(a_assertion_2.id, _sec.my_cert, 1) a_assertion_3.signature = sigver.pre_signature_part(a_assertion_3.id, _sec.my_cert, 1) a_assertion_4.signature = sigver.pre_signature_part(a_assertion_4.id, _sec.my_cert, 1) assertion_1.signature = sigver.pre_signature_part(assertion_1.id, _sec.my_cert, 1) assertion_2.signature = sigver.pre_signature_part(assertion_2.id, _sec.my_cert, 1) response = response_factory( in_response_to="_012345", destination="http://lingon.catalogix.se:8087/", status=s_utils.success_status_factory(), issuer=self.server._issuer(), ) response.assertion = assertion_1 response.assertion.advice = Advice() response.assertion.advice.encrypted_assertion = [] response.assertion.advice.encrypted_assertion.append(EncryptedAssertion()) response.assertion.advice.encrypted_assertion[0].add_extension_element(a_assertion_1) advice_tag = response.assertion.advice._to_element_tree().tag assertion_tag = a_assertion_1._to_element_tree().tag response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion( assertion_tag, advice_tag ) > response = _sec.sign_statement( f"{response}", class_name(a_assertion_1), key_file=self.server.sec.key_file, node_id=a_assertion_1.id ) tests/test_51_client.py:2890: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = 'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:spurn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/logintest01urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPasswordhttp://www.example.com/loginDave' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-9vjmh8e2DhyWGmhV0' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-9vjmh8e2DhyWGmhV0', '--output', '/tmp/tmprpmaw7_g.xml', '/tmp/tmpyw13lhds.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpyw13lhds.xml" output= _____________ TestClientNonAsciiAva.test_do_logout_signed_redirect _____________ self = def test_do_logout_signed_redirect(self): conf = config.SPConfig() conf.load_file("sp_slo_redirect_conf") client = Saml2Client(conf) # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, } client.users.add_information_about_person(session_info) entity_ids = client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_REDIRECT ) tests/test_51_client.py:3066: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:333: in do_logout http_info = self.apply_binding( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:286: in apply_binding info = http_redirect_message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=nVJLS8NAEP4ry97bbNIHdWgClVJoqS1WEfW2JBu7sruT7kyk%2FntJ7EEUevA0MHzPYeaBFGzxDVs%2BmFNriMXZu0AQSOWyjQFQkyUI2hsCLuFhcbeFbKigichYopMXAmnvrjM0kYlsMUixXubSVoPd6Tl7vy1XL6WKH%2FtNs5HiyUSyGHKZDZUUa6LWrAOxDpzLTGXjQaoG2c1jqmA0hcn4VYqlIbZBc886MjeQJA5L7Y5IDDM1myXkUIqD0dRBHm00lRQ75H3Yx0XNJv6WHqe9dDHvSkEfIooVRq%2F5esVuY6tB3UPBBLb8KYuO4XVpwJy1b5wZluj7e0FEp0MF1MyTH1YX3532Zr0U3bhvtbO17ZLWiPIfWTjqQNYElkWajcaT6cXx26SYJ38eofgC&RelayState=id-NqX2jBcFYc0rvOJpJ%7C1730198214%7Cb144ce2cdca623690d742cac838956a6a82081ee&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm __________________ TestClientNonAsciiAva.test_do_logout_post ___________________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Wwd8SvDUOCD3dcaz0' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmpyk8o4nh3.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpyk8o4nh3.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_post(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:3102: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Wwd8SvDUOCD3dcaz0' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-Wwd8SvDUOCD3dcaz0', '--output', '/tmp/tmp0n0qm8xk.xml', '/tmp/tmpyk8o4nh3.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpyk8o4nh3.xml" output= _____________ TestClientNonAsciiAva.test_do_logout_session_expired _____________ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-MBV2Uy5SRcoGfpcJY' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', ...] extra_args = ['/tmp/tmp82ui11yk.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp82ui11yk.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_do_logout_session_expired(self): # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": a_while_ago(minutes=15), "ava": {"givenName": "Anders", "sn": "Österberg", "mail": "anders.osterberg@example.com"}, "session_index": SessionIndex("_foo"), } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] > resp = self.client.do_logout( nid, entity_ids, "Tired", in_a_while(minutes=5), sign=True, expected_binding=BINDING_HTTP_POST ) tests/test_51_client.py:3127: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/client.py:321: in do_logout req_id, request = self.create_logout_request( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:1147: in create_logout_request return self._message( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:588: in _message signed_req = self.sign( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:spMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=123456_foo' node_name = 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-MBV2Uy5SRcoGfpcJY' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-MBV2Uy5SRcoGfpcJY', '--output', '/tmp/tmpcsy3eosf.xml', '/tmp/tmp82ui11yk.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp82ui11yk.xml" output= ___________________ TestSignedResponse.test_signed_response ____________________ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=834027e59c8c18c2870f211e315ee272b15ba1275cc4b0465826e9361066250eurn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Tpds2dMQxu7pLWsw2' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmpieuwh22x.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmpieuwh22x.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response(self): print(ds.DefaultSignature().get_digest_alg()) name_id = self.server.ident.transient_nameid("urn:mace:example.com:saml:roland:sp", "id12") ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["derek@nyy.mlb.com"], "title": "The man"} > signed_resp = self.server.create_authn_response( ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, ) tests/test_52_default_sign_alg.py:70: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:760: in _response return signed_instance_factory(response, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpurn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=834027e59c8c18c2870f211e315ee272b15ba1275cc4b0465826e9361066250eurn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-Tpds2dMQxu7pLWsw2' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Tpds2dMQxu7pLWsw2', '--output', '/tmp/tmpr5cjhz9_.xml', '/tmp/tmpieuwh22x.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ----------------------------- Captured stdout call ----------------------------- http://www.w3.org/2000/09/xmldsig#sha1 ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmpieuwh22x.xml" output= __________________ TestSignedResponse.test_signed_response_1 ___________________ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3b52a6af8e3f3083fee5239b09f6dfcb98a402c9aacfe511c4c50de1c1254559urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-n5tyAx5e8hQ2J1DfC' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: > (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:796: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = com_list = ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', ...] extra_args = ['/tmp/tmp1ilgfm3h.xml'] def _run_xmlsec(self, com_list, extra_args): """ Common code to invoke xmlsec and parse the output. :param com_list: Key-value parameter list for xmlsec :param extra_args: Positional parameters to be appended after all key-value parameters :result: Whatever xmlsec wrote to an --output temporary file """ with NamedTemporaryFile(suffix=".xml") as ntf: com_list.extend(["--output", ntf.name]) if self.version_nums >= (1, 3): com_list.extend(['--lax-key-search']) com_list += extra_args logger.debug("xmlsec command: %s", " ".join(com_list)) pof = Popen(com_list, stderr=PIPE, stdout=PIPE) p_out, p_err = pof.communicate() p_out = p_out.decode() p_err = p_err.decode() if pof.returncode != 0: errmsg = f"returncode={pof.returncode}\nerror={p_err}\noutput={p_out}" logger.error(errmsg) > raise XmlsecError(errmsg) E saml2.sigver.XmlsecError: returncode=1 E error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate E func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest E func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 E func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: E func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL E func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: E func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: E func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: E Error: signature failed E Error: failed to sign file "/tmp/tmp1ilgfm3h.xml" E E output= ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:870: XmlsecError The above exception was the direct cause of the following exception: self = def test_signed_response_1(self): > signed_resp = self.server.create_authn_response( self.ava, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=self.name_id, sign_response=True, sign_assertion=True, ) tests/test_52_default_sign_alg.py:87: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:860: in create_authn_response return self._authn_response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/server.py:590: in _authn_response return self._response( ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:918: in _response return self.sign(response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/entity.py:524: in sign return signed_instance_factory(msg, self.sec, to_sign) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:331: in signed_instance_factory signed_xml = seccont.sign_statement(signed_xml, node_name=node_name, node_id=nodeid) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1695: in sign_statement return self.crypto.sign_statement( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = statement = b'urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=urn:mace:example.com:saml:roland:idpMIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaNefiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0GA1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJsiojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSwmDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6mrPzGzk3ECbupFnqyREH3+ZPSdk=3b52a6af8e3f3083fee5239b09f6dfcb98a402c9aacfe511c4c50de1c1254559urn:mace:example.com:saml:roland:spDerekJeterderek@nyy.mlb.comThe man' node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' key_file = '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key' node_id = 'id-n5tyAx5e8hQ2J1DfC' def sign_statement(self, statement, node_name, key_file, node_id): """ Sign an XML statement. :param statement: The statement to be signed :param node_name: string like 'urn:oasis:names:...:Assertion' :param key_file: The file where the key can be found :param node_id: :return: The signed statement """ if isinstance(statement, SamlBase): statement = str(statement) tmp = make_temp(statement, suffix=".xml", decode=False, delete_tmpfiles=self.delete_tmpfiles) com_list = [ self.xmlsec, "--sign", "--privkey-pem", key_file, "--id-attr:ID", node_name, ] if node_id: com_list.extend(["--node-id", node_id]) try: (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name]) except XmlsecError as e: > raise SignatureError(com_list) from e E saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-n5tyAx5e8hQ2J1DfC', '--output', '/tmp/tmph2cftvav.xml', '/tmp/tmp1ilgfm3h.xml'] ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:798: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=432:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd; err=18; msg=self-signed certificate func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=562:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformDefaultPushBin:file=transforms.c:line=1934:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1 func=xmlSecTransformIOBufferClose:file=transforms.c:line=2563:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: func=xmlSecTransformC14NPushXml:file=c14n.c:line=243:obj=exc-c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed:xml error: 0: NULL func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1052:obj=exc-c14n:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=561:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=296:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: Error: signature failed Error: failed to sign file "/tmp/tmp1ilgfm3h.xml" output= _____________________________________ test _____________________________________ def test(): with closing(Server(config_file=dotname("idp_all_conf"))) as idp: conf = SPConfig() conf.load_file(dotname("servera_conf")) sp = Saml2Client(conf) srvs = sp.metadata.single_sign_on_service(idp.config.entityid, BINDING_HTTP_REDIRECT) destination = srvs[0]["location"] req_id, req = sp.create_authn_request(destination, id="id1") > info = http_redirect_message( req, destination, relay_state="RS", typ="SAMLRequest", sigalg=SIG_RSA_SHA1, sign=True, backend=sp.sec.sec_backend, ) tests/test_70_redirect_signing.py:33: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/pack.py:182: in http_redirect_message args["Signature"] = base64.b64encode(signer.sign(string_enc)) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:521: in sign return saml2.cryptography.asymmetric.key_sign(key or self.key, msg, self.digest) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ rsakey = message = b'SAMLRequest=pZPNbtswEIRfReBdP1abxiFsAa6DoDbSVrDVHHpjqY3Nhlyq3FUiv30gRUF9aIUAuZKznI%2FD4QIpk6uWj7iDPy0QR52zSBIpW4o2oPSKDElUDkiylvvV11uZJ5lsgmevvRXjAClnpycUEQQ2HkW0uV4KU8f50%2FbmpLeXD2o7u7O%2FyysR3UEg43Ep8iQT0YaohQ0SK%2BSlyLP8YzzL4vyqmmXywyd5cfFTRNdAbFDxMHVkbmSaWq%2BVPXpiOc%2Fm85TIpwFqE0CziMqR%2FLPB2uBhGvrXi4jkl6oq4%2FL7vhLR6vUia4%2FUOgh7CI9Gw4%2Fd7V8CgwePiVasrD%2BYLiHoWS7Twf%2FR1BC%2BKQcv5k5pkNAp11hItHdDmDJ4q7CW1IhiMSwMaYToxgeneBq7XzF1fD9IJSAbPoniDV6L9MyqWPTtGIsB9VCTtUeGjqO1d40KhvrUoVOaXynPVWuriHZwX0z2Qkvd64BkqYiefKj7JwLNUFdBITU%2B8Mj1z8Pf71sZB%2FsT6so%2FAE5apf9NZNw7%2F0vFMw%3D%3D&RelayState=RS&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1' digest = def key_sign(rsakey, message, digest): """Sign the given message with the RSA key.""" padding = _asymmetric.padding.PKCS1v15() > signature = rsakey.sign(message, padding, digest) E cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/asymmetric.py:17: UnsupportedAlgorithm _ TestAuthnResponse.test_signed_assertion_with_random_embedded_cert_should_be_ignored _ self = mock_validate_on_or_after = @patch("saml2.response.validate_on_or_after", return_value=True) def test_signed_assertion_with_random_embedded_cert_should_be_ignored(self, mock_validate_on_or_after): """ if the embedded cert is not ignored then verification will fail """ conf = config_factory("sp", dotname("server_conf")) ar = authn_response(conf, return_addrs="https://51.15.251.81.xip.io/acs/post") ar.issue_instant_ok = Mock(return_value=True) with open(SIGNED_ASSERTION_RANDOM_EMBEDDED_CERT) as fp: xml_response = fp.read() ar.outstanding_queries = {"id-abc": "http://localhost:8088/sso"} ar.timeslack = 10000 # .loads does not check the assertion, only the response signature # use .verify to verify the contents of the response assert ar.loads(xml_response, decode=False) > assert ar.verify() tests/test_xmlsec1_key_data.py:78: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:1026: in verify if self.parse_assertion(keys): ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:918: in parse_assertion if not self._assertion(assertion, False): ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/response.py:791: in _assertion self.sec.check_signature(assertion, class_name(assertion), self.xmlstr) ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1538: in check_signature return self._check_signature( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = decoded_xml = '\n\n urn:mace:example.com:saml:roland:idp\n \n \n \n \n urn:mace:example.com:saml:roland:idp\n \n \n \n \n \n \n \n \n \n \n NHB0WhPWj5OyRz9N52fZrEBWK3dXT2pVVT54f4kg1tM=\n \n \n Mo4ZheAEDvdPQwWvT5SOYZZ2IBELwtmBpdsn+Th+IvsanychWQ6JHYKTI8hl+3DigbqQwdsqet8n9sfdvr+D+Q7XozjVaFPdzUGC9d96Mn/vrc+JIP/ESoDjDUQEsoSBhUFlrbu7tPJDJehPgd/maIwd/GqEHWXFlm1ZWVCmaH8=\n \n \n MIIFLDCCBBSgAwIBAgISA3UxXAgBWRS1D74GOLiAjky6MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTAxMTcyMDIxNTNaFw0yMTA0MTcyMDIxNTNaMB4xHDAaBgNVBAMTEzUxLjE1LjI1MS44MS54aXAuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkjSN9vZDOwE1m7g1vyiwBsKBKNItyy05BcHUkM8fabBcsavugT8uE4wYz5aeZrnKb5dbDLHaZe6Dl5GHgRO8s7REwSJ/BHT3/eMaEakLwIGE5/6QSWuBjOawPfmYarW5IqoITjSt/o/jxu3haouqbr7XYf1WOuZmc6iwGnEgm0+cVB4CA0VGnnLYfsjp9iMt3pFI8a8ipdwp5lfzZU+j8JMVEn6SZhNjjTAjcakBQmZv4Q5/yU6yqfGjG47DO62xB/PPbDy78hDorER2v8UkoDTGV4aZrZaNltHBUxNohIiQnkhuakMmbf0NhA2ExBJw6KTCCxfYkyUX3CgYzaAnxAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHD7gcF0sNITPqhwcUlFyOBrkxRFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEzUxLjE1LjI1MS44MS54aXAuaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXcSOcqvAAAEAwBGMEQCIFhvPWYY+2VO55bHO1Sa9zJQk7B1kvCi7sfDCxAYp7mEAiBTKx6XD0GkfNGhji0LGuelvfD7gZOUSzURlJW1ahYcgQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdxI5yq4AAAQDAEgwRgIhAONNwcNZ66IxsWcUNDS0B9KV8Kk4VS9b/wUFNBHAQl3SAiEAxO5GwgaK3glL/6L/J7qpiedJBAs3h5406MWC0v4uYZ8wDQYJKoZIhvcNAQELBQADggEBAAZgbgfOb4+uI9kMGF4fMiompHeUFDXGyIND6y4FsfWHJG4Fn3aG+VQN/UtHeO8UusjS13/2yw3O+PeNTstBl+q6Ssega8zTYx2j3h3RFqM9JR8SWa83B0UTgyaxX3PTmfegV4/RZxC7KQ8pqjcLwKJSTgZF6W40Jo16tKVoi0VQY/2Gre6E9D1tPVw//mDGJST/5IcbFvtr79uft76IA+T674qNgAriBKxWncSbGzE42w2QsYsGMHHJn3vKbNl7alll9eJBqvdi1Q7ay86oI7NDQ0PPwjnB0/i4BOO0qQBcBSUIPPEChcrooEqN9PwM20aoyIjje0rtDGSxnEQRrg0=\n MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==\n \n \n \n \n attack-name-id\n \n \n \n \n \n \n urn:mace:example.com:saml:roland:sp\n \n \n \n \n urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified\n \n \n \n\n' item = node_name = 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion' origdoc = '\n\n urn:mace:example.com:saml:roland:idp\n \n \n \n \n urn:mace:example.com:saml:roland:idp\n \n \n \n \n \n \n \n \n \n \n NHB0WhPWj5OyRz9N52fZrEBWK3dXT2pVVT54f4kg1tM=\n \n \n Mo4ZheAEDvdPQwWvT5SOYZZ2IBELwtmBpdsn+Th+IvsanychWQ6JHYKTI8hl+3DigbqQwdsqet8n9sfdvr+D+Q7XozjVaFPdzUGC9d96Mn/vrc+JIP/ESoDjDUQEsoSBhUFlrbu7tPJDJehPgd/maIwd/GqEHWXFlm1ZWVCmaH8=\n \n \n MIIFLDCCBBSgAwIBAgISA3UxXAgBWRS1D74GOLiAjky6MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTAxMTcyMDIxNTNaFw0yMTA0MTcyMDIxNTNaMB4xHDAaBgNVBAMTEzUxLjE1LjI1MS44MS54aXAuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkjSN9vZDOwE1m7g1vyiwBsKBKNItyy05BcHUkM8fabBcsavugT8uE4wYz5aeZrnKb5dbDLHaZe6Dl5GHgRO8s7REwSJ/BHT3/eMaEakLwIGE5/6QSWuBjOawPfmYarW5IqoITjSt/o/jxu3haouqbr7XYf1WOuZmc6iwGnEgm0+cVB4CA0VGnnLYfsjp9iMt3pFI8a8ipdwp5lfzZU+j8JMVEn6SZhNjjTAjcakBQmZv4Q5/yU6yqfGjG47DO62xB/PPbDy78hDorER2v8UkoDTGV4aZrZaNltHBUxNohIiQnkhuakMmbf0NhA2ExBJw6KTCCxfYkyUX3CgYzaAnxAgMBAAGjggJOMIICSjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHD7gcF0sNITPqhwcUlFyOBrkxRFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB4GA1UdEQQXMBWCEzUxLjE1LjI1MS44MS54aXAuaW8wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m9scOygAAAXcSOcqvAAAEAwBGMEQCIFhvPWYY+2VO55bHO1Sa9zJQk7B1kvCi7sfDCxAYp7mEAiBTKx6XD0GkfNGhji0LGuelvfD7gZOUSzURlJW1ahYcgQB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABdxI5yq4AAAQDAEgwRgIhAONNwcNZ66IxsWcUNDS0B9KV8Kk4VS9b/wUFNBHAQl3SAiEAxO5GwgaK3glL/6L/J7qpiedJBAs3h5406MWC0v4uYZ8wDQYJKoZIhvcNAQELBQADggEBAAZgbgfOb4+uI9kMGF4fMiompHeUFDXGyIND6y4FsfWHJG4Fn3aG+VQN/UtHeO8UusjS13/2yw3O+PeNTstBl+q6Ssega8zTYx2j3h3RFqM9JR8SWa83B0UTgyaxX3PTmfegV4/RZxC7KQ8pqjcLwKJSTgZF6W40Jo16tKVoi0VQY/2Gre6E9D1tPVw//mDGJST/5IcbFvtr79uft76IA+T674qNgAriBKxWncSbGzE42w2QsYsGMHHJn3vKbNl7alll9eJBqvdi1Q7ay86oI7NDQ0PPwjnB0/i4BOO0qQBcBSUIPPEChcrooEqN9PwM20aoyIjje0rtDGSxnEQRrg0=\n MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==\n \n \n \n \n attack-name-id\n \n \n \n \n \n \n urn:mace:example.com:saml:roland:sp\n \n \n \n \n urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified\n \n \n \n\n' must = False, only_valid_cert = False, issuer = None def _check_signature( self, decoded_xml, item, node_name=NODE_NAME, origdoc=None, must=False, only_valid_cert=False, issuer=None ): try: _issuer = item.issuer.text.strip() except AttributeError: _issuer = None if _issuer is None: try: _issuer = issuer.text.strip() except AttributeError: _issuer = None # More trust in certs from metadata then certs in the XML document if self.metadata: try: _certs = self.metadata.certs(_issuer, "any", "signing") except KeyError: _certs = [] certs = [] for cert_name, cert in _certs: if isinstance(cert, str): content = pem_format(cert) tmp = make_temp(content, suffix=".pem", decode=False, delete_tmpfiles=self.delete_tmpfiles) certs.append(tmp) else: certs.append(cert) else: certs = [] if not certs and not self.only_use_keys_in_metadata: logger.debug("==== Certs from instance ====") certs = [ make_temp(content=pem_format(cert), suffix=".pem", decode=False, delete_tmpfiles=self.delete_tmpfiles) for cert in cert_from_instance(item) ] else: logger.debug("==== Certs from metadata ==== %s: %s ====", _issuer, certs) if not certs: raise MissingKey(_issuer) try: validate_doc_with_schema(str(item)) except XMLSchemaError as e: error_context = { "message": "Signature verification failed. Invalid document format.", "reason": str(e), "ID": item.id, "issuer": _issuer, "type": node_name, "document": decoded_xml, } raise SignatureError(error_context) from e # saml-core section "5.4 XML Signature Profile" defines constrains on the # xmldsig-core facilities. It explicitly dictates that enveloped signatures # are the only signatures allowed. This means that: # * Assertion/RequestType/ResponseType elements must have an ID attribute # * signatures must have a single Reference element # * the Reference element must have a URI attribute # * the URI attribute contains an anchor # * the anchor points to the enclosing element's ID attribute signed_info = item.signature.signed_info references = signed_info.reference signatures_must_have_a_single_reference_element = len(references) == 1 the_Reference_element_must_have_a_URI_attribute = signatures_must_have_a_single_reference_element and hasattr( references[0], "uri" ) the_URI_attribute_contains_an_anchor = ( the_Reference_element_must_have_a_URI_attribute and references[0].uri.startswith("#") and len(references[0].uri) > 1 ) the_anchor_points_to_the_enclosing_element_ID_attribute = ( the_URI_attribute_contains_an_anchor and references[0].uri == f"#{item.id}" ) # SAML implementations SHOULD use Exclusive Canonicalization, # with or without comments canonicalization_method_is_c14n = signed_info.canonicalization_method.algorithm in ALLOWED_CANONICALIZATIONS # Signatures in SAML messages SHOULD NOT contain transforms other than the # - enveloped signature transform # (with the identifier http://www.w3.org/2000/09/xmldsig#enveloped-signature) # - or the exclusive canonicalization transforms # (with the identifier http://www.w3.org/2001/10/xml-exc-c14n# # or http://www.w3.org/2001/10/xml-exc-c14n#WithComments). transform_algos = [transform.algorithm for transform in references[0].transforms.transform] tranform_algos_valid = ALLOWED_TRANSFORMS.intersection(transform_algos) transform_algos_n = len(transform_algos) tranform_algos_valid_n = len(tranform_algos_valid) the_number_of_transforms_is_one_or_two = ( signatures_must_have_a_single_reference_element and 1 <= transform_algos_n <= 2 ) all_transform_algs_are_allowed = ( the_number_of_transforms_is_one_or_two and transform_algos_n == tranform_algos_valid_n ) the_enveloped_signature_transform_is_defined = ( the_number_of_transforms_is_one_or_two and TRANSFORM_ENVELOPED in transform_algos ) # The element is not defined for use with SAML signatures, # and SHOULD NOT be present. # Since it can be used in service of an attacker by carrying unsigned data, # verifiers SHOULD reject signatures that contain a element. object_element_is_not_present = not item.signature.object validators = { "signatures must have a single reference element": (signatures_must_have_a_single_reference_element), "the Reference element must have a URI attribute": (the_Reference_element_must_have_a_URI_attribute), "the URI attribute contains an anchor": (the_URI_attribute_contains_an_anchor), "the anchor points to the enclosing element ID attribute": ( the_anchor_points_to_the_enclosing_element_ID_attribute ), "canonicalization method is c14n": canonicalization_method_is_c14n, "the number of transforms is one or two": (the_number_of_transforms_is_one_or_two), "all transform algs are allowed": all_transform_algs_are_allowed, "the enveloped signature transform is defined": (the_enveloped_signature_transform_is_defined), "object element is not present": object_element_is_not_present, } if not all(validators.values()): error_context = { "message": "Signature failed to meet constraints on xmldsig", "validators": validators, "item ID": item.id, "reference URI": item.signature.signed_info.reference[0].uri, "issuer": _issuer, "node name": node_name, "xml document": decoded_xml, } raise SignatureError(error_context) verified = False last_pem_file = None for pem_fd in certs: try: last_pem_file = pem_fd.name if self.verify_signature( decoded_xml, pem_fd.name, node_name=node_name, node_id=item.id, ): verified = True break except XmlsecError as exc: logger.error("check_sig: %s", str(exc)) except Exception as exc: logger.error("check_sig: %s", str(exc)) raise if verified or only_valid_cert: if not self.cert_handler.verify_cert(last_pem_file): raise CertificateError("Invalid certificate!") else: > raise SignatureError("Failed to verify signature") E saml2.sigver.SignatureError: Failed to verify signature ../BUILDROOT/usr/lib/python3.13/site-packages/saml2/sigver.py:1525: SignatureError ------------------------------ Captured log call ------------------------------- ERROR saml2.sigver:sigver.py:869 returncode=1 error=func=xmlSecOpenSSLEvpSignatureVerify:file=evp_signatures.c:line=449:obj=rsa-sha1:subj=EVP_VerifyFinal_ex:error=4:crypto library function failed:openssl error: error:03000098:digital envelope routines::invalid digest func=xmlSecTransformVerifyNodeContent:file=transforms.c:line=1544:obj=rsa-sha1:subj=xmlSecTransformVerify:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=367:obj=unknown:subj=xmlSecTransformVerifyNodeContent:error=1:xmlsec library function failed: Error: signature failed ERROR SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 Error: failed to verify file "/tmp/tmpt_2wzqdo.xml" output= ERROR saml2.sigver:sigver.py:1516 check_sig: ['/usr/bin/xmlsec1', '--verify', '--enabled-reference-uris', 'empty,same-doc', '--enabled-key-data', 'raw-x509-cert', '--pubkey-cert-pem', '/tmp/tmpk57pyi_p.pem', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'the-assertion-id', '--output', '/tmp/tmp3f3624_i.xml', '/tmp/tmpt_2wzqdo.xml'] ERROR saml2.response:response.py:793 correctly_signed_response: Failed to verify signature =============================== warnings summary =============================== ../../../../../usr/lib64/python3.13/site-packages/bson/__init__.py:193 /usr/lib64/python3.13/site-packages/bson/__init__.py:193: DeprecationWarning: datetime.datetime.utcfromtimestamp() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.fromtimestamp(timestamp, datetime.UTC). EPOCH_NAIVE = datetime.datetime.utcfromtimestamp(0) tests/test_10_time_util.py: 2 warnings tests/test_20_assertion.py: 6 warnings tests/test_32_cache.py: 5 warnings tests/test_34_population.py: 4 warnings tests/test_41_response.py: 4 warnings tests/test_42_enc.py: 6 warnings tests/test_44_authnresp.py: 4 warnings tests/test_50_server.py: 160 warnings tests/test_51_client.py: 145 warnings tests/test_52_default_sign_alg.py: 6 warnings tests/test_62_vo.py: 2 warnings tests/test_63_ecp.py: 5 warnings tests/test_64_artifact.py: 4 warnings tests/test_65_authn_query.py: 7 warnings tests/test_66_name_id_mapping.py: 2 warnings tests/test_67_manage_name_id.py: 3 warnings tests/test_68_assertion_id.py: 4 warnings tests/test_89_http_post_relay_state.py: 2 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/time_util.py:177: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). return datetime.utcnow() + delta tests/test_50_server.py: 7 warnings tests/test_51_client.py: 27 warnings tests/test_63_ecp.py: 3 warnings tests/test_64_artifact.py: 2 warnings tests/test_65_authn_query.py: 5 warnings tests/test_66_name_id_mapping.py: 2 warnings tests/test_67_manage_name_id.py: 3 warnings tests/test_68_assertion_id.py: 2 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/time_util.py:187: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). return datetime.utcnow() - delta tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 12 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:141: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. cert = crypto.X509Req() tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 12 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:161: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. tmp_cert = crypto.dump_certificate_request(crypto.FILETYPE_PEM, cert) tests/test_50_server.py: 18 warnings tests/test_51_client.py: 10 warnings tests/test_81_certificates.py: 12 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:246: DeprecationWarning: CSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography. req_cert = crypto.load_certificate_request(crypto.FILETYPE_PEM, request_cert_str) tests/test_50_server.py: 8 warnings tests/test_81_certificates.py: 17 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:281: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). now = pytz.UTC.localize(datetime.datetime.utcnow()) tests/test_50_server.py::TestServer1::test_encrypted_response_6 tests/test_50_server.py::TestServer1::test_encrypted_response_6 tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains tests/test_81_certificates.py::TestGenerateCertificates::test_validate_expire tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cert.py:331: DeprecationWarning: verify() is deprecated. Use the equivalent APIs in cryptography. crypto.verify(ca_cert, cert_crypto.signature, cert_crypto.tbs_certificate_bytes, cert_algorithm) tests/test_92_aes.py: 35 warnings /builddir/build/BUILD/python-pysaml2-7.4.2-build/BUILDROOT/usr/lib/python3.13/site-packages/saml2/cryptography/symmetric.py:124: DeprecationWarning: AESCipher type is deprecated. It will be removed in the next version. Use saml2.cryptography.symmetric.Default or saml2.cryptography.symmetric.Fernet instead. _warn(_deprecation_msg, DeprecationWarning) -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html =========================== short test summary info ============================ SKIPPED [1] tests/test_37_entity_categories.py:296: Temporarily disabled SKIPPED [1] tests/test_37_entity_categories.py:325: Temporarily disabled SKIPPED [1] tests/test_37_entity_categories.py:358: Temporarily disabled SKIPPED [1] tests/test_40_sigver.py:101: pyasn1 is not installed SKIPPED [1] tests/test_60_sp.py:59: s2repoze dependencies not installed SKIPPED [1] tests/test_60_sp.py:62: s2repoze dependencies not installed ERROR tests/test_41_response.py::TestResponse::test_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yYqWOPFtyty3gZm9Y', '--output', '/tmp/tmph4oa5j7r.xml', '/tmp/tmpezmm6fhv.xml'] ERROR tests/test_41_response.py::TestResponse::test_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yYqWOPFtyty3gZm9Y', '--output', '/tmp/tmph4oa5j7r.xml', '/tmp/tmpezmm6fhv.xml'] ERROR tests/test_41_response.py::TestResponse::test_issuer_none - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yYqWOPFtyty3gZm9Y', '--output', '/tmp/tmph4oa5j7r.xml', '/tmp/tmpezmm6fhv.xml'] ERROR tests/test_41_response.py::TestResponse::test_false_sign - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yYqWOPFtyty3gZm9Y', '--output', '/tmp/tmph4oa5j7r.xml', '/tmp/tmpezmm6fhv.xml'] ERROR tests/test_41_response.py::TestResponse::test_other_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-yYqWOPFtyty3gZm9Y', '--output', '/tmp/tmph4oa5j7r.xml', '/tmp/tmpezmm6fhv.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_signed_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_parse_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_verify_w_authn - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_unpack_nested_eptid - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] ERROR tests/test_44_authnresp.py::TestAuthnResponse::test_multiple_attribute_statement - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KkjcUdkjng1Ncopc9', '--output', '/tmp/tmpjbvbrpti.xml', '/tmp/tmpbzcu8bgm.xml'] FAILED tests/test_39_metadata.py::test_signed_metadata_proper_str_bytes_handling - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:metadata:EntityDescriptor', '--output', '/tmp/tmp5yeoh0ub.xml', '/tmp/tmp934zbez3.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp_txx3htj.xml', '/tmp/tmp_95jezrp.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpf821s9k2.xml', '/tmp/tmp1r72rk4s.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_multiple_signatures_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpd7sxw1bw.xml', '/tmp/tmp82jj2gmy.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpi0ahth0k.xml', '/tmp/tmpp776kwte.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmpkedw5d95.xml', '/tmp/tmpeebowlq7.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpn3apazzk.xml', '/tmp/tmpusnkeqao.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpfn40v8vv.xml', '/tmp/tmp3sb6hfhg.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_sign_verify_assertion_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmp50uam5a9.xml', '/tmp/tmp9l2ied3f.xml'] FAILED tests/test_40_sigver.py::TestSecurity::test_exception_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpiejbkdxr.xml', '/tmp/tmp98h877w0.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp356hi10k.xml', '/tmp/tmpam0zjcuc.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpi5x8d7g9.xml', '/tmp/tmplsjcudn7.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_multiple_signatures_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmppr85y7fc.xml', '/tmp/tmpvzltvdqc.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpatqvo8p2.xml', '/tmp/tmpnvz9njma.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11122', '--output', '/tmp/tmpid9212no.xml', '/tmp/tmphck5s0za.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmprwclnvup.xml', '/tmp/tmpvbwmzsas.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmpy16qqz_a.xml', '/tmp/tmpegoswpjl.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_sign_verify_assertion_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11100', '--output', '/tmp/tmpxlipmpem.xml', '/tmp/tmp8lhs2dn2.xml'] FAILED tests/test_40_sigver.py::TestSecurityNonAsciiAva::test_exception_sign_verify_with_cert_from_instance - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-22222', '--output', '/tmp/tmpz1fhmgix.xml', '/tmp/tmp2ho9p29x.xml'] FAILED tests/test_40_sigver.py::test_xbox - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmp26rig2yf.xml', '/tmp/tmprp_t97pp.xml'] FAILED tests/test_40_sigver.py::test_xbox_non_ascii_ava - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-11111', '--output', '/tmp/tmps_9rbgjf.xml', '/tmp/tmpc3ycxifg.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-NlgiixIFqRd9KEZAq', '--output', '/tmp/tmptjrhiwvl.xml', '/tmp/tmpe7pjw4hi.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-vzA4e0yxOLJdGsHiN', '--output', '/tmp/tmpq5zwwrud.xml', '/tmp/tmpjy6y3wwx.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-ruc2yCTlBDhSpcCoo', '--output', '/tmp/tmp9fqwhyyu.xml', '/tmp/tmpujga8xj9.xml'] FAILED tests/test_50_server.py::TestServer1::test_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-uvIUygvIFAasZMLQa', '--output', '/tmp/tmpmp0me1ca.xml', '/tmp/tmpezvd2qia.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-pSwJ3EHB6Zrql5d66', '--output', '/tmp/tmpognjkwwo.xml', '/tmp/tmpucjiisjg.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-hl8gJepw9NSvUfxfX', '--output', '/tmp/tmpobypsor1.xml', '/tmp/tmpo_cd1o1m.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-M79CGPJLEnCE0IWNB', '--output', '/tmp/tmpan2b5ax4.xml', '/tmp/tmpnyp5avex.xml'] FAILED tests/test_50_server.py::TestServer1::test_encrypted_signed_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ntg8v5hKpUQSafB2k', '--output', '/tmp/tmp0eet4_u7.xml', '/tmp/tmp1b44e7qr.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-J9rViRl3yoz3KLqfi', '--output', '/tmp/tmpu2lm1tch.xml', '/tmp/tmp6g9taveb.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-HzgeeRK3JEr6N1p0a', '--output', '/tmp/tmp_vjxg1iw.xml', '/tmp/tmpr7q9fvyv.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-fZtfS9XCXM0RAUrfI', '--output', '/tmp/tmp_8ddkd_e.xml', '/tmp/tmpjsipli_p.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-BVOSBzxKCBB2XS4m7', '--output', '/tmp/tmp_knbll4g.xml', '/tmp/tmpkfg_n07g.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-lS5gaLM2RND59lPkw', '--output', '/tmp/tmpwgts9tut.xml', '/tmp/tmp6k7ssx3x.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-ZFlqKo9e2CPAvClom', '--output', '/tmp/tmpqaxrwwyh.xml', '/tmp/tmpu6lnzrvh.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-lMT72l0JUdJxSM9Yn', '--output', '/tmp/tmp3ffu34oc.xml', '/tmp/tmp_o0ub1lc.xml'] FAILED tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_signed_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-wwECWM9zwpiCvJhKt', '--output', '/tmp/tmpzvjm30fo.xml', '/tmp/tmpoj1zez56.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_auth_request_0 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmpdpw5b3gx.xml', '/tmp/tmp9w59t0hb.xml'] FAILED tests/test_51_client.py::TestClient::test_logout_response - saml2.SAMLError: {'message': 'No supported bindings found to create LogoutResponse', 'issuer': 'urn:mace:example.com:saml:roland:idp', 'response_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']} FAILED tests/test_51_client.py::TestClient::test_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-jzrQq7R4qzBX09CCi', '--output', '/tmp/tmpa51zpp_q.xml', '/tmp/tmp82c3_1la.xml'] FAILED tests/test_51_client.py::TestClient::test_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-5TrYyT0B4clXh3Pne', '--output', '/tmp/tmpf7e70g6r.xml', '/tmp/tmpc2ic_p3p.xml'] FAILED tests/test_51_client.py::TestClient::test_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-ziDSiGP9lpiVmZ2d7', '--output', '/tmp/tmp3c2xuyxo.xml', '/tmp/tmpu9s3206g.xml'] FAILED tests/test_51_client.py::TestClient::test_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sriwiv8sRcwIDdpv5', '--output', '/tmp/tmpecoeu293.xml', '/tmp/tmp7mf3b0j7.xml'] FAILED tests/test_51_client.py::TestClient::test_response_5 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-OyeeHuMy6qb9JLoYR', '--output', '/tmp/tmpzxahb745.xml', '/tmp/tmp7n6irn_j.xml'] FAILED tests/test_51_client.py::TestClient::test_response_6 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-PpfBHqbjt7wKttRva', '--output', '/tmp/tmpzxqp2rff.xml', '/tmp/tmpkr130bqy.xml'] FAILED tests/test_51_client.py::TestClient::test_response_7 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-6E3D4zxfZm5h3CxiU', '--output', '/tmp/tmpvzlqvwg1.xml', '/tmp/tmpwvw3ns84.xml'] FAILED tests/test_51_client.py::TestClient::test_response_8 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-5Kwy95f1KeXniustp', '--output', '/tmp/tmpjxikt00n.xml', '/tmp/tmp1276gfpk.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-EnlfL1llOR93273Wx', '--output', '/tmp/tmpq64p9w95.xml', '/tmp/tmpe2q3tnci.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-WLsXswBAOh7DokeGl', '--output', '/tmp/tmpctbd4rf4.xml', '/tmp/tmpto_i49je.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-HkNJZNWphHaXq6uyL', '--output', '/tmp/tmp4gjejbcz.xml', '/tmp/tmpj4g9tzk3.xml'] FAILED tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-iOU6GTxhhb0gmK7OO', '--output', '/tmp/tmpx7ngfrnj.xml', '/tmp/tmpo_c7kfiw.xml'] FAILED tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_signed_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClient::test_do_logout_post - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-x3Mlzhyio90ShFaaw', '--output', '/tmp/tmpf3ightx2.xml', '/tmp/tmp6f7fc6zp.xml'] FAILED tests/test_51_client.py::TestClient::test_do_logout_session_expired - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-dd0KypovU6wAjQQMQ', '--output', '/tmp/tmppfcxtq9b.xml', '/tmp/tmprkteq7iz.xml'] FAILED tests/test_51_client.py::TestClient::test_signature_wants - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-c9jthdukybUldgsyS', '--output', '/tmp/tmpeuq026en.xml', '/tmp/tmprvsaa7o2.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:AuthnRequest', '--node-id', 'id1', '--output', '/tmp/tmp0s5r3tx9.xml', '/tmp/tmplsp1hnzp.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:Response', '--node-id', 'id-Al7Sow2SLy6JxRe9p', '--output', '/tmp/tmpxif4mprv.xml', '/tmp/tmpb7qv0lqf.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-iZxaU9IefMzpd0voF', '--output', '/tmp/tmpf85w5w3l.xml', '/tmp/tmprnacadtw.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sMx0Rj902w3GzPmub', '--output', '/tmp/tmpj3x5v_9x.xml', '/tmp/tmps8xiut53.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-X3qtqjUDuPKS0eNli', '--output', '/tmp/tmpx_b7btok.xml', '/tmp/tmpte74ekqh.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-fQClrNGbjQ4rZw2xK', '--output', '/tmp/tmp7i6buu7y.xml', '/tmp/tmpl2qwzx79.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-T4PQsqtwX8S3XfBcU', '--output', '/tmp/tmp4wnr177c.xml', '/tmp/tmpenu6mc63.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-CvGRlsZ1OQHMHe0v9', '--output', '/tmp/tmpikso9je6.xml', '/tmp/tmp_l2ecd_w.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-i95ah0uOhu7tYldkQ', '--output', '/tmp/tmpabtlljjn.xml', '/tmp/tmpdjl_ahcp.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-sbtjUZSc04kEGGNts', '--output', '/tmp/tmp5kdxcj_z.xml', '/tmp/tmpl3z1r78o.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-KdFgWGwzWPsKNIgKJ', '--output', '/tmp/tmpwyqtqar2.xml', '/tmp/tmpvog2p6rw.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-vuuPiW1GebRPjFvUH', '--output', '/tmp/tmpr76bs_u7.xml', '/tmp/tmpcknqbajt.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-9vjmh8e2DhyWGmhV0', '--output', '/tmp/tmprpmaw7_g.xml', '/tmp/tmpyw13lhds.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-Wwd8SvDUOCD3dcaz0', '--output', '/tmp/tmp0n0qm8xk.xml', '/tmp/tmpyk8o4nh3.xml'] FAILED tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:protocol:LogoutRequest', '--node-id', 'id-MBV2Uy5SRcoGfpcJY', '--output', '/tmp/tmpcsy3eosf.xml', '/tmp/tmp82ui11yk.xml'] FAILED tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-Tpds2dMQxu7pLWsw2', '--output', '/tmp/tmpr5cjhz9_.xml', '/tmp/tmpieuwh22x.xml'] FAILED tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 - saml2.sigver.SignatureError: ['/usr/bin/xmlsec1', '--sign', '--privkey-pem', '/builddir/build/BUILD/python-pysaml2-7.4.2-build/pysaml2-7.4.2/tests/test.key', '--id-attr:ID', 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', '--node-id', 'id-n5tyAx5e8hQ2J1DfC', '--output', '/tmp/tmph2cftvav.xml', '/tmp/tmp1ilgfm3h.xml'] FAILED tests/test_70_redirect_signing.py::test - cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. FAILED tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored - saml2.sigver.SignatureError: Failed to verify signature = 77 failed, 691 passed, 6 skipped, 612 warnings, 11 errors in 155.02s (0:02:35) = error: Bad exit status from /var/tmp/rpm-tmp.CUrCbc (%check) Bad exit status from /var/tmp/rpm-tmp.CUrCbc (%check) RPM build errors: Finish: rpmbuild python-pysaml2-7.4.2-6.fc42.src.rpm Finish: build phase for python-pysaml2-7.4.2-6.fc42.src.rpm INFO: chroot_scan: 1 files copied to /var/lib/copr-rpmbuild/results/chroot_scan INFO: /var/lib/mock/fedora-rawhide-x86_64-1730198127.190043/root/var/log/dnf5.log ERROR: Exception(/var/lib/copr-rpmbuild/results/python-pysaml2-7.4.2-6.fc42.src.rpm) Config(fedora-rawhide-x86_64) 2 minutes 55 seconds INFO: Results and/or logs in: /var/lib/copr-rpmbuild/results INFO: Cleaning up build root ('cleanup_on_failure=True') Start: clean chroot INFO: unmounting tmpfs. Finish: clean chroot ERROR: Command failed: # /usr/bin/systemd-nspawn -q -M 6094b280b6d74de38b0944945303689e -D /var/lib/mock/fedora-rawhide-x86_64-1730198127.190043/root -a -u mockbuild --capability=cap_ipc_lock --rlimit=RLIMIT_NOFILE=10240 --capability=cap_ipc_lock --bind=/tmp/mock-resolv.7yu2h96o:/etc/resolv.conf --bind=/dev/btrfs-control --bind=/dev/mapper/control --bind=/dev/fuse --bind=/dev/loop-control --bind=/dev/loop0 --bind=/dev/loop1 --bind=/dev/loop2 --bind=/dev/loop3 --bind=/dev/loop4 --bind=/dev/loop5 --bind=/dev/loop6 --bind=/dev/loop7 --bind=/dev/loop8 --bind=/dev/loop9 --bind=/dev/loop10 --bind=/dev/loop11 --console=pipe --setenv=TERM=vt100 --setenv=SHELL=/bin/bash --setenv=HOME=/builddir --setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin '--setenv=PROMPT_COMMAND=printf "\033]0;\007"' '--setenv=PS1= \s-\v\$ ' --setenv=LANG=C.UTF-8 --resolv-conf=off bash --login -c '/usr/bin/rpmbuild -ba --noprep --target x86_64 /builddir/build/originals/python-pysaml2.spec' Copr build error: Build failed