Bug#1090286: marked as done (python-pysaml2: FTBFS: E AssertionError: False is not true)

[Debian Bug Tracking System]

Your message dated Tue, 17 Dec 2024 08:36:39 +0000
with message-id <e1tnt4j-004pd9...@fasolo.debian.org>
and subject line Bug#1090286: fixed in python-pysaml2 7.5.0-4
has caused the Debian Bug report #1090286,
regarding python-pysaml2: FTBFS: E AssertionError: False is not true
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1090286: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090286
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: src:python-pysaml2
Version: 7.5.0-3
Severity: serious
Tags: ftbfs

Dear maintainer:

During a rebuild of all packages in unstable, your package failed to build:

--------------------------------------------------------------------------------
[...]
 debian/rules build
make: pyversions: No such file or directory
py3versions: no X-Python3-Version in control file, using supported versions
dh build --buildsystem=pybuild --with python3,sphinxdoc
   dh_update_autotools_config -O--buildsystem=pybuild
   dh_autoreconf -O--buildsystem=pybuild
   dh_auto_configure -O--buildsystem=pybuild
   dh_auto_build -O--buildsystem=pybuild
I: pybuild plugin_pyproject:129: Building wheel for python3.13 with "build" 
module
I: pybuild base:311: python3.13 -m build --skip-dependency-check --no-isolation 
--wheel --outdir /<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_pysaml2  
* Building wheel...
Successfully built pysaml2-7.5.0-py3-none-any.whl
I: pybuild plugin_pyproject:144: Unpacking wheel built for python3.13 with 
"installer" module
I: pybuild plugin_pyproject:129: Building wheel for python3.12 with "build" 
module

[... snipped ...]

tests/test_51_client.py::TestClient::test_create_auth_request_0 PASSED   [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_requested_attributes
 PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_unset_force_authn_by_default
 PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_not_true_or_1
 PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_true
 PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_set_force_authn_1 
PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_nameid_policy_allow_create
 PASSED [ 76%]
tests/test_51_client.py::TestClient::test_create_auth_request_vo PASSED  [ 77%]
tests/test_51_client.py::TestClient::test_sign_auth_request_0 PASSED     [ 77%]
tests/test_51_client.py::TestClient::test_logout_response PASSED         [ 77%]
tests/test_51_client.py::TestClient::test_create_logout_request PASSED   [ 77%]
tests/test_51_client.py::TestClient::test_response_1 PASSED              [ 77%]
tests/test_51_client.py::TestClient::test_response_2 PASSED              [ 77%]
tests/test_51_client.py::TestClient::test_response_3 PASSED              [ 77%]
tests/test_51_client.py::TestClient::test_response_4 PASSED              [ 77%]
tests/test_51_client.py::TestClient::test_response_5 PASSED              [ 78%]
tests/test_51_client.py::TestClient::test_response_6 PASSED              [ 78%]
tests/test_51_client.py::TestClient::test_response_7 PASSED              [ 78%]
tests/test_51_client.py::TestClient::test_response_8 PASSED              [ 78%]
tests/test_51_client.py::TestClient::test_response_no_name_id PASSED     [ 78%]
tests/test_51_client.py::TestClient::test_init_values PASSED             [ 78%]
tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion PASSED [ 
78%]
tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion2 PASSED [ 
78%]
tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_1 
PASSED [ 79%]
tests/test_51_client.py::TestClient::test_sign_then_encrypt_assertion_advice_2 
PASSED [ 79%]
tests/test_51_client.py::TestClient::test_signed_with_default_algo_redirect 
PASSED [ 79%]
tests/test_51_client.py::TestClient::test_signed_redirect PASSED         [ 79%]
tests/test_51_client.py::TestClient::test_signed_redirect_passes_if_needs_signed_requests
 PASSED [ 79%]
tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_received_unsigned
 PASSED [ 79%]
tests/test_51_client.py::TestClient::test_signed_redirect_fail_if_needs_signed_request_but_sigalg_not_matches
 PASSED [ 79%]
tests/test_51_client.py::TestClient::test_do_logout_signed_redirect PASSED [ 
79%]
tests/test_51_client.py::TestClient::test_do_logout_signed_redirect_invalid 
PASSED [ 80%]
tests/test_51_client.py::TestClient::test_do_logout_post PASSED          [ 80%]
tests/test_51_client.py::TestClient::test_do_logout_redirect_no_cache PASSED [ 
80%]
tests/test_51_client.py::TestClient::test_do_logout_session_expired PASSED [ 
80%]
tests/test_51_client.py::TestClient::test_signature_wants PASSED         [ 80%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query1 
PASSED [ 80%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query2 
PASSED [ 80%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_attribute_query_3 
PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_0 
PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_unset_force_authn
 PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_set_force_authn
 PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_nameid_policy_allow_create
 PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_auth_request_vo 
PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_sign_auth_request_0 PASSED 
[ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_create_logout_request 
PASSED [ 81%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_1 PASSED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_2 PASSED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_3 PASSED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_4 PASSED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_5 PASSED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_6 PASSED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_7 PASSED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_8 PASSED   [ 82%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_no_name_id PASSED 
[ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status 
PASSED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_response_error_status_non_standard_status_code
 PASSED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_init_values PASSED  [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion
 PASSED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion2
 PASSED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_1
 PASSED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_sign_then_encrypt_assertion_advice_2
 PASSED [ 83%]
tests/test_51_client.py::TestClientNonAsciiAva::test_signed_redirect PASSED [ 
84%]
tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_signed_redirect 
PASSED [ 84%]
tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_post PASSED [ 
84%]
tests/test_51_client.py::TestClientNonAsciiAva::test_do_logout_session_expired 
PASSED [ 84%]
tests/test_51_client.py::TestClientWithDummy::test_do_authn PASSED       [ 84%]
tests/test_51_client.py::TestClientWithDummy::test_do_negotiated_authn PASSED [ 
84%]
tests/test_51_client.py::TestClientWithDummy::test_do_attribute_query PASSED [ 
84%]
tests/test_51_client.py::TestClientWithDummy::test_logout_1 PASSED       [ 84%]
tests/test_51_client.py::TestClientWithDummy::test_post_sso PASSED       [ 85%]
tests/test_51_client.py::TestClientWithDummy::test_negotiated_post_sso PASSED [ 
85%]
tests/test_51_client.py::TestClientNoConfigContext::test_logout_1 PASSED [ 85%]
tests/test_51_client.py::test_parse_soap_enveloped_saml_xxe PASSED       [ 85%]
tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response 
PASSED [ 85%]
tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_1 
PASSED [ 85%]
tests/test_52_default_sign_alg.py::TestSignedResponse::test_signed_response_2 
PASSED [ 85%]
tests/test_60_sp.py::TestSP::test_setup PASSED                           [ 86%]
tests/test_60_sp.py::TestSP::test_identify PASSED                        [ 86%]
tests/test_62_vo.py::TestVirtualOrg::test_mta PASSED                     [ 86%]
tests/test_62_vo.py::TestVirtualOrg::test_unknown_subject PASSED         [ 86%]
tests/test_62_vo.py::TestVirtualOrg::test_id PASSED                      [ 86%]
tests/test_62_vo.py::TestVirtualOrg::test_id_unknown PASSED              [ 86%]
tests/test_62_vo.py::TestVirtualOrg_2::test_mta PASSED                   [ 86%]
tests/test_62_vo.py::TestVirtualOrg_2::test_unknown_subject PASSED       [ 86%]
tests/test_62_vo.py::TestVirtualOrg_2::test_id PASSED                    [ 87%]
tests/test_62_vo.py::TestVirtualOrg_2::test_id_unknown PASSED            [ 87%]
tests/test_63_ecp.py::test_complete_flow PASSED                          [ 87%]
tests/test_64_artifact.py::test_create_artifact PASSED                   [ 87%]
tests/test_64_artifact.py::test_create_artifact_resolve PASSED           [ 87%]
tests/test_64_artifact.py::test_artifact_flow PASSED                     [ 87%]
tests/test_65_authn_query.py::test_basic PASSED                          [ 87%]
tests/test_65_authn_query.py::test_flow PASSED                           [ 87%]
tests/test_66_name_id_mapping.py::test_base_request PASSED               [ 88%]
tests/test_66_name_id_mapping.py::test_request_response PASSED           [ 88%]
tests/test_67_manage_name_id.py::test_basic PASSED                       [ 88%]
tests/test_67_manage_name_id.py::test_flow PASSED                        [ 88%]
tests/test_68_assertion_id.py::test_basic_flow PASSED                    [ 88%]
tests/test_69_discovery.py::test_verify PASSED                           [ 88%]
tests/test_69_discovery.py::test_construct_0 PASSED                      [ 88%]
tests/test_69_discovery.py::test_construct_1 PASSED                      [ 88%]
tests/test_69_discovery.py::test_construct_deconstruct_request PASSED    [ 89%]
tests/test_69_discovery.py::test_construct_deconstruct_response PASSED   [ 89%]
tests/test_70_redirect_signing.py::test PASSED                           [ 89%]
tests/test_71_authn_request.py::test_authn_request_with_acs_by_index PASSED [ 
89%]
tests/test_72_eptid.py::test_eptid PASSED                                [ 89%]
tests/test_72_eptid.py::test_eptid_shelve PASSED                         [ 89%]
tests/test_75_mongodb.py::test_flow PASSED                               [ 89%]
tests/test_75_mongodb.py::test_eptid_mongo_db PASSED                     [ 89%]
tests/test_76_metadata_in_mdb.py::test_metadata PASSED                   [ 90%]
tests/test_77_authn_context.py::test_passwd PASSED                       [ 90%]
tests/test_77_authn_context.py::test_factory PASSED                      [ 90%]
tests/test_77_authn_context.py::test_authn_decl_in_authn_context PASSED  [ 90%]
tests/test_77_authn_context.py::test_authn_1 PASSED                      [ 90%]
tests/test_77_authn_context.py::test_authn_2 PASSED                      [ 90%]
tests/test_77_authn_context.py::test_authn_3 PASSED                      [ 90%]
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains
 FAILED [ 91%]
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_expire 
PASSED [ 91%]
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_passphrase
 PASSED [ 91%]
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert
 FAILED [ 91%]
tests/test_88_nsprefix.py::test_nsprefix PASSED                          [ 91%]
tests/test_88_nsprefix.py::test_nsprefix2 PASSED                         [ 91%]
tests/test_89_http_post_relay_state.py::test_relay_state PASSED          [ 91%]
tests/test_92_aes.py::TestAES::test_aes_defaults PASSED                  [ 91%]
tests/test_92_aes.py::TestAES::test_aes_128_cbc PASSED                   [ 92%]
tests/test_92_aes.py::TestAES::test_aes_128_cfb PASSED                   [ 92%]
tests/test_92_aes.py::TestAES::test_aes_192_cbc PASSED                   [ 92%]
tests/test_92_aes.py::TestAES::test_aes_192_cfb PASSED                   [ 92%]
tests/test_92_aes.py::TestAES::test_aes_256_cbc PASSED                   [ 92%]
tests/test_92_aes.py::TestAES::test_aes_256_cfb PASSED                   [ 92%]
tests/test_93_hok.py::TestHolderOfKeyResponse::test_valid_hok_response_is_parsed
 PASSED [ 92%]
tests/test_93_hok.py::TestHolderOfKeyResponse::test_invalid_hok_response_fails_verification
 PASSED [ 92%]
tests/test_94_read_cert.py::test_read_single_cert PASSED                 [ 93%]
tests/test_94_read_cert.py::test_read_cert_chain PASSED                  [ 93%]
tests/test_94_read_cert.py::test_read_cert_chain_with_linebreaks PASSED  [ 93%]
tests/test_schema_validator.py::test_invalid_saml_metadata_doc[invalid_metadata_file.xml]
 PASSED [ 93%]
tests/test_schema_validator.py::test_invalid_saml_metadata_doc[empty_metadata_file.xml]
 PASSED [ 93%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[InCommon-metadata.xml]
 PASSED [ 93%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp.xml] PASSED [ 
93%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_2.xml] PASSED 
[ 93%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_aa.xml] PASSED 
[ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_all.xml] 
PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_example.xml] 
PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_soap.xml] 
PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re.xml] 
PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_re_nren.xml]
 PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_rs.xml] 
PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_cat_sfs_hei.xml]
 PASSED [ 94%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_esi_and_coco_sp.xml]
 PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[entity_no_friendly_name_sp.xml]
 PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[extended.xml] 
PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_slo_redirect.xml]
 PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[idp_uiinfo.xml] 
PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.aaitest.xml]
 PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata.xml] 
PASSED [ 95%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_cert.xml] 
PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_example.xml]
 PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1.xml] 
PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_1_no_encryption.xml]
 PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metadata_sp_2.xml] 
PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[metasp.xml] PASSED 
[ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[pdp_meta.xml] 
PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[servera.xml] 
PASSED [ 96%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp.xml] PASSED [ 
97%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[sp_slo_redirect.xml]
 PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[urn-mace-swami.se-swamid-test-1.0-metadata.xml]
 PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[uu.xml] PASSED [ 
97%]
tests/test_schema_validator.py::test_valid_saml_metadata_doc[vo_metadata.xml] 
PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_response_doc[attribute_response.xml]
 PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_response_doc[okta_response.xml] 
PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_response_doc[simplesamlphp_authnresponse.xml]
 PASSED [ 97%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml2_response.xml]
 PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml_false_signed.xml]
 PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok.xml] 
PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml_hok_invalid.xml]
 PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml_signed.xml] 
PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_response_doc[saml_unsigned.xml] 
PASSED [ 98%]
tests/test_schema_validator.py::test_valid_saml_partial_doc[encrypted_attribute_statement.xml]
 PASSED [ 98%]
tests/test_schema_validator.py::test_valid_eidas_saml_response_doc[eidas_response.xml]
 PASSED [ 98%]
tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_response_with_hmac_should_fail
 PASSED [ 99%]
tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_hmac_should_fail
 PASSED [ 99%]
tests/test_xmlsec1_key_data.py::TestAuthnResponse::test_signed_assertion_with_random_embedded_cert_should_be_ignored
 PASSED [ 99%]
tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_wrapper_should_fail 
PASSED [ 99%]
tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_extensions_should_fail 
PASSED [ 99%]
tests/test_xsw.py::TestXSW::test_signed_xsw_assertion_assertion_should_fail 
PASSED [ 99%]
tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_assertion_first_sig_should_fail
 PASSED [ 99%]
tests/test_xsw.py::TestInvalidDepthFirstSig::test_signed_response_first_sig_should_fail
 PASSED [100%]

=================================== FAILURES ===================================
____________________ TestServer1.test_encrypted_response_6 _____________________

self = <test_50_server.TestServer1 object at 0x7fac3add5d30>

    def test_encrypted_response_6(self):
        _server = Server("idp_conf_verify_cert")
    
        cert_str_advice, cert_key_str_advice = generate_cert()
    
        cert_str_assertion, cert_key_str_assertion = generate_cert()
    
>       _resp = _server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/";,  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=False,
            sign_assertion=False,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_advice=cert_str_advice,
            encrypt_cert_assertion=cert_str_assertion,
        )

tests/test_50_server.py:911: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
saml2/server.py:833: in create_authn_response
    args = self.gather_authn_response_args(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.server.Server object at 0x7fac384175f0>
sp_entity_id = 'urn:mace:example.com:saml:roland:sp', name_id_policy = None
userid = None
kwargs = {'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 
'encrypt_cert_advice': '-----BEGIN 
CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjE0MTczNDE1WhcNMzQxMjEyMTczNDE1WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAoE31siosYpVA9p6/VPVN5LXNaNU7O97rLmca3YMurkZVb4sQqZ1AeDJn\nU5F7lS5PXZ7yyOe+3A0QcXQKGS1vS3ux/kvdV5U5IFFYgjnfsvCHfvSt/Clcsv6y\nbUO3Sr178sAapsvjnhHtOmJfWYrvTOKtSYtMuw/BH0Z2XQEc3kzlGUtFDrYOyHJ4\n9B0In5GjayQ7csOnEXqoDe+Caegb/ee8eK5op6TG0FpGGUEQT4zS2CYailU7yrol\nt3UL0dq4VE0XiCCNEc83KLoHyzmS/FVyXKXAX/TrN57S+0U2fu5qh3IItICw5X5W\nzoHnjKWOvWWawLLLClS2AldO+1P65wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFYw\n0THZGgeWGhLG+bjDlsnwb6eP1w1O4LoD0tgzudph9r4hD/vXGIA1rKQEZyD7DG/J\nF82hktOV
 
Wq9Ivf7tn9enQSmopRoQ23hafLnBce0RDkRaXjvBPgYeprQAO1onUfRD\nCD4eVGuCya4yYy2oG/sVPB3nMXmgCE6Zq1NVik7U\n-----END
 CERTIFICATE-----\n', 'encrypt_cert_assertion': '-----BEGIN 
CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjE0MTczNDE1WhcNMzQxMjEyMTczNDE1WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAr4qAYnKoePWcVxgNXeqHG+QEBMAjIkBMf9myaSxFiy1odkEuOSem7ntv\nX7GZEJU9XRPQxxvcQtY0vdvmflawMX3lgH6FHd4pM7/xb8wNGBEgCVBSU4JhBwP4\n/O9OaNLlU3uQ9dZSt9LEUDt08EWySxD2uto20tfDLtD6JD7gV0wKaG3Nm4IN6ig6\nNmXyt6GejUcmHCO0VJ7LgDejnY9pKQ+/w+AEddfdKAjiUM4gg1n8klpE75u5yOXC\nat17tsVYAx0wj6EbB4X9FdHHJirvWYQqIQK/KLNMlUr73ocvY6wUNqgfVP6NMC+y\nfvTCOT+k+FlxakmcZhco5WXqfBJtYwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAGDe\nihJZXSeohzqPh9UrhoC
 
9+msKW7rcnUcKKHfPCftW7RMZqvqvqLspYakMzxfkK8zt\ngxzNj0V+/kq8NU7w4ZK3cExoLZaZhLbg1A6xf65e2kQI2zue95mMWxPWeM5vlwEV\nrxWOmiSbPJ+RLZbkxxUSVNsLlxty7T7dbjBfhNyG\n-----END
 CERTIFICATE-----\n', ...}
args = {'best_effort': False, 'encrypt_assertion': True, 
'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN 
CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjE0MTczNDE1WhcNMzQxMjEyMTczNDE1WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAoE31siosYpVA9p6/VPVN5LXNaNU7O97rLmca3YMurkZVb4sQqZ1AeDJn\nU5F7lS5PXZ7yyOe+3A0QcXQKGS1vS3ux/kvdV5U5IFFYgjnfsvCHfvSt/Clcsv6y\nbUO3Sr178sAapsvjnhHtOmJfWYrvTOKtSYtMuw/BH0Z2XQEc3kzlGUtFDrYOyHJ4\n9B0In5GjayQ7csOnEXqoDe+Caegb/ee8eK5op6TG0FpGGUEQT4zS2CYailU7yrol\nt3UL0dq4VE0XiCCNEc83KLoHyzmS/FVyXKXAX/TrN57S+0U2fu5qh3IItICw5X5W\nzoHnjKWOvWWawLLLClS2AldO+1P65wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAFYw\n0THZGgeWGhLG+bjDlsnwb6eP1w1O4LoD0tgzudph9r4hD/vXGIA1rK
 
QEZyD7DG/J\nF82hktOVWq9Ivf7tn9enQSmopRoQ23hafLnBce0RDkRaXjvBPgYeprQAO1onUfRD\nCD4eVGuCya4yYy2oG/sVPB3nMXmgCE6Zq1NVik7U\n-----END
 CERTIFICATE-----\n', ...}
param_defaults = {'best_effort': False, 'encrypt_assertion': False, 
'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': None, ...}
param = 'encrypt_cert_assertion', val_default = None
val_kw = '-----BEGIN 
CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjE0MTczNDE1WhcNMzQxMjEyMTczNDE1WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAr4qAYnKoePWcVxgNXeqHG+QEBMAjIkBMf9myaSxFiy1odkEuOSem7ntv\nX7GZEJU9XRPQxxvcQtY0vdvmflawMX3lgH6FHd4pM7/xb8wNGBEgCVBSU4JhBwP4\n/O9OaNLlU3uQ9dZSt9LEUDt08EWySxD2uto20tfDLtD6JD7gV0wKaG3Nm4IN6ig6\nNmXyt6GejUcmHCO0VJ7LgDejnY9pKQ+/w+AEddfdKAjiUM4gg1n8klpE75u5yOXC\nat17tsVYAx0wj6EbB4X9FdHHJirvWYQqIQK/KLNMlUr73ocvY6wUNqgfVP6NMC+y\nfvTCOT+k+FlxakmcZhco5WXqfBJtYwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAGDe\nihJZXSeohzqPh9UrhoC9+msKW7rcnUcKKHfPCftW7RMZqvqvqLspYakMzxfkK8zt\ngxzNj0V+/kq8NU7w4ZK3cExoLZaZhLbg1A6xf65e2kQI2zue95mMWxPWeM5vlwEV\nrxWOmiSbPJ+RLZbkxxUSVNsLlxty7T7dbjB
 fhNyG\n-----END CERTIFICATE-----\n'
val_config = None, arg = 'encrypted_advice_attributes'

    def gather_authn_response_args(self, sp_entity_id, name_id_policy, userid, 
**kwargs):
        kwargs["policy"] = kwargs.get("release_policy")
    
        # collect args and return them
        args = {}
    
        # XXX will be passed to _authn_response
        param_defaults = {
            "policy": None,
            "best_effort": False,
            "sign_assertion": False,
            "sign_response": False,
            "encrypt_assertion": False,
            "encrypt_assertion_self_contained": True,
            "encrypted_advice_attributes": False,
            "encrypt_cert_advice": None,
            "encrypt_cert_assertion": None,
            # need to be named sign_alg and digest_alg
        }
        for param, val_default in param_defaults.items():
            val_kw = kwargs.get(param)
            val_config = self.config.getattr(param, "idp")
            args[param] = val_kw if val_kw is not None else val_config if 
val_config is not None else val_default
    
        for arg, attr, eca, pefim in [
            ("encrypted_advice_attributes", "verify_encrypt_cert_advice", 
"encrypt_cert_advice", kwargs["pefim"]),
            ("encrypt_assertion", "verify_encrypt_cert_assertion", 
"encrypt_cert_assertion", False),
        ]:
    
            if args[arg] or pefim:
                _enc_cert = self.config.getattr(attr, "idp")
    
                if _enc_cert is not None:
                    if kwargs[eca] is None:
                        raise CertificateError(
                            "No SPCertEncType certificate for encryption " 
"contained in authentication " "request."
                        )
                    if not _enc_cert(kwargs[eca]):
>                       raise CertificateError("Invalid certificate for 
> encryption!")
E                       saml2.cert.CertificateError: Invalid certificate for 
encryption!

saml2/server.py:737: CertificateError
_______________ TestServer1NonAsciiAva.test_encrypted_response_6 _______________

self = <test_50_server.TestServer1NonAsciiAva object at 0x7fac3adfb7a0>

    def test_encrypted_response_6(self):
        _server = Server("idp_conf_verify_cert")
    
        cert_str_advice, cert_key_str_advice = generate_cert()
    
        cert_str_assertion, cert_key_str_assertion = generate_cert()
    
>       _resp = _server.create_authn_response(
            self.ava,
            "id12",  # in_response_to
            "http://lingon.catalogix.se:8087/";,  # consumer_url
            "urn:mace:example.com:saml:roland:sp",  # sp_entity_id
            name_id=self.name_id,
            sign_response=False,
            sign_assertion=False,
            encrypt_assertion=True,
            encrypt_assertion_self_contained=True,
            pefim=True,
            encrypt_cert_advice=cert_str_advice,
            encrypt_cert_assertion=cert_str_assertion,
        )

tests/test_50_server.py:1987: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
saml2/server.py:833: in create_authn_response
    args = self.gather_authn_response_args(
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <saml2.server.Server object at 0x7fac3972ef90>
sp_entity_id = 'urn:mace:example.com:saml:roland:sp', name_id_policy = None
userid = None
kwargs = {'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 
'encrypt_cert_advice': '-----BEGIN 
CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjE0MTczNDE2WhcNMzQxMjEyMTczNDE2WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA805X9u9SXDrgZE/AGv5q2D38pCta9sEfrU/pIG+Y4G/MZNEEiNiX0WQi\nBLtz4tjyyxxh5BS5GPcrHsmzNcVO13S/h6c0wGae2uY/m9hI1o0+pymA6Bjesifz\n22MfW5HjajB9m4GHY5s6PtG2Zk7Kq4e171kq52OPccLvyL7WN6FXDTw2NGJG9VB4\nwkiNbS4/Q3WOFUMEzb2GYkkEFzv3XtLSVjLDx3OvDOBPzPKEc71T6Rw0h4hadtap\nbOvPqJAvxbHg0Zy/Jbdlj1H04UYWplDPTzuKcCRy2H278IXXLmZueAAbMM/bcZMe\nxjnSp19nUXAH3ZUz2j8mttG6bt/PkQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIOp\nZjI5Xl/gLcCdWbdV+DH6SSd7/O4DNtPLem3K7dpHpLUfL4kTL81917ieLr9dqeGY\nb1gTQUbD
 
bJHcOBwI6p2REo2hBOWS91PNKKHUne6F5YrIY3q7mlKdoboyE1Um6iFu\ntP60ITNVO4qG1O+IzF39/KGHTIo54SGx53A4VxWk\n-----END
 CERTIFICATE-----\n', 'encrypt_cert_assertion': '-----BEGIN 
CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjE0MTczNDE2WhcNMzQxMjEyMTczNDE2WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAtBZxMrbkGyavtAvff1uRe29fcOsI0HdyETeR2Z91siOHOjBCtZcrXQlj\n5c2v3i8NUR9YyXM7rtpB4bvc+iEybNEmHWbvOS8/RiBigeiazhJwP6q8OcS3GzO0\np72YBpUa0rpuCwzbaV6uOiBG5b4p9NjbFp95B/xiEmjl+wj3GytZqWw29rMNI1Wt\nkOpCFHF+bbGbzR2ZEdMy1fa1lcRXyW5lHRtkJWqjNCiKKQvnjWJuvrEnPqN0i+VD\n+DBCEbkk1tRxLHtcyRk8yHheWN3llYmV7qiyfjFJBUVaRsecEKRrHxjfaj5MJK1A\nzHRKpVNTqM5fz9WFD51oHVwhDcMkkQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIfV\nLwOvdlbMdISRud+pd37
 
KhUNgAqR0sRoWDeZm9pqNtzHoxx1EfPNwwTL8igRxy7fG\n7VZrKHlU0ht/SSpALHcFt9xRsRvtynxzMV7Tu6egLVhMigm7/13Jjn/JGpsG1lhC\n0VHhhEBEpf1WNKL2ZAMZfP80/G+FVhKjLCTtpKH2\n-----END
 CERTIFICATE-----\n', ...}
args = {'best_effort': False, 'encrypt_assertion': True, 
'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN 
CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjE0MTczNDE2WhcNMzQxMjEyMTczNDE2WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA805X9u9SXDrgZE/AGv5q2D38pCta9sEfrU/pIG+Y4G/MZNEEiNiX0WQi\nBLtz4tjyyxxh5BS5GPcrHsmzNcVO13S/h6c0wGae2uY/m9hI1o0+pymA6Bjesifz\n22MfW5HjajB9m4GHY5s6PtG2Zk7Kq4e171kq52OPccLvyL7WN6FXDTw2NGJG9VB4\nwkiNbS4/Q3WOFUMEzb2GYkkEFzv3XtLSVjLDx3OvDOBPzPKEc71T6Rw0h4hadtap\nbOvPqJAvxbHg0Zy/Jbdlj1H04UYWplDPTzuKcCRy2H278IXXLmZueAAbMM/bcZMe\nxjnSp19nUXAH3ZUz2j8mttG6bt/PkQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIOp\nZjI5Xl/gLcCdWbdV+DH6SSd7/O4DNtPLem3K7dpHpLUfL4kTL81917
 
ieLr9dqeGY\nb1gTQUbDbJHcOBwI6p2REo2hBOWS91PNKKHUne6F5YrIY3q7mlKdoboyE1Um6iFu\ntP60ITNVO4qG1O+IzF39/KGHTIo54SGx53A4VxWk\n-----END
 CERTIFICATE-----\n', ...}
param_defaults = {'best_effort': False, 'encrypt_assertion': False, 
'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': None, ...}
param = 'encrypt_cert_assertion', val_default = None
val_kw = '-----BEGIN 
CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjE0MTczNDE2WhcNMzQxMjEyMTczNDE2WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAtBZxMrbkGyavtAvff1uRe29fcOsI0HdyETeR2Z91siOHOjBCtZcrXQlj\n5c2v3i8NUR9YyXM7rtpB4bvc+iEybNEmHWbvOS8/RiBigeiazhJwP6q8OcS3GzO0\np72YBpUa0rpuCwzbaV6uOiBG5b4p9NjbFp95B/xiEmjl+wj3GytZqWw29rMNI1Wt\nkOpCFHF+bbGbzR2ZEdMy1fa1lcRXyW5lHRtkJWqjNCiKKQvnjWJuvrEnPqN0i+VD\n+DBCEbkk1tRxLHtcyRk8yHheWN3llYmV7qiyfjFJBUVaRsecEKRrHxjfaj5MJK1A\nzHRKpVNTqM5fz9WFD51oHVwhDcMkkQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAIfV\nLwOvdlbMdISRud+pd37KhUNgAqR0sRoWDeZm9pqNtzHoxx1EfPNwwTL8igRxy7fG\n7VZrKHlU0ht/SSpALHcFt9xRsRvtynxzMV7Tu6egLVhMigm7/13Jjn/JGpsG1lhC\n0VHhhEBEpf1WNKL2ZAMZfP80/G+FVhKjLCT
 tpKH2\n-----END CERTIFICATE-----\n'
val_config = None, arg = 'encrypted_advice_attributes'

    def gather_authn_response_args(self, sp_entity_id, name_id_policy, userid, 
**kwargs):
        kwargs["policy"] = kwargs.get("release_policy")
    
        # collect args and return them
        args = {}
    
        # XXX will be passed to _authn_response
        param_defaults = {
            "policy": None,
            "best_effort": False,
            "sign_assertion": False,
            "sign_response": False,
            "encrypt_assertion": False,
            "encrypt_assertion_self_contained": True,
            "encrypted_advice_attributes": False,
            "encrypt_cert_advice": None,
            "encrypt_cert_assertion": None,
            # need to be named sign_alg and digest_alg
        }
        for param, val_default in param_defaults.items():
            val_kw = kwargs.get(param)
            val_config = self.config.getattr(param, "idp")
            args[param] = val_kw if val_kw is not None else val_config if 
val_config is not None else val_default
    
        for arg, attr, eca, pefim in [
            ("encrypted_advice_attributes", "verify_encrypt_cert_advice", 
"encrypt_cert_advice", kwargs["pefim"]),
            ("encrypt_assertion", "verify_encrypt_cert_assertion", 
"encrypt_cert_assertion", False),
        ]:
    
            if args[arg] or pefim:
                _enc_cert = self.config.getattr(attr, "idp")
    
                if _enc_cert is not None:
                    if kwargs[eca] is None:
                        raise CertificateError(
                            "No SPCertEncType certificate for encryption " 
"contained in authentication " "request."
                        )
                    if not _enc_cert(kwargs[eca]):
>                       raise CertificateError("Invalid certificate for 
> encryption!")
E                       saml2.cert.CertificateError: Invalid certificate for 
encryption!

saml2/server.py:737: CertificateError
______________ TestGenerateCertificates.test_validate_cert_chains ______________

self = <test_81_certificates.TestGenerateCertificates 
testMethod=test_validate_cert_chains>

    def test_validate_cert_chains(self):
    
        cert_info_ca = {
            "cn": "qwerty",
            "country_code": "qw",
            "state": "qwerty",
            "city": "qwerty",
            "organization": "qwerty",
            "organization_unit": "qwerty",
        }
    
        cert_intermediate_1_info = {
            "cn": "intermediate_1",
            "country_code": "as",
            "state": "asdfgh",
            "city": "asdfgh",
            "organization": "asdfgh",
            "organization_unit": "asdfg",
        }
    
        cert_intermediate_2_info = {
            "cn": "intermediate_2",
            "country_code": "as",
            "state": "asdfgh",
            "city": "asdfgh",
            "organization": "asdfgh",
            "organization_unit": "asdfg",
        }
    
        cert_client_cert_info = {
            "cn": "intermediate_1",
            "country_code": "as",
            "state": "asdfgh",
            "city": "asdfgh",
            "organization": "asdfgh",
            "organization_unit": "asdfg",
        }
    
        osw = OpenSSLWrapper()
    
        ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca, 
request=False)
    
        req_cert_str, intermediate_1_key_str = 
osw.create_certificate(cert_intermediate_1_info, request=True)
        intermediate_cert_1_str = 
osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str)
    
        req_cert_str, intermediate_2_key_str = 
osw.create_certificate(cert_intermediate_2_info, request=True)
        intermediate_cert_2_str = osw.create_cert_signed_certificate(
            intermediate_cert_1_str, intermediate_1_key_str, req_cert_str
        )
    
        req_cert_str, client_key_str = 
osw.create_certificate(cert_client_cert_info, request=True)
        client_cert_str = osw.create_cert_signed_certificate(
            intermediate_cert_2_str, intermediate_2_key_str, req_cert_str
        )
    
        cert_chain = [intermediate_cert_2_str, intermediate_cert_1_str, 
ca_cert_str]
    
        valid, mess = osw.verify_chain(cert_chain, client_cert_str)
>       self.assertTrue(valid)
E       AssertionError: False is not true

tests/test_81_certificates.py:131: AssertionError
____________ TestGenerateCertificates.test_validate_with_root_cert _____________

self = <test_81_certificates.TestGenerateCertificates 
testMethod=test_validate_with_root_cert>

    def test_validate_with_root_cert(self):
    
        cert_info_ca = {
            "cn": "qwerty",
            "country_code": "qw",
            "state": "qwerty",
            "city": "qwerty",
            "organization": "qwerty",
            "organization_unit": "qwerty",
        }
    
        cert_info = {
            "cn": "asdfgh",
            "country_code": "as",
            "state": "asdfgh",
            "city": "asdfgh",
            "organization": "asdfgh",
            "organization_unit": "asdfg",
        }
    
        osw = OpenSSLWrapper()
    
        ca_cert, ca_key = osw.create_certificate(
            cert_info_ca,
            request=False,
            write_to_file=True,
            cert_dir=f"{os.path.dirname(os.path.abspath(__file__))}/pki",
        )
    
        req_cert_str, req_key_str = osw.create_certificate(cert_info, 
request=True)
    
        ca_cert_str = osw.read_str_from_file(ca_cert)
        ca_key_str = osw.read_str_from_file(ca_key)
    
        cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, 
req_cert_str)
    
        valid, mess = osw.verify(ca_cert_str, cert_str)
>       self.assertTrue(valid)
E       AssertionError: False is not true

tests/test_81_certificates.py:50: AssertionError
=========================== short test summary info ============================
SKIPPED [1] tests/test_37_entity_categories.py:296: Temporarily disabled
SKIPPED [1] tests/test_37_entity_categories.py:325: Temporarily disabled
SKIPPED [1] tests/test_37_entity_categories.py:358: Temporarily disabled
FAILED tests/test_50_server.py::TestServer1::test_encrypted_response_6 - 
saml2.cert.CertificateError: Invalid certificate for encryption!
FAILED 
tests/test_50_server.py::TestServer1NonAsciiAva::test_encrypted_response_6 - 
saml2.cert.CertificateError: Invalid certificate for encryption!
FAILED 
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_cert_chains
 - AssertionError: False is not true
FAILED 
tests/test_81_certificates.py::TestGenerateCertificates::test_validate_with_root_cert
 - AssertionError: False is not true
====== 4 failed, 772 passed, 3 skipped, 2 deselected in 154.85s (0:02:34) ======
E: pybuild pybuild:389: test: plugin pyproject failed with: exit code=1: cd 
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.12_pysaml2/build; python3.12 -m pytest 
tests -v -Wignore -k "not test_signed_metadata_proper_str_bytes_handling and 
not test_enc1"
dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p "3.13 
3.12" returned exit code 13
make: *** [debian/rules:16: build] Error 25
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
--------------------------------------------------------------------------------

The above is just how the build ends and not necessarily the most relevant part.
If required, the full build log is available here:

https://people.debian.org/~sanvila/build-logs/202412/

About the archive rebuild: The build was made on virtual machines from AWS,
using sbuild and a reduced chroot with only build-essential packages.

If you could not reproduce the bug please contact me privately, as I
am willing to provide ssh access to a virtual machine where the bug is
fully reproducible.

If this is really a bug in one of the build-depends, please use
reassign and affects, so that this is still visible in the BTS web
page for this package.

Thanks.

--- End Message ---

--- Begin Message ---

Source: python-pysaml2
Source-Version: 7.5.0-4
Done: Thomas Goirand <z...@debian.org>

We believe that the bug you reported is fixed in the latest version of
python-pysaml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1090...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated python-pysaml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 17 Dec 2024 08:32:40 +0100
Source: python-pysaml2
Architecture: source
Version: 7.5.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenStack <team+openst...@tracker.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Closes: 1090286
Changes:
 python-pysaml2 (7.5.0-4) unstable; urgency=medium
 .
   * Blacklist more unit tests (Closes: #1090286):
     - test_encrypted_response_6
     - test_validate_cert_chains
     - test_validate_with_root_cert
Checksums-Sha1:
 f663c98055643f4d15f5a31d56069a08c0e2cea4 2644 python-pysaml2_7.5.0-4.dsc
 116446700a116ac08e4237e4253699766ac43075 8072 
python-pysaml2_7.5.0-4.debian.tar.xz
 afb8ac0d9179c28cb2e723ea5e3e05414ebaf640 10202 
python-pysaml2_7.5.0-4_amd64.buildinfo
Checksums-Sha256:
 32b19e6c0877b0c9e413569697cab502b8536cee07190d700320ef72e3f2cff6 2644 
python-pysaml2_7.5.0-4.dsc
 8e097b397f867c06a230c9798cce077ce0d4fd1d842d27c40f11a8dc8c3707eb 8072 
python-pysaml2_7.5.0-4.debian.tar.xz
 3e7aaa150245b5d77931e6d1e7f2917dc976b2c7c9d5876e3464c459e3ed89ca 10202 
python-pysaml2_7.5.0-4_amd64.buildinfo
Files:
 f0bf524411dac28ee87929908493459a 2644 python optional 
python-pysaml2_7.5.0-4.dsc
 3d557eab1647b196ce3b41f78807d3d4 8072 python optional 
python-pysaml2_7.5.0-4.debian.tar.xz
 637d45e5d64af919b5c5b2923d5d559b 10202 python optional 
python-pysaml2_7.5.0-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmdhK0sACgkQ1BatFaxr
Q/5kvQ/+P20SFPWNE+3nn7p/HCWukwC1K/vZFmmjxBzGEHmAU9DDmi+/2l/ctFRP
ssHVjMJbMSzzjDTf2D4BHkkmy6WY4H2kDrnamjIoYYO4jlT+eJfBFSBxBB25U3B/
xVEMxLB1rEMyV1QLZYvyFbawqoFSafaM/w80xp1wQW6tp9keEnqThMeNHJKRKIA0
3Sy12otmyAMKza/xQ0i6nLeRJ7YrBKGm5NA2v5/x/mBJy89p1TuYQdzeNfGLnZGk
+DoyJV1XkDLTT/YoZyCxNFOz5OeM9pEwXDeSmDwEreUsBmXKvPR3amYz5ge7PnVU
YJj4j9HzSRxSrqmZpVvL6vZTI9p9fxCTmSm9r2GcVa6xIxTkmeYHM3KeiHE4vUh9
UUu1+zQXcY7VI/jpsbxZGKiocU6AvI5y0ZwCzqX7riDlrjysM80zmzGqM6SRjlvt
kHpIi6bub4kvnIAzWX1gN6ypqWu3vUjXbyF+4qx2uDuU8SjPEDRYzg7fO6Bnp9Vb
/bewyepYrzzLGeBB+VEsdml+OTK9ngcy5v8X/qscybKrJgjN5RLLSiIfBtKzsFHj
K6ZDy7UZ/pxqZTgdDbYOtC6v5eBHAmzfGVxeiiUnkVrG2ca0dMFSSQZpfDdvBTCQ
HuHK0I3BAzWGu8EqUs6z3gyOYfJhsoK65nwgTA4QNzWYq1LG5xk=
=/IW5
-----END PGP SIGNATURE-----

pgp8uPKMg3hzy.pgp
Description: PGP signature

--- End Message ---