Test failures with pyopenssl 24.3.0 #975
Comments
|
I think the problem is the usage of This API was removed in pyOpenSSL 24.3.0
I treid to take a look at the suggested replacement library, but I couldn't find a direct replacement for this function. |
|
The issue was raised before that the crypt functionallity of pyopenssl should not be used #879 |
13 tasks
|
pyca/cryptography#7939 looks related, but didn't pan out. |
13 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Code Version
7.5.0
Expected Behavior
Tests should succeed when within the version boundaries of pysaml2.
Current Behavior
The following tests fail in combination with pyopenssl==24.3.0.
Full tracebacks
pysaml2> ____________________ TestServer1.test_encrypted_response_6 _____________________ pysaml2> pysaml2> self = pysaml2> pysaml2> def test_encrypted_response_6(self): pysaml2> _server = Server("idp_conf_verify_cert") pysaml2> pysaml2> cert_str_advice, cert_key_str_advice = generate_cert() pysaml2> pysaml2> cert_str_assertion, cert_key_str_assertion = generate_cert() pysaml2> pysaml2> > _resp = _server.create_authn_response( pysaml2> self.ava, pysaml2> "id12", # in_response_to pysaml2> "http://lingon.catalogix.se:8087/", # consumer_url pysaml2> "urn:mace:example.com:saml:roland:sp", # sp_entity_id pysaml2> name_id=self.name_id, pysaml2> sign_response=False, pysaml2> sign_assertion=False, pysaml2> encrypt_assertion=True, pysaml2> encrypt_assertion_self_contained=True, pysaml2> pefim=True, pysaml2> encrypt_cert_advice=cert_str_advice, pysaml2> encrypt_cert_assertion=cert_str_assertion, pysaml2> ) pysaml2> pysaml2> tests/test_50_server.py:911: pysaml2> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ pysaml2> /nix/store/ad02k9isi75v6rjmmsxxcy6279z91pf0-python3.12-pysaml2-7.5.0/lib/python3.12/site-packages/saml2/server.py:833: in create_authn_response pysaml2> args = self.gather_authn_response_args( pysaml2> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ pysaml2> pysaml2> self = pysaml2> sp_entity_id = 'urn:mace:example.com:saml:roland:sp', name_id_policy = None pysaml2> userid = None pysaml2> kwargs = {'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjI1MTkzNjMxWhcNMzQxMjIzMTkzNjMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAz69frF07UZCHkhbgi1H3FGpxFxYbwTrD1iWWhtTWJ9RP3wJOMoI/lAs0\nJORpKeWe5AV9JpuLCKzCW7bH7JJqG20acxQEB9dT/PumY8a/L0WK6iO1VF59iK30\nCnV0nK7griNVkA1xSaDHYX8xp0ZEycGclH5BLx0sXXsi8W00nSsBthaQ7Qb26pQz\nEGtxZBBHAejBFkOl6x/kilQkC5t7XYnhbtn5n+TCDdmQiY56Cx/o5ogaxqPUFEwe\nLJfdVjuXYjGIZseUgtHcN1UY8R24xehwEJS5JkfPles4upHA6VfyPmgIzl5tm4hU\n9y5QigSdrFcxxEBbVlb7fyY8r7ow/wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAByb\nQY95zOmbLRUNT9c1CJl/pHr4jGTG6Jpv3dpE2gFJ3c9xwzr6aFloGpSOeCtAhuue\nAhIcl8WqJFwC9p2mc9q+4gpmLylfjIvaHSYk1DlDZsw9VW3pcICLINqCdM19PsLw\np08h1/FyeMA4tt/x51Y35KKOGZUbJyft+wYMm8ec\n-----END CERTIFICATE-----\n', 'encrypt_cert_assertion': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjI1MTkzNjMxWhcNMzQxMjIzMTkzNjMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA/M4X5DkGHFB4zEBmAdQ6ve70ISfDh4GEWTmhRrp32APEfTWiV3tYzACS\nRN8axHIULYHxKcJorAtPf8NdPeYJIB20PoIwkC/9P7RRdJIDssSQSDS2tv0cPoXQ\nY4/q8X9olgXY241eMb+jUUqA+rPhZdt8GkbNXJPp5AoCi4jEHdxP9Ij/32Zm2PwN\n+mjb4nDOpzHBXpLe4JssWKxNkHpH97vvw9hEHUwqViDmE6mhgEVOvAz1SrtDvlTj\nIBZ0ywTr9m1qpBFdtjTKpaPhgHSU8KSqFG9Ly20000jDQVSj2tj+quaExx4/8C65\nanj5DHRSRtBAlRdcERQXv//iUbHvGwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBALqh\n5E3GKePM//lgIO5DLln/S/LpoLwQBFZQh+WPxxKrAfOgJW1Fabie1qKSftMQj9Um\nnSk8oDN/pFlhIcWOUs2CZBL+aso8Frd2kXtkoYoSGzFvhE95i2cMAZ57MW+vTXri\nv/1nozv0svcCrEKcSCcNrvy51rFUh8RsfcrW5Xf0\n-----END CERTIFICATE-----\n', ...} pysaml2> args = {'best_effort': False, 'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjI1MTkzNjMxWhcNMzQxMjIzMTkzNjMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAz69frF07UZCHkhbgi1H3FGpxFxYbwTrD1iWWhtTWJ9RP3wJOMoI/lAs0\nJORpKeWe5AV9JpuLCKzCW7bH7JJqG20acxQEB9dT/PumY8a/L0WK6iO1VF59iK30\nCnV0nK7griNVkA1xSaDHYX8xp0ZEycGclH5BLx0sXXsi8W00nSsBthaQ7Qb26pQz\nEGtxZBBHAejBFkOl6x/kilQkC5t7XYnhbtn5n+TCDdmQiY56Cx/o5ogaxqPUFEwe\nLJfdVjuXYjGIZseUgtHcN1UY8R24xehwEJS5JkfPles4upHA6VfyPmgIzl5tm4hU\n9y5QigSdrFcxxEBbVlb7fyY8r7ow/wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAByb\nQY95zOmbLRUNT9c1CJl/pHr4jGTG6Jpv3dpE2gFJ3c9xwzr6aFloGpSOeCtAhuue\nAhIcl8WqJFwC9p2mc9q+4gpmLylfjIvaHSYk1DlDZsw9VW3pcICLINqCdM19PsLw\np08h1/FyeMA4tt/x51Y35KKOGZUbJyft+wYMm8ec\n-----END CERTIFICATE-----\n', ...} pysaml2> param_defaults = {'best_effort': False, 'encrypt_assertion': False, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': None, ...} pysaml2> param = 'encrypt_cert_assertion', val_default = None pysaml2> val_kw = '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjI1MTkzNjMxWhcNMzQxMjIzMTkzNjMxWjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEA/M4X5DkGHFB4zEBmAdQ6ve70ISfDh4GEWTmhRrp32APEfTWiV3tYzACS\nRN8axHIULYHxKcJorAtPf8NdPeYJIB20PoIwkC/9P7RRdJIDssSQSDS2tv0cPoXQ\nY4/q8X9olgXY241eMb+jUUqA+rPhZdt8GkbNXJPp5AoCi4jEHdxP9Ij/32Zm2PwN\n+mjb4nDOpzHBXpLe4JssWKxNkHpH97vvw9hEHUwqViDmE6mhgEVOvAz1SrtDvlTj\nIBZ0ywTr9m1qpBFdtjTKpaPhgHSU8KSqFG9Ly20000jDQVSj2tj+quaExx4/8C65\nanj5DHRSRtBAlRdcERQXv//iUbHvGwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBALqh\n5E3GKePM//lgIO5DLln/S/LpoLwQBFZQh+WPxxKrAfOgJW1Fabie1qKSftMQj9Um\nnSk8oDN/pFlhIcWOUs2CZBL+aso8Frd2kXtkoYoSGzFvhE95i2cMAZ57MW+vTXri\nv/1nozv0svcCrEKcSCcNrvy51rFUh8RsfcrW5Xf0\n-----END CERTIFICATE-----\n' pysaml2> val_config = None, arg = 'encrypted_advice_attributes' pysaml2> pysaml2> def gather_authn_response_args(self, sp_entity_id, name_id_policy, userid, **kwargs): pysaml2> kwargs["policy"] = kwargs.get("release_policy") pysaml2> pysaml2> # collect args and return them pysaml2> args = {} pysaml2> pysaml2> # XXX will be passed to _authn_response pysaml2> param_defaults = { pysaml2> "policy": None, pysaml2> "best_effort": False, pysaml2> "sign_assertion": False, pysaml2> "sign_response": False, pysaml2> "encrypt_assertion": False, pysaml2> "encrypt_assertion_self_contained": True, pysaml2> "encrypted_advice_attributes": False, pysaml2> "encrypt_cert_advice": None, pysaml2> "encrypt_cert_assertion": None, pysaml2> # need to be named sign_alg and digest_alg pysaml2> } pysaml2> for param, val_default in param_defaults.items(): pysaml2> val_kw = kwargs.get(param) pysaml2> val_config = self.config.getattr(param, "idp") pysaml2> args[param] = val_kw if val_kw is not None else val_config if val_config is not None else val_default pysaml2> pysaml2> for arg, attr, eca, pefim in [ pysaml2> ("encrypted_advice_attributes", "verify_encrypt_cert_advice", "encrypt_cert_advice", kwargs["pefim"]), pysaml2> ("encrypt_assertion", "verify_encrypt_cert_assertion", "encrypt_cert_assertion", False), pysaml2> ]: pysaml2> pysaml2> if args[arg] or pefim: pysaml2> _enc_cert = self.config.getattr(attr, "idp") pysaml2> pysaml2> if _enc_cert is not None: pysaml2> if kwargs[eca] is None: pysaml2> raise CertificateError( pysaml2> "No SPCertEncType certificate for encryption " "contained in authentication " "request." pysaml2> ) pysaml2> if not _enc_cert(kwargs[eca]): pysaml2> > raise CertificateError("Invalid certificate for encryption!") pysaml2> E saml2.cert.CertificateError: Invalid certificate for encryption! pysaml2> pysaml2> /nix/store/ad02k9isi75v6rjmmsxxcy6279z91pf0-python3.12-pysaml2-7.5.0/lib/python3.12/site-packages/saml2/server.py:737: CertificateError pysaml2> _______________ TestServer1NonAsciiAva.test_encrypted_response_6 _______________ pysaml2> pysaml2> self = pysaml2> pysaml2> def test_encrypted_response_6(self): pysaml2> _server = Server("idp_conf_verify_cert") pysaml2> pysaml2> cert_str_advice, cert_key_str_advice = generate_cert() pysaml2> pysaml2> cert_str_assertion, cert_key_str_assertion = generate_cert() pysaml2> pysaml2> > _resp = _server.create_authn_response( pysaml2> self.ava, pysaml2> "id12", # in_response_to pysaml2> "http://lingon.catalogix.se:8087/", # consumer_url pysaml2> "urn:mace:example.com:saml:roland:sp", # sp_entity_id pysaml2> name_id=self.name_id, pysaml2> sign_response=False, pysaml2> sign_assertion=False, pysaml2> encrypt_assertion=True, pysaml2> encrypt_assertion_self_contained=True, pysaml2> pefim=True, pysaml2> encrypt_cert_advice=cert_str_advice, pysaml2> encrypt_cert_assertion=cert_str_assertion, pysaml2> ) pysaml2> pysaml2> tests/test_50_server.py:1987: pysaml2> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ pysaml2> /nix/store/ad02k9isi75v6rjmmsxxcy6279z91pf0-python3.12-pysaml2-7.5.0/lib/python3.12/site-packages/saml2/server.py:833: in create_authn_response pysaml2> args = self.gather_authn_response_args( pysaml2> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ pysaml2> pysaml2> self = pysaml2> sp_entity_id = 'urn:mace:example.com:saml:roland:sp', name_id_policy = None pysaml2> userid = None pysaml2> kwargs = {'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjI1MTkzNjM0WhcNMzQxMjIzMTkzNjM0WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAsaGJlp9GSAfh6yVXlk/rW8oFILMK+cnyqZm+5GrC4RIa6jM+ZXWV1eiy\n3MG8zatiaDNEBHLcg3sIrXpNKMMbCFMbVwuLVg9xe47BLVuxohgJg6gGWCKTui4S\nljbBrIMU8xHBO/XjFWvvwf93YuNdvGB7G2ES9Uj1MH1U/qTCKpFJl+tLooKP0KqV\nJKNr42dtOh0dCpaLcg6AWHhCukGqItAxYEBJMBoGkGskOXlbJcmIyrb6LNXSBb5l\nLdusUBnwOhxjUqXnhf13S2IMcirXY9HVTLOIltErob6Ho7tKAlAtUUXFLKt9LyTN\nOKrrWytw8n10FYV/+p0RBHk+tfZkvwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAKiA\n89PM+CH8tZJvMds7Dvcb53ca36oqcE2Er2BRzgut/aZQ8gatOWs+GHuLPeZV8/yu\ncNnM4dGgOS289bDszi/eN+G0CYh4z71IHkYpn1DKNG3nYAdcBw4nq/1qqUKCa4eg\nQzDor5Q7/WLj3cAPR+/C5A/5sAKCm4QziyUCxvdk\n-----END CERTIFICATE-----\n', 'encrypt_cert_assertion': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjI1MTkzNjM1WhcNMzQxMjIzMTkzNjM1WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAxpQ+QVI/6q0kIBtCceqdNkqaJ5RgOMn7nmf40hDgKBP231d0hmb2NgV7\nFig8pyaYI42MFfe7bma0X/FCMWhha157+cbPhQU+vmt096JMNBZPyWc6ILng9RRQ\nke+kM6vWc9zNb4hFrAe8B2WBhRwwgfreY1WX4Rp0xSCGepvyqQImS0V2bESH2u1A\n3dtaiKWVyT7ucs531wLDiRfOXWPhkwgk+2qS1qY7wJb6W8AV0UaA0FXZ0zJOXkUW\nw1+hBOTWp2lW8GdKE23UgVxCqSnUjVOSQ8yKIXrurHjL90FFhJyQSKkMLxX3zNba\nLfxfwt+Q9KOZAjdo2KvxIow0bbZHswIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJuP\nzFNartqAJQ/iy6H1ABpfN6Neu5g0GXIF+TfikSM5w/3RKzHXhyPBK0ZdcducHqGL\nU+k2rpvUea9mmOpS6vHp73xyh1R6eaJh5IBL3qWKQOtStAHFP/LPnE+YaHbfkhnx\n/QnxhycvvpoXeOz76KNbUUBNtyRibFVBiR98B6La\n-----END CERTIFICATE-----\n', ...} pysaml2> args = {'best_effort': False, 'encrypt_assertion': True, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjI1MTkzNjM0WhcNMzQxMjIzMTkzNjM0WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAsaGJlp9GSAfh6yVXlk/rW8oFILMK+cnyqZm+5GrC4RIa6jM+ZXWV1eiy\n3MG8zatiaDNEBHLcg3sIrXpNKMMbCFMbVwuLVg9xe47BLVuxohgJg6gGWCKTui4S\nljbBrIMU8xHBO/XjFWvvwf93YuNdvGB7G2ES9Uj1MH1U/qTCKpFJl+tLooKP0KqV\nJKNr42dtOh0dCpaLcg6AWHhCukGqItAxYEBJMBoGkGskOXlbJcmIyrb6LNXSBb5l\nLdusUBnwOhxjUqXnhf13S2IMcirXY9HVTLOIltErob6Ho7tKAlAtUUXFLKt9LyTN\nOKrrWytw8n10FYV/+p0RBHk+tfZkvwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAKiA\n89PM+CH8tZJvMds7Dvcb53ca36oqcE2Er2BRzgut/aZQ8gatOWs+GHuLPeZV8/yu\ncNnM4dGgOS289bDszi/eN+G0CYh4z71IHkYpn1DKNG3nYAdcBw4nq/1qqUKCa4eg\nQzDor5Q7/WLj3cAPR+/C5A/5sAKCm4QziyUCxvdk\n-----END CERTIFICATE-----\n', ...} pysaml2> param_defaults = {'best_effort': False, 'encrypt_assertion': False, 'encrypt_assertion_self_contained': True, 'encrypt_cert_advice': None, ...} pysaml2> param = 'encrypt_cert_assertion', val_default = None pysaml2> val_kw = '-----BEGIN CERTIFICATE-----\nMIICujCCAiMCAQEwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCc2UxCzAJBgNV\nBAgMAmFjMQ0wCwYDVQQHDAR1bWVhMRwwGgYDVQQKDBNJVFMgVW1lYSBVbml2ZXJz\naXR5MQ0wCwYDVQQLDARESVJHMRUwEwYDVQQDDAxsb2NhbGhvc3QuY2EwHhcNMjQx\nMjI1MTkzNjM1WhcNMzQxMjIzMTkzNjM1WjBaMQswCQYDVQQGEwJzZTELMAkGA1UE\nCAwCYWMxDTALBgNVBAcMBFVtZWExDDAKBgNVBAoMA0lUUzENMAsGA1UECwwERElS\nRzESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAxpQ+QVI/6q0kIBtCceqdNkqaJ5RgOMn7nmf40hDgKBP231d0hmb2NgV7\nFig8pyaYI42MFfe7bma0X/FCMWhha157+cbPhQU+vmt096JMNBZPyWc6ILng9RRQ\nke+kM6vWc9zNb4hFrAe8B2WBhRwwgfreY1WX4Rp0xSCGepvyqQImS0V2bESH2u1A\n3dtaiKWVyT7ucs531wLDiRfOXWPhkwgk+2qS1qY7wJb6W8AV0UaA0FXZ0zJOXkUW\nw1+hBOTWp2lW8GdKE23UgVxCqSnUjVOSQ8yKIXrurHjL90FFhJyQSKkMLxX3zNba\nLfxfwt+Q9KOZAjdo2KvxIow0bbZHswIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAJuP\nzFNartqAJQ/iy6H1ABpfN6Neu5g0GXIF+TfikSM5w/3RKzHXhyPBK0ZdcducHqGL\nU+k2rpvUea9mmOpS6vHp73xyh1R6eaJh5IBL3qWKQOtStAHFP/LPnE+YaHbfkhnx\n/QnxhycvvpoXeOz76KNbUUBNtyRibFVBiR98B6La\n-----END CERTIFICATE-----\n' pysaml2> val_config = None, arg = 'encrypted_advice_attributes' pysaml2> pysaml2> def gather_authn_response_args(self, sp_entity_id, name_id_policy, userid, **kwargs): pysaml2> kwargs["policy"] = kwargs.get("release_policy") pysaml2> pysaml2> # collect args and return them pysaml2> args = {} pysaml2> pysaml2> # XXX will be passed to _authn_response pysaml2> param_defaults = { pysaml2> "policy": None, pysaml2> "best_effort": False, pysaml2> "sign_assertion": False, pysaml2> "sign_response": False, pysaml2> "encrypt_assertion": False, pysaml2> "encrypt_assertion_self_contained": True, pysaml2> "encrypted_advice_attributes": False, pysaml2> "encrypt_cert_advice": None, pysaml2> "encrypt_cert_assertion": None, pysaml2> # need to be named sign_alg and digest_alg pysaml2> } pysaml2> for param, val_default in param_defaults.items(): pysaml2> val_kw = kwargs.get(param) pysaml2> val_config = self.config.getattr(param, "idp") pysaml2> args[param] = val_kw if val_kw is not None else val_config if val_config is not None else val_default pysaml2> pysaml2> for arg, attr, eca, pefim in [ pysaml2> ("encrypted_advice_attributes", "verify_encrypt_cert_advice", "encrypt_cert_advice", kwargs["pefim"]), pysaml2> ("encrypt_assertion", "verify_encrypt_cert_assertion", "encrypt_cert_assertion", False), pysaml2> ]: pysaml2> pysaml2> if args[arg] or pefim: pysaml2> _enc_cert = self.config.getattr(attr, "idp") pysaml2> pysaml2> if _enc_cert is not None: pysaml2> if kwargs[eca] is None: pysaml2> raise CertificateError( pysaml2> "No SPCertEncType certificate for encryption " "contained in authentication " "request." pysaml2> ) pysaml2> if not _enc_cert(kwargs[eca]): pysaml2> > raise CertificateError("Invalid certificate for encryption!") pysaml2> E saml2.cert.CertificateError: Invalid certificate for encryption! pysaml2> pysaml2> /nix/store/ad02k9isi75v6rjmmsxxcy6279z91pf0-python3.12-pysaml2-7.5.0/lib/python3.12/site-packages/saml2/server.py:737: CertificateError pysaml2> ______________ TestGenerateCertificates.test_validate_cert_chains ______________ pysaml2> pysaml2> self = pysaml2> pysaml2> def test_validate_cert_chains(self): pysaml2> pysaml2> cert_info_ca = { pysaml2> "cn": "qwerty", pysaml2> "country_code": "qw", pysaml2> "state": "qwerty", pysaml2> "city": "qwerty", pysaml2> "organization": "qwerty", pysaml2> "organization_unit": "qwerty", pysaml2> } pysaml2> pysaml2> cert_intermediate_1_info = { pysaml2> "cn": "intermediate_1", pysaml2> "country_code": "as", pysaml2> "state": "asdfgh", pysaml2> "city": "asdfgh", pysaml2> "organization": "asdfgh", pysaml2> "organization_unit": "asdfg", pysaml2> } pysaml2> pysaml2> cert_intermediate_2_info = { pysaml2> "cn": "intermediate_2", pysaml2> "country_code": "as", pysaml2> "state": "asdfgh", pysaml2> "city": "asdfgh", pysaml2> "organization": "asdfgh", pysaml2> "organization_unit": "asdfg", pysaml2> } pysaml2> pysaml2> cert_client_cert_info = { pysaml2> "cn": "intermediate_1", pysaml2> "country_code": "as", pysaml2> "state": "asdfgh", pysaml2> "city": "asdfgh", pysaml2> "organization": "asdfgh", pysaml2> "organization_unit": "asdfg", pysaml2> } pysaml2> pysaml2> osw = OpenSSLWrapper() pysaml2> pysaml2> ca_cert_str, ca_key_str = osw.create_certificate(cert_info_ca, request=False) pysaml2> pysaml2> req_cert_str, intermediate_1_key_str = osw.create_certificate(cert_intermediate_1_info, request=True) pysaml2> intermediate_cert_1_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str) pysaml2> pysaml2> req_cert_str, intermediate_2_key_str = osw.create_certificate(cert_intermediate_2_info, request=True) pysaml2> intermediate_cert_2_str = osw.create_cert_signed_certificate( pysaml2> intermediate_cert_1_str, intermediate_1_key_str, req_cert_str pysaml2> ) pysaml2> pysaml2> req_cert_str, client_key_str = osw.create_certificate(cert_client_cert_info, request=True) pysaml2> client_cert_str = osw.create_cert_signed_certificate( pysaml2> intermediate_cert_2_str, intermediate_2_key_str, req_cert_str pysaml2> ) pysaml2> pysaml2> cert_chain = [intermediate_cert_2_str, intermediate_cert_1_str, ca_cert_str] pysaml2> pysaml2> valid, mess = osw.verify_chain(cert_chain, client_cert_str) pysaml2> > self.assertTrue(valid) pysaml2> E AssertionError: False is not true pysaml2> pysaml2> tests/test_81_certificates.py:131: AssertionError pysaml2> ____________ TestGenerateCertificates.test_validate_with_root_cert _____________ pysaml2> pysaml2> self = pysaml2> pysaml2> def test_validate_with_root_cert(self): pysaml2> pysaml2> cert_info_ca = { pysaml2> "cn": "qwerty", pysaml2> "country_code": "qw", pysaml2> "state": "qwerty", pysaml2> "city": "qwerty", pysaml2> "organization": "qwerty", pysaml2> "organization_unit": "qwerty", pysaml2> } pysaml2> pysaml2> cert_info = { pysaml2> "cn": "asdfgh", pysaml2> "country_code": "as", pysaml2> "state": "asdfgh", pysaml2> "city": "asdfgh", pysaml2> "organization": "asdfgh", pysaml2> "organization_unit": "asdfg", pysaml2> } pysaml2> pysaml2> osw = OpenSSLWrapper() pysaml2> pysaml2> ca_cert, ca_key = osw.create_certificate( pysaml2> cert_info_ca, pysaml2> request=False, pysaml2> write_to_file=True, pysaml2> cert_dir=f"{os.path.dirname(os.path.abspath(__file__))}/pki", pysaml2> ) pysaml2> pysaml2> req_cert_str, req_key_str = osw.create_certificate(cert_info, request=True) pysaml2> pysaml2> ca_cert_str = osw.read_str_from_file(ca_cert) pysaml2> ca_key_str = osw.read_str_from_file(ca_key) pysaml2> pysaml2> cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str) pysaml2> pysaml2> valid, mess = osw.verify(ca_cert_str, cert_str) pysaml2> > self.assertTrue(valid) pysaml2> E AssertionError: False is not true pysaml2> pysaml2> tests/test_81_certificates.py:50: AssertionErrorPossible Solution
Steps to Reproduce
The text was updated successfully, but these errors were encountered: