Without query as part of pkcs11_uri keyname is always None

[peter-]

Commit 50074db (or something around it) broke signing for me since I'm not setting an (optional) query string at the end of the pkcs11 URI, like so:

DEBUG:root:parsed pkcs11 uri: ParseResult(scheme='pkcs11', netloc='', path='/usr/lib64/libeToken.so/someLabel', params='', query='', fragment='')

Now if and elif both fall through and keyname remains unset:

qs = o.query
if qs: 
    keyname = keyqs
elif '?' in keyqs:
    (keyname, sep, qss) = keyqs.rpartition('?')
    qs = qss

Before:
DEBUG:root:returning /usr/lib64/libeToken.so 0 someLabel {}
Now:
DEBUG:root:returning /usr/lib64/libeToken.so 0 None {}
Causing:
XMLSigException: No such key: pkcs11:///usr/lib64/libeToken.so/someLabel

Setting any query string at the end of the pkcs11uri, e.g. pkcs11:///usr/lib64/libeToken.so/someLabel?foo=bar works around this.
Also re-adding

    else:
        keyname = keyqs

after line 53 in xmlsec/pk11.py fixes this for me.

[leifj]

Good catch. The commit did change the URL parser to change other issues related to python urllib. Just pushed a fix for this. Thx!