Metadata-Version: 2.1
Name: esteid-certificates
Version: 1.0.2
Summary: Certificates for Estonian e-identity services
Home-page: https://github.com/thorgate/esteid-certificates
Author: Thorgate
Author-email: info@thorgate.eu
License: ISC
Keywords: esteid asice xades smartid smart-id mobiilid mobileid mobile-id idcard
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Description-Content-Type: text/markdown
License-File: LICENCE.md

# esteid-certificates

[![Coverage Status](https://coveralls.io/repos/github/thorgate/esteid-certificates/badge.svg?branch=main)](https://coveralls.io/github/thorgate/esteid-certificates?branch=main)

This library contains certificates for Estonian electronic identity services and a couple of functions
that facilitate usage.

The library covers the following use cases:
* embedding the root certificate of the Estonian Certification centre into an XML signature structure prior to signing; 
* obtaining OCSP confirmation of the signer's certificate after signing: the OCSP request
  must contain an issuer certificate that corresponds to the issuer's common name
  as included in the signer's certificate.

## API

Get a certificate by issuer's common name:
```python
from esteid_certificates import get_certificate_file_name, get_certificate
# path to PEM certificate file
assert get_certificate_file_name("EID-SK 2016").endswith(".pem")
# the certificate as bytes
assert get_certificate("EID-SK 2016").startswith(b"-----BEGIN CERTIFICATE-----")
```

Get the root certificate:
```python
from esteid_certificates import get_root_ca_file_name, get_root_certificate
# path to PEM certificate file
assert get_root_ca_file_name().endswith(".pem")
# the certificate as bytes
assert get_root_certificate().startswith(b"-----BEGIN CERTIFICATE-----")
```

Get the TEST root certificate:
```python
from esteid_certificates import get_root_ca_file_name, get_root_certificate
# path to PEM certificate file
assert get_root_ca_file_name(test=True).endswith(".pem")
# the certificate as bytes
assert get_root_certificate(test=True).startswith(b"-----BEGIN CERTIFICATE-----")
```

The certificates can be loaded using e.g. the `oscrypto` library:
```python
from oscrypto.asymmetric import load_certificate
cert = load_certificate(get_certificate("EID-SK 2016"))
assert cert.asn1.native['tbs_certificate']['subject']['common_name'] == 'EID-SK 2016'
```

## Certificates

The certificates were downloaded from [the certificate page](https://www.skidsolutions.eu/repositoorium/sk-sertifikaadid/).

The included certificates are copyright to their issuing parties: 

* [SK ID Solutions AS](https://www.skidsolutions.eu/repositoorium/)

and are redistributed for the sole purpose of convenience of use.

## Updating

See the [update script](autoupdate/README.md) for how to update the certificates.
