This library contains certificates for Estonian electronic identity services and a couple of functions that facilitate usage.
The library covers the following use cases:
- embedding the root certificate of the Estonian Certification centre into an XML signature structure prior to signing;
- obtaining OCSP confirmation of the signer's certificate after signing: the OCSP request must contain an issuer certificate that corresponds to the issuer's common name as included in the signer's certificate.
Get a certificate by issuer's common name:
from esteid_certificates import get_certificate_file_path
# path to PEM certificate file
path = get_certificate_file_name("ESTEID2018")
# the certificate as bytes
with path.open("rb") as f:
assert f.read().startswith(b"-----BEGIN CERTIFICATE-----")Get the root certificates (also works for test certificates):
from esteid_certificates import get_root_ca_files
for path in get_root_ca_files(test=False):
with path.open("rb") as f:
assert f.read().startswith(b"-----BEGIN CERTIFICATE-----")The certificates can be loaded using e.g. the oscrypto library:
from oscrypto.asymmetric import load_certificate
from esteid_certificates import get_certificate
cert = load_certificate(get_certificate("ESTEID2018"))
assert cert.asn1.native['tbs_certificate']['subject']['common_name'] == 'ESTEID2018'The certificates were downloaded from the certificate page.
The included certificates are copyright to their issuing parties:
and are redistributed for the sole purpose of convenience of use.
See the update script for how to update the certificates.