Base class for protocol classes.


A generic interface for various file signing services.

Module Contents

class file.sign.generic.SupportsReadAndHasName[source]

Bases: _typeshed.SupportsRead[bytes], Protocol

Base class for protocol classes.

Protocol classes are defined as:

class Proto(Protocol):
    def meth(self) -> int:

Such classes are primarily used with static type checkers that recognize structural subtyping (static duck-typing).

For example:

class C:
    def meth(self) -> int:
        return 0

def func(x: Proto) -> int:
    return x.meth()

func(C())  # Passes static type check

See PEP 544 for details. Protocol classes decorated with @typing.runtime_checkable act as simple-minded runtime protocols that check only the presence of given attributes, ignoring their type signatures. Protocol classes can be generic, they are defined as:

class GenProto(Protocol[T]):
    def meth(self) -> T:
property name: str[source]
class file.sign.generic.SigningService(**parameters: Any)[source]

A generic interface for various file signing services.

registry: ClassVar[dict[str, type[SigningService]]][source]
service_name: ClassVar[str][source]
classmethod __init_subclass__(service_name: str, **kwargs: Any)[source]
static for_config(config: onegov.file.types.SigningServiceConfig) SigningService[source]

Spawns a service instance using the given config.

abstract sign(infile: SupportsRead[bytes], outfile: SupportsWrite[bytes]) str[source]

Signs the input file and writes it to the given output file.


If the input-file exists on disk, its attribute points to an existing path.

Sublcasses may add extra parameters to this signing function, though it is expected that they all have a default value set.

So it is okay to do this:

def sign(self, infile, outfile, foo)

But it would be better to do thiss:

def sign(self, infile, outfile, foo='bar')

Return Value

The sign function must return a unique request id for each signed file. This function should be composed of the service name and a unique identifier. For example: ‘my_service/0b86854’. Using this identifier it should be possible to query the signing service backend for more information (in case we ever need to investigate).

It is up to the signing service to know what should be part of this unique identifer. The only thing that can’t be part of the identifer are secrets.

materialise(file: SupportsRead[bytes]) Iterator[SupportsReadAndHasName][source]

Takes the given file-like object and ensures that it exists somewhere on the disk during the lifetime of the context.