file.sign.swisscom_ais
======================

.. py:module:: file.sign.swisscom_ais


Classes
-------

.. autoapisummary::

   file.sign.swisscom_ais.SwisscomAIS


Module Contents
---------------

.. py:class:: SwisscomAIS(customer: str, key_static: str, cert_file: str, cert_key: str)

   Bases: :py:obj:`onegov.file.sign.generic.SigningService`


   Sign PDFs using Swisscom's All-In Signing Service. 


   .. py:attribute:: customer


   .. py:attribute:: client


   .. py:method:: sign(infile: _typeshed.SupportsRead[bytes], outfile: _typeshed.SupportsWrite[bytes]) -> str

      Signs the input file and writes it to the given output file.

      Arguments
      =========

      If the input-file exists on disk, its ``file.name`` attribute points
      to an existing path.

      Sublcasses may add extra parameters to this signing function, though
      it is expected that they all have a default value set.

      So it is okay to do this::

          def sign(self, infile, outfile, foo)

      But it would be better to do thiss::

          def sign(self, infile, outfile, foo='bar')

      Return Value
      ============

      The sign function *must* return a unique request id for each signed
      file. This function should be composed of the service name and a
      unique identifier. For example: 'my_service/0b86854'. Using this
      identifier it should be possible to query the signing service backend
      for more information (in case we ever need to investigate).

      It is up to the signing service to know what should be part of this
      unique identifer. The only thing that can't be part of the identifer
      are secrets.