Egothor/ZeroEcho
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
28 Commits 3 Branches 2 Tags
impl-pki
Commit Graph

5 Commits

Author SHA1 Message Date
Leo Galambos
adfa0b4b51 feat: add universal AsyncBus infrastructure 
Introduce a generic asynchronous bus used for internal PKI workflows,
with resilient sweep support and symmetric primitive/wrapper type
compatibility for dispatch handling.

Signed-off-by: Leo Galambos <lg@hq.egothor.org>
 2026-01-02 22:28:53 +01:00
Leo Galambos
d2ec77b8e3 feat: introduce SignatureWorkflow SPI and zeroecho-lib implementation 
- add SignatureWorkflow SPI for asynchronous sign/verify operations
- define audit-friendly, exception-free failure model
- introduce stable OperationStatus, State and OperationResult semantics
- document trust boundaries, lifecycle, and audit constraints in SPI
  JavaDoc
- add ZeroEchoLibSignatureWorkflow backed by KeyringStore and ZeroEcho
  lib
- enforce opaque KeyRef handling and provider-local parsing
- add deterministic detail codes and UNKNOWN_OPERATION handling
- integrate workflow provider into ServiceLoader bootstrap
- align PkiBootstrap logging and defaults with crypto workflow SPI
- add comprehensive JUnit tests for validation and status semantics

Signed-off-by: Leo Galambos <lg@hq.egothor.org>
 2025-12-29 22:41:11 +01:00
Leo Galambos
0346c5b30f feat: refactor SPI/bootstrap to generic configurable providers 
- Introduce a universal ConfigurableProvider/ProviderConfig abstraction
  for ServiceLoader-based components and align PKI bootstrapping
  utilities with it.
- Document deterministic provider selection, property-based
  configuration conventions, and security requirements (never log config
  values), including package-level documentation for spi, spi.store and
  spi.bootstrap.

fix: harden audit runtime, fix gzip scanning, add bounds and docs

- Fix FileAuditSink concatenated gzip scan by shielding underlying
  stream
- Use JUnit @TempDir for filesystem-backed tests
- Bound InMemoryAuditSink with deterministic ring buffer
- Add ServiceLoader smoke test and expand DefaultAuditService coverage
- Improve JavaDoc and logging across audit implementation

feat: add deterministic tests for PkiBootstrap with real SPI providers

- add JUnit 5 test suite for PkiBootstrap
- cover SPI selection for filesystem PkiStore and audit sinks
- use @TempDir for filesystem-backed providers
- register test ServiceLoader providers under src/test/resources
- ensure deterministic bootstrap behavior via system properties

Signed-off-by: Leo Galambos <lg@hq.egothor.org>
 2025-12-29 02:09:07 +01:00
Leo Galambos
cab1eeefe7 feat: add filesystem-based PkiStore reference implementation 
Introduce a deterministic filesystem-backed PkiStore implementation
under zeroecho.pki.impl.fs.

Key characteristics:
- write-once semantics for immutable objects with explicit failure on
  overwrite
- history tracking for mutable records with full audit trail
- atomic writes using NIO (temp + move) with best-effort durability
- strict snapshot export supporting time-travel reconstruction
- configurable history retention (ON_WRITE policy)
- no secrets logged; JUL-only diagnostics for anomalies

Includes comprehensive JUnit 5 tests validating:
- write-once enforcement
- history creation and overwrite semantics
- strict snapshot export (failure and positive selection cases)
- deterministic on-disk layout and structure

This implementation is intentionally non-public and serves as a
reference and validation baseline for future persistence backends.

Signed-off-by: Leo Galambos <lg@hq.egothor.org>
 2025-12-28 01:15:46 +01:00
Leo Galambos
7673e7d82f feat: PKI module core design 
Signed-off-by: Leo Galambos <lg@hq.egothor.org>
 2025-12-27 21:38:32 +01:00