Egothor/ZeroEcho
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects 1 Releases 2 Wiki Activity

Clarify and fix workflow-state cleanup semantics on signing timeout #10

New Issue
Open
opened 2026-03-24 18:02:54 +01:00 by galambos · 0 comments
galambos commented 2026-03-24 18:02:54 +01:00
Owner
Copy Link

Review cleanup semantics in the synchronous-to-async signing bridges. In PkiBusContentSigner and the similar content signer embedded in DefaultCaService, workflow state is deleted on explicit success and explicit failure, but not on timeout; on timeout the code throws "Signing did not complete before TTL" and leaves state behind.

Why this matters

For regulated PKI operation, timeout handling must be intentional and documented. Persisted workflow state left behind on timeout may be either correct evidence or unintended residue; the design must say which one it is.

Acceptance criteria

  • Decide whether timeout should preserve workflow state for forensics/re-attach or clean it up immediately.
  • Implement the chosen behavior consistently across all content signer adapters.
  • Document the final contract in JavaDoc.
  • Add tests covering success, explicit failure, and timeout behavior.
Review cleanup semantics in the synchronous-to-async signing bridges. In PkiBusContentSigner and the similar content signer embedded in DefaultCaService, workflow state is deleted on explicit success and explicit failure, but not on timeout; on timeout the code throws "Signing did not complete before TTL" and leaves state behind. ## Why this matters For regulated PKI operation, timeout handling must be intentional and documented. Persisted workflow state left behind on timeout may be either correct evidence or unintended residue; the design must say which one it is. ## Acceptance criteria - Decide whether timeout should preserve workflow state for forensics/re-attach or clean it up immediately. - Implement the chosen behavior consistently across all content signer adapters. - Document the final contract in JavaDoc. - Add tests covering success, explicit failure, and timeout behavior.
galambos added this to the PKI Foundation Hardening and Regulated Operations Roadmap project 2026-03-24 18:56:06 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project PKI Foundation Hardening and Regulated Operations Roadmap
Assignees
Clear assignees
galambos gitea-ci
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Egothor/ZeroEcho#10
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?