Egothor/ZeroEcho
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects 1 Releases 2 Wiki Activity

Add a conformance test matrix for X.509 issuance, PoP, revocation, and status generation #17

New Issue
Open
opened 2026-03-24 18:08:22 +01:00 by galambos · 0 comments
galambos commented 2026-03-24 18:08:22 +01:00
Owner
Copy Link

Now that the core PMD baseline is clean and current tests pass, the next step should be a more explicit conformance matrix focused on PKI behavior rather than only implementation correctness. This should cover:

  • CSR parsing,
  • proof-of-possession verification,
  • end-entity issuance,
  • intermediate issuance,
  • revocation,
  • CRL generation,
  • timeout/failure behavior of delegated signing.

Why this matters

For a regulated PKI foundation, “tests pass” is not enough; the system should also prove that its externally visible behavior is stable and consistent across supported scenarios and providers.

Acceptance criteria

  • Introduce scenario-oriented JUnit suites for key PKI flows.
  • Print routine names and relevant intermediate outputs according to your existing test-output policy.
  • Cover both successful and negative cases.
  • Add regression cases for every issue fixed from this backlog.
Now that the core PMD baseline is clean and current tests pass, the next step should be a more explicit conformance matrix focused on PKI behavior rather than only implementation correctness. This should cover: - CSR parsing, - proof-of-possession verification, - end-entity issuance, - intermediate issuance, - revocation, - CRL generation, - timeout/failure behavior of delegated signing. ## Why this matters For a regulated PKI foundation, “tests pass” is not enough; the system should also prove that its externally visible behavior is stable and consistent across supported scenarios and providers. ## Acceptance criteria - Introduce scenario-oriented JUnit suites for key PKI flows. - Print routine names and relevant intermediate outputs according to your existing test-output policy. - Cover both successful and negative cases. - Add regression cases for every issue fixed from this backlog.
galambos added this to the PKI Foundation Hardening and Regulated Operations Roadmap project 2026-03-24 18:56:06 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project PKI Foundation Hardening and Regulated Operations Roadmap
Assignees
Clear assignees
galambos gitea-ci
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Egothor/ZeroEcho#17
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?