Egothor/ZeroEcho
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects 1 Releases 2 Wiki Activity

Wire CredentialFrameworkProvider into PkiBootstrap without implementation-specific dependencies #3

New Issue
Open
opened 2026-03-24 17:56:03 +01:00 by galambos · 0 comments
galambos commented 2026-03-24 17:56:03 +01:00
Owner
Copy Link

The PKI bootstrap layer should be extended so that CredentialFrameworkProvider is selected and allocated through the same SPI-driven mechanism already used for store, audit, signature workflow, and async bus components. The current X.509 framework provider is a real ServiceLoader provider, but it currently exposes no supported keys and allocates only a default BcX509CredentialFramework instance. This confirms that framework SPI exists, but its runtime composition path is not yet complete.

Why this matters

For a PKI foundation intended for highly regulated environments, bootstrap composition must remain deterministic, auditable, and independent of concrete implementation classes. The bootstrap must not directly instantiate BC-specific framework classes.

Acceptance criteria

  • PkiBootstrap can open the credential framework via SPI.
  • No direct bootstrap dependency on zeroecho.pki.impl.framework.x509.bc.*.
  • Provider selection is deterministic and fail-fast on ambiguity.
  • Configuration keys are validated and logged only by name, not by value.
  • JavaDoc and package JavaDoc reflect the final wiring model.
The PKI bootstrap layer should be extended so that CredentialFrameworkProvider is selected and allocated through the same SPI-driven mechanism already used for store, audit, signature workflow, and async bus components. The current X.509 framework provider is a real ServiceLoader provider, but it currently exposes no supported keys and allocates only a default BcX509CredentialFramework instance. This confirms that framework SPI exists, but its runtime composition path is not yet complete. ## Why this matters For a PKI foundation intended for highly regulated environments, bootstrap composition must remain deterministic, auditable, and independent of concrete implementation classes. The bootstrap must not directly instantiate BC-specific framework classes. ## Acceptance criteria - PkiBootstrap can open the credential framework via SPI. - No direct bootstrap dependency on zeroecho.pki.impl.framework.x509.bc.*. - Provider selection is deterministic and fail-fast on ambiguity. - Configuration keys are validated and logged only by name, not by value. - JavaDoc and package JavaDoc reflect the final wiring model.
galambos added this to the PKI Foundation Hardening and Regulated Operations Roadmap project 2026-03-24 18:56:06 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project PKI Foundation Hardening and Regulated Operations Roadmap
Assignees
Clear assignees
galambos gitea-ci
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Egothor/ZeroEcho#3
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?