Egothor/ZeroEcho
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects 1 Releases 2 Wiki Activity

Refactor and harden WorkflowProofOfPossessionVerifier #9

New Issue
Open
opened 2026-03-24 18:02:22 +01:00 by galambos · 0 comments
galambos commented 2026-03-24 18:02:22 +01:00
Owner
Copy Link

Refactor WorkflowProofOfPossessionVerifier.verify(...) into smaller helpers and correct its exception handling. The current code path for CSR parsing catches a generic Exception, and the earlier refactor discussion already showed that IOException handling must be preserved explicitly rather than lost during cleanup.

Why this matters

Proof-of-possession verification is security-critical. It must be explicit, easy to audit, and robust against malformed CSR input without relying on broad exception handling.

Acceptance criteria

  • Reduce cyclomatic complexity of verify(...).
  • Remove generic catch branches where specific failure handling is sufficient.
  • Preserve correct handling of CSR parsing/encoding failures, including IOException.
  • Keep behavior deterministic and well documented.
  • Add focused JUnit tests for malformed CSR cases and unsupported algorithms.
Refactor WorkflowProofOfPossessionVerifier.verify(...) into smaller helpers and correct its exception handling. The current code path for CSR parsing catches a generic Exception, and the earlier refactor discussion already showed that IOException handling must be preserved explicitly rather than lost during cleanup. ## Why this matters Proof-of-possession verification is security-critical. It must be explicit, easy to audit, and robust against malformed CSR input without relying on broad exception handling. ## Acceptance criteria - Reduce cyclomatic complexity of verify(...). - Remove generic catch branches where specific failure handling is sufficient. - Preserve correct handling of CSR parsing/encoding failures, including IOException. - Keep behavior deterministic and well documented. - Add focused JUnit tests for malformed CSR cases and unsupported algorithms.
galambos added this to the PKI Foundation Hardening and Regulated Operations Roadmap project 2026-03-24 18:56:06 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project PKI Foundation Hardening and Regulated Operations Roadmap
Assignees
Clear assignees
galambos gitea-ci
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Egothor/ZeroEcho#9
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?