fix(core): stop corrupted state from permanently breaking SSL and wallet loading

CertificatePinStore.Load threw on a corrupted pin file, blocking every SSL
connection until the user manually deleted it; EncryptedFile.IsEncrypted
threw on valid JSON with a non-object root or invalid UTF-16 instead of
returning false. Both now degrade gracefully. Found by property-based tests
while extending the test suite.
This commit is contained in:
2026-07-02 23:19:43 +02:00
parent eb7ec9e835
commit 27231c8eec
2 changed files with 24 additions and 5 deletions
+15 -4
View File
@@ -58,10 +58,21 @@ public sealed class CertificatePinStore(string filePath)
}
}
private Dictionary<string, string> Load() =>
File.Exists(filePath)
? JsonSerializer.Deserialize<Dictionary<string, string>>(File.ReadAllText(filePath)) ?? []
: [];
private Dictionary<string, string> Load()
{
if (!File.Exists(filePath))
return [];
try
{
return JsonSerializer.Deserialize<Dictionary<string, string>>(File.ReadAllText(filePath)) ?? [];
}
catch (JsonException)
{
// A corrupt pin file must not make every SSL connection fail forever:
// fall back to first-contact TOFU (same trust level as the bootstrap).
return [];
}
}
private void Save(Dictionary<string, string> pins)
{