Today's anonymous submission isn't really a WTF, but it highlights the hardest problem in computer science: naming things.
For example, let's say you saw a method called handleRSAPrivateKeyGeneration. You'd likely assume that it generates an RSA private key. More specifically, it accepts a request for a private key and handles that request. It's right there in the name.
public String handleRSAPrivateKeyGeneration(
@RequestParam(value = "algorithm", defaultValue = "EC") KeyAlgorithm algorithm,…
)
Except this function accepts an algorithm as a parameter. That's not bad design; it makes sense to inject implementations like that. Though in this case, it looks like it's injecting a key that can be used to look up the actual implementation, which I like less, but I don't know the rest of the implementation, so we can let it slide.
So there's no WTF here. It's a badly named function that may not return an RSA key, but does return a valid cryptographic key. By default it generates an elliptic curve key. Presumably as an armored key, since it returns a String- and the armor usually supplies enough of a hint that consumers can infer the key type. Our submitter tells us that this function is part of a Java Spring controller, and returns a string because the result is displayed in a web page.
No WTF, but it does highlight how sometimes being too specific with your name can make the name less clear. handlePrivateKeyGeneration would be a better name, since we don't know exactly what kind of private key it's generating.
Names, as always, remain hard.