in pkg/tasks/container/identity.go [53:113]
func (t *IdentityTask) Run(ctx context.Context) error {
// Check arguments
if types.IsNil(t.OutputWriter) {
return errors.New("unable to run task with a nil outputWriter provider")
}
if types.IsNil(t.Transformer) {
return errors.New("unable to run task with a nil transformer")
}
if t.Description == "" {
return fmt.Errorf("description must not be blank")
}
// Select appropriate strategy.
var generator identity.PrivateKeyGeneratorFunc
if fips.Enabled() {
generator = key.P384
} else {
switch t.Version {
case LegacyIdentity:
generator = key.Legacy
case ModernIdentity:
generator = key.Ed25519
case NISTIdentity:
generator = key.P384
default:
return fmt.Errorf("invalid or unsupported identity version '%d'", t.Version)
}
}
// Create identity
id, payload, err := identity.New(rand.Reader, t.Description, generator)
if err != nil {
return fmt.Errorf("unable to create a new identity: %w", err)
}
// Encrypt the private key.
identityPrivate, err := t.Transformer.To(ctx, payload)
if err != nil {
return fmt.Errorf("unable to encrypt the private identity key: %w", err)
}
// Assign private key
id.Private = &identity.PrivateKey{
Content: base64.RawURLEncoding.EncodeToString(identityPrivate),
}
// Retrieve output writer
writer, err := t.OutputWriter(ctx)
if err != nil {
return fmt.Errorf("unable to retrieve output writer handle: %w", err)
}
// Create identity output
if err := json.NewEncoder(writer).Encode(id); err != nil {
return fmt.Errorf("unable to serialize final identity: %w", err)
}
// No error
return nil
}