[mtls] add provider_anonymous

diff --git a/mtls/provider_anonymous.go b/mtls/provider_anonymous.go
new file mode 100644 (file)
index 0000000..0a0ea57
--- /dev/null
+++ b/mtls/provider_anonymous.go
@@ -0,0 +1,62 @@
+package mtls
+
+import (
+       "context"
+       "crypto"
+       "crypto/tls"
+       "crypto/x509"
+)
+
+type anonymousIdentity struct{}
+
+var _ Identity = &anonymousIdentity{}
+
+func (a *anonymousIdentity) Class() PrincipalClass {
+       return AnonymousPrincipal
+}
+
+func (a *anonymousIdentity) Name() string {
+       return "anonymous"
+}
+
+func (a *anonymousIdentity) Equals(other Identity) bool {
+       return a.Class() == other.Class() && a.Name() == other.Name()
+}
+
+func (a *anonymousIdentity) IsValid() bool {
+       return true
+}
+
+func (a *anonymousIdentity) RootCertificate() (*x509.Certificate, error) {
+       return nil, nil
+}
+
+func (a *anonymousIdentity) IntermediateCertificates() ([]*x509.Certificate, error) {
+       return nil, nil
+}
+
+func (a *anonymousIdentity) LeafCertificate() (*x509.Certificate, error) {
+       return nil, nil
+}
+
+func (a *anonymousIdentity) PrivateKey() (crypto.PrivateKey, error) {
+       return nil, nil
+}
+
+func (a *anonymousIdentity) NewDialContextFunc() DialContextFunc {
+       return newDialContextFunc(a)
+}
+
+func (a *anonymousIdentity) newTlsCertificate() (*tls.Certificate, error) {
+       return nil, nil
+}
+
+func (a *anonymousIdentity) TlsConfig(ctx context.Context) (*tls.Config, error) {
+       vo, err := newMTLSVerifyOpts()
+       if err != nil {
+               return nil, err
+       }
+       return &tls.Config{
+               RootCAs: vo.Roots.Clone(),
+       }, nil
+}