From: Dan Fuhry <dan@fuhry.com>
Date: Thu, 6 Nov 2025 12:05:27 +0000 (-0500)
Subject: [mtls] add provider_anonymous
X-Git-Url: https://go.fuhry.dev/?a=commitdiff_plain;h=56ace5ce283fdfa1acb121f85db45e8872c89c8e;p=runtime.git

[mtls] add provider_anonymous
---

diff --git a/mtls/provider_anonymous.go b/mtls/provider_anonymous.go
new file mode 100644
index 0000000..0a0ea57
--- /dev/null
+++ b/mtls/provider_anonymous.go
@@ -0,0 +1,62 @@
+package mtls
+
+import (
+	"context"
+	"crypto"
+	"crypto/tls"
+	"crypto/x509"
+)
+
+type anonymousIdentity struct{}
+
+var _ Identity = &anonymousIdentity{}
+
+func (a *anonymousIdentity) Class() PrincipalClass {
+	return AnonymousPrincipal
+}
+
+func (a *anonymousIdentity) Name() string {
+	return "anonymous"
+}
+
+func (a *anonymousIdentity) Equals(other Identity) bool {
+	return a.Class() == other.Class() && a.Name() == other.Name()
+}
+
+func (a *anonymousIdentity) IsValid() bool {
+	return true
+}
+
+func (a *anonymousIdentity) RootCertificate() (*x509.Certificate, error) {
+	return nil, nil
+}
+
+func (a *anonymousIdentity) IntermediateCertificates() ([]*x509.Certificate, error) {
+	return nil, nil
+}
+
+func (a *anonymousIdentity) LeafCertificate() (*x509.Certificate, error) {
+	return nil, nil
+}
+
+func (a *anonymousIdentity) PrivateKey() (crypto.PrivateKey, error) {
+	return nil, nil
+}
+
+func (a *anonymousIdentity) NewDialContextFunc() DialContextFunc {
+	return newDialContextFunc(a)
+}
+
+func (a *anonymousIdentity) newTlsCertificate() (*tls.Certificate, error) {
+	return nil, nil
+}
+
+func (a *anonymousIdentity) TlsConfig(ctx context.Context) (*tls.Config, error) {
+	vo, err := newMTLSVerifyOpts()
+	if err != nil {
+		return nil, err
+	}
+	return &tls.Config{
+		RootCAs: vo.Roots.Clone(),
+	}, nil
+}