service.rb in authlete-1.0.6

- old
+ new

@@ -355,14 +355,28 @@
       attr_accessor :userInfoSignatureKeyId
       alias_method  :user_info_signature_key_id,  :userInfoSignatureKeyId
       alias_method  :user_info_signature_key_id=, :userInfoSignatureKeyId=
 
       # The flag that indicates whether the service offers sender authenticated MTLS bound
-      # access tokens.
+      # access tokens. (Boolean)
       attr_accessor :mutualTlsSenderConstrainedAccessTokens
       alias_method  :mutual_tls_sender_constrained_access_tokens, :mutualTlsSenderConstrainedAccessTokens
       alias_method  :mutual_tls_sender_constrained_access_tokens=, :mutualTlsSenderConstrainedAccessTokens=
+      
+      # The flag that indicates whether the service will validate the PKI certificate chain
+      # for MTLS based authentication. (Boolean)
+      attr_accessor :mutualTlsValidatePkiCertChain
+      alias_method  :mutual_tls_validate_pki_cert_chain,  :mutualTlsValidatePkiCertChain
+      alias_method  :mutual_tls_validate_pki_cert_chain=, :mutualTlsValidatePkiCertChain=
+      
+      
+      # The list of trusted root certificates, used when the service validates client
+      # certificate paths. (String array)
+      attr_accessor :trustedRootCertificates
+      alias_method  :trusted_root_certificates,  :trustedRootCertificates
+      alias_method  :trusted_root_certificates=, :trustedRootCertificates=
+      
 
       private
 
       # Integer attributes.
       INTEGER_ATTRIBUTES = ::Set.new([
@@ -375,11 +389,11 @@
         :clientIdAliasEnabled, :directAuthorizationEndpointEnabled,
         :directIntrospectionEndpointEnabled, :directJwksEndpointEnabled,
         :directRevocationEndpointEnabled, :directTokenEndpointEnabled,
         :directUserInfoEndpointEnabled, :errorDescriptionOmitted, :errorUriOmitted,
         :pkceRequired, :refreshTokenKept, :singleAccessTokenPerSubject,
-        :mutualTlsSenderConstrainedAccessTokens
+        :mutualTlsSenderConstrainedAccessTokens, :mutualTlsValidatePkiCertChain
       ])
 
       # String attributes.
       STRING_ATTRIBUTES = ::Set.new([
         :accessTokenType, :apiSecret, :authenticationCallbackApiKey,
@@ -394,11 +408,12 @@
       # String array attributes.
       STRING_ARRAY_ATTRIBUTES = ::Set.new([
         :supportedAcrs, :supportedClaimLocales, :supportedClaims,
         :supportedClaimTypes, :supportedDeveloperSnses, :supportedDisplays,
         :supportedGrantTypes, :supportedResponseTypes, :supportedServiceProfiles,
-        :supportedSnses, :supportedTokenAuthMethods, :supportedUiLocales
+        :supportedSnses, :supportedTokenAuthMethods, :supportedUiLocales,
+        :trustedRootCertificates
       ])
 
       # SNS credentials array attributes.
       SNS_CREDENTIALS_ARRAY_ATTRIBUTES = ::Set.new([
         :snsCredentials, :developerSnsCredentials
@@ -459,10 +474,12 @@
         :supported_ui_locales                         => :supportedUiLocales,
         :token_endpoint                               => :tokenEndpoint,
         :tos_uri                                      => :tosUri,
         :user_info_endpoint                           => :userInfoEndpoint,
         :user_info_signature_key_id                   => :userInfoSignatureKeyId,
-        :mutual_tls_sender_constrained_access_tokens  => :mutualTlsSenderConstrainedAccessTokens
+        :mutual_tls_sender_constrained_access_tokens  => :mutualTlsSenderConstrainedAccessTokens,
+        :mutual_tls_validate_pki_cert_chain           => :mutualTlsValidatePkiCertChain,
+        :trusted_root_certificates                    => :trustedRootCertificates
       }
 
       # The constructor
       def initialize(hash = nil)
         # Set default values to integer attributes.
\ No newline at end of file