apache · massakam · Dec 8, 2023 · Dec 7, 2023
diff --git a/index.d.ts b/index.d.ts
@@ -186,7 +186,7 @@ export class AuthenticationTls {
 }
 
 export class AuthenticationAthenz {
-  constructor(params: string | AthenzConfig);
+  constructor(params: string | AthenzConfig | AthenzX509Config);
 }
 
 export interface AthenzConfig {
@@ -198,9 +198,22 @@ export interface AthenzConfig {
   keyId?: string;
   principalHeader?: string;
   roleHeader?: string;
+  caCert?: string;
+  /**
+   * @deprecated
+   */
   tokenExpirationTime?: string;
 }
 
+export class AthenzX509Config {
+  providerDomain: string;
+  privateKey: string;
+  x509CertChain: string;
+  ztsUrl: string;
+  roleHeader?: string;
+  caCert?: string;
+}
+
 export class AuthenticationToken {
   constructor(params: { token: string });
 }

diff --git a/tstest.ts b/tstest.ts
@@ -37,6 +37,16 @@ import Pulsar = require('./index');
     principalHeader: 'Athenz-Principal-Auth',
     roleHeader: 'Athenz-Role-Auth',
     tokenExpirationTime: '3600',
+    caCert: 'file:///path/to/cacert.pem',
+  });
+
+  const authAthenz3: Pulsar.AuthenticationAthenz = new Pulsar.AuthenticationAthenz({
+    providerDomain: 'athenz.provider.domain',
+    privateKey: 'file:///path/to/private.key',
+    ztsUrl: 'https://localhost:8443',
+    roleHeader: 'Athenz-Role-Auth',
+    x509CertChain: 'file:///path/to/x509cert.pem',
+    caCert: 'file:///path/to/cacert.pem',
   });
 
   const authOauth2PrivateKey: Pulsar.AuthenticationOauth2 = new Pulsar.AuthenticationOauth2({