diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-12-02 16:56:34 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-12-02 16:56:34 +0100 |
commit | 959bf31ebc57a18bd60209279278cd86e1779905 (patch) | |
tree | 1773cb6b08af01d897c83f9508732f2ca2bdef3e /security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java | |
parent | 482a30d82ab06a8f8ddfbc1d3e1222daa0b3389f (diff) |
Support glob pattern for URIs with '/' as boundary
Diffstat (limited to 'security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java')
-rw-r--r-- | security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java index 518ec08d38e..fdfed781286 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java @@ -102,17 +102,17 @@ public class PeerAuthorizerTest { } @Test - public void can_exact_match_policy_with_san_uri_pattern() { + public void can_match_policy_with_san_uri_pattern() { RequiredPeerCredential cnRequirement = createRequiredCredential(CN, "*.matching.cn"); - RequiredPeerCredential sanUriRequirement = createRequiredCredential(SAN_URI, "myscheme://my/exact/uri"); + RequiredPeerCredential sanUriRequirement = createRequiredCredential(SAN_URI, "myscheme://my/*/uri"); PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, createRoles(ROLE_1), cnRequirement, sanUriRequirement)); - AuthorizationResult result = authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.irrelevant.san"), singletonList("myscheme://my/exact/uri"))); + AuthorizationResult result = authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.irrelevant.san"), singletonList("myscheme://my/matching/uri"))); assertAuthorized(result); assertThat(result.assumedRoles()).extracting(Role::name).containsOnly(ROLE_1); assertThat(result.matchedPolicies()).containsOnly(POLICY_1); - assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/uri")))); + assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/url")))); } private static X509Certificate createCertificate(String subjectCn, List<String> sanDns, List<String> sanUri) { |