Support glob pattern for URIs with '/' as boundary

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2021-12-02 16:56:34 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2021-12-02 16:56:34 +0100
commit: 959bf31ebc57a18bd60209279278cd86e1779905 (patch)
tree: 1773cb6b08af01d897c83f9508732f2ca2bdef3e /security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
parent: 482a30d82ab06a8f8ddfbc1d3e1222daa0b3389f (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
index 518ec08d38e..fdfed781286 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
@@ -102,17 +102,17 @@ public class PeerAuthorizerTest {
     }
 
     @Test
-    public void can_exact_match_policy_with_san_uri_pattern() {
+    public void can_match_policy_with_san_uri_pattern() {
         RequiredPeerCredential cnRequirement = createRequiredCredential(CN, "*.matching.cn");
-        RequiredPeerCredential sanUriRequirement = createRequiredCredential(SAN_URI, "myscheme://my/exact/uri");
+        RequiredPeerCredential sanUriRequirement = createRequiredCredential(SAN_URI, "myscheme://my/*/uri");
         PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, createRoles(ROLE_1), cnRequirement, sanUriRequirement));
 
-        AuthorizationResult result = authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.irrelevant.san"), singletonList("myscheme://my/exact/uri")));
+        AuthorizationResult result = authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.irrelevant.san"), singletonList("myscheme://my/matching/uri")));
         assertAuthorized(result);
         assertThat(result.assumedRoles()).extracting(Role::name).containsOnly(ROLE_1);
         assertThat(result.matchedPolicies()).containsOnly(POLICY_1);
 
-        assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/uri"))));
+        assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/url"))));
     }
 
     private static X509Certificate createCertificate(String subjectCn, List<String> sanDns, List<String> sanUri) {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2021-12-02 16:56:34 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2021-12-02 16:56:34 +0100
commit	959bf31ebc57a18bd60209279278cd86e1779905 (patch)
tree	1773cb6b08af01d897c83f9508732f2ca2bdef3e /security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
parent	482a30d82ab06a8f8ddfbc1d3e1222daa0b3389f (diff)