Test that certificate with non-matching SAN URI is rejected

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-11-26 14:35:44 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-11-26 14:35:44 +0100
commit: 8b164273f39228b56ad475d257d4c6311d7c18cf (patch)
tree: ec5bbbc0c0df8afe8b2315f7a2470487d014bc3b /security-utils
parent: 3488082ed378f300c40328891e0ce8dcdd8c4475 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
index 4440b964096..6fa7207cb9c 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
@@ -111,6 +111,8 @@ public class PeerAuthorizerTest {
         assertAuthorized(result);
         assertThat(result.assumedRoles()).extracting(Role::name).containsOnly(ROLE_1);
         assertThat(result.matchedPolicies()).containsOnly(POLICY_1);
+
+        assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/uri"))));
     }
 
     private static X509Certificate createCertificate(String subjectCn, List<String> sanDns, List<String> sanUri) {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-11-26 14:35:44 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-11-26 14:35:44 +0100
commit	8b164273f39228b56ad475d257d4c6311d7c18cf (patch)
tree	ec5bbbc0c0df8afe8b2315f7a2470487d014bc3b /security-utils
parent	3488082ed378f300c40328891e0ce8dcdd8c4475 (diff)