diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-11-26 14:35:44 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-11-26 14:35:44 +0100 |
commit | 8b164273f39228b56ad475d257d4c6311d7c18cf (patch) | |
tree | ec5bbbc0c0df8afe8b2315f7a2470487d014bc3b /security-utils | |
parent | 3488082ed378f300c40328891e0ce8dcdd8c4475 (diff) |
Test that certificate with non-matching SAN URI is rejected
Diffstat (limited to 'security-utils')
-rw-r--r-- | security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java index 4440b964096..6fa7207cb9c 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java @@ -111,6 +111,8 @@ public class PeerAuthorizerTest { assertAuthorized(result); assertThat(result.assumedRoles()).extracting(Role::name).containsOnly(ROLE_1); assertThat(result.matchedPolicies()).containsOnly(POLICY_1); + + assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/uri")))); } private static X509Certificate createCertificate(String subjectCn, List<String> sanDns, List<String> sanUri) { |