From 8b164273f39228b56ad475d257d4c6311d7c18cf Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Thu, 26 Nov 2020 14:35:44 +0100
Subject: Test that certificate with non-matching SAN URI is rejected

---
 .../src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java  | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'security-utils/src')

diff --git a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
index 4440b964096..6fa7207cb9c 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java
@@ -111,6 +111,8 @@ public class PeerAuthorizerTest {
         assertAuthorized(result);
         assertThat(result.assumedRoles()).extracting(Role::name).containsOnly(ROLE_1);
         assertThat(result.matchedPolicies()).containsOnly(POLICY_1);
+
+        assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/uri"))));
     }
 
     private static X509Certificate createCertificate(String subjectCn, List<String> sanDns, List<String> sanUri) {
-- 
cgit v1.2.3