diff --git a/test/http/mutual_tls.cpp b/test/http/mutual_tls.cpp
index e77315a..e89a3cf 100644
--- a/test/http/mutual_tls.cpp
+++ b/test/http/mutual_tls.cpp
@@ -2,14 +2,19 @@
 // SPDX-FileCopyrightText: Copyright OpenBMC Authors
 #include "mutual_tls.hpp"
 
+#include "mutual_tls_private.hpp"
 #include "sessions.hpp"
 
+#include <cstring>
+#include <string>
+
 extern "C"
 {
 #include <openssl/asn1.h>
 #include <openssl/ec.h>
 #include <openssl/evp.h>
 #include <openssl/obj_mac.h>
+#include <openssl/objects.h>
 #include <openssl/types.h>
 #include <openssl/x509.h>
 #include <openssl/x509_vfy.h>
@@ -170,4 +175,169 @@
         verifyMtlsUser(ip, ctx);
     ASSERT_THAT(session, IsNull());
 }
+
+TEST(GetCommonNameFromCert, EmptyCommonName)
+{
+    OSSLX509 x509;
+    std::string commonName = getCommonNameFromCert(x509.get());
+    EXPECT_THAT(commonName, "");
+}
+
+TEST(GetCommonNameFromCert, ValidCommonName)
+{
+    OSSLX509 x509;
+    x509.setSubjectName();
+    std::string commonName = getCommonNameFromCert(x509.get());
+    EXPECT_THAT(commonName, "user");
+}
+
+TEST(GetUPNFromCert, EmptySubjectAlternativeName)
+{
+    OSSLX509 x509;
+    std::string upn = getUPNFromCert(x509.get(), "");
+    EXPECT_THAT(upn, "");
+}
+
+TEST(GetUPNFromCert, NonOthernameSubjectAlternativeName)
+{
+    OSSLX509 x509;
+
+    ASN1_IA5STRING* ia5 = ASN1_IA5STRING_new();
+    ASSERT_THAT(ia5, NotNull());
+
+    const char* user = "user@domain.com";
+    ASSERT_NE(ASN1_STRING_set(ia5, user, static_cast<int>(strlen(user))), 0);
+
+    GENERAL_NAMES* gens = sk_GENERAL_NAME_new_null();
+    ASSERT_THAT(gens, NotNull());
+
+    GENERAL_NAME* gen = GENERAL_NAME_new();
+    ASSERT_THAT(gen, NotNull());
+
+    GENERAL_NAME_set0_value(gen, GEN_EMAIL, ia5);
+    ASSERT_EQ(sk_GENERAL_NAME_push(gens, gen), 1);
+
+    ASSERT_EQ(X509_add1_ext_i2d(x509.get(), NID_subject_alt_name, gens, 0, 0),
+              1);
+
+    std::string upn = getUPNFromCert(x509.get(), "hostname.domain.com");
+    EXPECT_THAT(upn, "");
+
+    GENERAL_NAME_free(gen);
+    sk_GENERAL_NAME_free(gens);
+}
+
+TEST(GetUPNFromCert, NonUPNSubjectAlternativeName)
+{
+    OSSLX509 x509;
+
+    GENERAL_NAMES* gens = sk_GENERAL_NAME_new_null();
+    ASSERT_THAT(gens, NotNull());
+
+    GENERAL_NAME* gen = GENERAL_NAME_new();
+    ASSERT_THAT(gen, NotNull());
+
+    ASN1_OBJECT* othType = OBJ_nid2obj(NID_SRVName);
+
+    ASN1_TYPE* value = ASN1_TYPE_new();
+    ASSERT_THAT(value, NotNull());
+    value->type = V_ASN1_UTF8STRING;
+
+    // NOLINTBEGIN(cppcoreguidelines-pro-type-union-access)
+    value->value.utf8string = ASN1_UTF8STRING_new();
+    ASSERT_THAT(value->value.utf8string, NotNull());
+    const char* user = "user@domain.com";
+    ASN1_STRING_set(value->value.utf8string, user,
+                    static_cast<int>(strlen(user)));
+    // NOLINTEND(cppcoreguidelines-pro-type-union-access)
+
+    ASSERT_EQ(GENERAL_NAME_set0_othername(gen, othType, value), 1);
+    ASSERT_EQ(sk_GENERAL_NAME_push(gens, gen), 1);
+    ASSERT_EQ(X509_add1_ext_i2d(x509.get(), NID_subject_alt_name, gens, 0, 0),
+              1);
+
+    std::string upn = getUPNFromCert(x509.get(), "hostname.domain.com");
+    EXPECT_THAT(upn, "");
+
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+}
+
+TEST(GetUPNFromCert, NonUTF8UPNSubjectAlternativeName)
+{
+    OSSLX509 x509;
+
+    GENERAL_NAMES* gens = sk_GENERAL_NAME_new_null();
+    ASSERT_THAT(gens, NotNull());
+
+    GENERAL_NAME* gen = GENERAL_NAME_new();
+    ASSERT_THAT(gen, NotNull());
+
+    ASN1_OBJECT* othType = OBJ_nid2obj(NID_ms_upn);
+
+    ASN1_TYPE* value = ASN1_TYPE_new();
+    ASSERT_THAT(value, NotNull());
+    value->type = V_ASN1_OCTET_STRING;
+
+    // NOLINTBEGIN(cppcoreguidelines-pro-type-union-access)
+    value->value.octet_string = ASN1_OCTET_STRING_new();
+    ASSERT_THAT(value->value.octet_string, NotNull());
+    const char* user = "0123456789";
+    ASN1_STRING_set(value->value.octet_string, user,
+                    static_cast<int>(strlen(user)));
+    // NOLINTEND(cppcoreguidelines-pro-type-union-access)
+
+    ASSERT_EQ(GENERAL_NAME_set0_othername(gen, othType, value), 1);
+    ASSERT_EQ(sk_GENERAL_NAME_push(gens, gen), 1);
+    ASSERT_EQ(X509_add1_ext_i2d(x509.get(), NID_subject_alt_name, gens, 0, 0),
+              1);
+
+    std::string upn = getUPNFromCert(x509.get(), "hostname.domain.com");
+    EXPECT_THAT(upn, "");
+
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+}
+
+TEST(GetUPNFromCert, ValidUPN)
+{
+    OSSLX509 x509;
+
+    GENERAL_NAMES* gens = sk_GENERAL_NAME_new_null();
+    ASSERT_THAT(gens, NotNull());
+
+    GENERAL_NAME* gen = GENERAL_NAME_new();
+    ASSERT_THAT(gen, NotNull());
+
+    ASN1_OBJECT* othType = OBJ_nid2obj(NID_ms_upn);
+
+    ASN1_TYPE* value = ASN1_TYPE_new();
+    ASSERT_THAT(value, NotNull());
+    value->type = V_ASN1_UTF8STRING;
+
+    // NOLINTBEGIN(cppcoreguidelines-pro-type-union-access)
+    value->value.utf8string = ASN1_UTF8STRING_new();
+    ASSERT_THAT(value->value.utf8string, NotNull());
+    const char* user = "user@domain.com";
+    ASN1_STRING_set(value->value.utf8string, user,
+                    static_cast<int>(strlen(user)));
+    // NOLINTEND(cppcoreguidelines-pro-type-union-access)
+
+    ASSERT_EQ(GENERAL_NAME_set0_othername(gen, othType, value), 1);
+    ASSERT_EQ(sk_GENERAL_NAME_push(gens, gen), 1);
+    ASSERT_EQ(X509_add1_ext_i2d(x509.get(), NID_subject_alt_name, gens, 0, 0),
+              1);
+
+    std::string upn = getUPNFromCert(x509.get(), "hostname.domain.com");
+    EXPECT_THAT(upn, "user");
+
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+}
+
+TEST(IsUPNMatch, MultipleCases)
+{
+    EXPECT_FALSE(isUPNMatch("user", "hostname.domain.com"));
+    EXPECT_TRUE(isUPNMatch("user@domain.com", "hostname.domain.com"));
+    EXPECT_FALSE(isUPNMatch("user@domain.com", "hostname.domain.org"));
+    EXPECT_FALSE(isUPNMatch("user@region.com", "hostname.domain.com"));
+    EXPECT_TRUE(isUPNMatch("user@com", "hostname.region.domain.com"));
+}
 } // namespace
diff --git a/test/include/sessions_test.cpp b/test/include/sessions_test.cpp
new file mode 100644
index 0000000..2840ee9
--- /dev/null
+++ b/test/include/sessions_test.cpp
@@ -0,0 +1,45 @@
+#include "sessions.hpp"
+
+#include <nlohmann/json.hpp>
+
+#include <gtest/gtest.h>
+
+namespace
+{
+TEST(AuthConfigMethods, FromJsonHappyPath)
+{
+    persistent_data::AuthConfigMethods methods;
+
+    nlohmann::json jsonValue = nlohmann::json::parse(
+        R"({"BasicAuth":true,"Cookie":true,"SessionToken":true,"TLS":true,"MTLSCommonNameParseMode":2,"TLSStrict":false,"XToken":true})");
+    methods.fromJson(jsonValue);
+
+    EXPECT_EQ(methods.basic, true);
+    EXPECT_EQ(methods.cookie, true);
+    EXPECT_EQ(methods.sessionToken, true);
+    EXPECT_EQ(methods.tls, true);
+    EXPECT_EQ(methods.tlsStrict, false);
+    EXPECT_EQ(methods.xtoken, true);
+    EXPECT_EQ(methods.mTLSCommonNameParsingMode,
+              static_cast<persistent_data::MTLSCommonNameParseMode>(2));
+}
+
+TEST(AuthConfigMethods, FromJsonMTLSCommonNameParseModeOutOfRange)
+{
+    persistent_data::AuthConfigMethods methods;
+    persistent_data::MTLSCommonNameParseMode prevValue =
+        methods.mTLSCommonNameParsingMode;
+
+    nlohmann::json jsonValue = nlohmann::json::parse(
+        R"({"BasicAuth":true,"Cookie":true,"SessionToken":true,"TLS":true,"MTLSCommonNameParseMode":4,"TLSStrict":false,"XToken":true})");
+    methods.fromJson(jsonValue);
+
+    EXPECT_EQ(methods.basic, true);
+    EXPECT_EQ(methods.cookie, true);
+    EXPECT_EQ(methods.sessionToken, true);
+    EXPECT_EQ(methods.tls, true);
+    EXPECT_EQ(methods.tlsStrict, false);
+    EXPECT_EQ(methods.xtoken, true);
+    EXPECT_EQ(methods.mTLSCommonNameParsingMode, prevValue);
+}
+} // namespace