chrony/test/system/010-nts - chrony - Git at Google

 #!/usr/bin/env bash

 . ./test.common

 check_chronyd_features NTS || test_skip "NTS support disabled"
 certtool --help &> /dev/null || test_skip "certtool missing"

 test_start "NTS authentication"

 cat > $TEST_DIR/cert.cfg <<EOF
 cn = "chrony-nts-test"
 dns_name = "chrony-nts-test"
 ip_address = "$server"
 serial = 001
 activation_date = "$[$(date '+%Y') - 1]-01-01 00:00:00 UTC"
 expiration_date = "$[$(date '+%Y') + 2]-01-01 00:00:00 UTC"
 signing_key
 encryption_key
 EOF

 certtool --generate-privkey --key-type=ed25519 --outfile $TEST_DIR/server.key \
 	&> $TEST_DIR/certtool.log
 certtool --generate-self-signed --load-privkey $TEST_DIR/server.key \
 	--template $TEST_DIR/cert.cfg --outfile $TEST_DIR/server.crt &>> $TEST_DIR/certtool.log
 chown $user $TEST_DIR/server.*

 ntpport=$(get_free_port)
 ntsport=$(get_free_port)

 server_options="port $ntpport nts ntsport $ntsport"
 extra_chronyd_directives="
 port $ntpport
 ntsport $ntsport
 ntsserverkey $TEST_DIR/server.key
 ntsservercert $TEST_DIR/server.crt
 ntstrustedcerts $TEST_DIR/server.crt
 ntsdumpdir $TEST_LIBDIR
 ntsprocesses 3"

 start_chronyd || test_fail
 wait_for_sync || test_fail

 run_chronyc "authdata" || test_fail
 check_chronyc_output "^Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
 =========================================================================
 127\.0\.0\.1                    NTS     1   15  256    [0-9]    0    0    [78]  100$" || test_fail

 stop_chronyd || test_fail
 check_chronyd_messages || test_fail
 check_chronyd_files || test_fail

 server_options="port $ntpport nts ntsport $((ntsport + 1))"

 start_chronyd || test_fail
 wait_for_sync || test_fail

 run_chronyc "authdata" || test_fail
 check_chronyc_output "^Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
 =========================================================================
 127\.0\.0\.1                    NTS     1   15  256    [0-9]    0    0    [78]  100$" || test_fail

 stop_chronyd || test_fail
 check_chronyd_messages || test_fail
 check_chronyd_files || test_fail

 test_pass
	#!/usr/bin/env bash

	. ./test.common

	check_chronyd_features NTS \|\| test_skip "NTS support disabled"
	certtool --help &> /dev/null \|\| test_skip "certtool missing"

	test_start "NTS authentication"

	cat > $TEST_DIR/cert.cfg <<EOF
	cn = "chrony-nts-test"
	dns_name = "chrony-nts-test"
	ip_address = "$server"
	serial = 001
	activation_date = "$[$(date '+%Y') - 1]-01-01 00:00:00 UTC"
	expiration_date = "$[$(date '+%Y') + 2]-01-01 00:00:00 UTC"
	signing_key
	encryption_key
	EOF

	certtool --generate-privkey --key-type=ed25519 --outfile $TEST_DIR/server.key \
	&> $TEST_DIR/certtool.log
	certtool --generate-self-signed --load-privkey $TEST_DIR/server.key \
	--template $TEST_DIR/cert.cfg --outfile $TEST_DIR/server.crt &>> $TEST_DIR/certtool.log
	chown $user $TEST_DIR/server.*

	ntpport=$(get_free_port)
	ntsport=$(get_free_port)

	server_options="port $ntpport nts ntsport $ntsport"
	extra_chronyd_directives="
	port $ntpport
	ntsport $ntsport
	ntsserverkey $TEST_DIR/server.key
	ntsservercert $TEST_DIR/server.crt
	ntstrustedcerts $TEST_DIR/server.crt
	ntsdumpdir $TEST_LIBDIR
	ntsprocesses 3"

	start_chronyd \|\| test_fail
	wait_for_sync \|\| test_fail

	run_chronyc "authdata" \|\| test_fail
	check_chronyc_output "^Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen
	=========================================================================
	127\.0\.0\.1 NTS 1 15 256 [0-9] 0 0 [78] 100$" \|\| test_fail

	stop_chronyd \|\| test_fail
	check_chronyd_messages \|\| test_fail
	check_chronyd_files \|\| test_fail

	server_options="port $ntpport nts ntsport $((ntsport + 1))"

	start_chronyd \|\| test_fail
	wait_for_sync \|\| test_fail

	run_chronyc "authdata" \|\| test_fail
	check_chronyc_output "^Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen
	=========================================================================
	127\.0\.0\.1 NTS 1 15 256 [0-9] 0 0 [78] 100$" \|\| test_fail

	stop_chronyd \|\| test_fail
	check_chronyd_messages \|\| test_fail
	check_chronyd_files \|\| test_fail

	test_pass