#!/usr/bin/env bash

. ./test.common

test_start "NTP authentication"

server_conf="keyfile tmp/server.keys"
client_conf="keyfile tmp/client.keys"

cat > tmp/server.keys <<-EOF
1 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
2 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
3 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
EOF

cat > tmp/client.keys <<-EOF
1 k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
2 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
3 MD5 ASCII:k]<j.Jtw^Oo;z5E>n\_0-x=)yP\f<)Z^
4 MD5 HEX:6B5D3C6A2E4A74775E4F6F3B7A35453E6E5C5F302D783D2979505C663C295A5E
EOF

keys=4

types="MD5"
check_config_h 'FEAT_SECHASH 1' && types="$types SHA1 SHA256 SHA384 SHA512"
check_config_h 'HAVE_CMAC 1' && types="$types AES128 AES256"

for type in $types; do
	keys=$[$keys + 1]
	case $type in
		AES128)	length=16;;
		AES256)	length=32;;
		*)	length=$[$RANDOM % 32 + 1];;
	esac

	key=$(echo $keys $type HEX:$(tr -c -d '0-9A-F' < /dev/urandom 2> /dev/null | \
		head -c $[$length * 2]))
	echo "$key" >> tmp/server.keys
	echo "$key" >> tmp/client.keys
done

for version in 3 4; do
	for key in $(seq $keys); do
		client_server_options="version $version key $key"
		run_test || test_fail
		check_chronyd_exit || test_fail
		check_source_selection || test_fail
		check_packet_interval || test_fail
		check_sync || test_fail
	done
done

server_conf=""

run_test || test_fail
check_chronyd_exit || test_fail
# This check must fail as the server doesn't know the key
check_sync && test_fail
check_packet_interval || test_fail

server_conf="keyfile tmp/server.keys"
client_conf=""

run_test || test_fail
check_chronyd_exit || test_fail
# This check must fail as the client doesn't know the key
check_sync && test_fail
check_packet_interval || test_fail

client_conf="keyfile tmp/client.keys"
clients=2
peers=2
max_sync_time=500
base_delay="$default_base_delay (* -1 (equal 0.1 from 3) (equal 0.1 to 1))"

for versions in "3 3" "3 4" "4 3" "4 4"; do
	for key in 1 $keys; do
		client_lpeer_options="version ${versions% *} key $key"
		client_rpeer_options="version ${versions#* } key $key"
		run_test || test_fail
		check_chronyd_exit || test_fail
		check_sync || test_fail
	done
done

client_lpeer_options="key 1"
client_rpeer_options="key 2"

run_test || test_fail
check_chronyd_exit || test_fail
# This check must fail as the peers are using different keys"
check_sync && test_fail

test_pass