#!/usr/bin/env bash . ./test.common check_chronyd_features NTS || test_skip "NTS support disabled" certtool --help &> /dev/null || test_skip "certtool missing" test_start "NTS authentication" cat > $TEST_DIR/cert.cfg < $TEST_DIR/certtool.log certtool --generate-self-signed --load-privkey $TEST_DIR/server.key \ --template $TEST_DIR/cert.cfg --outfile $TEST_DIR/server.crt &>> $TEST_DIR/certtool.log chown $user $TEST_DIR/server.* ntpport=$(get_free_port) ntsport=$(get_free_port) server_options="port $ntpport nts ntsport $ntsport" extra_chronyd_directives=" port $ntpport ntsport $ntsport ntsserverkey $TEST_DIR/server.key ntsservercert $TEST_DIR/server.crt ntstrustedcerts $TEST_DIR/server.crt ntsdumpdir $TEST_LIBDIR ntsprocesses 3" start_chronyd || test_fail wait_for_sync || test_fail run_chronyc "authdata" || test_fail check_chronyc_output "^Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen ========================================================================= 127\.0\.0\.1 NTS 1 (30|15) (128|256) [0-9] 0 0 [78] ( 64|100)$" || test_fail run_chronyc "serverstats" || test_fail check_chronyc_output "NTS-KE connections accepted: 1 NTS-KE connections dropped : 0 Authenticated NTP packets : [1-9][0-9]*" || test_fail stop_chronyd || test_fail check_chronyd_messages || test_fail check_chronyd_files || test_fail server_options="port $ntpport nts ntsport $((ntsport + 1))" start_chronyd || test_fail wait_for_sync || test_fail run_chronyc "authdata" || test_fail check_chronyc_output "^Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen ========================================================================= 127\.0\.0\.1 NTS 1 (30|15) (128|256) [0-9] 0 0 [78] ( 64|100)$" || test_fail stop_chronyd || test_fail check_chronyd_messages || test_fail check_chronyd_files || test_fail test_pass