blob: b7d8877b70972b067f9003d960ad315eaf1c61fc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#!/bin/sh
# Check that chronyd is able to authenticate NTP packets when NTS is enabled
# on the server.
set -e
. debian/tests/helper-functions
cert_dir="/var/lib/chrony"
cert_template="$cert_dir/cert.cfg"
cert_file="$cert_dir/server.crt"
priv_key="$cert_dir/server.key"
server_addr="127.0.1.1"
server_name="chrony-nts-test"
create_cert_template() {
printf "Creating certificate template: "
cat <<EOF > "$cert_template"
cn = "$server_name"
serial = 001
activation_date = "$(date -d '1 year ago' +'%Y-%m-%d') 00:00:00 UTC"
expiration_date = "$(date -d '1 year' +'%Y-%m-%d') 00:00:00 UTC"
signing_key
encryption_key
EOF
}
generate_cert() {
printf "Generating self-signed certificate: "
certtool --generate-privkey --key-type=ed25519 --outfile "$priv_key" > /dev/null 2>&1
certtool --generate-self-signed --load-privkey "$priv_key" --template "$cert_template" \
--outfile "$cert_file" > /dev/null 2>&1
}
server_config() {
printf "Preparing chronyd configuration: "
cat <<EOF > /etc/chrony/conf.d/local-server-config.conf
server $server_name nts minpoll -6 maxpoll -6
ntsserverkey $priv_key
ntsservercert $cert_file
ntstrustedcerts $cert_file
EOF
__no_system_clock_control
__restart_chronyd
}
echo "$server_addr $server_name" >> /etc/hosts
create_cert_template && __test_ok || __test_skip "unable to create certificate template"
generate_cert && __test_ok || __test_skip "unable to generate self-signed certificate"
server_config && __test_ok || __test_skip
printf "Checking if server authenticates NTP packets: "
__check_auth "$server_addr,NTS"
exit 0
|
