summaryrefslogtreecommitdiffstats
path: root/debian/tests/ntp-server-and-nts-auth
diff options
context:
space:
mode:
Diffstat (limited to 'debian/tests/ntp-server-and-nts-auth')
-rw-r--r--debian/tests/ntp-server-and-nts-auth59
1 files changed, 59 insertions, 0 deletions
diff --git a/debian/tests/ntp-server-and-nts-auth b/debian/tests/ntp-server-and-nts-auth
new file mode 100644
index 0000000..b7d8877
--- /dev/null
+++ b/debian/tests/ntp-server-and-nts-auth
@@ -0,0 +1,59 @@
+#!/bin/sh
+# Check that chronyd is able to authenticate NTP packets when NTS is enabled
+# on the server.
+
+set -e
+
+. debian/tests/helper-functions
+
+cert_dir="/var/lib/chrony"
+cert_template="$cert_dir/cert.cfg"
+cert_file="$cert_dir/server.crt"
+priv_key="$cert_dir/server.key"
+server_addr="127.0.1.1"
+server_name="chrony-nts-test"
+
+create_cert_template() {
+ printf "Creating certificate template: "
+ cat <<EOF > "$cert_template"
+cn = "$server_name"
+serial = 001
+activation_date = "$(date -d '1 year ago' +'%Y-%m-%d') 00:00:00 UTC"
+expiration_date = "$(date -d '1 year' +'%Y-%m-%d') 00:00:00 UTC"
+signing_key
+encryption_key
+EOF
+}
+
+generate_cert() {
+ printf "Generating self-signed certificate: "
+ certtool --generate-privkey --key-type=ed25519 --outfile "$priv_key" > /dev/null 2>&1
+ certtool --generate-self-signed --load-privkey "$priv_key" --template "$cert_template" \
+ --outfile "$cert_file" > /dev/null 2>&1
+}
+
+server_config() {
+ printf "Preparing chronyd configuration: "
+ cat <<EOF > /etc/chrony/conf.d/local-server-config.conf
+server $server_name nts minpoll -6 maxpoll -6
+ntsserverkey $priv_key
+ntsservercert $cert_file
+ntstrustedcerts $cert_file
+EOF
+
+ __no_system_clock_control
+ __restart_chronyd
+}
+
+echo "$server_addr $server_name" >> /etc/hosts
+
+create_cert_template && __test_ok || __test_skip "unable to create certificate template"
+
+generate_cert && __test_ok || __test_skip "unable to generate self-signed certificate"
+
+server_config && __test_ok || __test_skip
+
+printf "Checking if server authenticates NTP packets: "
+__check_auth "$server_addr,NTS"
+
+exit 0