diff options
Diffstat (limited to 'debian/tests/ntp-server-and-nts-auth')
-rw-r--r-- | debian/tests/ntp-server-and-nts-auth | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/debian/tests/ntp-server-and-nts-auth b/debian/tests/ntp-server-and-nts-auth new file mode 100644 index 0000000..b7d8877 --- /dev/null +++ b/debian/tests/ntp-server-and-nts-auth @@ -0,0 +1,59 @@ +#!/bin/sh +# Check that chronyd is able to authenticate NTP packets when NTS is enabled +# on the server. + +set -e + +. debian/tests/helper-functions + +cert_dir="/var/lib/chrony" +cert_template="$cert_dir/cert.cfg" +cert_file="$cert_dir/server.crt" +priv_key="$cert_dir/server.key" +server_addr="127.0.1.1" +server_name="chrony-nts-test" + +create_cert_template() { + printf "Creating certificate template: " + cat <<EOF > "$cert_template" +cn = "$server_name" +serial = 001 +activation_date = "$(date -d '1 year ago' +'%Y-%m-%d') 00:00:00 UTC" +expiration_date = "$(date -d '1 year' +'%Y-%m-%d') 00:00:00 UTC" +signing_key +encryption_key +EOF +} + +generate_cert() { + printf "Generating self-signed certificate: " + certtool --generate-privkey --key-type=ed25519 --outfile "$priv_key" > /dev/null 2>&1 + certtool --generate-self-signed --load-privkey "$priv_key" --template "$cert_template" \ + --outfile "$cert_file" > /dev/null 2>&1 +} + +server_config() { + printf "Preparing chronyd configuration: " + cat <<EOF > /etc/chrony/conf.d/local-server-config.conf +server $server_name nts minpoll -6 maxpoll -6 +ntsserverkey $priv_key +ntsservercert $cert_file +ntstrustedcerts $cert_file +EOF + + __no_system_clock_control + __restart_chronyd +} + +echo "$server_addr $server_name" >> /etc/hosts + +create_cert_template && __test_ok || __test_skip "unable to create certificate template" + +generate_cert && __test_ok || __test_skip "unable to generate self-signed certificate" + +server_config && __test_ok || __test_skip + +printf "Checking if server authenticates NTP packets: " +__check_auth "$server_addr,NTS" + +exit 0 |