pendulum-project · squell · Jun 12, 2025 · Jun 11, 2025
diff --git a/src/config.rs b/src/config.rs
@@ -209,7 +209,7 @@ impl<'de> Deserialize<'de> for NtsPoolKeConfig {
 pub struct KeyExchangeServer {
     pub domain: String,
     pub server_name: ServerName<'static>,
-    pub port: u16,
+    pub connection_address: (String, u16),
 }
 
 impl<'de> Deserialize<'de> for KeyExchangeServer {
@@ -236,7 +236,7 @@ impl<'de> Deserialize<'de> for KeyExchangeServer {
         Ok(KeyExchangeServer {
             domain: bare.domain.to_string(),
             server_name,
-            port: bare.port,
+            connection_address: (bare.domain.to_string(), bare.port),
         })
     }
 }
@@ -281,12 +281,12 @@ mod tests {
                 KeyExchangeServer {
                     domain: String::from("foo.bar"),
                     server_name: ServerName::try_from("foo.bar").unwrap(),
-                    port: 1234
+                    connection_address: (String::from("foo.bar"), 1234),
                 },
                 KeyExchangeServer {
                     domain: String::from("bar.foo"),
                     server_name: ServerName::try_from("bar.foo").unwrap(),
-                    port: 4321
+                    connection_address: (String::from("bar.foo"), 4321),
                 },
             ]
             .as_slice()
@@ -320,12 +320,12 @@ mod tests {
                 KeyExchangeServer {
                     domain: String::from("foo.bar"),
                     server_name: ServerName::try_from("foo.bar").unwrap(),
-                    port: 1234
+                    connection_address: (String::from("foo.bar"), 1234),
                 },
                 KeyExchangeServer {
                     domain: String::from("bar.foo"),
                     server_name: ServerName::try_from("bar.foo").unwrap(),
-                    port: 4321
+                    connection_address: (String::from("bar.foo"), 4321),
                 },
             ]
             .as_slice()

diff --git a/src/nts/mod.rs b/src/nts/mod.rs
@@ -289,6 +289,80 @@ impl FixedKeyRequest {
 
         Ok(())
     }
+
+    #[cfg(test)]
+    pub async fn parse(mut reader: impl AsyncRead + Unpin) -> Result<Self, NtsError> {
+        let mut c2s = None;
+        let mut s2c = None;
+        let mut algorithm = None;
+        let mut protocol = None;
+
+        loop {
+            let record = NtsRecord::parse(&mut reader).await?;
+
+            match record {
+                NtsRecord::EndOfMessage => break,
+                NtsRecord::FixedKeyRequest {
+                    c2s: c2s_rem,
+                    s2c: s2c_rem,
+                } => {
+                    if c2s.is_some() || s2c.is_some() {
+                        return Err(NtsError::Invalid);
+                    }
+
+                    c2s = Some(c2s_rem);
+                    s2c = Some(s2c_rem);
+                }
+                NtsRecord::AeadAlgorithm { algorithm_ids } => {
+                    if algorithm.is_some() || algorithm_ids.len() != 1 {
+                        return Err(NtsError::Invalid);
+                    }
+
+                    algorithm = Some(algorithm_ids[0]);
+                }
+                NtsRecord::NextProtocol { protocol_ids } => {
+                    if protocol.is_some() || protocol_ids.len() != 1 {
+                        return Err(NtsError::Invalid);
+                    }
+
+                    protocol = Some(protocol_ids[0]);
+                }
+                // Error
+                NtsRecord::Error { errorcode } => return Err(NtsError::Error(errorcode)),
+                // Warning
+                NtsRecord::Warning { warningcode } => match warningcode {
+                    WarningCode::Unknown(code) => return Err(NtsError::UnknownWarning(code)),
+                },
+                // Unknown critical
+                NtsRecord::Unknown { critical: true, .. } => {
+                    return Err(NtsError::UnrecognizedCriticalRecord)
+                }
+                // Ignored
+                NtsRecord::KeepAlive
+                | NtsRecord::Unknown { .. }
+                | NtsRecord::Server { .. }
+                | NtsRecord::Port { .. } => {}
+                // Not allowed
+                NtsRecord::NewCookie { .. }
+                | NtsRecord::SupportedNextProtocolList { .. }
+                | NtsRecord::SupportedAlgorithmList { .. }
+                | NtsRecord::NtpServerDeny { .. } => return Err(NtsError::Invalid),
+            }
+        }
+
+        if let (Some(algorithm), Some(protocol), Some(c2s), Some(s2c)) =
+            (algorithm, protocol, c2s, s2c)
+        {
+            Ok(Self {
+                c2s,
+                s2c,
+                protocol,
+                algorithm,
+            })
+        } else {
+            Err(NtsError::Invalid)
+        }
+    }
 }
 
 pub struct KeyExchangeResponse {