From d7d42c0e5d2a427588abb90a375cd21a44acf7fb Mon Sep 17 00:00:00 2001
From: Avni chauhan <avnichauhan9182@gmail.com>
Date: Fri, 16 Jun 2023 12:01:11 +0530
Subject: [PATCH 1/3] first changes

---
 projects/bash_networking_security/SOLUTION    | 10 +++++++--
 .../bastion_connect.sh                        | 22 +++++++++++++++++++
 projects/bash_networking_security/vpc.sh      |  8 +++----
 3 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/projects/bash_networking_security/SOLUTION b/projects/bash_networking_security/SOLUTION
index 2edfbaf..ca5c7d9 100644
--- a/projects/bash_networking_security/SOLUTION
+++ b/projects/bash_networking_security/SOLUTION
@@ -1,16 +1,22 @@
 Local DNS Server IP
 -------------------
-<ip-here>
+<ip-here>-127.0.0.53
 
 
 
 Default gateway IP
 -------------------
-<ip-here>
+<10.0.0.1>
 
 
 
 DHCP IP allocation sys-logs
 -------------------
 <logs-here>
+<Jun 11 18:51:25 ip-10-0-0-177 dhclient[347]: Internet Systems Consortium DHCP Client 4.4.1
+Jun 11 18:51:25 ip-10-0-0-177 dhclient[347]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0xacdc536e)
+Jun 11 18:51:25 ip-10-0-0-177 dhclient[347]: DHCPOFFER of 10.0.0.177 from 10.0.0.1
+Jun 11 18:51:25 ip-10-0-0-177 dhclient[347]: DHCPREQUEST for 10.0.0.177 on eth0 to 255.255.255.255 port 67 (xid=0x6e53dcac)
+Jun 11 18:51:25 ip-10-0-0-177 dhclient[347]: DHCPACK of 10.0.0.177 from 10.0.0.1 (xid=0xacdc536e)
+Jun 11 18:51:25 ip-10-0-0-177 systemd-networkd[382]: eth0: DHCPv4 address 10.0.0.177/24 via 10.0.0.>
 
diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh
index a9bf588..11e0a5c 100644
--- a/projects/bash_networking_security/bastion_connect.sh
+++ b/projects/bash_networking_security/bastion_connect.sh
@@ -1 +1,23 @@
+
 #!/bin/bash
+
+if [[ -z "$KEY_PATH" ]]; then
+  echo "Error: KEY_PATH environment variable is not set."
+  exit 5
+fi
+
+if [[ $# -lt 1 ]]; then
+  echo "KEY_PATH env var is expected"
+  echo "Please provide bastion IP address"
+  exit 5
+fi
+
+bastion_ip=$1
+private_ip=$2
+command_to_run="${@:3}"
+
+if [[ -n "$private_ip" ]]; then
+  ssh -t -i "$KEY_PATH" ubuntu@"$bastion_ip" ssh -i "vidpri-key.pem" ubuntu@"$private_ip" "$command_to_run"
+else
+  ssh -i "$KEY_PATH" ubuntu@"$bastion_ip" "$command_to_run"
+fi
diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh
index 951abba..0812c92 100644
--- a/projects/bash_networking_security/vpc.sh
+++ b/projects/bash_networking_security/vpc.sh
@@ -1,4 +1,4 @@
-REGION=""
-VPC_ID=""
-PUBLIC_INSTANCE_ID=""
-PRIVATE_INSTANCE_ID=""
\ No newline at end of file
+REGION="us-east-1"
+VPC_ID="vpc-0da47383de0ba257e"
+PUBLIC_INSTANCE_ID="i-016c56b2fc4e6f7f9"
+PRIVATE_INSTANCE_ID="i-0520e3ace53a56df6"
\ No newline at end of file

From 474788fda8ad2fee3f0a0c483a6fef02e8c91640 Mon Sep 17 00:00:00 2001
From: Avni chauhan <avnichauhan9182@gmail.com>
Date: Fri, 16 Jun 2023 12:32:08 +0530
Subject: [PATCH 2/3] first changes

---
 .../bash_networking_security/tlsHandshake.sh  | 56 ++++++++++++++++++-
 1 file changed, 55 insertions(+), 1 deletion(-)

diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh
index a9bf588..82f0fcd 100644
--- a/projects/bash_networking_security/tlsHandshake.sh
+++ b/projects/bash_networking_security/tlsHandshake.sh
@@ -1 +1,55 @@
-#!/bin/bash
+#!/bin/bash -x
+
+
+# Step 1 - Client Hello (Client -> Server)
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+   "version": "1.3",
+   "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
+   "message": "Client Hello"
+}' http://16.170.234.56:8080/clienthello)
+
+
+# Step 2 - Server Hello (Server -> Client)
+SESSION_ID=$(jq -r '.sessionID' <<< "$RESPONSE")
+
+echo "$RESPONSE" | jq -r '.serverCert' > cert.pem
+
+
+# Step 3 - Server Certificate Verification
+wget https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem -O cert-ca-aws.pem
+
+VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem)
+
+if [ "$VERIFICATION" != "cert.pem: OK" ]; then
+  echo "Server Certificate is invalid"
+  exit 5
+fi
+
+
+# Step 4 - Client-Server master-key exchange
+openssl rand -out masterKey.txt -base64 32
+
+MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 -w 0)
+
+
+# Step 5 - Server verification message
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+  "sessionID": "'"$SESSION_ID"'",
+  "masterKey": "'"$MASTER_KEY"'",
+  "sampleMessage": "Hi server, please encrypt me and send to client!"
+}' http://16.170.234.56:8080/keyexchange)
+
+
+# Step 6 - Client verification message
+echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
+cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt
+
+decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt)
+
+if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
+  echo "Server symmetric encryption using the exchanged master-key has failed."
+  exit 6
+else
+  echo "Client-Server TLS handshake has been completed successfully"
+fi
+

From fce2a29e74a9c2669aa19e4e9e9c81e99a3bb0a1 Mon Sep 17 00:00:00 2001
From: Avni chauhan <avnichauhan9182@gmail.com>
Date: Fri, 16 Jun 2023 14:39:26 +0530
Subject: [PATCH 3/3] changes

---
 projects/bash_networking_security/bastion_connect.sh | 3 +--
 projects/bash_networking_security/tlsHandshake.sh    | 7 -------
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh
index 11e0a5c..18dde17 100644
--- a/projects/bash_networking_security/bastion_connect.sh
+++ b/projects/bash_networking_security/bastion_connect.sh
@@ -1,6 +1,5 @@
-
 #!/bin/bash
-
+#i
 if [[ -z "$KEY_PATH" ]]; then
   echo "Error: KEY_PATH environment variable is not set."
   exit 5
diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh
index 82f0fcd..9fc3a1f 100644
--- a/projects/bash_networking_security/tlsHandshake.sh
+++ b/projects/bash_networking_security/tlsHandshake.sh
@@ -1,6 +1,4 @@
 #!/bin/bash -x
-
-
 # Step 1 - Client Hello (Client -> Server)
 RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
    "version": "1.3",
@@ -8,13 +6,11 @@ RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
    "message": "Client Hello"
 }' http://16.170.234.56:8080/clienthello)
 
-
 # Step 2 - Server Hello (Server -> Client)
 SESSION_ID=$(jq -r '.sessionID' <<< "$RESPONSE")
 
 echo "$RESPONSE" | jq -r '.serverCert' > cert.pem
 
-
 # Step 3 - Server Certificate Verification
 wget https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem -O cert-ca-aws.pem
 
@@ -25,13 +21,11 @@ if [ "$VERIFICATION" != "cert.pem: OK" ]; then
   exit 5
 fi
 
-
 # Step 4 - Client-Server master-key exchange
 openssl rand -out masterKey.txt -base64 32
 
 MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 -w 0)
 
-
 # Step 5 - Server verification message
 RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
   "sessionID": "'"$SESSION_ID"'",
@@ -39,7 +33,6 @@ RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
   "sampleMessage": "Hi server, please encrypt me and send to client!"
 }' http://16.170.234.56:8080/keyexchange)
 
-
 # Step 6 - Client verification message
 echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
 cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt