first commit

projects/bash_networking_security/bastion_connect.sh

@@ -1 +1,21 @@
 #!/bin/bash
+if [[ -z "$KEY_PATH" ]]; then
+  echo "Error: KEY_PATH environment variable is not set."
+  exit 5
+fi
+
+if [[ $# -lt 1 ]]; then
+  echo "KEY_PATH env var is expected"
+  echo "Please provide bastion IP address"
+  exit 5
+fi
+
+bastion_ip=$1
+private_ip=$2
+command_to_run="${@:3}"
+
+if [[ -n "$private_ip" ]]; then
+  ssh -t -i "$KEY_PATH" ubuntu@"$bastion_ip" ssh -i "new_key" ubuntu@"$private_ip" "$command_to_run"
+else
+  ssh -i "$KEY_PATH" ubuntu@"$bastion_ip" "$command_to_run"
+fi

projects/bash_networking_security/tlsHandshake.sh

@@ -1 +1,62 @@
 #!/bin/bash
+#!/bin/bash -x
+
+# Step 1 - Client Hello (Client -> Server)
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+   "version": "1.3",
+   "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
+   "message": "Client Hello"
+}' http://13.57.194.31:8080/clienthello)
+
+
+# Step 2 - Server Hello (Server -> Client)
+SESSION_ID=$(echo "$RESPONSE" | jq -r '.sessionID')
+
+echo "$RESPONSE" | jq -r '.serverCert' > cert.pem
+
+
+# Step 3 - Server Certificate Verification
+wget  https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem
+
+VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem)
+
+if [ "$VERIFICATION" != "cert.pem: OK" ];
+then
+  echo "Server Certificate is invalid."
+  exit 5
+  else
+    echo "cert.pem: OK"
+fi
+
+
+# Step 4 - Client-Server master-key exchange
+#echo "Hi server, please encrypt me and send to client!" > masterKey.txt
+openssl rand -out masterKey.txt -base64 32
+
+
+
+MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 | tr -d '\n')
+
+
+
+# Step 5 - Server verification message
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+  "sessionID": "'"$SESSION_ID"'",
+  "masterKey": "'"$MASTER_KEY"'",
+  "sampleMessage": "Hi server, please encrypt me and send to client!"
+}' http://13.57.194.31:8080/keyexchange)
+
+
+# Step 6 - Client verification message
+
+echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
+cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt
+
+decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt)
+
+if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
+  echo "Server symmetric encryption using the exchanged master-key has failed."
+  exit 6
+else
+  echo "Client-Server TLS handshake has been completed successfully"
+fi

projects/bash_networking_security/vpc.sh

@@ -1,4 +1,4 @@
-REGION=""
-VPC_ID=""
-PUBLIC_INSTANCE_ID=""
-PRIVATE_INSTANCE_ID=""
+REGION="us-west-1"
+VPC_ID="vpc-03624dc856ec4996a"
+PUBLIC_INSTANCE_ID="i-07344e344dd6224c8"
+PRIVATE_INSTANCE_ID="i-099e1b102026ac3f0"