From cb838ad935bf4dbe489a4483c06b12f33a73b3a0 Mon Sep 17 00:00:00 2001
From: Aman Kumar Singh <97456601+AmanL02@users.noreply.github.com>
Date: Fri, 16 Jun 2023 23:01:36 +0530
Subject: [PATCH 1/3] Update vpc.sh

---
 projects/bash_networking_security/vpc.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh
index 951abba..9df639f 100644
--- a/projects/bash_networking_security/vpc.sh
+++ b/projects/bash_networking_security/vpc.sh
@@ -1,4 +1,4 @@
-REGION=""
-VPC_ID=""
-PUBLIC_INSTANCE_ID=""
-PRIVATE_INSTANCE_ID=""
\ No newline at end of file
+REGION="eu-north-1"
+VPC_ID="vpc-0f65e720a07cb52f4"
+PUBLIC_INSTANCE_ID="i-06f114af1ad8c86a5"
+PRIVATE_INSTANCE_ID="i-06478197c46e3b152"

From 9bea1f90d323d11663c5962d336a6eba3ff0a3d8 Mon Sep 17 00:00:00 2001
From: Aman Kumar Singh <97456601+AmanL02@users.noreply.github.com>
Date: Fri, 16 Jun 2023 23:02:24 +0530
Subject: [PATCH 2/3] Update bastion_connect.sh

---
 .../bastion_connect.sh                        | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh
index a9bf588..6d0b7f3 100644
--- a/projects/bash_networking_security/bastion_connect.sh
+++ b/projects/bash_networking_security/bastion_connect.sh
@@ -1 +1,31 @@
 #!/bin/bash
+
+# Check if KEY_PATH environment variable is set
+if [ -z "$KEY_PATH" ]; then
+  echo "KEY_PATH env var is expected"
+fi
+
+# Check if the public instance IP is provided
+if [ -z "$1" ]; then
+  echo "Please provide bastion IP address"
+  exit 5
+fi
+
+# Set variables
+BASTION_IP=$1
+PRIVATE_IP=$2
+COMMAND=$3
+
+# Connect to the public instance
+if [ -z "$PRIVATE_IP" ]; then
+  ssh -i "$KEY_PATH" ubuntu@"$BASTION_IP"
+else
+  # Connect to the private instance through the public instance
+  if [ -z "$COMMAND" ]; then
+    ssh -i "$KEY_PATH" ubuntu@"$BASTION_IP" ssh -tt -i /home/ubuntu/AmanKS-private-server.pem ubuntu@"$PRIVATE_IP"
+  else
+    # Run a command on the private instance
+    ssh -i "$KEY_PATH" ubuntu@"$BASTION_IP" ssh -tt -i /home/ubuntu/AmanKS-private-server.pem ubuntu@"$PRIVATE_IP" "$COMMAND"
+  fi
+fi
+

From 9317b490ef175961b161a9d1263b63ad2506e63b Mon Sep 17 00:00:00 2001
From: Aman Kumar Singh <97456601+AmanL02@users.noreply.github.com>
Date: Sun, 18 Jun 2023 00:19:23 +0530
Subject: [PATCH 3/3] Update tlsHandshake.sh

---
 .../bash_networking_security/tlsHandshake.sh  | 62 +++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh
index a9bf588..5f2fb9f 100644
--- a/projects/bash_networking_security/tlsHandshake.sh
+++ b/projects/bash_networking_security/tlsHandshake.sh
@@ -1 +1,63 @@
 #!/bin/bash
+
+#!/bin/bash	#!/bin/bash -x
+
+# Step 1 - Client Hello (Client -> Server)
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+   "version": "1.3",
+   "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
+   "message": "Client Hello"
+}' http://3.80.89.74:8080/clienthello)
+
+
+# Step 2 - Server Hello (Server -> Client)
+SESSION_ID=$(echo "$RESPONSE" | jq -r '.sessionID')
+
+echo "$RESPONSE" | jq -r '.serverCert' > cert.pem
+
+
+# Step 3 - Server Certificate Verification
+wget  https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem
+
+VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem)
+
+if [ "$VERIFICATION" != "cert.pem: OK" ];
+then
+  echo "Server Certificate is invalid."
+  exit 5
+  else
+    echo "cert.pem: OK"
+fi
+
+
+# Step 4 - Client-Server master-key exchange
+#echo "Hi server, please encrypt me and send to client!" > masterKey.txt
+openssl rand -out masterKey.txt -base64 32
+
+
+
+MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 | tr -d '\n')
+
+
+
+# Step 5 - Server verification message
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+  "sessionID": "'"$SESSION_ID"'",
+  "masterKey": "'"$MASTER_KEY"'",
+  "sampleMessage": "Hi server, please encrypt me and send to client!"
+}' http://3.80.89.74:8080/keyexchange)
+
+
+# Step 6 - Client verification message
+
+echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
+cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt
+
+decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt)
+
+if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
+  echo "Server symmetric encryption using the exchanged master-key has failed."
+  exit 6
+else
+  echo "Client-Server TLS handshake has been completed successfully"
+fi