From 8a33d6dbcba3d7d9bc6daa02c5cab61c53291d2c Mon Sep 17 00:00:00 2001
From: Vidhant007 <thapavidhant@gmail.com>
Date: Fri, 16 Jun 2023 23:15:53 +0530
Subject: [PATCH 1/4] first commit

---
 projects/bash_networking_security/SOLUTION    | 18 +++---
 .../bastion_connect.sh                        | 41 ++++++++++++
 .../bash_networking_security/tlsHandshake.sh  | 63 +++++++++++++++++++
 projects/bash_networking_security/vpc.sh      |  9 +--
 4 files changed, 118 insertions(+), 13 deletions(-)

diff --git a/projects/bash_networking_security/SOLUTION b/projects/bash_networking_security/SOLUTION
index 2edfbaf..3af5ef1 100644
--- a/projects/bash_networking_security/SOLUTION
+++ b/projects/bash_networking_security/SOLUTION
@@ -1,16 +1,16 @@
-Local DNS Server IP
+Local DNS Server IP   
 -------------------
-<ip-here>
+127.0.0.53
 
 
-
-Default gateway IP
+Default gateway IP   
 -------------------
-<ip-here>
-
-
+10.0.0.1
 
-DHCP IP allocation sys-logs
+DHCP IP allocation sys-logs  
 -------------------
-<logs-here>
+Jun 16 13:16:40 ip-10-0-0-131 dhclient[346]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0xfd1a9769)
+Jun 16 13:16:40 ip-10-0-0-131 dhclient[346]: DHCPOFFER of 10.0.0.131 from 10.0.0.1
+Jun 16 13:16:40 ip-10-0-0-131 dhclient[346]: DHCPREQUEST for 10.0.0.131 on eth0 to 255.255.255.255 port 67 (xid=0x69971afd)
+Jun 16 13:16:40 ip-10-0-0-131 dhclient[346]: DHCPACK of 10.0.0.131 from 10.0.0.1 (xid=0xfd1a9769)
 
diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh
index a9bf588..7bf9fc1 100644
--- a/projects/bash_networking_security/bastion_connect.sh
+++ b/projects/bash_networking_security/bastion_connect.sh
@@ -1 +1,42 @@
 #!/bin/bash
+
+# Check if KEY_PATH environment variable is set
+if [[ -z "${KEY_PATH}" ]]; then
+  echo "KEY_PATH env var is expected"
+  exit 5
+fi
+
+# Check if bastion IP address is provided
+if [[ -z "${1}" ]]; then
+  echo "Please provide bastion IP address"
+  exit 5
+fi
+
+bastion_ip="${1}"
+private_ip="${2}"
+command="${3}"
+
+
+#Case 1 - Connect to the private instance from your local machine
+if [[ -n "${private_ip}" ]] && [[  ! "$3" ]]; then
+  ssh -i "${KEY_PATH}" -o ProxyCommand="ssh -i ${KEY_PATH} -W %h:%p ubuntu@${bastion_ip}" ubuntu@${private_ip}
+  exit $?
+fi
+
+# Case 2 - Connect to the public instance
+if [[ -z "${private_ip}" ]] && [[ -z "${command}" ]]; then
+  ssh -i "${KEY_PATH}" ubuntu@"${bastion_ip}"
+  exit $?
+fi
+
+# Case 3 - Run a command in the private machine
+if [[ -n "${private_ip}" && -n "${command}" ]]; then
+  ssh -i "${KEY_PATH}" -o ProxyCommand="ssh -i ${KEY_PATH} -W %h:%p ubuntu@${bastion_ip}" ubuntu@${private_ip} "${command}"
+  exit $?
+fi
+
+
+# Case 4 - Bad usage
+echo "Please provide valid arguments"
+exit 5
+
diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh
index a9bf588..d1a5605 100644
--- a/projects/bash_networking_security/tlsHandshake.sh
+++ b/projects/bash_networking_security/tlsHandshake.sh
@@ -1 +1,64 @@
 #!/bin/bash
+#!/bin/bash -x
+
+PUBLIC_IP=44.192.54.32
+# Step 1 - Client Hello (Client -> Server)
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+   "version": "1.3",
+   "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
+   "message": "Client Hello"
+}' http://$PUBLIC_IP:8080/clienthello)
+
+
+# Step 2 - Server Hello (Server -> Client)
+SESSION_ID=$(echo "$RESPONSE" | jq -r '.sessionID')
+
+echo "$RESPONSE" | jq -r '.serverCert' > cert.pem
+
+
+# Step 3 - Server Certificate Verification
+wget  https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem
+
+VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem)
+
+if [ "$VERIFICATION" != "cert.pem: OK" ];
+then
+  echo "Server Certificate is invalid."
+  exit 5
+  else
+    echo "cert.pem: OK"
+fi
+
+
+# Step 4 - Client-Server master-key exchange
+#echo "Hi server, please encrypt me and send to client!" > masterKey.txt
+openssl rand -out masterKey.txt -base64 32
+
+
+
+MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 | tr -d '\n')
+
+
+
+# Step 5 - Server verification message
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+  "sessionID": "'"$SESSION_ID"'",
+  "masterKey": "'"$MASTER_KEY"'",
+  "sampleMessage": "Hi server, please encrypt me and send to client!"
+}' http://$PUBLIC_IP:8080/keyexchange)
+
+
+# Step 6 - Client verification message
+
+echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
+cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt
+
+decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt)
+
+if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
+  echo "Server symmetric encryption using the exchanged master-key has failed."
+  exit 6
+else
+  echo "Client-Server TLS handshake has been completed successfully"
+fi
+
diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh
index 951abba..b7e1504 100644
--- a/projects/bash_networking_security/vpc.sh
+++ b/projects/bash_networking_security/vpc.sh
@@ -1,4 +1,5 @@
-REGION=""
-VPC_ID=""
-PUBLIC_INSTANCE_ID=""
-PRIVATE_INSTANCE_ID=""
\ No newline at end of file
+REGION="us-east-1"
+VPC_ID="vpc-0ee38b432464dac5a"
+PUBLIC_INSTANCE_ID="i-09a2b2d258f369fe9"
+PRIVATE_INSTANCE_ID="i-0aa883795394a11bb"
+

From d3525cabe5dae429d9823be57d959172cf83be82 Mon Sep 17 00:00:00 2001
From: Vidhant007 <thapavidhant@gmail.com>
Date: Sat, 17 Jun 2023 00:00:48 +0530
Subject: [PATCH 2/4] networking_ex/vidhant-maan-thapa

---
 .../bastion_connect.sh                        | 46 +++++--------------
 projects/bash_networking_security/new_key     | 27 +++++++++++
 2 files changed, 39 insertions(+), 34 deletions(-)
 create mode 100644 projects/bash_networking_security/new_key

diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh
index 7bf9fc1..8075c31 100644
--- a/projects/bash_networking_security/bastion_connect.sh
+++ b/projects/bash_networking_security/bastion_connect.sh
@@ -1,42 +1,20 @@
-#!/bin/bash
-
-# Check if KEY_PATH environment variable is set
-if [[ -z "${KEY_PATH}" ]]; then
-  echo "KEY_PATH env var is expected"
+if [[ -z "$KEY_PATH" ]]; then
+  echo "KEY_PATH environment variable is not set!"
   exit 5
 fi
 
-# Check if bastion IP address is provided
-if [[ -z "${1}" ]]; then
-  echo "Please provide bastion IP address"
+if [[ $# -lt 1 ]]; then
+  echo "KEY_PATH env var is expected"
+  echo "Please provide Public Instance (Bastion) IP address"
   exit 5
 fi
 
-bastion_ip="${1}"
-private_ip="${2}"
-command="${3}"
-
-
-#Case 1 - Connect to the private instance from your local machine
-if [[ -n "${private_ip}" ]] && [[  ! "$3" ]]; then
-  ssh -i "${KEY_PATH}" -o ProxyCommand="ssh -i ${KEY_PATH} -W %h:%p ubuntu@${bastion_ip}" ubuntu@${private_ip}
-  exit $?
-fi
+public_ip=$1
+private_ip=$2
+command="${@:3}"
 
-# Case 2 - Connect to the public instance
-if [[ -z "${private_ip}" ]] && [[ -z "${command}" ]]; then
-  ssh -i "${KEY_PATH}" ubuntu@"${bastion_ip}"
-  exit $?
+if [[ -n "$private_ip" ]]; then
+  ssh -t -i "$KEY_PATH" ubuntu@"$public_ip" ssh -i "new_key" ubuntu@"$private_ip" "$command"
+else
+  ssh -i "$KEY_PATH" ubuntu@"$public_ip" "$command"
 fi
-
-# Case 3 - Run a command in the private machine
-if [[ -n "${private_ip}" && -n "${command}" ]]; then
-  ssh -i "${KEY_PATH}" -o ProxyCommand="ssh -i ${KEY_PATH} -W %h:%p ubuntu@${bastion_ip}" ubuntu@${private_ip} "${command}"
-  exit $?
-fi
-
-
-# Case 4 - Bad usage
-echo "Please provide valid arguments"
-exit 5
-
diff --git a/projects/bash_networking_security/new_key b/projects/bash_networking_security/new_key
new file mode 100644
index 0000000..49f2cc2
--- /dev/null
+++ b/projects/bash_networking_security/new_key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEoQIBAAKCAQEAsaPV7bVqSHv4NPxf7YBLrlrueuY1liGu98C/TGM15Tec7mV6
+R3BnKgaiMTJSWHLtLGstlDw/YOegVwDv93ni4pQvlZOSEf+4jDRa1wDS02bymMSu
+t5if4IxvU9jBp+sOS5QNWW0tikQvYd8YnMpMUvtN4xhPk5Zc7DA3tZeaqq5gmX0b
+lrdutAF2SndoZOSiE6R6ySle9ovhD8dxMm0HRHnFs9UbumADGHUOzx8zOuvhRkv7
+tLSeSihEBkzuT8WNj+0Q84MdBCYkRIYh5lNJUEOOOKaGZzmIZbP5hkuR6MPuD89u
+QmL0XpmukjPY2zdpMEc7iE0XnLR2ldeFdnYH1wIDAQABAoIBADX7n+tZEi9s3QTd
+HRnDvzwBDi/y/Z3eJpnLzVadX6eEuwAHfp1vHyq6UVe5/yQ56LFy8Kr3lBsSyLsn
+4cTHGZfZiIxgCCfIGoEg9+oWqfrschTS0HWiwBMxGjPUzyUEXZfCKjxe3VQDXJLV
+hVlAcOlWzViR7rzfGOX90TAyHiJ30Zdllrn3u2LTu8e1C1aB/kw8l6U2IMisVUqm
+hpsqFQMMXqTnnm1wHG0CIX4LTXJici2x5PDeiuti8FsBDia4+xrX+iiJqHqopAQh
++aaYILAu5qvrPF3OdJE5Bu0khUsnQ6x5eSDsZ6NNdguZTYZbrEDLJA7m7aTKeL1B
+3/2MhqECgYEA5U5+aSeC9L5Z4zsWs5CXyIkqiBPwl2ItNim3UwuJ5bdb9r0k0vgu
+ZI4RXHjtXAt/FBvjg0tKNRojbhYE6ZknlmT7b+NzfDCneWKtbVT5qvbU6+NBsr7A
+aLA0S4GRKAmWccoZ30bB+B/SSAN2mbmK/im3MDqOuKt0mME4U5mtn8MCgYEAxlGj
+WuD09dbQ+3EOtc/cft2ufycwKuERamJ97RRRNdiTyUqfK9lmtUCF9XvSKXsCANY9
+P0DNv8x0J4/o4lGltLBudEXYMFLwxsqHjE1Ao754Q3x/MxKcXVxf2fOCzTYqkd7P
+qD+vEOsPQ0XJ1D39ATSjn2giDzMpyhce2DNPKl0CfyS5bYVpzo9j7QF3dStM/QIg
+9a7VgrK8BoGmLLYgIvWnaBMcN8mR9dwk5KLquxkCvld6H/XnGPtoNERtQlwnKy/q
+/FnvE4/QOwI1y5C3C0VWQsOEogD+i9I4ZiexmI3Q+0c+FuarbmVOs17VLylvjdMm
+2y/eMP1ieEn+qAa7lhMCgYEAov1Zikk0Sg/g9aX3dwl8qG+9CBfHCJatX4fPAtgd
+3mk/HMJNixZDyVdcQWMgWKMWBGYPNDsoXifElvc5aTe9PoF6Zek5Qo4IAPlW6cJc
+C7dw09YwHGOBS2GuDUyLBeksl3JNrHOaiAcIJjvnIp5Hn4QJretBgsiD4emamgmh
+WKkCgYBWujMNDv61EFoaZfirYPPqA2dN3ZysteRAfqai5RVR8OMqrdNTVN3tlhPB
+xqozGGZaFWfxM4Qs6BzBtHcA7JsCTW7r1SLD3MSuPOI/2ZJ6gI49deiK21JoiTsj
+dn+rnQtu8Yl4mNOZrEC/9C6zEwLAg8x68G6CJsPEEnHj8FLe/w==
+-----END RSA PRIVATE KEY-----

From c2f026f68532fceda6e1def1f34aef2f5f3b7bd9 Mon Sep 17 00:00:00 2001
From: Vidhant Maan Thapa <71004035+Vidhant007@users.noreply.github.com>
Date: Sat, 17 Jun 2023 00:19:16 +0530
Subject: [PATCH 3/4] Delete new_key

---
 projects/bash_networking_security/new_key | 27 -----------------------
 1 file changed, 27 deletions(-)
 delete mode 100644 projects/bash_networking_security/new_key

diff --git a/projects/bash_networking_security/new_key b/projects/bash_networking_security/new_key
deleted file mode 100644
index 49f2cc2..0000000
--- a/projects/bash_networking_security/new_key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEoQIBAAKCAQEAsaPV7bVqSHv4NPxf7YBLrlrueuY1liGu98C/TGM15Tec7mV6
-R3BnKgaiMTJSWHLtLGstlDw/YOegVwDv93ni4pQvlZOSEf+4jDRa1wDS02bymMSu
-t5if4IxvU9jBp+sOS5QNWW0tikQvYd8YnMpMUvtN4xhPk5Zc7DA3tZeaqq5gmX0b
-lrdutAF2SndoZOSiE6R6ySle9ovhD8dxMm0HRHnFs9UbumADGHUOzx8zOuvhRkv7
-tLSeSihEBkzuT8WNj+0Q84MdBCYkRIYh5lNJUEOOOKaGZzmIZbP5hkuR6MPuD89u
-QmL0XpmukjPY2zdpMEc7iE0XnLR2ldeFdnYH1wIDAQABAoIBADX7n+tZEi9s3QTd
-HRnDvzwBDi/y/Z3eJpnLzVadX6eEuwAHfp1vHyq6UVe5/yQ56LFy8Kr3lBsSyLsn
-4cTHGZfZiIxgCCfIGoEg9+oWqfrschTS0HWiwBMxGjPUzyUEXZfCKjxe3VQDXJLV
-hVlAcOlWzViR7rzfGOX90TAyHiJ30Zdllrn3u2LTu8e1C1aB/kw8l6U2IMisVUqm
-hpsqFQMMXqTnnm1wHG0CIX4LTXJici2x5PDeiuti8FsBDia4+xrX+iiJqHqopAQh
-+aaYILAu5qvrPF3OdJE5Bu0khUsnQ6x5eSDsZ6NNdguZTYZbrEDLJA7m7aTKeL1B
-3/2MhqECgYEA5U5+aSeC9L5Z4zsWs5CXyIkqiBPwl2ItNim3UwuJ5bdb9r0k0vgu
-ZI4RXHjtXAt/FBvjg0tKNRojbhYE6ZknlmT7b+NzfDCneWKtbVT5qvbU6+NBsr7A
-aLA0S4GRKAmWccoZ30bB+B/SSAN2mbmK/im3MDqOuKt0mME4U5mtn8MCgYEAxlGj
-WuD09dbQ+3EOtc/cft2ufycwKuERamJ97RRRNdiTyUqfK9lmtUCF9XvSKXsCANY9
-P0DNv8x0J4/o4lGltLBudEXYMFLwxsqHjE1Ao754Q3x/MxKcXVxf2fOCzTYqkd7P
-qD+vEOsPQ0XJ1D39ATSjn2giDzMpyhce2DNPKl0CfyS5bYVpzo9j7QF3dStM/QIg
-9a7VgrK8BoGmLLYgIvWnaBMcN8mR9dwk5KLquxkCvld6H/XnGPtoNERtQlwnKy/q
-/FnvE4/QOwI1y5C3C0VWQsOEogD+i9I4ZiexmI3Q+0c+FuarbmVOs17VLylvjdMm
-2y/eMP1ieEn+qAa7lhMCgYEAov1Zikk0Sg/g9aX3dwl8qG+9CBfHCJatX4fPAtgd
-3mk/HMJNixZDyVdcQWMgWKMWBGYPNDsoXifElvc5aTe9PoF6Zek5Qo4IAPlW6cJc
-C7dw09YwHGOBS2GuDUyLBeksl3JNrHOaiAcIJjvnIp5Hn4QJretBgsiD4emamgmh
-WKkCgYBWujMNDv61EFoaZfirYPPqA2dN3ZysteRAfqai5RVR8OMqrdNTVN3tlhPB
-xqozGGZaFWfxM4Qs6BzBtHcA7JsCTW7r1SLD3MSuPOI/2ZJ6gI49deiK21JoiTsj
-dn+rnQtu8Yl4mNOZrEC/9C6zEwLAg8x68G6CJsPEEnHj8FLe/w==
------END RSA PRIVATE KEY-----

From 19e5b3577eba7cc378b1fde2dfae9338e4c0f1dc Mon Sep 17 00:00:00 2001
From: Vidhant Maan Thapa <71004035+Vidhant007@users.noreply.github.com>
Date: Sat, 17 Jun 2023 00:38:10 +0530
Subject: [PATCH 4/4] Update bastion_connect.sh

---
 .../bastion_connect.sh                        | 29 ++++++++++---------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh
index 8075c31..28915e8 100644
--- a/projects/bash_networking_security/bastion_connect.sh
+++ b/projects/bash_networking_security/bastion_connect.sh
@@ -1,20 +1,23 @@
+#!/bin/bash
+# Check if KEY_PATH environment variable exists
 if [[ -z "$KEY_PATH" ]]; then
-  echo "KEY_PATH environment variable is not set!"
-  exit 5
+    echo "KEY_PATH env var is expected"
+    exit 5
 fi
-
+# Check if the public instance IP address is provided
 if [[ $# -lt 1 ]]; then
-  echo "KEY_PATH env var is expected"
-  echo "Please provide Public Instance (Bastion) IP address"
-  exit 5
+    echo "Please provide bastion IP address"
+    exit 1
 fi
+# Connect to the private instance using the public instance as a bastion host
+if [[ $# -eq 2 ]]; then
+    public_instance_ip=$1
+    private_instance_ip=$2
 
-public_ip=$1
-private_ip=$2
-command="${@:3}"
-
-if [[ -n "$private_ip" ]]; then
-  ssh -t -i "$KEY_PATH" ubuntu@"$public_ip" ssh -i "new_key" ubuntu@"$private_ip" "$command"
+    # Connect to the private instance via the bastion host
+    ssh -i "$KEY_PATH" ubuntu@"$public_instance_ip" ssh -t -t -i "new-key" ubuntu@"$private_instance_ip"
 else
-  ssh -i "$KEY_PATH" ubuntu@"$public_ip" "$command"
+    public_instance_ip=$1
+    # Connect to the public instance
+    ssh -i "$KEY_PATH" ubuntu@"$public_instance_ip" 
 fi