From b9f4b4f3230f0df43e57d0ce00d6606012b8f8b6 Mon Sep 17 00:00:00 2001
From: Vaibhav-Rawat03 <111760496+Vaibhav-Rawat03@users.noreply.github.com>
Date: Tue, 13 Jun 2023 15:51:15 +0530
Subject: [PATCH 1/5] Update SOLUTION

---
 projects/bash_networking_security/SOLUTION | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/projects/bash_networking_security/SOLUTION b/projects/bash_networking_security/SOLUTION
index 2edfbaf..5f04cf4 100644
--- a/projects/bash_networking_security/SOLUTION
+++ b/projects/bash_networking_security/SOLUTION
@@ -1,16 +1,21 @@
 Local DNS Server IP
 -------------------
-<ip-here>
+127.0.0.53
 
 
 
 Default gateway IP
 -------------------
-<ip-here>
+10.0.0.1
 
 
 
 DHCP IP allocation sys-logs
 -------------------
-<logs-here>
+Jun 13 09:32:16 ip-10-0-0-182 dhclient[340]: Internet Systems Consortium DHCP Client 4.4.1
+Jun 13 09:32:16 ip-10-0-0-182 dhclient[340]: For info, please visit https://www.isc.org/software/dhcp/
+Jun 13 09:32:16 ip-10-0-0-182 dhclient[340]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x64655509)
+Jun 13 09:32:16 ip-10-0-0-182 dhclient[340]: DHCPOFFER of 10.0.0.182 from 10.0.0.1
+Jun 13 09:32:16 ip-10-0-0-182 dhclient[340]: DHCPREQUEST for 10.0.0.182 on eth0 to 255.255.255.255 port 67 (xid=0x9556564)
+
 

From c9ffdc2718ff2745c138cc5b00be42d783f2556f Mon Sep 17 00:00:00 2001
From: Vaibhav-Rawat03 <111760496+Vaibhav-Rawat03@users.noreply.github.com>
Date: Tue, 13 Jun 2023 16:08:55 +0530
Subject: [PATCH 2/5] Update vpc.sh

---
 projects/bash_networking_security/vpc.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh
index 951abba..bfff2b5 100644
--- a/projects/bash_networking_security/vpc.sh
+++ b/projects/bash_networking_security/vpc.sh
@@ -1,4 +1,4 @@
-REGION=""
-VPC_ID=""
-PUBLIC_INSTANCE_ID=""
-PRIVATE_INSTANCE_ID=""
\ No newline at end of file
+REGION="us-east-1"
+VPC_ID="vpc-02ba84cb21ed1921c"
+PUBLIC_INSTANCE_ID="i-0d4fe9ea2fa0a5a83"
+PRIVATE_INSTANCE_ID=""

From 7d45bbfa0cac071675b6b43624f1cf5cd726206d Mon Sep 17 00:00:00 2001
From: Vaibhav-Rawat03 <111760496+Vaibhav-Rawat03@users.noreply.github.com>
Date: Tue, 13 Jun 2023 22:42:05 +0530
Subject: [PATCH 3/5] Update vpc.sh

---
 projects/bash_networking_security/vpc.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/projects/bash_networking_security/vpc.sh b/projects/bash_networking_security/vpc.sh
index bfff2b5..750c25e 100644
--- a/projects/bash_networking_security/vpc.sh
+++ b/projects/bash_networking_security/vpc.sh
@@ -1,4 +1,4 @@
 REGION="us-east-1"
 VPC_ID="vpc-02ba84cb21ed1921c"
 PUBLIC_INSTANCE_ID="i-0d4fe9ea2fa0a5a83"
-PRIVATE_INSTANCE_ID=""
+PRIVATE_INSTANCE_ID="i-01f0544b6a9bb878b"

From d59f0c6734f71f9e8c955c5a55b94e989b2dec7a Mon Sep 17 00:00:00 2001
From: VAIBHAV-RAWAT03 <vabhavrawat2003@gmail.com>
Date: Fri, 16 Jun 2023 23:44:23 +0530
Subject: [PATCH 4/5] Third Commit

---
 .../bastion_connect.sh                        | 21 +++++++
 .../bash_networking_security/tlsHandshake.sh  | 62 ++++++++++++++++++-
 2 files changed, 82 insertions(+), 1 deletion(-)

diff --git a/projects/bash_networking_security/bastion_connect.sh b/projects/bash_networking_security/bastion_connect.sh
index a9bf588..9bd1d33 100644
--- a/projects/bash_networking_security/bastion_connect.sh
+++ b/projects/bash_networking_security/bastion_connect.sh
@@ -1 +1,22 @@
 #!/bin/bash
+
+if [[ -z "$KEY_PATH" ]]; then
+  echo "Error: KEY_PATH environment variable is not set."
+  exit 5
+fi
+
+if [[ $# -lt 1 ]]; then
+  echo "KEY_PATH env var is expected"
+  echo "Please provide bastion IP address"
+  exit 5
+fi
+
+bastion_ip=$1
+private_ip=$2
+command_to_run="${@:3}"
+
+if [[ -n "$private_ip" ]]; then
+  ssh -t -i "$KEY_PATH" ubuntu@"$bastion_ip" ssh -i "new_key" ubuntu@"$private_ip" "$command_to_run"
+else
+  ssh -i "$KEY_PATH" ubuntu@"$bastion_ip" "$command_to_run"
+fi
diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh
index a9bf588..d735e23 100644
--- a/projects/bash_networking_security/tlsHandshake.sh
+++ b/projects/bash_networking_security/tlsHandshake.sh
@@ -1 +1,61 @@
-#!/bin/bash
+#!/bin/bash -x
+
+# Step 1 - Client Hello (Client -> Server)
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+   "version": "1.3",
+   "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
+   "message": "Client Hello"
+}' http://3.80.89.74/clienthello)
+
+
+# Step 2 - Server Hello (Server -> Client)
+SESSION_ID=$(echo "$RESPONSE" | jq -r '.sessionID')
+
+echo "$RESPONSE" | jq -r '.serverCert' > cert.pem
+
+
+# Step 3 - Server Certificate Verification
+wget  https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem
+
+VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem)
+
+if [ "$VERIFICATION" != "cert.pem: OK" ];
+then
+  echo "Server Certificate is invalid."
+  exit 5
+  else
+    echo "cert.pem: OK"
+fi
+
+
+# Step 4 - Client-Server master-key exchange
+#echo "Hi server, please encrypt me and send to client!" > masterKey.txt
+openssl rand -out masterKey.txt -base64 32
+
+
+
+MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 | tr -d '\n')
+
+
+
+# Step 5 - Server verification message
+RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
+  "sessionID": "'"$SESSION_ID"'",
+  "masterKey": "'"$MASTER_KEY"'",
+  "sampleMessage": "Hi server, please encrypt me and send to client!"
+}' http://3.80.89.74/keyexchange)
+
+
+# Step 6 - Client verification message
+
+echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
+cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt
+
+decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt)
+
+if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
+  echo "Server symmetric encryption using the exchanged master-key has failed."
+  exit 6
+else
+  echo "Client-Server TLS handshake has been completed successfully"
+fi

From 6189a8249d0ce9bcfdf0bf63da01eba60d2e9c5d Mon Sep 17 00:00:00 2001
From: Vaibhav-Rawat03 <111760496+Vaibhav-Rawat03@users.noreply.github.com>
Date: Sat, 17 Jun 2023 00:23:17 +0530
Subject: [PATCH 5/5] Update tlsHandshake.sh

---
 projects/bash_networking_security/tlsHandshake.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/projects/bash_networking_security/tlsHandshake.sh b/projects/bash_networking_security/tlsHandshake.sh
index d735e23..8dfe86a 100644
--- a/projects/bash_networking_security/tlsHandshake.sh
+++ b/projects/bash_networking_security/tlsHandshake.sh
@@ -5,7 +5,7 @@ RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
    "version": "1.3",
    "ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
    "message": "Client Hello"
-}' http://3.80.89.74/clienthello)
+}' http://3.80.89.74:8080/clienthello)
 
 
 # Step 2 - Server Hello (Server -> Client)
@@ -43,7 +43,7 @@ RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
   "sessionID": "'"$SESSION_ID"'",
   "masterKey": "'"$MASTER_KEY"'",
   "sampleMessage": "Hi server, please encrypt me and send to client!"
-}' http://3.80.89.74/keyexchange)
+}' http://3.80.89.74:8080/keyexchange)
 
 
 # Step 6 - Client verification message