#Requires -RunAsAdministrator
<#
.SYNOPSIS
    Complete test workflow for WinRM HTTPS setup on a single device.

.DESCRIPTION
    This script guides you through testing the WinRM HTTPS setup:
    1. Generate wildcard certificate (if needed)
    2. Set up WinRM HTTPS on local machine
    3. Test connection
    4. Verify functionality

.PARAMETER Domain
    Domain for the wildcard certificate (default: logon.ds.ge.com).

.PARAMETER CertPassword
    Password for the certificate PFX file.

.PARAMETER SkipCertGeneration
    Skip certificate generation if you already have one.

.PARAMETER ExistingCertPath
    Path to existing PFX certificate file.

.EXAMPLE
    .\Test-WinRM-HTTPS-Setup.ps1

.EXAMPLE
    $pass = ConvertTo-SecureString "Password123!" -AsPlainText -Force
    .\Test-WinRM-HTTPS-Setup.ps1 -CertPassword $pass

.NOTES
    Author: System Administrator
    Date: 2025-10-17
    Version: 1.0
#>

param(
    [Parameter(Mandatory=$false)]
    [string]$Domain = "logon.ds.ge.com",

    [Parameter(Mandatory=$false)]
    [SecureString]$CertPassword,

    [Parameter(Mandatory=$false)]
    [switch]$SkipCertGeneration,

    [Parameter(Mandatory=$false)]
    [string]$ExistingCertPath
)

function Write-Step {
    param([int]$Number, [string]$Description)
    Write-Host "`n========================================" -ForegroundColor Cyan
    Write-Host "STEP $Number: $Description" -ForegroundColor Cyan
    Write-Host "========================================" -ForegroundColor Cyan
}

function Write-Info {
    param([string]$Message)
    Write-Host $Message -ForegroundColor White
}

function Write-Success {
    param([string]$Message)
    Write-Host "[OK] $Message" -ForegroundColor Green
}

function Write-Error {
    param([string]$Message)
    Write-Host "[ERROR] $Message" -ForegroundColor Red
}

function Write-Warning {
    param([string]$Message)
    Write-Host "[WARN] $Message" -ForegroundColor Yellow
}

# Main execution
try {
    Write-Host "`n╔════════════════════════════════════════╗" -ForegroundColor Cyan
    Write-Host "║  WinRM HTTPS Test Setup Wizard        ║" -ForegroundColor Cyan
    Write-Host "╚════════════════════════════════════════╝" -ForegroundColor Cyan
    Write-Host "Date: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')" -ForegroundColor Gray
    Write-Host ""

    # Get computer info
    $hostname = $env:COMPUTERNAME
    $fqdn = "$hostname.$Domain".ToLower()

    Write-Info "Current computer: $hostname"
    Write-Info "Target FQDN: $fqdn"
    Write-Info "Domain: $Domain"

    # Get password if not provided
    if (-not $CertPassword) {
        Write-Host "`nEnter password for certificate PFX file:" -ForegroundColor Yellow
        $CertPassword = Read-Host "Password" -AsSecureString
    }

    # Step 1: Generate or locate certificate
    $certPath = $ExistingCertPath

    if (-not $SkipCertGeneration -and -not $ExistingCertPath) {
        Write-Step 1 "Generate Wildcard Certificate"

        Write-Info "Generating self-signed wildcard certificate for *.$Domain..."

        if (Test-Path ".\Generate-WildcardCert.ps1") {
            & ".\Generate-WildcardCert.ps1" -Domain $Domain -Password $CertPassword -ExportPath "."

            # Find the generated certificate
            $certPath = Get-ChildItem -Path "." -Filter "wildcard-*.pfx" |
                Sort-Object LastWriteTime -Descending |
                Select-Object -First 1 -ExpandProperty FullName

            if ($certPath) {
                Write-Success "Certificate generated: $certPath"
            }
            else {
                throw "Certificate generation failed - PFX file not found"
            }
        }
        else {
            throw "Generate-WildcardCert.ps1 not found in current directory"
        }
    }
    elseif ($ExistingCertPath) {
        Write-Step 1 "Using Existing Certificate"
        Write-Info "Certificate path: $ExistingCertPath"

        if (-not (Test-Path $ExistingCertPath)) {
            throw "Certificate file not found: $ExistingCertPath"
        }
        Write-Success "Certificate file found"
    }
    else {
        Write-Step 1 "Certificate Generation Skipped"
        Write-Warning "Using existing certificate from machine store"
    }

    # Step 2: Set up WinRM HTTPS
    Write-Step 2 "Configure WinRM HTTPS"

    Write-Info "Setting up WinRM HTTPS listener..."

    if (Test-Path ".\Setup-WinRM-HTTPS.ps1") {
        $setupParams = @{
            Domain = $Domain
        }

        if ($certPath) {
            $setupParams.CertificatePath = $certPath
            $setupParams.CertificatePassword = $CertPassword
        }

        & ".\Setup-WinRM-HTTPS.ps1" @setupParams

        Write-Success "WinRM HTTPS setup completed"
    }
    else {
        throw "Setup-WinRM-HTTPS.ps1 not found in current directory"
    }

    # Step 3: Verify WinRM Configuration
    Write-Step 3 "Verify WinRM Configuration"

    Write-Info "Checking WinRM service..."
    $winrmService = Get-Service WinRM
    if ($winrmService.Status -eq 'Running') {
        Write-Success "WinRM service is running"
    }
    else {
        Write-Error "WinRM service is not running"
    }

    Write-Info "`nChecking HTTPS listener..."
    $httpsListener = winrm enumerate winrm/config/listener | Select-String "Transport = HTTPS" -Context 0,10

    if ($httpsListener) {
        Write-Success "HTTPS listener configured"
        Write-Host "`nListener details:" -ForegroundColor Gray
        $httpsListener | ForEach-Object { Write-Host $_.Line -ForegroundColor Gray }
    }
    else {
        Write-Error "HTTPS listener not found"
    }

    # Step 4: Test Local Connection
    Write-Step 4 "Test Local HTTPS Connection"

    Write-Info "Testing WinRM HTTPS on localhost..."
    try {
        $testResult = Test-WSMan -ComputerName localhost -UseSSL -Port 5986 -ErrorAction Stop
        Write-Success "Local HTTPS connection successful"
        Write-Host "`nTest-WSMan Output:" -ForegroundColor Gray
        $testResult | Format-List | Out-String | Write-Host -ForegroundColor Gray
    }
    catch {
        Write-Warning "Local HTTPS test failed: $($_.Exception.Message)"
        Write-Info "This is normal for localhost testing"
    }

    # Step 5: Test Remote Connection (if applicable)
    Write-Step 5 "Test Remote HTTPS Connection"

    Write-Info "Testing WinRM HTTPS using FQDN: $fqdn..."
    try {
        # First check if DNS resolves
        try {
            $resolved = Resolve-DnsName $fqdn -ErrorAction Stop
            Write-Success "DNS resolution successful: $($resolved[0].IPAddress)"
        }
        catch {
            Write-Warning "DNS resolution failed for $fqdn"
            Write-Info "You may need to add a DNS entry or use hosts file"
        }

        # Test HTTPS connection
        $sessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck
        $testSession = New-PSSession -ComputerName $fqdn -UseSSL -Port 5986 -SessionOption $sessionOption -ErrorAction Stop

        Write-Success "Remote HTTPS connection successful!"

        # Get remote computer info
        $remoteInfo = Invoke-Command -Session $testSession -ScriptBlock {
            @{
                ComputerName = $env:COMPUTERNAME
                OSVersion = (Get-CimInstance Win32_OperatingSystem).Caption
                PowerShellVersion = $PSVersionTable.PSVersion.ToString()
            }
        }

        Write-Host "`nRemote Computer Info:" -ForegroundColor Cyan
        Write-Host "  Computer Name: $($remoteInfo.ComputerName)" -ForegroundColor White
        Write-Host "  OS: $($remoteInfo.OSVersion)" -ForegroundColor White
        Write-Host "  PowerShell: $($remoteInfo.PowerShellVersion)" -ForegroundColor White

        Remove-PSSession $testSession
    }
    catch {
        Write-Warning "Remote HTTPS connection test: $($_.Exception.Message)"
        Write-Info "This is expected if DNS is not configured for $fqdn"
    }

    # Step 6: Summary and Next Steps
    Write-Step 6 "Summary and Next Steps"

    Write-Success "WinRM HTTPS test setup completed successfully!"

    Write-Host "`nConfiguration Summary:" -ForegroundColor Cyan
    Write-Host "  Hostname: $hostname" -ForegroundColor White
    Write-Host "  FQDN: $fqdn" -ForegroundColor White
    Write-Host "  HTTPS Port: 5986" -ForegroundColor White
    if ($certPath) {
        Write-Host "  Certificate: $certPath" -ForegroundColor White
    }

    Write-Host "`nNext Steps:" -ForegroundColor Yellow
    Write-Host "1. Configure DNS to resolve $fqdn to this machine's IP" -ForegroundColor White
    Write-Host "2. Deploy the same certificate to other shopfloor PCs" -ForegroundColor White
    Write-Host "3. Run Setup-WinRM-HTTPS.ps1 on each PC" -ForegroundColor White
    Write-Host "4. Test collection with:" -ForegroundColor White
    Write-Host "   .\Invoke-RemoteAssetCollection-HTTPS.ps1 -HostnameList @('$hostname') -Domain '$Domain'" -ForegroundColor Gray

    Write-Host "`nFor production deployment:" -ForegroundColor Yellow
    Write-Host "- Obtain a certificate from a trusted CA" -ForegroundColor White
    Write-Host "- Configure proper DNS entries for all shopfloor PCs" -ForegroundColor White
    Write-Host "- Use the shopfloor-hostnames.txt file for batch deployment" -ForegroundColor White

    Write-Host "`n✅ Test setup complete!" -ForegroundColor Green

} catch {
    Write-Host "`n❌ Test setup failed: $($_.Exception.Message)" -ForegroundColor Red
    Write-Host "`nStack Trace:" -ForegroundColor Gray
    Write-Host $_.ScriptStackTrace -ForegroundColor Gray
    exit 1
}