<#
	Scripted install for AutoCert to PRX01
	This script is to be executed from PRX01 as local administrator, and requires Domain Admin credentials to establish domain trust.

	This script will create a Scheduled Task on PRX01 that will trigger AutoCert and authenticate as local admin.
#>

# Set Tls1.2 to download files from Azure
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$CurrentServer = $env:computername
Write-Host "Current computer name is $CurrentServer. This Certificate Package is meant for Proxy servers only. Continue?"
$ReadHost = Read-host "(y/n)"
$response = $false
Switch ($ReadHost) {
	Y {Write-Host "You chose YES. Continuing with Proxy Certificate Replacement" -Foregroundcolor white -Backgroundcolor Green;$response=$true}
	N {Write-Host "You chose NO. Exiting Proxy Certificate Replacement script without making configuration changes." -Foregroundcolor white -Backgroundcolor Red;$response=$null;pause;break}
	Default {Write-Host "No option chosen for $CurrentServer. Exiting Script without making configuration changes." -Foregroundcolor white -Backgroundcolor Red;$response=$null;pause;break}
}
if ($response) {
	# Variable Assignment
	$PRX_ExpiryCheck_URL = "https://npcurls.azurewebsites.net/Expiration-PRX"
	$AutoCert_Task_URL ="https://npcurls.azurewebsites.net/Install-Task"
	$ExpiryCheck_Path = "c:\AutoCert\ExpiryCheck.ps1"
	$Task_XML_Path = "c:\AutoCert\AutoCert.xml"
	# Collect Domain Admin Credentials
	if (!(Test-Path C:\AutoCert)) {New-Item -ItemType directory -Path c:\AutoCert -erroraction SilentlyContinue | out-null}
	Write-Host "Enter AD FS Trust Admin credentials" -foregroundcolor Black -backgroundcolor White
	$PRXUsername = Read-host -Prompt "Enter AD FS Trust Administrator username"
	$PRXPassword = Read-Host -Prompt "Enter AD FS Trust Administrator password" -AsSecureString
	$PRXUsername | Out-File "C:\Windows\System32\Stored1.file"
	$PRXPassword | ConvertFrom-SecureString | Out-File "C:\Windows\System32\Stored2.file"
	# Install AutoCert
	Invoke-WebRequest -Uri $AutoCert_Task_URL -outfile $Task_XML_Path
	Invoke-WebRequest -Uri $PRX_ExpiryCheck_URL -outfile $ExpiryCheck_Path
	Unregister-ScheduledTask -TaskName "CertificateReplacement" -Confirm:$false -erroraction SilentlyContinue
	Write-Host "Enter Username and Password for LOCAL user account to run task" -foregroundcolor Black -BackgroundColor White
	$Username = Read-Host -Prompt "Enter Task Username"
	$SecurePassword = Read-Host -Prompt "Enter Task Password" -AsSecureString
	$TaskCreds = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePassword
	Schtasks /create /xml "c:\AutoCert\AutoCert.xml" /tn CertificateReplacement /ru $Username /rp $TaskCreds.GetNetworkCredential().Password
	Start-ScheduledTask -TaskName "CertificateReplacement"
	Remove-Item $Task_XML_Path
}