Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing

# --- פונקציות ליבה ---

# שליפת תעודות CA קיימות מהמחשב (Local Machine -> My)
function Get-LocalCAs {
    Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { 
        $_.Extensions | Where-Object { $_.Oid.FriendlyName -eq "Key Usage" -and $_.Format(0) -like "*Certificate Signing*" }
    }
}

# פונקציה לייצוא PFX (כולל מפתח פרטי)
function Export-AsPfx {
    param ($Cert, $FilePath, $Password)
    $SecurePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText
    Export-PfxCertificate -Cert $Cert -FilePath "$FilePath.pfx" -Password $SecurePassword
}

# פונקציה לכתיבת לוג (תוקן ל-RichTextBox)
function Write-Log {
    param([string]$Message, $Color = [System.Drawing.Color]::SpringGreen)
    if ($Color -is [string]) { $Color = [System.Drawing.Color]::FromName($Color) }
    $TxtLog.SelectionStart = $TxtLog.TextLength
    $TxtLog.SelectionLength = 0
    $TxtLog.SelectionColor = $Color
    $TxtLog.AppendText("$Message`r`n")
    $TxtLog.SelectionColor = $TxtLog.ForeColor 
    $TxtLog.ScrollToCaret()
}

# --- ממשק גרפי (GUI) ---
$Form = New-Object System.Windows.Forms.Form
$Form.Text = "CertCreator Pro - SAN & CA Manager"
$Form.Size = "750,950"
$Form.StartPosition = "CenterScreen"
$Form.BackColor = "WhiteSmoke"

$FontLabel = New-Object System.Drawing.Font("Segoe UI", 10, [System.Drawing.FontStyle]::Bold)
$FontInput = New-Object System.Drawing.Font("Segoe UI", 11)
$FontLog = New-Object System.Drawing.Font("Consolas", 11)

$CurrentY = 30
$LabelX = 40
$InputX = 320
$InputWidth = 360

# 1. Common Name (CN)
$L1 = New-Object System.Windows.Forms.Label; $L1.Text = "Common Name (CN):"; $L1.Location = "$LabelX,$CurrentY"; $L1.Size = "260,30"; $L1.Font = $FontLabel; $Form.Controls.Add($L1)
$TxtCN = New-Object System.Windows.Forms.TextBox; $TxtCN.Location = "$InputX,$CurrentY"; $TxtCN.Width = $InputWidth; $TxtCN.Font = $FontInput; $Form.Controls.Add($TxtCN)

$CurrentY += 50
# 2. SAN (Multi-Domain) - השדה שביקשת
$L_SAN = New-Object System.Windows.Forms.Label; $L_SAN.Text = "Multi-Domain (SAN):`n(mail.com, *.web.com)"; $L_SAN.Location = "$LabelX,$CurrentY"; $L_SAN.Size = "260,50"; $L_SAN.Font = $FontLabel; $Form.Controls.Add($L_SAN)
$TxtSAN = New-Object System.Windows.Forms.TextBox; $TxtSAN.Location = "$InputX,$CurrentY"; $TxtSAN.Width = $InputWidth; $TxtSAN.Font = $FontInput; $Form.Controls.Add($TxtSAN)

$CurrentY += 60
# 3. סוג תעודה
$L2 = New-Object System.Windows.Forms.Label; $L2.Text = "Certificate Type:"; $L2.Location = "$LabelX,$CurrentY"; $L2.Size = "260,30"; $L2.Font = $FontLabel; $Form.Controls.Add($L2)
$ComboType = New-Object System.Windows.Forms.ComboBox; $ComboType.Location = "$InputX,$CurrentY"; $ComboType.Width = $InputWidth; $ComboType.Font = $FontInput; $ComboType.DropDownStyle = "DropDownList"
$ComboType.Items.AddRange(@("IIS Web Server", "Root CA", "Code Signing", "Hyper-V Replication"))
$Form.Controls.Add($ComboType)

$CurrentY += 50
# 4. בחירת CA לחתימה - השארתי כאופציה
$L_Sign = New-Object System.Windows.Forms.Label; $L_Sign.Text = "Sign with existing CA?"; $L_Sign.Location = "$LabelX,$CurrentY"; $L_Sign.Size = "260,30"; $L_Sign.Font = $FontLabel; $Form.Controls.Add($L_Sign)
$ComboCAs = New-Object System.Windows.Forms.ComboBox; $ComboCAs.Location = "$InputX,$CurrentY"; $ComboCAs.Width = $InputWidth; $ComboCAs.Font = $FontInput; $ComboCAs.DropDownStyle = "DropDownList"
$Form.Controls.Add($ComboCAs)

# טעינת CAs בטעינת הממשק
$ComboCAs.Items.Add("-- Self-Signed (No CA) --")
$ComboCAs.SelectedIndex = 0
foreach ($ca in (Get-LocalCAs)) { [void]$ComboCAs.Items.Add("$($ca.Subject) [$($ca.Thumbprint)]") }

$CurrentY += 50
# 5. סיסמה
$L4 = New-Object System.Windows.Forms.Label; $L4.Text = "PFX Export Password:"; $L4.Location = "$LabelX,$CurrentY"; $L4.Size = "260,30"; $L4.Font = $FontLabel; $Form.Controls.Add($L4)
$TxtPass = New-Object System.Windows.Forms.TextBox; $TxtPass.Location = "$InputX,$CurrentY"; $TxtPass.Width = $InputWidth; $TxtPass.Font = $FontInput; $TxtPass.PasswordChar = '*'; $Form.Controls.Add($TxtPass)

$CurrentY += 50
# 6. תוקף
$L5 = New-Object System.Windows.Forms.Label; $L5.Text = "Expiration Date:"; $L5.Location = "$LabelX,$CurrentY"; $L5.Size = "260,30"; $L5.Font = $FontLabel; $Form.Controls.Add($L5)
$DateExp = New-Object System.Windows.Forms.DateTimePicker; $DateExp.Location = "$InputX,$CurrentY"; $DateExp.Width = $InputWidth; $DateExp.Font = $FontInput; $Form.Controls.Add($DateExp)

$CurrentY += 80
# כפתור הנפקה
$BtnCreate = New-Object System.Windows.Forms.Button
$BtnCreate.Text = "GENERATE CERTIFICATE"; $BtnCreate.Location = "40,$CurrentY"; $BtnCreate.Width = 640; $BtnCreate.Height = 60
$BtnCreate.BackColor = "SteelBlue"; $BtnCreate.ForeColor = "White"; $BtnCreate.Font = New-Object System.Drawing.Font("Segoe UI", 12, [System.Drawing.FontStyle]::Bold)
$Form.Controls.Add($BtnCreate)

$CurrentY += 80
# לוג (RichTextBox)
$TxtLog = New-Object System.Windows.Forms.RichTextBox
$TxtLog.Location = "40,$CurrentY"; $TxtLog.Size = "640,320"; $TxtLog.ReadOnly = $true; $TxtLog.BackColor = "Black"; $TxtLog.ForeColor = "SpringGreen"; $TxtLog.Font = $FontLog
$Form.Controls.Add($TxtLog)

# --- לוגיקת ביצוע ---
$BtnCreate.Add_Click({
    $TxtLog.Clear()
    if ([string]::IsNullOrWhiteSpace($TxtCN.Text) -or [string]::IsNullOrWhiteSpace($TxtPass.Text)) { 
        [void][System.Windows.Forms.MessageBox]::Show("Please fill CN and Password!"); return 
    }

    $CN = $TxtCN.Text
    $OutPath = "$env:USERPROFILE\Desktop\Certs_$($CN)"
    if (-not (Test-Path $OutPath)) { New-Item -ItemType Directory -Path $OutPath }

    try {
        Write-Log ">> Starting generation for $CN..."
        
        # בניית רשימת שמות (DnsName) - השילוב של CN + SAN
        $DnsList = @($CN)
        if (![string]::IsNullOrWhiteSpace($TxtSAN.Text)) {
            $DnsList += $TxtSAN.Text -split ',' | ForEach-Object { $_.Trim() }
        }

        $CertParams = @{
            Subject = "CN=$CN"
            DnsName = $DnsList
            NotAfter = $DateExp.Value
            CertStoreLocation = "Cert:\LocalMachine\My"
            KeyExportPolicy = "Exportable"
            Provider = "Microsoft Software Key Storage Provider"
        }

        # חתימה עם CA אם נבחר
        if ($ComboCAs.SelectedIndex -gt 0) {
            $thumb = ($ComboCAs.SelectedItem -split "\[")[-1].Replace("]", "")
            $CertParams.Add("Signer", (Get-Item "Cert:\LocalMachine\My\$thumb"))
            Write-Log "[INFO] Signed by CA: $($ComboCAs.SelectedItem)"
        }

        # הגדרות לפי סוג
        if ($ComboType.SelectedItem -eq "Root CA") { $CertParams.Add("KeyUsage", "CertSign") }

        # יצירה בפועל
        $NewCert = New-SelfSignedCertificate @CertParams
        Write-Log "[V] Success: Certificate created in Store."

        # ייצוא קבצים
        Export-AsPfx -Cert $NewCert -FilePath "$OutPath\$CN" -Password $TxtPass.Text
        Export-Certificate -Cert $NewCert -FilePath "$OutPath\$CN.cer"
        
        Write-Log "[V] PFX & CER exported to Desktop." ([System.Drawing.Color]::Cyan)
        explorer.exe $OutPath

    } catch {
        Write-Log "[X] ERROR: $($_.Exception.Message)" ([System.Drawing.Color]::Red)
    }
})

$Form.ShowDialog()