#region Private variables

$loggingDirectory = "C:\Temp"
$loggingFile = "Install.log"
$logFile = Join-Path $loggingDirectory $loggingFile

#endregion

#region Public methods

function CheckCredentials
{
    If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
        [Security.Principal.WindowsBuiltInRole] "Administrator"))
    {
        Write-Warning "You do not have Administrator rights to run this script!`nPlease re-run this script as an Administrator!"
        return $false
    }

    Write-Host "Done."
    return $true
}

function EnableEmbeddedIISFeatures
{
    cd $PSScriptRoot

    $featureList = @("IIS-WebServerRole",
    "IIS-WebServer",
    "IIS-CommonHttpFeatures",
    "IIS-HttpErrors",
    "IIS-HttpRedirect",
    "IIS-ApplicationDevelopment",
    "IIS-NetFxExtensibility",
    "IIS-NetFxExtensibility45",
    "IIS-HealthAndDiagnostics",
    "IIS-HttpLogging",
    "IIS-LoggingLibraries",
    "IIS-RequestMonitor",
    "IIS-HttpTracing",
    "IIS-Security",
    "IIS-URLAuthorization",
    "IIS-RequestFiltering",
    "IIS-IPSecurity",
    "IIS-Performance",
    "IIS-HttpCompressionDynamic",
    "IIS-WebServerManagementTools",
    "IIS-ManagementScriptingTools",
    "IIS-IIS6ManagementCompatibility",
    "IIS-Metabase",
    "IIS-CertProvider",
    "IIS-WindowsAuthentication",
    "IIS-DigestAuthentication",
    "IIS-ClientCertificateMappingAuthentication",
    "IIS-IISCertificateMappingAuthentication",
    "IIS-StaticContent",
    "IIS-DefaultDocument",
    "IIS-DirectoryBrowsing",
    "IIS-WebSockets",
    "IIS-ApplicationInit",
    "IIS-ASPNET",
    "IIS-ASPNET45",
    "IIS-ASP",
    "IIS-CGI",
    "IIS-ISAPIExtensions",
    "IIS-ISAPIFilter",
    "IIS-ServerSideIncludes",
    "IIS-CustomLogging",
    "IIS-BasicAuthentication",
    "IIS-HttpCompressionStatic",
    "IIS-ManagementConsole",
    "IIS-ManagementService")

    Enable-WindowsOptionalFeature -FeatureName $featureList -Online > $null

    Write-Host "Done."
}

function ScaffoldIIS($hostName, $hostIp, $iisApplication, $iisVirtualApplications)
{
    SetHostsFile $hostName $hostIp

	CreateApplicationPool $iisApplication

	if($iisVirtualApplications -ne $null)
	{
		CreateApplicationPool $iisVirtualApplications
	}
	
    CreateSite $iisApplication $iisVirtualApplications

    GrantPermissionToApplicationPool $iisApplication
	
	AddSslBindingToIdpAndAddAsTrustedCert $iisApplication $hostName
	
    if($iisVirtualApplications -ne $null)
	{
		GrantPermissionToApplicationPool $iisVirtualApplications
	}
	
    Write-Host "IIS scaffolding has been successfully completed!"
}

function ResetIIS
{
    & {iisreset} > $null
    Write-Host "Done."
}

function ResetEnvironment
{
    cd $PSScriptRoot
    Write-Host "Done."
}

function StartLogging
{
    ScaffoldLoggingContainer

    try { Stop-Transcript } catch {}
    Start-Transcript -path $logFile -append
}

function StopLogging
{
    try { Stop-Transcript } catch {}
}

#endregion Public methods

#region Private methods

function SetHostsFile($hostName, $ip)
{
    $hostsPath = "$env:windir\System32\drivers\etc\hosts"
    $measure = Get-Content $hostsPath | Select-String $hostName | measure | select -Property Count

    if($measure.Count -eq 0)
    {
        "`r`n" + $ip + "`t" + $hostName | Out-File -encoding ASCII -append $hostsPath
        Write-Host $hostsPath "Host file has been successfully updated!"
    }
}

function CreateApplicationPool($iisApplication)
{
    #navigate to the app pools root
    cd IIS:\AppPools\

	foreach($iisApplicationPool in $iisApplication)
    {
		$iisApplicationPoolName = $iisApplicationPool.poolName
		
		#check if the app pool exists
		if (!(Test-Path $iisApplicationPoolName -pathType container))
		{
			#create the app pool
			$appPool = New-Item $iisApplicationPoolName
			
			foreach($iisApplicationPoolProperty in $iisApplicationPool.property)
			{		
				$appPool | Set-ItemProperty -Name $iisApplicationPoolProperty.name -Value $iisApplicationPoolProperty.value
			}
			
			Write-Host "$iisApplicationPoolName (application pool) has been successfully created!"
		}
	}
}

function GrantPermissionToApplicationPool($iisApplicationPoolName, $containerDirectoryPath)
{
	foreach($iisApp in $iisApplication)
	{
		Write-Host "Grant RW directory level permission for" $iisApp.poolName "(" $iisApp.applicationPath ")"
		$fullApplicationPoolName = "IIS AppPool\" + $iisApp.poolName
	
		GrantModifyPermissionToFolder $fullApplicationPoolName $iisApp.applicationPath "Modify"
	
		Write-Host "Grant R directory level permission for IUSR" "(" $iisApp.applicationPath ")"
		GrantModifyPermissionToFolder "IUSR" $iisApp.applicationPath "Read"
	}
}

function GrantModifyPermissionToFolder($userName, $path, $accessLevel)
{
    $acl = Get-Acl $path
    $ar = New-Object System.Security.AccessControl.FileSystemAccessRule($userName, $accessLevel, "ContainerInherit,ObjectInherit", "None", "Allow")

    $acl.SetAccessRule($ar)
    Set-Acl $path $acl
}

function CreateSite($iisApplication, $iisVirtualApplication)
{
    #navigate to the sites root
    cd IIS:\Sites\
	
    $iisApplicationName
	
	foreach($iisApp in $iisApplication)
	{
		$iisApplicationName = $iisAppName = $iisApp.name
		
		#check if the site exists
		if (Test-Path $iisAppName -pathType container)
		{
			$targetApplication = "IIS:\Sites\$iisAppName"
			$previousSite = Get-Item $targetApplication
			$previousSiteLocation = $previousSite.physicalPath
	
			Remove-Item $targetApplication -Recurse -Force > $null
	
			Write-Host "Previous $iisAppName (site) has been successfully deleted! Physical location: $previousSiteLocation"
		}
	
		#create the site
		$application = New-Item $iisAppName -bindings $iisApp.bindings -physicalPath $iisApp.applicationPath
		$application | Set-ItemProperty -Name "applicationPool" -Value $iisApp.poolName
	
		$newSite = Get-Item "IIS:\Sites\$iisAppName"
		$newSiteLocation = $newSite.physicalPath
	
		Write-Host "$iisAppName (site) has been successfully created! Physical location: $newSiteLocation"
	}
	
	if($iisVirtualApplication -ne $null)
	{
		foreach($iisVirtualApp in $iisVirtualApplication)
		{
			$iisVirtualAppName = $iisVirtualApp.name
			
			#create the virtual application
			New-Item "IIS:\Sites\$iisApplicationName\$iisVirtualAppName" -physicalPath $iisVirtualApp.applicationPath -type Application
			Set-ItemProperty "IIS:\Sites\$iisApplicationName\$iisVirtualAppName" -Name "applicationPool" -Value $iisVirtualApp.poolName
		
			$newSite = Get-Item "IIS:\Sites\$iisApplicationName\$iisVirtualAppName"
			$newSiteLocation = $newSite.physicalPath
		
			Write-Host "$iisVirtualAppName (virtual application) has been successfully created! Physical location: $newSiteLocation"
		}
	}
}

function ScaffoldLoggingContainer
{
    if(!(Test-Path $loggingDirectory))
    {
        New-Item $loggingDirectory -ItemType Directory > $null
    }

    if((Test-Path $logFile))
    {
        Remove-Item $logFile -Force > $null
    }

    New-Item $logFile -ItemType File > $null
}

function AddSslBindingToIdpAndAddAsTrustedCert($iisApplication, $dnsName)
{
	#TODO: meglehet csinálni paraméterezve a binding-ot, nem kell a foreach
	
	foreach($iisApp in $iisApplication)
	{
		$newCert = New-SelfSignedCertificate -DnsName $dnsName -CertStoreLocation cert:\LocalMachine\My
	
		##New-WebBinding -Name $iisApp.name -HostHeader $dnsName -Port 443 -Protocol https
	
		$binding = Get-WebBinding -Name $iisApp.name -Protocol "https"
	
		$binding.AddSslCertificate($newCert.GetCertHashString(), "my")
	
		$tempCert = Join-Path "c:\Temp" $dnsName
	
		Export-Certificate -Cert $newCert -FilePath $tempCert -Type SST
	
		Import-Certificate -CertStoreLocation cert:\CurrentUser\Root -FilePath $tempCert
	
		Remove-Item $tempCert
	
		Write-Host "Done."
	}
}

#endregion Private methods

#region Exports

export-modulemember -function CheckCredentials
export-modulemember -function EnableEmbeddedIISFeatures
export-modulemember -function ScaffoldIIS
export-modulemember -function ResetIIS
export-modulemember -function ResetEnvironment
export-modulemember -function StartLogging
export-modulemember -function StopLogging

#endregion Exports