# PST VPN Installation Script
# Run this script as Administrator (Right-click > Run as Administrator)

Write-Host "Installing PST VPN Configuration..." -ForegroundColor Cyan

# Check if running as Administrator
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

if (-not $isAdmin) {
    Write-Host "ERROR: This script must be run as Administrator!" -ForegroundColor Red
    Write-Host "Right-click PowerShell and select 'Run as Administrator', then run this script again." -ForegroundColor Yellow
    pause
    exit 1
}

# Define paths
$sourceDir = "D:\ClaudeTools"
$destDir = "C:\Program Files\OpenVPN\config"

# Check if OpenVPN is installed
if (-not (Test-Path $destDir)) {
    Write-Host "ERROR: OpenVPN does not appear to be installed!" -ForegroundColor Red
    Write-Host "Expected directory not found: $destDir" -ForegroundColor Yellow
    Write-Host "Please install OpenVPN GUI first from: https://openvpn.net/community-downloads/" -ForegroundColor Yellow
    pause
    exit 1
}

# Copy configuration files
Write-Host "`nCopying configuration files..." -ForegroundColor Yellow

try {
    Copy-Item "$sourceDir\PST-NW-VPN-Windows.ovpn" -Destination $destDir -Force
    Write-Host "[OK] Copied PST-NW-VPN-Windows.ovpn" -ForegroundColor Green

    Copy-Item "$sourceDir\PST-NW-VPN-auth.txt" -Destination $destDir -Force
    Write-Host "[OK] Copied PST-NW-VPN-auth.txt" -ForegroundColor Green
}
catch {
    Write-Host "[ERROR] Failed to copy files: $_" -ForegroundColor Red
    pause
    exit 1
}

# Secure the credentials file
Write-Host "`nSecuring credentials file..." -ForegroundColor Yellow
$authFile = "$destDir\PST-NW-VPN-auth.txt"

try {
    # Get current ACL
    $acl = Get-Acl $authFile

    # Disable inheritance and remove inherited permissions
    $acl.SetAccessRuleProtection($true, $false)

    # Remove all existing rules
    $acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }

    # Add SYSTEM - Full Control
    $systemRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
        "SYSTEM", "FullControl", "Allow"
    )
    $acl.AddAccessRule($systemRule)

    # Add Administrators - Full Control
    $adminRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
        "Administrators", "FullControl", "Allow"
    )
    $acl.AddAccessRule($adminRule)

    # Apply the ACL
    Set-Acl $authFile $acl

    Write-Host "[OK] Credentials file secured (SYSTEM and Administrators only)" -ForegroundColor Green
}
catch {
    Write-Host "[WARNING] Could not secure credentials file: $_" -ForegroundColor Yellow
    Write-Host "Please manually secure this file via Properties > Security" -ForegroundColor Yellow
}

# Check for OpenVPN service
Write-Host "`nChecking OpenVPN Interactive Service..." -ForegroundColor Yellow

$service = Get-Service -Name "OpenVPNServiceInteractive" -ErrorAction SilentlyContinue

if ($service) {
    Write-Host "[OK] OpenVPN Interactive Service found" -ForegroundColor Green

    if ($service.StartType -ne "Automatic") {
        Write-Host "Setting service to Automatic startup..." -ForegroundColor Yellow
        Set-Service -Name "OpenVPNServiceInteractive" -StartupType Automatic
        Write-Host "[OK] Service set to Automatic" -ForegroundColor Green
    }

    if ($service.Status -ne "Running") {
        Write-Host "Starting OpenVPN Interactive Service..." -ForegroundColor Yellow
        Start-Service -Name "OpenVPNServiceInteractive"
        Write-Host "[OK] Service started" -ForegroundColor Green
    }
}
else {
    Write-Host "[WARNING] OpenVPN Interactive Service not found" -ForegroundColor Yellow
    Write-Host "You may need to reinstall OpenVPN with service components" -ForegroundColor Yellow
}

# Summary
Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "Installation Complete!" -ForegroundColor Green
Write-Host "========================================" -ForegroundColor Cyan
Write-Host "`nConfiguration files installed to:" -ForegroundColor White
Write-Host "  $destDir" -ForegroundColor Gray
Write-Host "`nNext steps:" -ForegroundColor White
Write-Host "  1. Open OpenVPN GUI (system tray)" -ForegroundColor Gray
Write-Host "  2. Right-click > Connect to 'PST-NW-VPN-Windows'" -ForegroundColor Gray
Write-Host "  3. Optionally configure 'Start on Boot' for auto-connect" -ForegroundColor Gray
Write-Host "`nConnection Details:" -ForegroundColor White
Write-Host "  Server: 64.139.88.249:1194" -ForegroundColor Gray
Write-Host "  Username: pst-admin (auto-login configured)" -ForegroundColor Gray
Write-Host "`n"

pause