# Add AD2 sync key to NAS using WinRM through AD2
$password = ConvertTo-SecureString "Paper123!@#" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("INTRANET\sysadmin", $password)

Write-Host "=== Adding AD2 Public Key to NAS ===" -ForegroundColor Cyan
Write-Host ""

Invoke-Command -ComputerName 192.168.0.6 -Credential $cred -ScriptBlock {
    $pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8rc4OBRmMvpXa4UC7D9vtRbGQn19CXCc/IW50fnyCV AD2-NAS-Sync"
    $nasIP = "192.168.0.9"

    Write-Host "[1] Using plink to add key to NAS" -ForegroundColor Yellow
    Write-Host "=" * 80 -ForegroundColor Gray

    # Use existing plink with password to add the key
    $plinkPath = "C:\Program Files\PuTTY\plink.exe"

    # Create authorized_keys directory and add key
    $commands = @(
        "mkdir -p ~/.ssh",
        "chmod 700 ~/.ssh",
        "echo '$pubKey' >> ~/.ssh/authorized_keys",
        "chmod 600 ~/.ssh/authorized_keys",
        "echo '[OK] Key added successfully'",
        "tail -1 ~/.ssh/authorized_keys"
    )

    foreach ($cmd in $commands) {
        Write-Host "  Running: $cmd" -ForegroundColor Gray
        # Note: This uses the existing plink setup with stored credentials
        & $plinkPath -batch root@$nasIP $cmd 2>&1
    }

    Write-Host ""
    Write-Host "[2] Testing key-based authentication" -ForegroundColor Yellow
    Write-Host "=" * 80 -ForegroundColor Gray

    $sshPath = "C:\Program Files\OpenSSH\ssh.exe"
    $keyPath = "C:\Shares\test\scripts\.ssh\id_ed25519_nas"

    # Test connection with key
    $testResult = & $sshPath -i $keyPath -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=C:\Shares\test\scripts\.ssh\known_hosts root@$nasIP "echo '[SUCCESS] Key authentication working!' && hostname" 2>&1

    if ($LASTEXITCODE -eq 0) {
        Write-Host "[SUCCESS] SSH key authentication working!" -ForegroundColor Green
        Write-Host $testResult -ForegroundColor White
    } else {
        Write-Host "[ERROR] Key authentication failed" -ForegroundColor Red
        Write-Host $testResult -ForegroundColor Red
    }

    Write-Host ""
    Write-Host "[3] Testing SCP transfer with key" -ForegroundColor Yellow
    Write-Host "=" * 80 -ForegroundColor Gray

    # Create test file
    $testFile = "C:\Shares\test\scripts\openssh-test-$(Get-Date -Format 'HHmmss').txt"
    "OpenSSH SCP Test - $(Get-Date)" | Out-File -FilePath $testFile -Encoding ASCII

    $scpPath = "C:\Program Files\OpenSSH\scp.exe"

    # Test SCP with verbose output
    $scpResult = & $scpPath -v -i $keyPath -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=C:\Shares\test\scripts\.ssh\known_hosts $testFile root@${nasIP}:/data/test/scripts/ 2>&1

    if ($LASTEXITCODE -eq 0) {
        Write-Host "[SUCCESS] SCP transfer with key authentication working!" -ForegroundColor Green
        # Clean up test file
        Remove-Item -Path $testFile -Force
    } else {
        Write-Host "[ERROR] SCP transfer failed" -ForegroundColor Red
        Write-Host "Error output:" -ForegroundColor Red
        $scpResult | ForEach-Object { Write-Host "  $_" -ForegroundColor Red }
    }
}

Write-Host ""
Write-Host "=== Key Setup Complete ===" -ForegroundColor Cyan