function DownloadFile()
{
    param(
        [Parameter(Mandatory)]
        [string]$DownloadFileURI,
        [Parameter(Mandatory)]
        [string]$OutFilePath
    )

    try
    {
        Invoke-WebRequest -URI $DownloadFileURI -OutFile $OutFilePath
    }
    catch
    {
        Write-Error -Message "Failed to download $DownloadFileURI"
        Write-Host $_
        exit 1
    }
}

function ValidateHash()
{
    param(
        [Parameter(Mandatory)]
        [string]$CertFilePath,
        [Parameter(Mandatory)]
        [string]$CertHashFilePath
    )

    try
    {
        $HashToValidate = certutil -hashfile $CertFilePath MD5 | Out-String | % { ($_ -split '\r?\n')[1] };
        $HashPattern = "[a-fA-F0-9]{32}";
        $KnownHash = Select-String -Path $CertHashFilePath -Pattern $HashPattern | % { $_.matches.Groups[0] } | % { $_.Value }
        return ($HashToValidate -eq $KnownHash)
    }
    catch
    {
        Write-Error -Message "Failed to validate MD5 hash of RADIUS certificate"
        Write-Host $_
        exit 1
    }
}

function InstallCertificate()
{
    param(
        [Parameter(Mandatory)]
        [string]$CertFileURI,

        [Parameter(Mandatory)]
        [string]$CertFileOutPath,
        [Parameter(Mandatory)]
        [string]$CertHashFileURI,
        [Parameter(Mandatory)]
        [string]$CertHashFileOutPath
    )


    try
    {
        DownloadFile -DownloadFileURI $CertFileURI -OutFilePath $CertFileOutPath
        DownloadFile -DownloadFileURI $CertHashFileURI -OutFilePath $CertHashFileOutPath

        $HashMatches = ValidateHash -CertFilePath $CertFileOutPath -CertHashFilePath $CertHashFileOutPath
        if ($HashMatches -ne 1)
        {
            Write-Error -Message "Failed to validate MD5 hash of RADIUS certificate"
            Write-Host $_
            exit 1
        }
        Remove-Item -Path $CertHashFileOutPath -Force
        Import-Certificate -FilePath $CertFileOutPath -CertStoreLocation Cert:\LocalMachine\Root
    }
    catch
    {
        Write-Error -Message "Failed to install RADIUS certificate"
        Write-Host $_
        exit 1   
    }
}

$Radius2023CertURI = "https://jumpcloud-kb.s3.amazonaws.com/radius.jumpcloud.com-2023.crt"
$Radius2023CertOutFilePath = "C:\Windows\Temp\radius.jumpcloud.com-2023.crt"
$Radius2023CertHashURI = "https://jumpcloud-kb.s3.amazonaws.com/radius.jumpcloud.com-2023.crt.md5"
$Radius2023CertHashOutFilePath = "C:\Windows\Temp\radius.jumpcloud.com-2023.crt.md5"

InstallCertificate -CertFileURI $Radius2023CertURI -CertFileOutPath $Radius2023CertOutFilePath -CertHashFileURI $Radius2023CertHashURI -CertHashFileOutPath $Radius2023CertHashOutFilePath

$Radius2024CertURI = "https://jumpcloud-kb.s3.amazonaws.com/radius.jumpcloud.com-2024.crt"
$Radius2024CertOutFilePath = "C:\Windows\Temp\radius.jumpcloud.com-2024.crt"
$Radius2024CertHashURI = "https://jumpcloud-kb.s3.amazonaws.com/radius.jumpcloud.com-2024.crt.md5"
$Radius2024CertHashOutFilePath = "C:\Windows\Temp\radius.jumpcloud.com-2024.crt.md5"

InstallCertificate -CertFileURI $Radius2024CertURI -CertFileOutPath $Radius2024CertOutFilePath -CertHashFileURI $Radius2024CertHashURI -CertHashFileOutPath $Radius2024CertHashOutFilePath