Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
## This script creates an oAuth 2.0 packet using the Drupal high trust Cert and S2S protocol
## To test the Drupal integration on a daily basis.

## Author: Paul Hunt - Trustmarque July 2015

##Setup Assemblies
[System.Reflection.Assembly]::LoadWithPartialName("System.Security") | out-null
[System.Reflection.Assembly]::LoadWithPartialName("mscorlib") | out-null
$identityDllPath = $PSScriptRoot + "\System.identitymodel.tokens.jwt.dll"
add-type -LiteralPath $identityDllPath

##Setup the root web and test query endpoint
$rootWeb = "https://sharepointsite.company.co.uk"
$apiInterface = "/_api/search/query?querytext='sharepoint'"

##get certificate details
$privateCertPath = $PSScriptRoot + "\High-Trust-Cert.pfx" 
$certPW = "UnsecureTextPassword"
$certPWSecure = ConvertTo-SecureString $certPW -AsPlainText -force

##
$domain = "sharepointsite.company.co.uk"
$clientID = "c9725386-972e-45d6-8996-68333dae889a"
$realm = Get-SPAuthenticationRealm

##Now create a new X509 cert object with it.. this includes the Private key which allows us to Sign stuff!
$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2($privateCertPath, $certPWSecure)

##now setup the items we need to build the tokens
$aud = "00000003-0000-0ff1-ce00-000000000000/" + $domain + "@" + $realm
$iss = $clientID + "@" + $realm
$nameid = "s-1-5-21-309554102-208957183-1128231545-40032" ##This is the SID for the SPInstall account
$actorNameid = $iss
$nii = "urn:office:idp:activedirectory"
$nbf = [DateTime]::UtcNow
$exp = [DateTime]::Now.AddHours(4).ToUniversalTime()

###Setup functions
##Send email via SharePoint

function sendErrorEmail([string] $msg)
{
    $useSharePointEmail = $false


        $sd = new-object System.collections.specialized.stringdictionary
        $sd.add("to","sharepoint@companyname.co.uk")
        $sd.add("from","sharepoint@companyname.co.uk")
        $sd.add("Subject","##LIVE### - SharePoint Drupal web search testing failed")
        $body = "The SharePoint drupal web search test has failed.<br/><br/>" + $msg

    if ($useSharePointEmail)
    {
        $web = get-spweb $rootWeb
        [Microsoft.SharePoint.Utilities.SPUtility]::SendEmail($web,$sd,$body)
    }
    else
    {
        Send-MailMessage -to $sd["To"] -From $sd["from"] -Subject $sd["Subject"] -BodyAsHtml $body -SmtpServer "mailrelay.companyname.co.uk"
    }
}


###################



##Setup the signing credentials from the certificate
[System.IdentityModel.Tokens.X509SigningCredentials] $signingCredentials = new-object System.IdentityModel.Tokens.X509SigningCredentials($cert, [System.IdentityModel.Tokens.SecurityAlgorithms]::RsaSha256Signature, [System.IdentityModel.Tokens.SecurityAlgorithms]::Sha256Digest)

##############################
##now build the Actor Token ##
##############################
[System.IdentityModel.Tokens.JwtHeader] $jwtActorHeader = new-object System.IdentityModel.Tokens.JwtHeader($signingCredentials)

$nameIdClaim = new-object System.Security.Claims.Claim("nameid",$actorNameid)
$delegateClaim = new-object System.Security.Claims.Claim("trustedfordelegation","true")
$claims = new-object 'System.Collections.Generic.List[System.Security.Claims.Claim]'
$claims.Add($nameIdClaim)
$claims.Add($delegateClaim)

[System.IdentityModel.Tokens.JwtPayload] $jwtActorPayload = New-Object System.IdentityModel.Tokens.JwtPayload($iss,$aud,$claims,$nbf,$exp)
[System.IdentityModel.Tokens.JwtSecurityToken] $jwtActorToken  = New-Object System.IdentityModel.Tokens.JwtSecurityToken($jwtActorHeader,$jwtActorPayload)
[System.IdentityModel.Tokens.JwtSecurityTokenHandler] $jwtSecurityTokenHandler = new-object System.IdentityModel.Tokens.JwtSecurityTokenHandler
$completeEncryptedActorToken = $jwtSecurityTokenHandler.WriteToken($jwtActorToken)

##############################
##now build the Outer Token ##
##############################

##Header first
[System.IdentityModel.Tokens.JwtHeader] $jwtOuterHeader = new-object System.IdentityModel.Tokens.JwtHeader
$jwtOuterHeader.Add("typ","JWT")
$jwtOuterHeader.Add("alg","none")

##Now the payload
$outerNameIdClaim = new-object System.Security.Claims.Claim("nameid",$nameid) ##This is the SID of the person we're impersonating
$outerNiiClaim = new-object System.Security.Claims.Claim("nii",$nii)
$outerActorClaim = new-object System.Security.Claims.Claim("actortoken",$completeEncryptedActorToken) ##The token we just created

$outerClaims = new-object 'System.Collections.Generic.List[System.Security.Claims.Claim]'
$outerClaims.Add($outerNameIdClaim)
$outerClaims.Add($outerNiiClaim)
$outerClaims.Add($outerActorClaim)

[System.IdentityModel.Tokens.JwtPayload] $jwtOuterPayload = New-Object System.IdentityModel.Tokens.JwtPayload($iss,$aud,$outerClaims,$nbf,$exp)

##Complete the token
[System.IdentityModel.Tokens.JwtSecurityToken] $jwtOuterToken  = New-Object System.IdentityModel.Tokens.JwtSecurityToken($jwtOuterHeader,$jwtOuterPayload)

$finishedToken = $jwtSecurityTokenHandler.WriteToken($jwtOuterToken)

##At this point, all of the Token setup is complete.
##Now we can make a web request
$webRequestURL = $rootWeb + $apiInterface

$request = [System.Net.WebRequest]::Create($webRequestURL)
$request.Accept = "application/json;odata=verbose"
$request.Headers.Add("X-FORMS_BASED_AUTH_ACCEPTED","f")
$request.Headers.Add("X-HTTP-Method", "GET")
$request.Headers.Add("Authorization", "Bearer " + $finishedToken)
$request.Referer = "https://drupalsystem.companyname.co.uk"

write-host "Making request"
write-eventlog -logname Application -source "Drupal Test" -EntryType Information -eventid 1 -Message "Drupal test starting"

    try
    {
        [System.Net.WebResponse] $response = $request.GetResponse()
    }
    catch
    {
        $exceptionMsg = $error[0].Exception.Message
        $response = $null
    }


if ($response)
{

    try
    {
        $reader = New-Object System.IO.StreamReader $response.GetResponseStream()
        $data = $reader.ReadToEnd()
        Write-Host("Request completed") -ForegroundColor Green
        $jsonResults = ConvertFrom-Json $data
        $totalResults = $jsonResults.d.query.PrimaryQueryResult.RelevantResults.RowCount

        if ($totalResults -gt 0)
        {
            write-host("Search results successfull") -ForegroundColor Green
            write-eventlog -logname Application -source "Drupal Test" -EntryType Information -eventid 1000 -Message "Drupal test successfull"

        }
        else
        {
            $errMsg = "No Results Found - Total Rows returned = " + $jsonResults.d.query.PrimaryQueryResult.RelevantResults.TotalRows
            write-host($errMsg)
            sendErrorEmail($errMsg)
            write-eventlog -logname Application -source "Drupal Test" -EntryType Error -eventid 9999 -Message $errMsg
        }

    }
    finally
    {
        $reader.dispose()

    }

}
else
{
    write-host "Response object null"
    $errMsg = "Exception thrown during Search: " + $exceptionMsg
    write-host($errMsg)
    sendErrorEmail($errMsg)
    write-eventlog -logname Application -source "Drupal Test" -EntryType Error -eventid 9999 -Message $errMsg

}

write-eventlog -logname Application -source "Drupal Test" -EntryType Information -eventid 1 -Message "Drupal test ending"