#'x509' - for Certificate (w/ chain), PEM encoded,
 #'x509CO' - for Certificate only, PEM encoded,
 #'base64' - for PKCS#7, PEM encoded,
 #'bin' - for PKCS#7, 'x509IO' - for Root/Intermediate(s) only, PEM encoded,
 #'x509IOR' - for Intermediate(s)/Root only, PEM encoded,
 #'pem' - for Certificate (w/ chain), PEM encoded,
 #'pemco' - for Certificate only, PEM encoded,
 #'pemia' - for Certificate (w/ issuer after), PEM encoded,
 #'x509R' - for Certificate (w/ chain), PEM encoded.
 # base64 is default.

function Download-SectigoCertificate {
    [CmdletBinding(SupportsShouldProcess=$true)]
    param (
        [string]$ApiToken=$env:SectigoToken,
        [string]$CertRootPath="c:\certs",
        [ValidateSet('x509','x509CO','base64','bin','x509IOR','pem','pemco','pemia','x509R' )]
        [string]$Format="x509CO",

        [Parameter(Mandatory=$true)]
        [string]$OrderId
    )

    if (-Not $ApiToken) {
        $ApiToken=Read-Host "ApiToken:"
    }
    . $PSScriptRoot\..\Private\Set-Onload.ps1

    [string]$CollectUrl = "${BaseAPIUrl}/api/ssl/v1/collect/${OrderId}?format=${format}"

   Write-Verbose -Verbose "CollectUrl: $CollectUrl"
    $headers = @{
        "Authorization" = "Bearer $ApiToken"
        "Content-Type" = "application/json"  # <-- Cleaned up syntax
    }

    # --- API Call ---
    Write-Verbose "Attempting to retrieve certificate for Order ID: $OrderId"

    try {
        $response = Invoke-WebRequest -Uri $CollectUrl -Method Get -Headers $headers -UseBasicParsing -ErrorAction Stop
    } catch {
        Write-Error "API Request Failed: $($_.Exception.Message)"
        return $null
    }
     $OutPath = "${CertRootPath}\cert_${OrderId}.cer"

    # --- Response Processing ---
    if ($response.StatusCode -eq 200) {
        Write-Verbose "Certificate successfully retrieved (Status 200)."

        # 1. Get the Hex String
        # ASSUMPTION: The API returns the raw certificate Hex string in the response content.
        # If the API returns JSON, you must use 'ConvertFrom-Json' first to extract the hex property.
        $decimalNumbersString = $response.Content

$numberStrings = $decimalNumbersString -split '\s+|,|\r?\n' | Where-Object { $_ }

try {
    [byte[]]$bytes = $numberStrings | ForEach-Object { [int]$_ }
} catch {
    Write-Error "Error converting numbers. Ensure all numbers are between 0 and 255."
    exit
}

#  Write the byte array to the binary file
[System.IO.File]::WriteAllBytes($OutPath , $bytes)
Get-ChildItem $OutPath|select fullname, LastWriteTime
    }
}