Function Enroll-SectigoCertificateRequest {
    [CmdletBinding()]
    param (
        [string]$ApiToken=$env:SectigoToken,
        [int]$OrgId=8091,  # 8091 friendly label is "Information Technology Department - Windows"
        [Parameter(Mandatory=$true)]
        [string]$subjAltNames,
        [ValidateSet('IIS','IIS_OLD','IBM','LINUX','Apache','Tomcat')]
        [string]$Type="IIS",
        [string]$comment = "",
        [Parameter(Mandatory=$true)]
        [string]$dcvEmail,
        [Parameter(Mandatory=$true)]
        [ValidateSet('ECC',"RSA")]
        [string]$KeyType,
        [Parameter(Mandatory=$true)]
        [string]$Csr,  # Replace with your Sectigo Organization ID
        [switch]$Test
    )
    if (-Not $ApiToken) {
        $ApiToken=Read-Host "ApiToken:"
    }

. $PSScriptRoot\..\Private\Set-Onload.ps1

[string]$RequestUrl= $BaseAPIUrl + "/api/ssl/v1/enroll"

Write-Verbose -Verbose "RequestUrl: $RequestUrl"
#$CertType=2369

#If ($subjAltNames) {
$CertType=2375
#}


$term=365
# 7: IBM HTTP Server
# 14: Microsoft IIS 5 or 6
    switch ($ServerType.ToLower()) {
        "iis" {
            $ServerTypeCode = 35
        }
        "iis_old" {
            $ServerTypeCode = 14
        }
        "ibm" {
            $ServerTypeCode = 7
        }
        "linux" {
            $ServerTypeCode = 'Linux'
        }
        "apache" {
            $ServerTypeCode = 2
        }
        "tomcat" {
            $ServerTypeCode = 12
        }
        default {
            Write-Warning "Unsupported server type: $ServerType. Please provide specific instructions for manual installation."
        }
     }


#ignorded for now
#    keySize = 2048,
#    keyParam = 2048,
#    algorithm = $KeyType
#    keyGenerationMethod = PK_AGENT


$body = @{
    orgId = $OrgId
    subjAltNames = $subjAltNames
    certType = $CertType
    term = $term
    serverType = $ServerTypeCode
    comments = $comment
    csr = $csr
    externalRequester = $dcvEmail
}

#$b2= @{
#    subjAltNames = $subjAltNames
#}
#
#if ($subjAltNames) {
#    $body = $body + $b2
#}



$b3=@{
commonName = $commonName
keySize = 2048
keyParam = "2048"
algorithm = "RSA"
keyGenerationMethod = "PK_AGENT"
}

$b4=@{
commonName = $commonName
keyParam = "secp256r1"
algorithm = "ESS"
keyGenerationMethod = "PK_AGENT"
}



#    $body = $body + $b2
#If ($KeyType -eq "rsa") {
#    $body = $body + $b3
#} else {
#    $body = $body + $b4
#}




If ($test) {
    Return
}

# Convert the body to JSON
$jsonBody = $body | ConvertTo-Json

Write-Host $jsonBody

# --- Set up Authentication Headers ---
$headers = @{
    "Authorization" = "Bearer $ApiToken"
    "Content-Type"  = "application/json"
}

# --- Send the Request ---
try {
    $response=Invoke-RestMethod -Uri $RequestUrl -Method POST -Headers $headers -Body $jsonBody -ContentType "application/json"

    return $response
}
catch {
    Write-Error "Error during certificate enrollment: $($_.Exception.Message)"
    if ($_.Exception.Response) {
        $errorResponse = $_.Exception.Response.GetResponseStream()
        $reader = New-Object System.IO.StreamReader($errorResponse)
        $responseBody = $reader.ReadToEnd()
        Write-Error "Sectigo API Error Response: $responseBody"
    }
}
}