[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

$baseurl = "https://tpp-mssql.venafi.example/vedsdk/"
$user = "admin"
$pass = "passw0rd"
$outfile = "detected_protocols.txt"

function Get-ProtocolString( $value )
{
    $protocols = ""	

    if ( $value -band 12 )
    {
        $protocols += "SSL 2.0"
    }

    if ( $value -band 48 )
    {
        if ( $protocols ) 
        {
            $protocols += ","
        }
            
        $protocols += "SSL 3.0"
    }

    if ( $value -band 192 )
    {
        if ( $protocols ) 
        {
            $protocols += ","
        }
            
        $protocols += "TLS 1.0"
    }

    if ( $value -band 768 )
    {
        if ( $protocols ) 
        {
            $protocols += ","
        }
            
        $protocols += "TLS 1.1"
    }

    if ( $value -band 3072 )
    {        
        if ( $protocols ) 
        {
            $protocols += ","
        }
            
        $protocols += "TLS 1.2"
    }

    return $protocols
}

$uri = $baseurl + '/Authorize'
$json = "{ `"Username`": `"$user`", `"Password`": `"$pass`" }"
$apikey = (Invoke-RestMethod -Uri $uri -Body $json -Method POST -ContentType 'application/json').APIKey

$header = @{ "X-Venafi-Api-Key"=$apikey; }

"Object DN`tEndpoint`tProtocols" | Out-File $outfile

# enumerate all of the policy folders
$uri = $baseurl + '/Config/FindObjectsOfClass'
$json = "{ `"Class`": `"Policy`" }"
$containers = (Invoke-RestMethod -Uri $uri -Headers $header -Body $json -Method POST -ContentType 'application/json').Objects.DN

# enumerate classes that support validation
$uri = $baseurl + '/ConfigSchema/Classes'
$json = "{ `"DerivedFrom`": `"Validation Base`" }"
$classes = (Invoke-RestMethod -Uri $uri -Headers $header -Body $json -Method POST -ContentType 'application/json').ClassDefinitions.Name

$todo = $true
    
while ( $todo )
{
    $others = @()

    foreach ($container in $containers)
    {   
        # fetch the objects located in the container
        $uri = $baseurl + '/Config/Enumerate'
        $json = "{ `"ObjectDN`": `"$($container.Replace('\','\\'))`", `"Recursive`": 0 }"
        $objects = (Invoke-RestMethod -Uri $uri -Headers $header -Body $json -Method POST -ContentType 'application/json').Objects

        Write-Host "Checking $($objects.Count) object(s) in $container"
        
        foreach ($object in $objects)
        {
            if ($object.TypeName -in $classes)
            {
                # read the validation results for the object
                $uri = $baseurl + '/Config/Read'
                $json = "{ `"ObjectDN`": `"$($object.DN.Replace('\','\\'))`", `"AttributeName`": `"Validation Results`" }"
                $valres = (Invoke-RestMethod -Uri $uri -Headers $header -Body $json -Method POST -ContentType 'application/json').Values
    
                for ( $i=0; $i -lt $valres.Length; $i++ )
                {
                    $items = $valres[$i].Split('|')

                    if ( $items[2] -ne 0 ) # only look at app and cert objects that detected at least one protocol
                    {
                        $row = $object.DN + "`t" + $items[0] + ":" + $items[1] + "`t" + $(Get-ProtocolString($items[2]))
                        $row | Out-File $outfile -Append
                    }
                }
            }
            elseif ($object.TypeName -ne "Policy")
            {
                # keep track of other, non-policy containers to check in subsequent loops
                $others += $object.DN
            }
        }
    }

    $containers = $others
    $todo = ($others.Count -ne 0)
}