param (
    [string]$CAName,  # Specify the CA name to search for
    [switch]$Valid,   # Show only valid certificates
    [switch]$Invalid  # Show only invalid certificates
)

if (-not $CAName) {
    $CAName = "NZGOVTCA*"
}

# Define certificate stores
$rootStore = "Cert:\LocalMachine\Root"
$intermediateStore = "Cert:\LocalMachine\CA"

# Function to check certificate validity
function Check-CertificateValidity {
    param ($Cert, $StoreName)

    # Get current date
    $currentDate = Get-Date

    # Check expiration and validity period
    $isValid = $currentDate -ge $Cert.NotBefore -and $currentDate -le $Cert.NotAfter

    # Prepare result object
    [PSCustomObject]@{
        Store       = $StoreName
        Subject     = $Cert.Subject
        Issuer      = $Cert.Issuer
        Thumbprint  = $Cert.Thumbprint
        ValidFrom   = $Cert.NotBefore
        ValidTo     = $Cert.NotAfter
        Status      = if ($isValid) { "Valid" } else { "Invalid" }
    }
}

# Get all root and intermediate certificates issued by the specified CA
$rootCerts = Get-ChildItem -Path $rootStore | Where-Object { $_.Issuer -like "*$CAName*" }
$intermediateCerts = Get-ChildItem -Path $intermediateStore | Where-Object { $_.Issuer -like "*$CAName*" }

# Check certificates
$results = @()
$results += $rootCerts | ForEach-Object { Check-CertificateValidity -Cert $_ -StoreName "Root CA" }
$results += $intermediateCerts | ForEach-Object { Check-CertificateValidity -Cert $_ -StoreName "Intermediate CA" }

# Apply filtering based on switches
if ($Valid) {
    $results = $results | Where-Object { $_.Status -eq "Valid" }
} elseif ($Invalid) {
    $results = $results | Where-Object { $_.Status -eq "Invalid" }
}

# Output results
if ($results.Count -eq 0) {
    Write-Host "No certificates found matching the criteria." -ForegroundColor Red
} else {
    $results | Format-Table -AutoSize
}