#!/bin/bash
# scripts/sign_app.sh
# 签名System Extension .app Bundle

set -e

echo "=== 签名System Extension ==="

# 配置
BUNDLE_ID="com.momentry.markbase.fskit"
TEAM_ID="K3TDMD9Y6B"
APP_NAME="MarkBaseFSKit.app"
APP_DIR="build/${APP_NAME}"
ENTITLEMENTS="entitlements.plist"

# 获取证书identity
CERT_IDENTITY="Developer ID Application: Accusys,Inc (K3TDMD9Y6B)"

echo ""
echo "配置信息："
echo "  Bundle ID: ${BUNDLE_ID}"
echo "  Team ID: ${TEAM_ID}"
echo "  Certificate: ${CERT_IDENTITY}"
echo "  App: ${APP_DIR}"

# 检查.app是否存在
if [ ! -d "${APP_DIR}" ]; then
    echo "❌ .app不存在：${APP_DIR}"
    echo "   需要先运行 ./scripts/create_app_bundle.sh"
    exit 1
fi

# 检查entitlements是否存在
if [ ! -f "${ENTITLEMENTS}" ]; then
    echo "❌ entitlements.plist不存在"
    exit 1
fi

echo ""
echo "步骤1: 签名主executable..."
codesign --sign "${CERT_IDENTITY}" \
    --entitlements "${ENTITLEMENTS}" \
    --identifier "${BUNDLE_ID}" \
    --options runtime \
    --timestamp \
    "${APP_DIR}/Contents/MacOS/MarkBaseFSKit"

echo ""
echo "步骤2: 签名整个.app bundle..."
codesign --sign "${CERT_IDENTITY}" \
    --entitlements "${ENTITLEMENTS}" \
    --identifier "${BUNDLE_ID}" \
    --options runtime \
    --timestamp \
    --deep \
    "${APP_DIR}"

echo ""
echo "步骤3: 验证签名..."
codesign -d -vv "${APP_DIR}"

echo ""
echo "步骤4: 检查签名详情..."
codesign -d -vv --entitlements - "${APP_DIR}"

echo ""
echo "✅ .app Bundle已签名成功"
echo ""
echo "下一步："
echo "  运行 ./scripts/install_system_extension.sh 安装System Extension"