#!/bin/zsh

# Utility script to submit an app for notarization by Apple. It will wait for
# the notarization to succeed, and then staple the results to the target DMG
# file.

if [[ $# == 0 ]]; then
    echo "Usage: sign-developer-id <MacVim_dmg> <entitlements_file>"
    exit -1
fi

set -e

if [[ $ALTOOL_USERNAME == '' || $ALTOOL_PASSWORD == '' ]]; then
    echo 'Need to set ALTOOL_USERNAME and ALTOOL_PASSWORD in environment variables'
    exit -1
fi

set -e

macvim_dmg=$1

# Step 1: Submit app to Apple's servers for notarization
set -x
notarize_submit_uuid=$(xcrun altool --notarize-app --primary-bundle-id "org.vim.macvim" --file ${macvim_dmg} --username "${ALTOOL_USERNAME}" --password "${ALTOOL_PASSWORD}" | grep "RequestUUID" | sed -E "s/RequestUUID = (.*)/\1/")
set +x

if [[ ${notarize_submit_uuid} == "" ]]; then
    echo "Failed to submit for notarization!"
    exit -1
fi
if ! [[ ${notarize_submit_uuid} =~ "^[a-f0-9\-]*$" ]]; then
    echo "Request UUID format error!"
    exit -1
fi

# Step 2: Wait for notarization to success or fail by continuously querying
# Apple's servers for status updates
echo "Notarization request UUID: ${notarize_submit_uuid}"
printf "Waiting for notarization results..."

counter=0
while sleep 30; do
    notarize_results=$(xcrun altool --notarization-info ${notarize_submit_uuid} --username "${ALTOOL_USERNAME}" --password "${ALTOOL_PASSWORD}")
    notarize_status=$(echo $notarize_results | grep "Status:" | sed -E "s/^.*Status: (.*)/\1/")

    if ((++counter > 60)); then
        echo "Notarization timeout!"
        exit -1
    fi

    if [[ $notarize_status == "in progress" ]]; then
        printf "."
        continue
    elif [[ $notarize_status == "success" ]]; then
        printf "\n"
        echo "Notarization Success!\n"
        echo $notarize_results
        break
    else
        printf "\n"
        exit -1
    fi
done

# Step 3: Staple the notarization info to the DMG so that an offline user can
# verify that it is notarized.
set -x
xcrun stapler staple ${macvim_dmg}

# Just print out extra info for reference
echo "--------------------"
codesign -d --verbose=2 ${macvim_dmg}
spctl -a -t open --context context:primary-signature -v ${macvim_dmg}
