#!/bin/bash

# =============================================================================
# Verify APK Signature
# =============================================================================
# This script verifies that an APK is properly signed and displays
# certificate information
#
# Usage:
#   ./verify-apk-signature.sh <apk_path>
#
# Arguments:
#   apk_path - Path to the APK file to verify
# =============================================================================

set -e

APK_PATH="$1"

if [ -z "$APK_PATH" ]; then
    echo "❌ Error: Missing APK path"
    echo "Usage: $0 <apk_path>"
    exit 1
fi

if [ ! -f "$APK_PATH" ]; then
    echo "❌ APK not found at: $APK_PATH"
    exit 1
fi

echo "🔍 Verifying APK signature..."

# Check if APK is signed
if jarsigner -verify -verbose "$APK_PATH" 2>&1 | grep -q "jar verified"; then
    echo "✅ APK is properly signed!"
    
    # Extract certificate details
    echo ""
    echo "📜 Certificate Details:"
    jarsigner -verify -verbose -certs "$APK_PATH" 2>&1 | grep -A 3 "X.509" || true
    
    # Get signer info
    echo ""
    echo "🔑 Signer Information:"
    keytool -printcert -jarfile "$APK_PATH" | head -n 15
    
else
    echo "⚠️  WARNING: APK signature verification failed or APK is unsigned!"
    echo ""
    echo "This may happen if:"
    echo "  1. GitHub Secrets are not configured for this environment"
    echo "  2. Keystore credentials are incorrect"
    echo "  3. Build configuration didn't apply signing"
    echo ""
    echo "See: docs/RELEASE/APK_SIGNING_SETUP.md for setup instructions"
    
    # Don't fail the build, just warn
    # exit 1
fi