#
###############################################################################

proc usage { error } {
  if {[string length $error] > 0} then {puts stdout $error}

  puts stdout "usage:\
[file tail [info nameofexecutable]]\
[file tail [getShellExecutableName]]\
[file tail [info script]] <fileName> \[vendor\] \[embed\]\
\[duration\] \[entityType\] \[encoding\] \[publicKeyFile\]\
\[privateKeyFile\]"
\[privateKeyFile\] \[importFirst\]"

  #
  # NOTE: Indicate to the caller, if any, that we have failed.
  #
  exit 1
}


      puts stdout [appendArgs \
          "removed embedded certificate from file \"" $fileName \"]
    }
  }
}

if {[llength $argv] >= 1 && [llength $argv] <= 8} then {
if {[llength $argv] >= 1 && [llength $argv] <= 9} then {
  #
  # NOTE: This tool requires Eagle.
  #
  package require Eagle

  #
  # NOTE: Needed for the [getTemporaryPath] script procedure.

    #
    # NOTE: Default to "EagleEnterprisePluginRootPublic.snk" in the current
    #       directory (which may not actually exist).
    #
    set publicKeyFile EagleEnterprisePluginRootPublic.snk
  }

  #
  # NOTE: Do we want to import the existing certificate first?
  #
  if {[llength $argv] >= 9} then {
    set importFirst [lindex $argv 8]
  } else {
    set importFirst false; # TODO: Good default?
  }

  #
  # NOTE: If the configuration file exists, load it now.
  #
  set configFileName [file join $path sign.settings.eagle]
  if {[file exists $configFileName]} then {source $configFileName}

  #

    #
    # NOTE: Attempt to re-sign the license certificate file.  Skip
    #       setting the Id as it should already be set correctly.
    #
    if {[certificate sign -encoding $encoding -settimestamp \
            -setkey $certificate $privateKey] ne "SignedOk"} then {
      error [appendArgs \
          "failed to create updated signature for " $fileType \
          "failed to create signature for " $fileType " \"" $fileName \"]
          " \"" $fileName \"]
    }

    #
    # NOTE: Attempt to re-verify the license certificate file.
    #
    if {[certificate verify -encoding $encoding $certificate \
            $privateKey] ne "VerifiedOk"} then {

    #       placed) based on the data file name.
    #
    set certificateFile [appendArgs $fileName .harpy]

    #
    # NOTE: Create an empty certificate object.
    #
    if {$importFirst} then {
      set certificate [certificate import -alias $certificateFile]
    } else {
    set certificate [object create -alias \
        Licensing.Components.Public.Certificate]
      set certificate [object create -alias \
          Licensing.Components.Public.Certificate]
    }

    #
    # HOOK: Post-certificate object creation (create).
    #
    catch {certificate_hook phase1}

    #

      catch {certificate_hook phase2}

      #
      # NOTE: Attempt to sign the embedded file certificate and place
      #       the Id, timestamp, public key token, and signature bytes
      #       into the certificate we created above.
      #
      if {$importFirst} then {
        if {[certificate sign -encoding $encoding \
                -setkey -hashflags {+Basic Embedded} $certificate \
                $privateKey] ne "SignedOk"} then {
          error [appendArgs \
              "failed to create updated embedded signature for " \
              $fileType " \"" $fileName \"]
        }
      } else {
      if {[certificate sign -encoding $encoding -setid -settimestamp \
              -setkey -hashflags {+Basic Embedded} $certificate \
              $privateKey] ne "SignedOk"} then {
        error [appendArgs \
            "failed to create embedded signature for " $fileType " \"" \
            $fileName \"]
        if {[certificate sign -encoding $encoding -setid -settimestamp \
                -setkey -hashflags {+Basic Embedded} $certificate \
                $privateKey] ne "SignedOk"} then {
          error [appendArgs \
              "failed to create embedded signature for " $fileType \
              " \"" $fileName \"]
        }
      }

      #
      # NOTE: Sanity check that the embedded file certificate we just
      #       created validates properly.
      #
      if {[certificate verify -encoding $encoding \
              -hashflags {+Basic Embedded} $certificate \
              $publicKey] ne "VerifiedOk"} then {
        error [appendArgs \
            "failed to verify embedded signature for " $fileType " \"" \
            $fileName \"]
            "failed to verify embedded signature for " $fileType \
            " \"" $fileName \"]
      }
    } else {
      #
      # HOOK: Post-certificate property setup (non-embedded).
      #
      catch {certificate_hook phase2}

      #
      # NOTE: Attempt to sign the data file and place the Id, timestamp,
      #       public key token, and signature bytes into the blank
      #       certificate we created above.
      #
      if {$importFirst} then {
      if {[certificate signfile -encoding $encoding -setid -settimestamp \
              -setkey $certificate $privateKey $fileName] ne "SignedOk"} then {
        error [appendArgs \
            "failed to create signature for " $fileType " \"" $fileName \"]
        if {[certificate signfile -encoding $encoding \
                -setkey $certificate $privateKey \
                $fileName] ne "SignedOk"} then {
          error [appendArgs \
              "failed to create updated signature for " $fileType \
              " \"" $fileName \"]
        }
      } else {
        if {[certificate signfile -encoding $encoding -setid \
                -settimestamp -setkey $certificate $privateKey \
                $fileName] ne "SignedOk"} then {
          error [appendArgs \
              "failed to create signature for " $fileType \
              " \"" $fileName \"]
        }
      }

      #
      # NOTE: Sanity check that the data file certificate we just
      #       created validates properly.
      #
      if {[certificate verifyfile -encoding $encoding \
              $certificate $publicKey $fileName] ne "VerifiedOk"} then {
        error [appendArgs \
            "failed to verify signature for " $fileType " \"" $fileName \"]
            "failed to verify signature for " $fileType \
            " \"" $fileName \"]
      }
    }
  }

  #
  # NOTE: When embedding, do not modify the external certificate
  #       file.  Also, do not save out the entity value we set.

      "\" xmlns" [appendArgs \" [info newline] $spaces xmlns]] $data]

  writeCertificateFile $certificateFile $data

  #
  # NOTE: Show that we signed it.
  #
  if {$importFirst} then {
  puts stdout [appendArgs \
      "signed " $fileType " \"" $fileName "\" (as \"" $entityType \
      "\") using encoding \"" $encoding "\" with key " [keypair token \
      $privateKeyFile]]
    puts stdout [appendArgs \
        "re-signed " $fileType " \"" $fileName "\" (as \"" $entityType \
        "\") using encoding \"" $encoding "\" with key " [keypair token \
        $privateKeyFile]]
  } else {
    puts stdout [appendArgs \
        "signed " $fileType " \"" $fileName "\" (as \"" $entityType \
        "\") using encoding \"" $encoding "\" with key " [keypair token \
        $privateKeyFile]]
  }

  #
  # NOTE: Do we need to embed the certificate at the end of the script
  #       file?
  #
  if {$shouldEmbed} then {
    #

  catch {certificate_hook phase3}

  #
  # NOTE: Play nice and cleanup all the variables we created during the
  #       whole the signing process.
  #
  unset -nocomplain fileName vendor embed duration entityType encoding \
      privateKeyFile publicKeyFile configFileName embedSpacing embedPrefix \
      embedSuffix publicKey privateKey shouldEmbed fileType certificate \
      certificateFile data xmlNs xmlNsXsi xmlNsXsd spaces lines line
      privateKeyFile publicKeyFile importFirst configFileName embedSpacing \
      embedPrefix embedSuffix publicKey privateKey shouldEmbed fileType \
      certificate certificateFile data xmlNs xmlNsXsi xmlNsXsd spaces \
      lines line

  if {[info exists path_set]} then {
    unset -nocomplain path path_set
  }
} else {
  usage ""
}