From 95a542d809430f3ebb68706c84392b3a5a19fefd Mon Sep 17 00:00:00 2001
From: Li Hua <lihua@email.com>
Date: Sat, 16 Nov 2024 11:09:36 +0800
Subject: [PATCH] feat(keyboxchecker/__init__.py): checks if any certificates
 in the certificate chain are revoked

---
 keyboxchecker/__init__.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/keyboxchecker/__init__.py b/keyboxchecker/__init__.py
index 15da40d..c210914 100644
--- a/keyboxchecker/__init__.py
+++ b/keyboxchecker/__init__.py
@@ -124,6 +124,8 @@ def main(args):
             is_valid = not_valid_before <= current_time <= not_valid_after
             values.append("✅" if is_valid else "❌")
 
+            status = revoked_keybox_list.get(serial_number)
+
             flag = True
             for i in range(pem_number - 1):
                 try:
@@ -186,6 +188,9 @@ def main(args):
                         )
                     else:
                         raise ValueError("Unsupported signature algorithms")
+                    status = status or revoked_keybox_list.get(
+                        hex(father_certificate.serial_number)[2:]
+                    )
                 except Exception:  # pylint: disable=W0718
                     flag = False
                     break
@@ -214,8 +219,6 @@ def main(args):
                 flag = False
                 values.append("❌ Unknown root certificate")
 
-            status = revoked_keybox_list.get(serial_number)
-
             if status or (is_aosp and not args.aosp) or not flag or not is_valid:
                 kb.rename(dead / f"{serial_number}.xml")
             else: