From 6c9511e2f9acd4468b9a6637a7588741190b0050 Mon Sep 17 00:00:00 2001
From: nab138 <nab@nabdev.me>
Date: Thu, 6 Nov 2025 19:51:51 -0500
Subject: [PATCH] Add revoke cert option

---
 Cargo.lock                |  2 +-
 isideload/Cargo.toml      |  2 +-
 isideload/src/lib.rs      |  8 ++++++++
 isideload/src/sideload.rs | 34 ++++++++++++++++++++++++++++++++++
 4 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index baf7f67..b86e8e3 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1152,7 +1152,7 @@ checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
 
 [[package]]
 name = "isideload"
-version = "0.1.14"
+version = "0.1.15"
 dependencies = [
  "hex",
  "idevice",
diff --git a/isideload/Cargo.toml b/isideload/Cargo.toml
index ca98ee7..2db7000 100644
--- a/isideload/Cargo.toml
+++ b/isideload/Cargo.toml
@@ -3,7 +3,7 @@ name = "isideload"
 description = "Sideload iOS/iPadOS applications"
 license = "MPL-2.0"
 authors = ["Nicholas Sharp <nab@nabdev.me>"]
-version = "0.1.14"
+version = "0.1.15"
 edition = "2024"
 repository = "https://github.com/nab138/isideload"
 documentation = "https://docs.rs/isideload"
diff --git a/isideload/src/lib.rs b/isideload/src/lib.rs
index 37f476d..cdcdd6e 100644
--- a/isideload/src/lib.rs
+++ b/isideload/src/lib.rs
@@ -61,6 +61,8 @@ pub struct SideloadConfiguration {
     pub logger: Box<dyn SideloadLogger>,
     /// Directory used to store intermediate artifacts (profiles, certs, etc.). This directory will not be cleared at the end.
     pub store_dir: std::path::PathBuf,
+    /// Whether or not to revoke the certificate immediately after installation
+    pub revoke_cert: bool,
 }
 
 impl Default for SideloadConfiguration {
@@ -75,6 +77,7 @@ impl SideloadConfiguration {
             machine_name: "isideload".to_string(),
             logger: Box::new(DefaultLogger),
             store_dir: std::env::current_dir().unwrap(),
+            revoke_cert: false,
         }
     }
 
@@ -92,4 +95,9 @@ impl SideloadConfiguration {
         self.store_dir = store_dir;
         self
     }
+
+    pub fn set_revoke_cert(mut self, revoke_cert: bool) -> Self {
+        self.revoke_cert = revoke_cert;
+        self
+    }
 }
diff --git a/isideload/src/sideload.rs b/isideload/src/sideload.rs
index e7a9bb0..fd86163 100644
--- a/isideload/src/sideload.rs
+++ b/isideload/src/sideload.rs
@@ -384,6 +384,40 @@ pub async fn sideload_app(
         return error_and_return(&logger, e);
     }
 
+    if config.revoke_cert {
+        if let Some(cert) = cert.certificate {
+            dev_session
+                .revoke_development_cert(
+                    DeveloperDeviceType::Ios,
+                    &team,
+                    cert.serial_number()
+                        .to_bn()
+                        .map_err(|e| {
+                            Error::Certificate(format!(
+                                "Failed to convert serial number to bn: {}",
+                                e
+                            ))
+                        })?
+                        .to_hex_str()
+                        .map_err(|e| {
+                            Error::Certificate(format!(
+                                "Failed to convert serial number to hex string: {}",
+                                e
+                            ))
+                        })?
+                        .to_string()
+                        .as_str(),
+                )
+                .await?;
+            logger.log("Certificate revoked");
+        } else {
+            return error_and_return(
+                &logger,
+                Error::Certificate("No certificate to revoke".to_string()),
+            );
+        }
+    }
+
     Ok(())
 }