File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -19,13 +19,20 @@ usage()
1919VERBOSE=true
2020RMREFRESH=false
2121HTGETOPTS=" "
22+ CAFILE=" "
23+ CAPATH=" ${X509_CERT_DIR:-/ etc/ grid-security/ certificates} "
2224for ARG; do
2325 case $ARG in
2426 -h) usage;;
2527 -q) VERBOSE=false; HTGETOPTS=" $HTGETOPTS -q"
2628 -f) RMREFRESH=true;;
2729 * ) if $RMREFRESH ; then
2830 HTGETOPTS=" $HTGETOPTS $ARG "
31+ if [[ " $ARG " = " --cafile=" * ]]; then
32+ CAFILE=" ${ARG# --cafile=} "
33+ elif [[ " $ARG " = " --capath=" * ]]; then
34+ CAPATH=" ${ARG# --capath=} "
35+ fi
2936 else
3037 usage
3138 fi ;;
@@ -54,8 +61,15 @@ if $RMREFRESH && [ -f "$VTFILE" ]; then
5461 echo " at path $BEARERURL "
5562 fi
5663 # be careful to not let the vault token show up in a ps list; send to stdin
64+ CURLOPTS=" -q -f -m 5"
65+ if [ -n " $CAFILE " ; then
66+ CURLOPTS=" $CURLOPTS --cacert $CAFILE "
67+ fi
68+ if [ -n " $CAPATH " ; then
69+ CURLOPTS=" $CURLOPTS --capath $CAPATH "
70+ fi
5771 if ! (echo -n " X-Vault-Token: " ; cat $VTFILE ) | \
58- curl -q -f -m 5 -H @- -X DELETE " $BEARERURL " ; then
72+ curl $CURLOPTS -H @- -X DELETE " $BEARERURL " ; then
5973 echo " $ME : Unable to delete refresh token" >&2
6074 exit 3
6175 fi
Original file line number Diff line number Diff line change @@ -77,6 +77,10 @@ rm -rf $RPM_BUILD_ROOT
7777
7878# - Have htdecodetoken take advantage of new scitokens-verify ability
7979# to read from stdin, when available.
80+ # - Add support in htdestroytoken -f for getting a CA cert directory
81+ # from ${X509_CERT_DIR:-/etc/grid-security/certificates} or from
82+ # a --capath option, and to get a CA cert file from a --cafile option,
83+ # mirroring the behavior of htgettoken.
8084
8185* Mon Dec 1 2025 Dave Dykstra <dwd@fnal.gov> 2.5-1
8286- Add htdestroytoken -f option to force a removal of a refresh token in
You can’t perform that action at this time.
0 commit comments