From dfc231162e8858ad3bd226890bcac2d00c17bd46 Mon Sep 17 00:00:00 2001
From: Doug MacEachern <dougm@broadcom.com>
Date: Fri, 24 Jan 2025 17:20:15 -0800
Subject: [PATCH] vcsim: add env var for use with ssoadmin
 GetTrustedCertificates

---
 ssoadmin/simulator/simulator.go | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/ssoadmin/simulator/simulator.go b/ssoadmin/simulator/simulator.go
index 1e6268881..6f2524afb 100644
--- a/ssoadmin/simulator/simulator.go
+++ b/ssoadmin/simulator/simulator.go
@@ -5,7 +5,11 @@
 package simulator
 
 import (
+	"encoding/base64"
+	"encoding/pem"
+	"log"
 	"net/url"
+	"os"
 	"strings"
 
 	"github.com/vmware/govmomi/simulator"
@@ -248,7 +252,25 @@ func (*ConfigurationManagementService) GetTrustedCertificates(ctx *simulator.Con
 
 	var res []string
 
-	if m.TLSCert != nil {
+	// TODO: consider adding a vcsim -tlscacerts flag
+	cacerts := os.Getenv("VCSIM_CACERTS")
+	if cacerts != "" {
+		pemCerts, err := os.ReadFile(cacerts)
+		if err != nil {
+			log.Fatal(err)
+		}
+		for len(pemCerts) > 0 {
+			var block *pem.Block
+			block, pemCerts = pem.Decode(pemCerts)
+			if block == nil {
+				break
+			}
+			if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
+				continue
+			}
+			res = append(res, base64.StdEncoding.EncodeToString(block.Bytes))
+		}
+	} else if m.TLSCert != nil {
 		res = append(res, m.TLSCert())
 	}