From f9e80d2a5d1390b4f0e9d12bb6d92ed655e06db8 Mon Sep 17 00:00:00 2001
From: Doug MacEachern <dougm@broadcom.com>
Date: Wed, 15 Jan 2025 19:59:27 -0800
Subject: [PATCH] vcsim: add ssoadmin GetTrustedCertificates method

Signed-off-by: Doug MacEachern <dougm@broadcom.com>
---
 simulator/simulator.go          |  7 +++++-
 ssoadmin/client.go              | 31 ++++++++++++------------
 ssoadmin/client_test.go         | 36 +++++++++++++++------------
 ssoadmin/simulator/simulator.go | 43 +++++++++++++++++++++------------
 4 files changed, 70 insertions(+), 47 deletions(-)

diff --git a/simulator/simulator.go b/simulator/simulator.go
index 0dfe68217..80544d8c2 100644
--- a/simulator/simulator.go
+++ b/simulator/simulator.go
@@ -140,7 +140,12 @@ func (s *Service) call(ctx *Context, method *Method) soap.HasFault {
 
 	if session == nil {
 		switch method.Name {
-		case "RetrieveServiceContent", "PbmRetrieveServiceContent", "Fetch", "List", "Login", "LoginByToken", "LoginExtensionByCertificate", "RetrieveProperties", "RetrievePropertiesEx", "CloneSession":
+		case
+			"Login", "LoginByToken", "LoginExtensionByCertificate", "CloneSession", // SessionManager
+			"RetrieveServiceContent", "RetrieveInternalContent", "PbmRetrieveServiceContent", // ServiceContent
+			"Fetch", "RetrieveProperties", "RetrievePropertiesEx", // PropertyCollector
+			"List",                   // lookup service
+			"GetTrustedCertificates": // ssoadmin
 			// ok for now, TODO: authz
 		default:
 			fault := &types.NotAuthenticated{
diff --git a/ssoadmin/client.go b/ssoadmin/client.go
index 58a557bf1..db78efa74 100644
--- a/ssoadmin/client.go
+++ b/ssoadmin/client.go
@@ -1,18 +1,6 @@
-/*
-Copyright (c) 2018-2024 VMware, Inc. All Rights Reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
+// © Broadcom. All Rights Reserved.
+// The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
+// SPDX-License-Identifier: Apache-2.0
 
 package ssoadmin
 
@@ -588,3 +576,16 @@ func (c *Client) UpdateLdapAuthnType(ctx context.Context, name string, auth type
 	_, err := methods.UpdateLdapAuthnType(ctx, c, &req)
 	return err
 }
+
+func (c *Client) GetTrustedCertificates(ctx context.Context) ([]string, error) {
+	req := types.GetTrustedCertificates{
+		This: c.ServiceContent.ConfigurationManagementService,
+	}
+
+	res, err := methods.GetTrustedCertificates(ctx, c, &req)
+	if err != nil {
+		return nil, err
+	}
+
+	return res.Returnval, nil
+}
diff --git a/ssoadmin/client_test.go b/ssoadmin/client_test.go
index 90d1830f1..fb995ff6e 100644
--- a/ssoadmin/client_test.go
+++ b/ssoadmin/client_test.go
@@ -1,23 +1,12 @@
-/*
-Copyright (c) 2018-2023 VMware, Inc. All Rights Reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
+// © Broadcom. All Rights Reserved.
+// The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
+// SPDX-License-Identifier: Apache-2.0
 
 package ssoadmin_test
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"testing"
 
@@ -57,6 +46,22 @@ func TestClient(t *testing.T) {
 			verifyClient(t, ctx, c)
 		}, model)
 	})
+	t.Run("System.Anonymous methods", func(t *testing.T) {
+		simulator.Test(func(ctx context.Context, client *vim25.Client) {
+			c, err := ssoadmin.NewClient(ctx, client)
+			require.NoError(t, err)
+
+			c.Jar = nil // session cookie will not be sent
+
+			_, err = c.FindUser(ctx, "testuser")
+			require.Error(t, err) // NotAuthenticated
+
+			certs, err := c.GetTrustedCertificates(ctx)
+			require.NoError(t, err)
+			fmt.Println(certs[0])
+			require.NotEmpty(t, certs)
+		})
+	})
 }
 
 func verifyClient(t *testing.T, ctx context.Context, c *ssoadmin.Client) {
@@ -66,5 +71,4 @@ func verifyClient(t *testing.T, ctx context.Context, c *ssoadmin.Client) {
 	user, err := c.FindUser(ctx, "testuser")
 	require.NoError(t, err)
 	require.Equal(t, &types.AdminUser{Id: types.PrincipalId{Name: "testuser", Domain: "vsphere.local"}, Kind: "person"}, user)
-
 }
diff --git a/ssoadmin/simulator/simulator.go b/ssoadmin/simulator/simulator.go
index 9d02fe4f2..1e6268881 100644
--- a/ssoadmin/simulator/simulator.go
+++ b/ssoadmin/simulator/simulator.go
@@ -1,18 +1,6 @@
-/*
-Copyright (c) 2022-2023 VMware, Inc. All Rights Reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
+// © Broadcom. All Rights Reserved.
+// The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
+// SPDX-License-Identifier: Apache-2.0
 
 package simulator
 
@@ -24,6 +12,7 @@ import (
 	"github.com/vmware/govmomi/ssoadmin"
 	"github.com/vmware/govmomi/ssoadmin/methods"
 	"github.com/vmware/govmomi/ssoadmin/types"
+	"github.com/vmware/govmomi/vim25"
 	"github.com/vmware/govmomi/vim25/soap"
 	vim "github.com/vmware/govmomi/vim25/types"
 )
@@ -111,6 +100,10 @@ type SessionManager struct {
 	vim.ManagedObjectReference
 }
 
+type ConfigurationManagementService struct {
+	vim.ManagedObjectReference
+}
+
 type IdentitySourceManagementService struct {
 	vim.ManagedObjectReference
 }
@@ -161,6 +154,10 @@ func New(vc *simulator.Registry, u *url.URL) *simulator.Registry {
 		ManagedObjectReference: content.SessionManager,
 	})
 
+	r.Put(&ConfigurationManagementService{
+		ManagedObjectReference: content.ConfigurationManagementService,
+	})
+
 	r.Put(&IdentitySourceManagementService{
 		ManagedObjectReference: content.IdentitySourceManagementService,
 	})
@@ -246,6 +243,22 @@ func (s *SessionManager) Logout(ctx *simulator.Context, req *types.Logout) soap.
 	}
 }
 
+func (*ConfigurationManagementService) GetTrustedCertificates(ctx *simulator.Context, _ *types.GetTrustedCertificates) soap.HasFault {
+	m := ctx.For(vim25.Path).Map.SessionManager()
+
+	var res []string
+
+	if m.TLSCert != nil {
+		res = append(res, m.TLSCert())
+	}
+
+	return &methods.GetTrustedCertificatesBody{
+		Res: &types.GetTrustedCertificatesResponse{
+			Returnval: res,
+		},
+	}
+}
+
 func (s *IdentitySourceManagementService) Get(ctx *simulator.Context, _ *types.Get) soap.HasFault {
 	sources := IdentitySources
 	sources.All = nil