Show trust root info on management page

Add text message to inform whether the administrators can observe web contents via policy installed trust root certificates. Bug: 879146 Change-Id: I3ce41487072f130f32a01e4cc6c73565fd862c27 Reviewed-on: https://chromium-review.googlesource.com/c/1337343 Commit-Queue: Roman Aleksandrov <raleksandrov@google.com> Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Reviewed-by: Alexander Hendrich <hendrich@chromium.org> Cr-Commit-Position: refs/heads/master@{#611283}

Show trust root info on management page
Add text message to inform whether the administrators can observe web contents via policy installed trust root certificates. Bug: 879146 Change-Id: I3ce41487072f130f32a01e4cc6c73565fd862c27 Reviewed-on: https://chromium-review.googlesource.com/c/1337343 Commit-Queue: Roman Aleksandrov <raleksandrov@google.com> Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Reviewed-by: Alexander Hendrich <hendrich@chromium.org> Cr-Commit-Position: refs/heads/master@{#611283}
afb3c15d · Roman Aleksandrov · Commit Bot · d0bc58de · afb3c15d · afb3c15d
Commit afb3c15d authored Nov 27, 2018 by Roman Aleksandrov Committed by Commit Bot Nov 27, 2018
6 changed files
--- a/chrome/browser/resources/management/management.html
+++ b/chrome/browser/resources/management/management.html
@@ -48,6 +48,12 @@
            <th>$i18n{extensionPermissions}</th>
          </tr>
        </table>
+      </section>
+
+      <section id="trust-roots" hidden>
+        <h2 class="section-title">$i18n{localTrustRoots}</h2>
+        <div id="trust-roots-configuration"></div>
+      </section>
    </section>
  </div>
 </body>

--- a/chrome/browser/resources/management/management.js
+++ b/chrome/browser/resources/management/management.js
@@ -89,6 +89,18 @@ cr.define('management', function() {

        $('extensions').hidden = false;
      });
+
+      this.browserProxy_.getLocalTrustRootsInfo().then(function(
+          trustRootsConfigured) {
+        if (trustRootsConfigured) {
+          $('trust-roots-configuration').textContent =
+              loadTimeData.getString('managementTrustRootsConfigured');
+        } else {
+          $('trust-roots-configuration').textContent =
+              loadTimeData.getString('managementTrustRootsNotConfigured');
+        }
+        $('trust-roots').hidden = false;
+      });
    }
  }

@@ -110,6 +122,12 @@ cr.define('management', function() {
     * @return {!Promise<!Array<!Extension>>} List of extensions.
     */
    getExtensions() {}
+
+    /**
+     * @return {!Promise<string>} Message describing trust root configuration
+     * status.
+     */
+    getLocalTrustRootsInfo() {}
  }

  /**
@@ -130,6 +148,11 @@ cr.define('management', function() {
    getExtensions() {
      return cr.sendWithPromise('getExtensions');
    }
+
+    /** @override */
+    getLocalTrustRootsInfo() {
+      return cr.sendWithPromise('getLocalTrustRootsInfo');
+    }
  }

  // Make Page a singleton.

--- a/chrome/browser/ui/webui/management_ui.cc
+++ b/chrome/browser/ui/webui/management_ui.cc
@@ -40,6 +40,14 @@ content::WebUIDataSource* CreateManagementUIHtmlSource() {
                             IDS_MANAGEMENT_REPORT_DEVICE_NETWORK_INTERFACES);
  source->AddLocalizedString(kManagementReportUsers,
                             IDS_MANAGEMENT_REPORT_DEVICE_USERS);
+  source->AddLocalizedString("localTrustRoots",
+                             IDS_MANAGEMENT_LOCAL_TRUST_ROOTS);
+  source->AddLocalizedString("managementTrustRootsNotConfigured",
+                             IDS_MANAGEMENT_TRUST_ROOTS_NOT_CONFIGURED);
+#if defined(OS_CHROMEOS)
+  source->AddLocalizedString("managementTrustRootsConfigured",
+                             IDS_MANAGEMENT_TRUST_ROOTS_CONFIGURED);
+#endif  // defined(OS_CHROMEOS)
  source->SetJsonPath("strings.js");
  // Add required resources.
  source->AddResourcePath("management.css", IDR_MANAGEMENT_CSS);

--- a/chrome/browser/ui/webui/management_ui_handler.cc
+++ b/chrome/browser/ui/webui/management_ui_handler.cc
@@ -28,6 +28,8 @@
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
 #include "chrome/browser/chromeos/policy/device_status_collector.h"
+#include "chrome/browser/chromeos/policy/policy_cert_service.h"
+#include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
 #include "chrome/browser/chromeos/policy/status_uploader.h"
 #include "chrome/browser/chromeos/policy/system_log_uploader.h"
 #endif  // defined(OS_CHROMEOS)
@@ -176,6 +178,10 @@ void ManagementUIHandler::RegisterMessages() {
      "getExtensions",
      base::BindRepeating(&ManagementUIHandler::HandleGetExtensions,
                          base::Unretained(this)));
+  web_ui()->RegisterMessageCallback(
+      "getLocalTrustRootsInfo",
+      base::BindRepeating(&ManagementUIHandler::HandleGetLocalTrustRootsInfo,
+                          base::Unretained(this)));
 }

 void ManagementUIHandler::HandleGetDeviceManagementStatus(
@@ -225,3 +231,20 @@ void ManagementUIHandler::HandleGetExtensions(const base::ListValue* args) {
                            base::Value(base::Value::Type::LIST));
 #endif  // BUILDFLAG(ENABLE_EXTENSIONS)
 }
+
+void ManagementUIHandler::HandleGetLocalTrustRootsInfo(
+    const base::ListValue* args) {
+  CHECK_EQ(1U, args->GetSize());
+  base::Value trust_roots_configured(false);
+// Only Chrome OS could have installed trusted certificates.
+#if defined(OS_CHROMEOS)
+  policy::PolicyCertService* policy_service =
+      policy::PolicyCertServiceFactory::GetForProfile(
+          Profile::FromWebUI(web_ui()));
+  if (policy_service && policy_service->has_policy_certificates())
+    trust_roots_configured = base::Value(true);
+#endif  // defined(OS_CHROMEOS)
+
+  ResolveJavascriptCallback(args->GetList()[0] /* callback_id */,
+                            trust_roots_configured);
+}
--- a/chrome/browser/ui/webui/management_ui_handler.h
+++ b/chrome/browser/ui/webui/management_ui_handler.h
@@ -39,6 +39,8 @@ class ManagementUIHandler : public content::WebUIMessageHandler {

  void HandleGetExtensions(const base::ListValue* args);

+  void HandleGetLocalTrustRootsInfo(const base::ListValue* args);
+
  DISALLOW_COPY_AND_ASSIGN(ManagementUIHandler);
 };


--- a/components/management_strings.grdp
+++ b/components/management_strings.grdp
@@ -48,4 +48,16 @@
  <message name="IDS_MANAGEMENT_EXTENSIONS_PERMISSIONS" desc="Title of a column of the extension table showing the permissions of the extension" translateable="false">
    Permissions
  </message>
+
+  <message name="IDS_MANAGEMENT_LOCAL_TRUST_ROOTS" desc="Title of the types of local trust roots section of the page" translateable="false">
+    Local trust roots
+  </message>
+  <message name="IDS_MANAGEMENT_TRUST_ROOTS_NOT_CONFIGURED" desc="Message describing that the administrators have not installed certificates" translateable="false">
+    The contents of websites that you visit is not seen by your administrators
+  </message>
+  <if expr="chromeos">
+    <message name="IDS_MANAGEMENT_TRUST_ROOTS_CONFIGURED" desc="Message describing that the administrators have installed their own certificates" translateable="false">
+      Your account/device has been configured with local trust roots, which might allow administrators to see the contents of websites that you visit
+    </message>
+  </if>
 </grit-part>