Expose SSLInfo::pkp_bypassed to devtools

chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/strings/string_split.h"
@@ skipping 147 matching lines @@
   EXPECT_EQ(
       l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION),
       secure_explanations.back().description);
 }
 
 void CheckSecurityInfoForSecure(
     content::WebContents* contents,
     SecurityStateModel::SecurityLevel expect_security_level,
     SecurityStateModel::SHA1DeprecationStatus expect_sha1_status,
     SecurityStateModel::MixedContentStatus expect_mixed_content_status,
+    bool pkp_bypassed,
     bool expect_cert_error) {
   ASSERT_TRUE(contents);
 
   ChromeSecurityStateModelClient* model_client =
       ChromeSecurityStateModelClient::FromWebContents(contents);
   ASSERT_TRUE(model_client);
   const SecurityStateModel::SecurityInfo& security_info =
       model_client->GetSecurityInfo();
   EXPECT_EQ(expect_security_level, security_info.security_level);
   EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status);
   EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status);
   EXPECT_TRUE(security_info.sct_verify_statuses.empty());
   EXPECT_TRUE(security_info.scheme_is_cryptographic);
+  EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed);
   EXPECT_EQ(expect_cert_error,
             net::IsCertStatusError(security_info.cert_status));
   EXPECT_GT(security_info.security_bits, 0);
 
   content::CertStore* cert_store = content::CertStore::GetInstance();
   scoped_refptr<net::X509Certificate> cert;
   EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert));
 }
 
 void CheckSecurityInfoForNonSecure(content::WebContents* contents) {
@@ skipping 117 matching lines @@
 
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
 }
 
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, SHA1Broken) {
   ASSERT_TRUE(https_server_.Start());
   // The test server uses a long-lived cert by default, so a SHA1
   // signature in it will register as a "broken" condition rather than
   // "warning".
   SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT,
                                       net::OK);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
 }
 
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   // Navigate to an HTTPS page that displays mixed content.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that displays mixed content dynamically.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_with_dynamic_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
   // Load the insecure image.
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();",
       &js_result));
   EXPECT_TRUE(js_result);
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs mixed content.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::RAN_MIXED_CONTENT,
+      SecurityStateModel::RAN_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs and displays mixed content.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_and_displays_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs mixed content in an iframe.
   net::HostPortPair host_port_pair =
       net::HostPortPair::FromURL(https_server_.GetURL("/"));
   host_port_pair.set_host("different-host.test");
   host_resolver()->AddRule("different-host.test",
                            https_server_.GetURL("/").host());
   host_resolver()->AddRule("different-http-host.test",
                            embedded_test_server()->GetURL("/").host());
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair,
       &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::RAN_MIXED_CONTENT,
+      SecurityStateModel::RAN_MIXED_CONTENT, false,
       false /* expect cert status error */);
 }
 
 // Same as the test above but with a long-lived SHA1 cert.
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest,
                        MixedContentWithBrokenSHA1) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   // The test server uses a long-lived cert by default, so a SHA1
   // signature in it will register as a "broken" condition rather than
   // "warning".
   SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT,
                                       net::OK);
 
   // Navigate to an HTTPS page that displays mixed content.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that displays mixed content dynamically.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_with_dynamic_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
   // Load the insecure image.
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();",
       &js_result));
   EXPECT_TRUE(js_result);
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs mixed content.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::RAN_MIXED_CONTENT,
+      SecurityStateModel::RAN_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs and displays mixed content.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_and_displays_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 }
 
 // Tests that the Content Security Policy block-all-mixed-content
 // directive stops mixed content from running.
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest,
                        MixedContentStrictBlocking) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   // Navigate to an HTTPS page that tries to run mixed content in an
   // iframe, with strict mixed content blocking.
   std::string replacement_path;
   net::HostPortPair host_port_pair =
       net::HostPortPair::FromURL(https_server_.GetURL("/"));
   host_port_pair.set_host("different-host.test");
   host_resolver()->AddRule("different-host.test",
                            https_server_.GetURL("/").host());
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html",
       host_port_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
 }
 
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, BrokenHTTPS) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID,
                                       net::ERR_CERT_DATE_INVALID);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       true /* expect cert status error */);
 
   ProceedThroughInterstitial(
       browser()->tab_strip_model()->GetActiveWebContents());
 
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       true /* expect cert status error */);
 
   // Navigate to a broken HTTPS page that displays mixed content.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::DISPLAYED_MIXED_CONTENT, false,
       true /* expect cert status error */);
 }
 
+IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, PKPBypass) {
+  ASSERT_TRUE(https_server_.Start());
+
+  // Need a local trust anchor
+  scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate());
+  net::CertVerifyResult verify_result;
+  verify_result.is_issued_by_known_root = false;
+  verify_result.verified_cert = cert;
+  net::HashValue hash(net::HASH_VALUE_SHA256);
+  memset(hash.data(), 1, hash.size());
+  verify_result.public_key_hashes.push_back(hash);
+
+  mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK);
+
+  ui_test_utils::NavigateToURL(
+      browser(), https_server_.GetURL("/ssl/fuck-youhpkp-headers.html"));

[estark, 2016/06/15 20:36:48]

I'm building with this patch to try to see what's going on, but in the meantime,
it seems like you would have to do two navigations to get this to work. Once
where the connection conforms to the pins, so that TransportSecurityState
records the pins, and then another to violate the pins with a private root. If
the public key hashes don't match the Public-Key-Pins header, then the header
just gets ignored.

+
+  // Page should be secure
+  CheckSecurityInfoForSecure(
+      browser()->tab_strip_model()->GetActiveWebContents(),
+      SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1,
+      SecurityStateModel::NO_MIXED_CONTENT, true, false);
+  ASSERT_TRUE(true);
+}
+
 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation
 // that never stops loading.
 class PendingJobInterceptor : public net::URLRequestInterceptor {
  public:
   PendingJobInterceptor() {}
   ~PendingJobInterceptor() override {}
 
   // URLRequestInterceptor implementation
   net::URLRequestJob* MaybeInterceptRequest(
       net::URLRequest* request,
@@ skipping 37 matching lines @@
 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   // Navigate to an HTTPS page.
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to a page that doesn't finish loading. Test that the
   // security state is neutral while the page is loading.
   browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"),
                                             content::Referrer(), CURRENT_TAB,
                                             ui::PAGE_TRANSITION_TYPED, false));
   CheckSecurityInfoForNonSecure(
       browser()->tab_strip_model()->GetActiveWebContents());
 }
@@ skipping 11 matching lines @@
   content::WebContents* new_contents = content::WebContents::Create(
       content::WebContents::CreateParams(tab->GetBrowserContext()));
   content::NavigationController& controller = new_contents->GetController();
   ChromeSecurityStateModelClient::CreateForWebContents(new_contents);
   CheckSecurityInfoForNonSecure(new_contents);
   controller.LoadURL(https_server_.GetURL("/"), content::Referrer(),
                      ui::PAGE_TRANSITION_TYPED, std::string());
   EXPECT_TRUE(content::WaitForLoadStop(new_contents));
   CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE,
                              SecurityStateModel::NO_DEPRECATED_SHA1,
-                             SecurityStateModel::NO_MIXED_CONTENT,
+                             SecurityStateModel::NO_MIXED_CONTENT, false,
                              false /* expect cert status error */);
 
   browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents,
                                                     TabStripModel::ADD_NONE);
   CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE,
                              SecurityStateModel::NO_DEPRECATED_SHA1,
-                             SecurityStateModel::NO_MIXED_CONTENT,
+                             SecurityStateModel::NO_MIXED_CONTENT, false,
                              false /* expect cert status error */);
 }
 
 // Tests that the WebContentsObserver::SecurityStyleChanged event fires
 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages.
 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) {
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(embedded_test_server()->Start());
 
   net::EmbeddedTestServer https_test_server_expired(
@@ skipping 10 matching lines @@
   // Visit an HTTP url.
   GURL http_url(embedded_test_server()->GetURL("/"));
   ui_test_utils::NavigateToURL(browser(), http_url);
   EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED,
             observer.latest_security_style());
   EXPECT_EQ(0u,
             observer.latest_explanations().unauthenticated_explanations.size());
   EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
   EXPECT_EQ(0u, observer.latest_explanations().secure_explanations.size());
   EXPECT_FALSE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
 
   // Visit an (otherwise valid) HTTPS page that displays mixed content.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
 
   GURL mixed_content_url(https_server_.GetURL(replacement_path));
   ui_test_utils::NavigateToURL(browser(), mixed_content_url);
   EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED,
             observer.latest_security_style());
 
   const content::SecurityStyleExplanations& mixed_content_explanation =
       observer.latest_explanations();
   ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size());
   ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size());
   CheckSecureExplanations(mixed_content_explanation.secure_explanations,
                           VALID_CERTIFICATE, browser());
   EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_TRUE(mixed_content_explanation.displayed_insecure_content);
   EXPECT_FALSE(mixed_content_explanation.ran_insecure_content);
   EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED,
             mixed_content_explanation.displayed_insecure_content_style);
   EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
             mixed_content_explanation.ran_insecure_content_style);
 
   // Visit a broken HTTPS url.
   GURL expired_url(https_test_server_expired.GetURL(std::string("/")));
   ui_test_utils::NavigateToURL(browser(), expired_url);
 
   // An interstitial should show, and an event for the lock icon on the
   // interstitial should fire.
   content::WaitForInterstitialAttach(web_contents);
   EXPECT_TRUE(web_contents->ShowingInterstitialPage());
   CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           INVALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 
   // Before clicking through, navigate to a different page, and then go
   // back to the interstitial.
   GURL valid_https_url(https_server_.GetURL(std::string("/")));
   ui_test_utils::NavigateToURL(browser(), valid_https_url);
   EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED,
             observer.latest_security_style());
   EXPECT_EQ(0u,
             observer.latest_explanations().unauthenticated_explanations.size());
   EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           VALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 
   // After going back to the interstitial, an event for a broken lock
   // icon should fire again.
   ui_test_utils::NavigateToURL(browser(), expired_url);
   content::WaitForInterstitialAttach(web_contents);
   EXPECT_TRUE(web_contents->ShowingInterstitialPage());
   CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           INVALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 
   // Since the next expected style is the same as the previous, clear
   // the observer (to make sure that the event fires twice and we don't
   // just see the previous event's style).
   observer.ClearLatestSecurityStyleAndExplanations();
 
   // Other conditions cannot be tested on this host after clicking
   // through because once the interstitial is clicked through, all URLs
   // for this host will remain in a broken state.
   ProceedThroughInterstitial(web_contents);
   CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           INVALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 }
 
 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back,
 // and test that the observed security style matches.
 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest,
                        SecurityStyleChangedObserverGoBack) {
   ASSERT_TRUE(https_server_.Start());
 
@@ skipping 12 matching lines @@
   GURL valid_https_url(https_server_.GetURL(std::string("/")));
   ui_test_utils::NavigateToURL(browser(), valid_https_url);
   EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED,
             observer.latest_security_style());
   EXPECT_EQ(0u,
             observer.latest_explanations().unauthenticated_explanations.size());
   EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           VALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 
   // Navigate to a bad HTTPS page on a different host, and then click
   // Back to verify that the previous good security style is seen again.
   GURL expired_https_url(https_test_server_expired.GetURL(std::string("/")));
   host_resolver()->AddRule("www.example_broken.test", "127.0.0.1");
   GURL::Replacements replace_host;
   replace_host.SetHostStr("www.example_broken.test");
   GURL https_url_different_host =
       expired_https_url.ReplaceComponents(replace_host);
 
   ui_test_utils::NavigateToURL(browser(), https_url_different_host);
 
   content::WaitForInterstitialAttach(web_contents);
   EXPECT_TRUE(web_contents->ShowingInterstitialPage());
   CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID,
                            browser());
   ProceedThroughInterstitial(web_contents);
   CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID,
                            browser());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           INVALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 
   content::WindowedNotificationObserver back_nav_load_observer(
       content::NOTIFICATION_LOAD_STOP,
       content::Source<content::NavigationController>(
           &web_contents->GetController()));
   chrome::GoBack(browser(), CURRENT_TAB);
   back_nav_load_observer.Wait();
 
   EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED,
             observer.latest_security_style());
   EXPECT_EQ(0u,
             observer.latest_explanations().unauthenticated_explanations.size());
   EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           VALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 }
 
 // After AddNonsecureUrlHandler() is called, requests to this hostname
 // will use obsolete TLS settings.
 const char kMockNonsecureHostname[] = "example-nonsecure.test";
 
 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete
 // protocol version.
@@ skipping 122 matching lines @@
   // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when
   // the TLS settings are obsolete.
   for (const auto& explanation :
        observer.latest_explanations().secure_explanations) {
     EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE),
               explanation.summary);
   }
 }
 
 }  // namespace