Expose SSLInfo::pkp_bypassed to devtools

chrome/browser/ssl/chrome_security_state_model_client_browser_tests.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/chrome_security_state_model_client.h"
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/strings/string_split.h"
@@ skipping 92 matching lines @@
 void CheckBrokenSecurityStyle(const SecurityStyleTestObserver& observer,
                               int error,
                               Browser* browser) {
   EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
             observer.latest_security_style());
 
   const content::SecurityStyleExplanations& expired_explanation =
       observer.latest_explanations();
   EXPECT_EQ(0u, expired_explanation.unauthenticated_explanations.size());
   ASSERT_EQ(1u, expired_explanation.broken_explanations.size());
+  EXPECT_FALSE(expired_explanation.pkp_bypassed);
 
   // Check that the summary and description are as expected.
   EXPECT_EQ(l10n_util::GetStringUTF8(IDS_CERTIFICATE_CHAIN_ERROR),
             expired_explanation.broken_explanations[0].summary);
 
   base::string16 error_string = base::UTF8ToUTF16(net::ErrorToString(error));
   EXPECT_EQ(l10n_util::GetStringFUTF8(
                 IDS_CERTIFICATE_CHAIN_ERROR_DESCRIPTION_FORMAT, error_string),
             expired_explanation.broken_explanations[0].description);
 
@@ skipping 35 matching lines @@
   EXPECT_EQ(
       l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION),
       secure_explanations.back().description);
 }
 
 void CheckSecurityInfoForSecure(
     content::WebContents* contents,
     SecurityStateModel::SecurityLevel expect_security_level,
     SecurityStateModel::SHA1DeprecationStatus expect_sha1_status,
     SecurityStateModel::MixedContentStatus expect_mixed_content_status,
+    bool pkp_bypassed,
     bool expect_cert_error) {
   ASSERT_TRUE(contents);
 
   ChromeSecurityStateModelClient* model_client =
       ChromeSecurityStateModelClient::FromWebContents(contents);
   ASSERT_TRUE(model_client);
   const SecurityStateModel::SecurityInfo& security_info =
       model_client->GetSecurityInfo();
   EXPECT_EQ(expect_security_level, security_info.security_level);
   EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status);
   EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status);
   EXPECT_TRUE(security_info.sct_verify_statuses.empty());
   EXPECT_TRUE(security_info.scheme_is_cryptographic);
+  EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed);
   EXPECT_EQ(expect_cert_error,
             net::IsCertStatusError(security_info.cert_status));
   EXPECT_GT(security_info.security_bits, 0);
 
   content::CertStore* cert_store = content::CertStore::GetInstance();
   scoped_refptr<net::X509Certificate> cert;
   EXPECT_TRUE(cert_store->RetrieveCert(security_info.cert_id, &cert));
 }
 
 void CheckSecurityInfoForNonSecure(content::WebContents* contents) {
@@ skipping 117 matching lines @@
 
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, HttpsPage) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
 }
 
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, SHA1Broken) {
   ASSERT_TRUE(https_server_.Start());
   // The test server uses a long-lived cert by default, so a SHA1
   // signature in it will register as a "broken" condition rather than
   // "warning".
   SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT,
                                       net::OK);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
 }
 
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, MixedContent) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
   host_resolver()->AddRule("example.test",
                            https_server_.GetURL("/").host());
 
   net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair();
   replacement_pair.set_host("example.test");
 
   // Navigate to an HTTPS page that displays mixed content.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html",
       replacement_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that displays mixed content dynamically.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_with_dynamic_insecure_content.html",
       replacement_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
   // Load the insecure image.
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();",
       &js_result));
   EXPECT_TRUE(js_result);
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::NONE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs mixed content.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_insecure_content.html",
       replacement_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::RAN_MIXED_CONTENT,
+      SecurityStateModel::RAN_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs and displays mixed content.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_and_displays_insecure_content.html",
       replacement_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs mixed content in an iframe.
   net::HostPortPair host_port_pair =
       net::HostPortPair::FromURL(https_server_.GetURL("/"));
   host_port_pair.set_host("different-host.test");
   host_resolver()->AddRule("different-host.test",
                            https_server_.GetURL("/").host());
   host_resolver()->AddRule("different-http-host.test",
                            embedded_test_server()->GetURL("/").host());
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair,
       &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::RAN_MIXED_CONTENT,
+      SecurityStateModel::RAN_MIXED_CONTENT, false,
       false /* expect cert status error */);
 }
 
 // Same as the test above but with a long-lived SHA1 cert.
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest,
                        MixedContentWithBrokenSHA1) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   // The test server uses a long-lived cert by default, so a SHA1
   // signature in it will register as a "broken" condition rather than
@@ skipping 11 matching lines @@
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html",
       replacement_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that displays mixed content dynamically.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_with_dynamic_insecure_content.html",
       replacement_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
   // Load the insecure image.
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();",
       &js_result));
   EXPECT_TRUE(js_result);
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs mixed content.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_insecure_content.html",
       replacement_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::RAN_MIXED_CONTENT,
+      SecurityStateModel::RAN_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs and displays mixed content.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_and_displays_insecure_content.html",
       replacement_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::DEPRECATED_SHA1_MAJOR,
-      SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::RAN_AND_DISPLAYED_MIXED_CONTENT, false,
       false /* expect cert status error */);
 }
 
 // Tests that the Content Security Policy block-all-mixed-content
 // directive stops mixed content from running.
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest,
                        MixedContentStrictBlocking) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   // Navigate to an HTTPS page that tries to run mixed content in an
   // iframe, with strict mixed content blocking.
   std::string replacement_path;
   net::HostPortPair host_port_pair =
       net::HostPortPair::FromURL(https_server_.GetURL("/"));
   host_port_pair.set_host("different-host.test");
   host_resolver()->AddRule("different-host.test",
                            https_server_.GetURL("/").host());
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html",
       host_port_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
 }
 
 IN_PROC_BROWSER_TEST_F(ChromeSecurityStateModelClientTest, BrokenHTTPS) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID,
                                       net::ERR_CERT_DATE_INVALID);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       true /* expect cert status error */);
 
   ProceedThroughInterstitial(
       browser()->tab_strip_model()->GetActiveWebContents());
 
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       true /* expect cert status error */);
 
   // Navigate to a broken HTTPS page that displays mixed content.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURITY_ERROR,
       SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::DISPLAYED_MIXED_CONTENT,
+      SecurityStateModel::DISPLAYED_MIXED_CONTENT, false,
       true /* expect cert status error */);
 }
 
+const char kReportURI[] = "https://report-hpkp.test";
+
+class PKPModelClientTest : public ChromeSecurityStateModelClientTest {
+ public:
+  void SetUpOnMainThread() override {
+    ASSERT_TRUE(https_server_.Start());
+    url_request_context_getter_ = browser()->profile()->GetRequestContext();
+    content::BrowserThread::PostTask(
+        content::BrowserThread::IO, FROM_HERE,
+        base::Bind(&PKPModelClientTest::SetUpOnIOThread, this));
+  }
+
+  void SetUpOnIOThread() {
+    net::URLRequestContext* request_context =
+        url_request_context_getter_->GetURLRequestContext();
+    net::TransportSecurityState* security_state =
+        request_context->transport_security_state();
+
+    base::Time expiration =
+        base::Time::Now() + base::TimeDelta::FromSeconds(10000);
+
+    net::HashValue hash(net::HASH_VALUE_SHA256);
+    memset(hash.data(), 0x99, hash.size());
+    net::HashValueVector hashes;
+    hashes.push_back(hash);
+
+    security_state->AddHPKP(https_server_.host_port_pair().host(), expiration,
+                            true, hashes, GURL(kReportURI));
+  }
+
+ protected:
+  scoped_refptr<net::URLRequestContextGetter> url_request_context_getter_;
+};
+
+IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPBypass) {
+  content::WebContents* web_contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  SecurityStyleTestObserver observer(web_contents);
+
+  scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate());
+  net::CertVerifyResult verify_result;
+  // PKP is bypassed when |is_issued_by_known_root| is false.
+  verify_result.is_issued_by_known_root = false;
+  verify_result.verified_cert = cert;
+  net::HashValue hash(net::HASH_VALUE_SHA256);
+  memset(hash.data(), 1, hash.size());
+  verify_result.public_key_hashes.push_back(hash);
+
+  mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK);
+
+  ui_test_utils::NavigateToURL(browser(),
+                               https_server_.GetURL("/ssl/google.html"));
+
+  CheckSecurityInfoForSecure(
+      browser()->tab_strip_model()->GetActiveWebContents(),
+      SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1,
+      SecurityStateModel::NO_MIXED_CONTENT, true, false);
+
+  const content::SecurityStyleExplanations& explanation =
+      observer.latest_explanations();
+  EXPECT_TRUE(explanation.pkp_bypassed);
+}
+
+IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPEnforced) {
+  content::WebContents* web_contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  SecurityStyleTestObserver observer(web_contents);
+
+  scoped_refptr<net::X509Certificate> cert(https_server_.GetCertificate());
+  net::CertVerifyResult verify_result;
+  // PKP requires |is_issued_by_known_root| to be true.
+  verify_result.is_issued_by_known_root = true;
+  verify_result.verified_cert = cert;
+  net::HashValue hash(net::HASH_VALUE_SHA256);
+  memset(hash.data(), 1, hash.size());
+  verify_result.public_key_hashes.push_back(hash);
+
+  mock_cert_verifier()->AddResultForCert(cert.get(), verify_result, net::OK);
+
+  ui_test_utils::NavigateToURL(browser(),
+                               https_server_.GetURL("/ssl/google.html"));
+  CheckBrokenSecurityStyle(observer, net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN,
+                           browser());
+}
+
 // Fails requests with ERR_IO_PENDING. Can be used to simulate a navigation
 // that never stops loading.
 class PendingJobInterceptor : public net::URLRequestInterceptor {
  public:
   PendingJobInterceptor() {}
   ~PendingJobInterceptor() override {}
 
   // URLRequestInterceptor implementation
   net::URLRequestJob* MaybeInterceptRequest(
       net::URLRequest* request,
@@ skipping 37 matching lines @@
 IN_PROC_BROWSER_TEST_F(SecurityStateModelLoadingTest, NavigationStateChanges) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   // Navigate to an HTTPS page.
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
       SecurityStateModel::SECURE, SecurityStateModel::NO_DEPRECATED_SHA1,
-      SecurityStateModel::NO_MIXED_CONTENT,
+      SecurityStateModel::NO_MIXED_CONTENT, false,
       false /* expect cert status error */);
 
   // Navigate to a page that doesn't finish loading. Test that the
   // security state is neutral while the page is loading.
   browser()->OpenURL(content::OpenURLParams(embedded_test_server()->GetURL("/"),
                                             content::Referrer(), CURRENT_TAB,
                                             ui::PAGE_TRANSITION_TYPED, false));
   CheckSecurityInfoForNonSecure(
       browser()->tab_strip_model()->GetActiveWebContents());
 }
@@ skipping 11 matching lines @@
   content::WebContents* new_contents = content::WebContents::Create(
       content::WebContents::CreateParams(tab->GetBrowserContext()));
   content::NavigationController& controller = new_contents->GetController();
   ChromeSecurityStateModelClient::CreateForWebContents(new_contents);
   CheckSecurityInfoForNonSecure(new_contents);
   controller.LoadURL(https_server_.GetURL("/"), content::Referrer(),
                      ui::PAGE_TRANSITION_TYPED, std::string());
   EXPECT_TRUE(content::WaitForLoadStop(new_contents));
   CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE,
                              SecurityStateModel::NO_DEPRECATED_SHA1,
-                             SecurityStateModel::NO_MIXED_CONTENT,
+                             SecurityStateModel::NO_MIXED_CONTENT, false,
                              false /* expect cert status error */);
 
   browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents,
                                                     TabStripModel::ADD_NONE);
   CheckSecurityInfoForSecure(new_contents, SecurityStateModel::SECURE,
                              SecurityStateModel::NO_DEPRECATED_SHA1,
-                             SecurityStateModel::NO_MIXED_CONTENT,
+                             SecurityStateModel::NO_MIXED_CONTENT, false,
                              false /* expect cert status error */);
 }
 
 // Tests that the WebContentsObserver::SecurityStyleChanged event fires
 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages.
 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest, SecurityStyleChangedObserver) {
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(embedded_test_server()->Start());
 
   net::EmbeddedTestServer https_test_server_expired(
@@ skipping 10 matching lines @@
   // Visit an HTTP url.
   GURL http_url(embedded_test_server()->GetURL("/"));
   ui_test_utils::NavigateToURL(browser(), http_url);
   EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED,
             observer.latest_security_style());
   EXPECT_EQ(0u,
             observer.latest_explanations().unauthenticated_explanations.size());
   EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
   EXPECT_EQ(0u, observer.latest_explanations().secure_explanations.size());
   EXPECT_FALSE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
 
   // Visit an (otherwise valid) HTTPS page that displays mixed content.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
 
   GURL mixed_content_url(https_server_.GetURL(replacement_path));
   ui_test_utils::NavigateToURL(browser(), mixed_content_url);
   EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED,
             observer.latest_security_style());
 
   const content::SecurityStyleExplanations& mixed_content_explanation =
       observer.latest_explanations();
   ASSERT_EQ(0u, mixed_content_explanation.unauthenticated_explanations.size());
   ASSERT_EQ(0u, mixed_content_explanation.broken_explanations.size());
   CheckSecureExplanations(mixed_content_explanation.secure_explanations,
                           VALID_CERTIFICATE, browser());
   EXPECT_TRUE(mixed_content_explanation.scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_TRUE(mixed_content_explanation.displayed_insecure_content);
   EXPECT_FALSE(mixed_content_explanation.ran_insecure_content);
   EXPECT_EQ(content::SECURITY_STYLE_UNAUTHENTICATED,
             mixed_content_explanation.displayed_insecure_content_style);
   EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
             mixed_content_explanation.ran_insecure_content_style);
 
   // Visit a broken HTTPS url.
   GURL expired_url(https_test_server_expired.GetURL(std::string("/")));
   ui_test_utils::NavigateToURL(browser(), expired_url);
 
   // An interstitial should show, and an event for the lock icon on the
   // interstitial should fire.
   content::WaitForInterstitialAttach(web_contents);
   EXPECT_TRUE(web_contents->ShowingInterstitialPage());
   CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           INVALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 
   // Before clicking through, navigate to a different page, and then go
   // back to the interstitial.
   GURL valid_https_url(https_server_.GetURL(std::string("/")));
   ui_test_utils::NavigateToURL(browser(), valid_https_url);
   EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED,
             observer.latest_security_style());
   EXPECT_EQ(0u,
             observer.latest_explanations().unauthenticated_explanations.size());
   EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           VALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 
   // After going back to the interstitial, an event for a broken lock
   // icon should fire again.
   ui_test_utils::NavigateToURL(browser(), expired_url);
   content::WaitForInterstitialAttach(web_contents);
   EXPECT_TRUE(web_contents->ShowingInterstitialPage());
   CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           INVALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 
   // Since the next expected style is the same as the previous, clear
   // the observer (to make sure that the event fires twice and we don't
   // just see the previous event's style).
   observer.ClearLatestSecurityStyleAndExplanations();
 
   // Other conditions cannot be tested on this host after clicking
   // through because once the interstitial is clicked through, all URLs
   // for this host will remain in a broken state.
   ProceedThroughInterstitial(web_contents);
   CheckBrokenSecurityStyle(observer, net::ERR_CERT_DATE_INVALID, browser());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           INVALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 }
 
 // Visit a valid HTTPS page, then a broken HTTPS page, and then go back,
 // and test that the observed security style matches.
 IN_PROC_BROWSER_TEST_F(SecurityStyleChangedTest,
                        SecurityStyleChangedObserverGoBack) {
   ASSERT_TRUE(https_server_.Start());
 
@@ skipping 12 matching lines @@
   GURL valid_https_url(https_server_.GetURL(std::string("/")));
   ui_test_utils::NavigateToURL(browser(), valid_https_url);
   EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED,
             observer.latest_security_style());
   EXPECT_EQ(0u,
             observer.latest_explanations().unauthenticated_explanations.size());
   EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           VALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 
   // Navigate to a bad HTTPS page on a different host, and then click
   // Back to verify that the previous good security style is seen again.
   GURL expired_https_url(https_test_server_expired.GetURL(std::string("/")));
   host_resolver()->AddRule("www.example_broken.test", "127.0.0.1");
   GURL::Replacements replace_host;
   replace_host.SetHostStr("www.example_broken.test");
   GURL https_url_different_host =
       expired_https_url.ReplaceComponents(replace_host);
 
   ui_test_utils::NavigateToURL(browser(), https_url_different_host);
 
   content::WaitForInterstitialAttach(web_contents);
   EXPECT_TRUE(web_contents->ShowingInterstitialPage());
   CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID,
                            browser());
   ProceedThroughInterstitial(web_contents);
   CheckBrokenSecurityStyle(observer, net::ERR_CERT_COMMON_NAME_INVALID,
                            browser());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           INVALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 
   content::WindowedNotificationObserver back_nav_load_observer(
       content::NOTIFICATION_LOAD_STOP,
       content::Source<content::NavigationController>(
           &web_contents->GetController()));
   chrome::GoBack(browser(), CURRENT_TAB);
   back_nav_load_observer.Wait();
 
   EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATED,
             observer.latest_security_style());
   EXPECT_EQ(0u,
             observer.latest_explanations().unauthenticated_explanations.size());
   EXPECT_EQ(0u, observer.latest_explanations().broken_explanations.size());
   CheckSecureExplanations(observer.latest_explanations().secure_explanations,
                           VALID_CERTIFICATE, browser());
   EXPECT_TRUE(observer.latest_explanations().scheme_is_cryptographic);
+  EXPECT_FALSE(observer.latest_explanations().pkp_bypassed);
   EXPECT_FALSE(observer.latest_explanations().displayed_insecure_content);
   EXPECT_FALSE(observer.latest_explanations().ran_insecure_content);
 }
 
 // After AddNonsecureUrlHandler() is called, requests to this hostname
 // will use obsolete TLS settings.
 const char kMockNonsecureHostname[] = "example-nonsecure.test";
 
 // A URLRequestMockHTTPJob that mocks a TLS connection with an obsolete
 // protocol version.
@@ skipping 122 matching lines @@
   // downgraded: SECURE_PROTOCOL_AND_CIPHERSUITE should not show up when
   // the TLS settings are obsolete.
   for (const auto& explanation :
        observer.latest_explanations().secure_explanations) {
     EXPECT_NE(l10n_util::GetStringUTF8(IDS_SECURE_PROTOCOL_AND_CIPHERSUITE),
               explanation.summary);
   }
 }
 
 }  // namespace