Display when PKP is bypassed in devtools

third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js

Index: third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js
diff --git a/third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js b/third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js
index 63927d4d4080cb57572d6265fb4114e38034ef87..a30c3e64dd0f538ec00f52b41f3d5b38536d5769 100644
--- a/third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js
+++ b/third_party/WebKit/Source/devtools/front_end/security/SecurityPanel.js
@@ -65,11 +65,12 @@ WebInspector.SecurityPanel.prototype = {
      * @param {!Array<!SecurityAgent.SecurityStateExplanation>} explanations
      * @param {?SecurityAgent.MixedContentStatus} mixedContentStatus
      * @param {boolean} schemeIsCryptographic
+     * @param {boolean} pkpBypassed
      */
-    _updateSecurityState: function(newSecurityState, explanations, mixedContentStatus, schemeIsCryptographic)
+    _updateSecurityState: function(newSecurityState, explanations, mixedContentStatus, schemeIsCryptographic, pkpBypassed)
     {
         this._sidebarMainViewElement.setSecurityState(newSecurityState);
-        this._mainView.updateSecurityState(newSecurityState, explanations, mixedContentStatus, schemeIsCryptographic);
+        this._mainView.updateSecurityState(newSecurityState, explanations, mixedContentStatus, schemeIsCryptographic, pkpBypassed);
     },
 
     /**
@@ -82,7 +83,8 @@ WebInspector.SecurityPanel.prototype = {
         var explanations = /** @type {!Array<!SecurityAgent.SecurityStateExplanation>} */ (data.explanations);
         var mixedContentStatus = /** @type {?SecurityAgent.MixedContentStatus} */ (data.mixedContentStatus);
         var schemeIsCryptographic = /** @type {boolean} */ (data.schemeIsCryptographic);
-        this._updateSecurityState(securityState, explanations, mixedContentStatus, schemeIsCryptographic);
+        var pkpBypassed = /** @type {boolean} */ (data.pkpBypassed);
+        this._updateSecurityState(securityState, explanations, mixedContentStatus, schemeIsCryptographic, pkpBypassed);
     },
 
     selectAndSwitchToMainView: function()
@@ -597,8 +599,9 @@ WebInspector.SecurityMainView.prototype = {
      * @param {!Array<!SecurityAgent.SecurityStateExplanation>} explanations
      * @param {?SecurityAgent.MixedContentStatus} mixedContentStatus
      * @param {boolean} schemeIsCryptographic
+     * @param {boolean} pkpBypassed
      */
-    updateSecurityState: function(newSecurityState, explanations, mixedContentStatus, schemeIsCryptographic)
+    updateSecurityState: function(newSecurityState, explanations, mixedContentStatus, schemeIsCryptographic, pkpBypassed)
     {
         // Remove old state.
         // It's safe to call this even when this._securityState is undefined.
@@ -618,6 +621,7 @@ WebInspector.SecurityMainView.prototype = {
         this._explanations = explanations,
         this._mixedContentStatus = mixedContentStatus;
         this._schemeIsCryptographic = schemeIsCryptographic;
+        this._pkpBypassed = pkpBypassed;
 
         this._panel.setRanInsecureContentStyle(mixedContentStatus.ranInsecureContentStyle);
         this._panel.setDisplayedInsecureContentStyle(mixedContentStatus.displayedInsecureContentStyle);
@@ -632,8 +636,21 @@ WebInspector.SecurityMainView.prototype = {
             this._addExplanation(explanation);
 
         this._addMixedContentExplanations();
+        this._addPKPBypassExplanations();
     },
 
+    _addPKPBypassExplanations: function()
+    {
+        if (!this._pkpBypassed)
+            return;
+
+        this._addExplanation(/** @type {!SecurityAgent.SecurityStateExplanation} */ ({

[dgozman, 2016/07/05 17:37:20]

I wonder why we send a separate flag to frontend instead of generating an
explanation on the backend?

[dadrian, 2016/07/06 18:35:46]

I was matching mixed content status. PKP bypass is a touchy issue in terms of
whether or not it should affect security state, so here we're basically just
leveraging the UI framework, rather than adding a new security state. 

[dgozman, 2016/07/06 19:01:34]

Do you mean we are going to do something more advanced with pkp bypass flag
later? Because I don't see anything specific in this patch yet. Am I missing
something?

My reasoning is the smaller the protocol the easier, unless we need extra
details for specific logic.

[dadrian, 2016/07/07 00:59:06]

Moved to SecurityStyleExplanation.

+            "securityState": SecurityAgent.SecurityState.Info,
+            "summary": WebInspector.UIString("Public-Key Pinning"),
+            "description": WebInspector.UIString("Public-key pinning was bypassed by a local root certificate.")
+        }));
+      },
+
     _addMixedContentExplanations: function()
     {
         if (!this._schemeIsCryptographic)