Refactor SecurityStateModel/Clients for simplicity and reusability.

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <utility>
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
@@ skipping 14 matching lines @@
 #include "chrome/app/chrome_command_ids.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/bad_clock_blocking_page.h"
 #include "chrome/browser/ssl/cert_report_helper.h"
 #include "chrome/browser/ssl/cert_verifier_browser_test.h"
 #include "chrome/browser/ssl/certificate_reporting_test_utils.h"
-#include "chrome/browser/ssl/chrome_security_state_model_client.h"
 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"
 #include "chrome/browser/ssl/common_name_mismatch_handler.h"
+#include "chrome/browser/ssl/security_state_tab_helper.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
 #include "chrome/browser/ssl/ssl_error_handler.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_commands.h"
 #include "chrome/browser/ui/browser_finder.h"
 #include "chrome/browser/ui/browser_navigator.h"
 #include "chrome/browser/ui/browser_navigator_params.h"
 #include "chrome/browser/ui/browser_tabstrip.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/network_time/network_time_tracker.h"
 #include "components/prefs/pref_service.h"
 #include "components/security_interstitials/core/controller_client.h"
 #include "components/security_interstitials/core/metrics_helper.h"
-#include "components/security_state/security_state_model.h"
-#include "components/security_state/switches.h"
+#include "components/security_state/core/security_state.h"
+#include "components/security_state/core/switches.h"
 #include "components/ssl_errors/error_classification.h"
 #include "components/variations/variations_associated_data.h"
 #include "components/web_modal/web_contents_modal_dialog_manager.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_frame_host.h"
@@ skipping 83 matching lines @@
   bool ran_insecure_content =
       !!(entry.GetSSL().content_status & SSLStatus::RAN_INSECURE_CONTENT);
   EXPECT_EQ(!!(expected_authentication_state & AuthState::RAN_INSECURE_CONTENT),
             ran_insecure_content);
 }
 
 }  // namespace AuthState
 
 namespace SecurityStyle {
 
-void Check(
-    WebContents* tab,
-    security_state::SecurityStateModel::SecurityLevel expected_security_level) {
-  ChromeSecurityStateModelClient* model_client =
-      ChromeSecurityStateModelClient::FromWebContents(tab);
-  security_state::SecurityStateModel::SecurityInfo security_info;
-  model_client->GetSecurityInfo(&security_info);
+void Check(WebContents* tab,
+           security_state::SecurityLevel expected_security_level) {
+  SecurityStateTabHelper* helper = SecurityStateTabHelper::FromWebContents(tab);
+  security_state::SecurityInfo security_info;
+  helper->GetSecurityInfo(&security_info);
   EXPECT_EQ(expected_security_level, security_info.security_level);
 }
 
 }  // namespace SecurityStyle
 
 namespace CertError {
 
 enum CertErrorFlags {
   NONE = 0
 };
 
 void Check(const NavigationEntry& entry, net::CertStatus error) {
   if (error) {
     EXPECT_EQ(error, entry.GetSSL().cert_status & error);
     net::CertStatus extra_cert_errors =
         error ^ (entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
     EXPECT_FALSE(extra_cert_errors) << "Got unexpected cert error: "
                                     << extra_cert_errors;
   } else {
     EXPECT_EQ(0U, entry.GetSSL().cert_status & net::CERT_STATUS_ALL_ERRORS);
   }
 }
 
 }  // namespace CertError
 
-void CheckSecurityState(
-    WebContents* tab,
-    net::CertStatus expected_error,
-    security_state::SecurityStateModel::SecurityLevel expected_security_level,
-    int expected_authentication_state) {
+void CheckSecurityState(WebContents* tab,
+                        net::CertStatus expected_error,
+                        security_state::SecurityLevel expected_security_level,
+                        int expected_authentication_state) {
   ASSERT_FALSE(tab->IsCrashed());
   NavigationEntry* entry = tab->GetController().GetActiveEntry();
   ASSERT_TRUE(entry);
   CertError::Check(*entry, expected_error);
   SecurityStyle::Check(tab, expected_security_level);
   AuthState::Check(*entry, expected_authentication_state);
 }
 
 // This observer waits for the SSLErrorHandler to start an interstitial timer
 // for the given web contents.
@@ skipping 100 matching lines @@
   void SetUpCommandLine(base::CommandLine* command_line) override {
     // Browser will both run and display insecure content.
     command_line->AppendSwitch(switches::kAllowRunningInsecureContent);
     // Use process-per-site so that navigating to a same-site page in a
     // new tab will use the same process.
     command_line->AppendSwitch(switches::kProcessPerSite);
   }
 
   void CheckAuthenticatedState(WebContents* tab,
                                int expected_authentication_state) {
-    CheckSecurityState(tab, CertError::NONE,
-                       security_state::SecurityStateModel::SECURE,
+    CheckSecurityState(tab, CertError::NONE, security_state::SECURE,
                        expected_authentication_state);
   }
 
   void CheckUnauthenticatedState(WebContents* tab,
                                  int expected_authentication_state) {
-    CheckSecurityState(tab, CertError::NONE,
-                       security_state::SecurityStateModel::NONE,
+    CheckSecurityState(tab, CertError::NONE, security_state::NONE,
                        expected_authentication_state);
   }
 
   void CheckAuthenticationBrokenState(WebContents* tab,
                                       net::CertStatus error,
                                       int expected_authentication_state) {
-    CheckSecurityState(tab, error,
-                       security_state::SecurityStateModel::DANGEROUS,
+    CheckSecurityState(tab, error, security_state::DANGEROUS,
                        expected_authentication_state);
     // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security level
     // to DANGEROUS.
     ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
   }
 
   void CheckWorkerLoadResult(WebContents* tab, bool expected_load) {
     // Workers are async and we don't have notifications for them passing
     // messages since they do it between renderer and worker processes.
     // So have a polling loop, check every 200ms, timeout at 30s.
@@ skipping 618 matching lines @@
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_expired_.GetURL("/title1.html"));
   WebContents* clock_tab = browser()->tab_strip_model()->GetActiveWebContents();
   content::WaitForInterstitialAttach(clock_tab);
   InterstitialPage* clock_interstitial = clock_tab->GetInterstitialPage();
   ASSERT_TRUE(clock_interstitial);
   EXPECT_EQ(BadClockBlockingPage::kTypeForTesting,
             clock_interstitial->GetDelegateForTesting()->GetTypeForTesting());
   CheckSecurityState(clock_tab, net::CERT_STATUS_DATE_INVALID,
-                     security_state::SecurityStateModel::DANGEROUS,
+                     security_state::DANGEROUS,
                      AuthState::SHOWING_INTERSTITIAL);
 }
 
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSErrorCausedByClockUsingNetwork) {
   ASSERT_TRUE(https_server_expired_.Start());
 
   // Set network forward ten minutes, which is sufficient to trigger
   // the interstitial.
   g_browser_process->network_time_tracker()->UpdateNetworkTime(
       base::Time::Now() + base::TimeDelta::FromMinutes(10),
       base::TimeDelta::FromMilliseconds(1),   /* resolution */
       base::TimeDelta::FromMilliseconds(500), /* latency */
       base::TimeTicks::Now() /* posting time of this update */);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_expired_.GetURL("/title1.html"));
   WebContents* clock_tab = browser()->tab_strip_model()->GetActiveWebContents();
   content::WaitForInterstitialAttach(clock_tab);
   InterstitialPage* clock_interstitial = clock_tab->GetInterstitialPage();
   ASSERT_TRUE(clock_interstitial);
   EXPECT_EQ(BadClockBlockingPage::kTypeForTesting,
             clock_interstitial->GetDelegateForTesting()->GetTypeForTesting());
   CheckSecurityState(clock_tab, net::CERT_STATUS_DATE_INVALID,
-                     security_state::SecurityStateModel::DANGEROUS,
+                     security_state::DANGEROUS,
                      AuthState::SHOWING_INTERSTITIAL);
 }
 
 // Visits a page with https error and then goes back using Browser::GoBack.
 IN_PROC_BROWSER_TEST_F(SSLUITest,
                        TestHTTPSExpiredCertAndGoBackViaButton) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   // First navigate to an HTTP page.
@@ skipping 185 matching lines @@
 // MarkNonSecureAs field trial is enabled.
 IN_PROC_BROWSER_TEST_F(SSLUITest, MarkFileAsNonSecure) {
   scoped_refptr<base::FieldTrial> trial =
       base::FieldTrialList::CreateFieldTrial(
           "MarkNonSecureAs", security_state::switches::kMarkHttpAsDangerous);
 
   content::WebContents* contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(contents);
 
-  ChromeSecurityStateModelClient* model_client =
-      ChromeSecurityStateModelClient::FromWebContents(contents);
-  ASSERT_TRUE(model_client);
+  SecurityStateTabHelper* helper =
+      SecurityStateTabHelper::FromWebContents(contents);
+  ASSERT_TRUE(helper);
 
   ui_test_utils::NavigateToURL(browser(), GURL("file:///"));
-  security_state::SecurityStateModel::SecurityInfo security_info;
-  model_client->GetSecurityInfo(&security_info);
-  EXPECT_EQ(security_state::SecurityStateModel::NONE,
-            security_info.security_level);
+  security_state::SecurityInfo security_info;
+  helper->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::NONE, security_info.security_level);
 }
 
 IN_PROC_BROWSER_TEST_F(SSLUITest, MarkAboutAsNonSecure) {
   scoped_refptr<base::FieldTrial> trial =
       base::FieldTrialList::CreateFieldTrial(
           "MarkNonSecureAs", security_state::switches::kMarkHttpAsDangerous);
 
   content::WebContents* contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(contents);
 
-  ChromeSecurityStateModelClient* model_client =
-      ChromeSecurityStateModelClient::FromWebContents(contents);
-  ASSERT_TRUE(model_client);
+  SecurityStateTabHelper* helper =
+      SecurityStateTabHelper::FromWebContents(contents);
+  ASSERT_TRUE(helper);
 
   ui_test_utils::NavigateToURL(browser(), GURL("about:blank"));
-  security_state::SecurityStateModel::SecurityInfo security_info;
-  model_client->GetSecurityInfo(&security_info);
-  EXPECT_EQ(security_state::SecurityStateModel::NONE,
-            security_info.security_level);
+  security_state::SecurityInfo security_info;
+  helper->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::NONE, security_info.security_level);
 }
 
 IN_PROC_BROWSER_TEST_F(SSLUITest, MarkDataAsNonSecure) {
   scoped_refptr<base::FieldTrial> trial =
       base::FieldTrialList::CreateFieldTrial(
           "MarkNonSecureAs", security_state::switches::kMarkHttpAsDangerous);
 
   content::WebContents* contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(contents);
 
-  ChromeSecurityStateModelClient* model_client =
-      ChromeSecurityStateModelClient::FromWebContents(contents);
-  ASSERT_TRUE(model_client);
+  SecurityStateTabHelper* helper =
+      SecurityStateTabHelper::FromWebContents(contents);
+  ASSERT_TRUE(helper);
 
   ui_test_utils::NavigateToURL(browser(), GURL("data:text/plain,hello"));
-  security_state::SecurityStateModel::SecurityInfo security_info;
-  model_client->GetSecurityInfo(&security_info);
-  EXPECT_EQ(security_state::SecurityStateModel::NONE,
-            security_info.security_level);
+  security_state::SecurityInfo security_info;
+  helper->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::NONE, security_info.security_level);
 }
 
 IN_PROC_BROWSER_TEST_F(SSLUITest, MarkBlobAsNonSecure) {
   scoped_refptr<base::FieldTrial> trial =
       base::FieldTrialList::CreateFieldTrial(
           "MarkNonSecureAs", security_state::switches::kMarkHttpAsDangerous);
 
   content::WebContents* contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(contents);
 
-  ChromeSecurityStateModelClient* model_client =
-      ChromeSecurityStateModelClient::FromWebContents(contents);
-  ASSERT_TRUE(model_client);
+  SecurityStateTabHelper* helper =
+      SecurityStateTabHelper::FromWebContents(contents);
+  ASSERT_TRUE(helper);
 
   ui_test_utils::NavigateToURL(
       browser(),
       GURL("blob:chrome://newtab/49a463bb-fac8-476c-97bf-5d7076c3ea1a"));
-  security_state::SecurityStateModel::SecurityInfo security_info;
-  model_client->GetSecurityInfo(&security_info);
-  EXPECT_EQ(security_state::SecurityStateModel::NONE,
-            security_info.security_level);
+  security_state::SecurityInfo security_info;
+  helper->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::NONE, security_info.security_level);
 }
 
 #if defined(USE_NSS_CERTS)
 class SSLUITestWithClientCert : public SSLUITest {
  public:
   SSLUITestWithClientCert() : cert_db_(NULL) {}
 
   void SetUpOnMainThread() override {
     SSLUITest::SetUpOnMainThread();
 
@@ skipping 190 matching lines @@
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
 
   // Load a page that displays insecure content.
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
 
   CheckSecurityState(browser()->tab_strip_model()->GetActiveWebContents(),
-                     CertError::NONE, security_state::SecurityStateModel::NONE,
+                     CertError::NONE, security_state::NONE,
                      AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
 // Test that if the user proceeds and the checkbox is checked, a report
 // is sent or not sent depending on the Finch config.
 IN_PROC_BROWSER_TEST_F(SSLUITestWithExtendedReporting,
                        TestBrokenHTTPSProceedReporting) {
   certificate_reporting_test_utils::ExpectReport expect_report =
       certificate_reporting_test_utils::GetReportExpectedFromFinch();
   TestBrokenHTTPSReporting(
@@ skipping 209 matching lines @@
 
   // Load the insecure image.
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       tab,
       "loadBadImage();",
       &js_result));
   EXPECT_TRUE(js_result);
 
   // We should now have insecure content.
-  CheckSecurityState(tab, CertError::NONE,
-                     security_state::SecurityStateModel::NONE,
+  CheckSecurityState(tab, CertError::NONE, security_state::NONE,
                      AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
 // Visits two pages from the same origin: one that displays insecure content and
 // one that doesn't.  The test checks that we do not propagate the insecure
 // content state from one to the other.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
@@ skipping 17 matching lines @@
   params.tabstrip_index = 0;
   params.source_contents = tab1;
   content::WindowedNotificationObserver observer(
       content::NOTIFICATION_LOAD_STOP,
       content::NotificationService::AllSources());
   chrome::Navigate(&params);
   WebContents* tab2 = params.target_contents;
   observer.Wait();
 
   // The new tab has insecure content.
-  CheckSecurityState(tab2, CertError::NONE,
-                     security_state::SecurityStateModel::NONE,
+  CheckSecurityState(tab2, CertError::NONE, security_state::NONE,
                      AuthState::DISPLAYED_INSECURE_CONTENT);
 
   // The original tab should not be contaminated.
   CheckAuthenticatedState(tab1, AuthState::NONE);
 }
 
 // Visits two pages from the same origin: one that runs insecure content and one
 // that doesn't.  The test checks that we propagate the insecure content state
 // from one to the other.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
@@ skipping 55 matching lines @@
   // Load original page over HTTP.
   const GURL url_http = embedded_test_server()->GetURL(replacement_path);
   ui_test_utils::NavigateToURL(browser(), url_http);
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckUnauthenticatedState(tab, AuthState::NONE);
 
   // Load again but over SSL.  It should be marked as displaying insecure
   // content (even though the image comes from the WebCore memory cache).
   const GURL url_https = https_server_.GetURL(replacement_path);
   ui_test_utils::NavigateToURL(browser(), url_https);
-  CheckSecurityState(tab, CertError::NONE,
-                     security_state::SecurityStateModel::NONE,
+  CheckSecurityState(tab, CertError::NONE, security_state::NONE,
                      AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
 // http://crbug.com/84729
 #if defined(OS_CHROMEOS)
 #define MAYBE_TestRunsCachedInsecureContent \
     DISABLED_TestRunsCachedInsecureContent
 #else
 #define MAYBE_TestRunsCachedInsecureContent TestRunsCachedInsecureContent
 #endif  // defined(OS_CHROMEOS)
@@ skipping 328 matching lines @@
       "  window.domAutomationController.setAutomationId(0);"
       "  window.domAutomationController.send('mixed-image-loaded');"
       "};"
       "var img = document.createElement('img');"
       "img.onload = loaded;"
       "img.src = '" +
           https_url.spec() + "';"
                              "document.body.appendChild(img);"));
 
   run_loop.Run();
-  CheckSecurityState(tab, CertError::NONE,
-                     security_state::SecurityStateModel::NONE,
+  CheckSecurityState(tab, CertError::NONE, security_state::NONE,
                      AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
 // Visits a page to which we could not connect (bad port) over http and https
 // and make sure the security style is correct.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) {
   ui_test_utils::NavigateToURL(browser(), GURL("http://localhost:17"));
   CheckUnauthenticatedState(
       browser()->tab_strip_model()->GetActiveWebContents(),
       AuthState::SHOWING_ERROR);
@@ skipping 259 matching lines @@
   // the user approves the bad certificate.
   ui_test_utils::NavigateToURL(
       browser(), https_server_mismatched_.GetURL("/ssl/blank_page.html"));
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::SHOWING_INTERSTITIAL);
   ProceedThroughInterstitial(tab);
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::NONE);
 
-  ChromeSecurityStateModelClient* client =
-      ChromeSecurityStateModelClient::FromWebContents(tab);
-  ASSERT_TRUE(client);
-  security_state::SecurityStateModel::SecurityInfo security_info;
-  client->GetSecurityInfo(&security_info);
-  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+  SecurityStateTabHelper* helper = SecurityStateTabHelper::FromWebContents(tab);
+  ASSERT_TRUE(helper);
+  security_state::SecurityInfo security_info;
+  helper->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.mixed_content_status);
-  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+  EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.content_with_cert_errors_status);
 
   // Navigate to safe page that has Worker loading unsafe content.
   // Expect content to load but be marked as auth broken due to running insecure
   // content.
   std::string page_with_unsafe_worker_path;
   GetPageWithUnsafeWorkerPath(https_server_mismatched_,
                               &page_with_unsafe_worker_path);
   ui_test_utils::NavigateToURL(
       browser(), https_server_.GetURL(page_with_unsafe_worker_path));
   CheckWorkerLoadResult(tab, true);  // Worker loads insecure content
   CheckAuthenticationBrokenState(tab, CertError::NONE, AuthState::NONE);
 
-  client->GetSecurityInfo(&security_info);
-  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+  helper->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.mixed_content_status);
-  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_RAN,
+  EXPECT_EQ(security_state::CONTENT_STATUS_RAN,
             security_info.content_with_cert_errors_status);
 }
 
 // Visits a page with unsafe content and makes sure that if a user exception to
 // the certificate error is present, the image is loaded and script executes.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsWithUserException) {
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_NO_FATAL_FAILURE(SetUpUnsafeContentsWithUserException(
       "/ssl/page_with_unsafe_contents.html"));
   CheckAuthenticationBrokenState(tab, CertError::NONE, AuthState::NONE);
 
-  ChromeSecurityStateModelClient* client =
-      ChromeSecurityStateModelClient::FromWebContents(tab);
-  ASSERT_TRUE(client);
-  security_state::SecurityStateModel::SecurityInfo security_info;
-  client->GetSecurityInfo(&security_info);
-  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+  SecurityStateTabHelper* helper = SecurityStateTabHelper::FromWebContents(tab);
+  ASSERT_TRUE(helper);
+  security_state::SecurityInfo security_info;
+  helper->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.mixed_content_status);
-  EXPECT_EQ(
-      security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN,
-      security_info.content_with_cert_errors_status);
+  EXPECT_EQ(security_state::CONTENT_STATUS_DISPLAYED_AND_RAN,
+            security_info.content_with_cert_errors_status);
 
   int img_width;
   EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
       tab, "window.domAutomationController.send(ImageWidth());", &img_width));
   // In order to check that the image was loaded, we check its width.
   // The actual image (Google logo) is 114 pixels wide, so we assume a good
   // image is greater than 100.
   EXPECT_GT(img_width, 100);
 
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       tab, "window.domAutomationController.send(IsFooSet());", &js_result));
   EXPECT_TRUE(js_result);
 
   // Test that active subresources with the same certificate errors as
   // the main resources also get noted in |content_with_cert_errors_status|.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_with_unsafe_contents.html",
       https_server_mismatched_.host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(
       browser(), https_server_mismatched_.GetURL(replacement_path));
   js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       tab, "window.domAutomationController.send(IsFooSet());", &js_result));
   EXPECT_TRUE(js_result);
   CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
                                  AuthState::NONE);
 
-  client->GetSecurityInfo(&security_info);
-  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+  helper->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.mixed_content_status);
-  EXPECT_EQ(
-      security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED_AND_RAN,
-      security_info.content_with_cert_errors_status);
+  EXPECT_EQ(security_state::CONTENT_STATUS_DISPLAYED_AND_RAN,
+            security_info.content_with_cert_errors_status);
 }
 
 // Like the test above, but only displaying inactive content (an image).
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeImageWithUserException) {
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_NO_FATAL_FAILURE(
       SetUpUnsafeContentsWithUserException("/ssl/page_with_unsafe_image.html"));
 
-  ChromeSecurityStateModelClient* client =
-      ChromeSecurityStateModelClient::FromWebContents(tab);
-  ASSERT_TRUE(client);
-  security_state::SecurityStateModel::SecurityInfo security_info;
-  client->GetSecurityInfo(&security_info);
-  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_NONE,
+  SecurityStateTabHelper* helper = SecurityStateTabHelper::FromWebContents(tab);
+  ASSERT_TRUE(helper);
+  security_state::SecurityInfo security_info;
+  helper->GetSecurityInfo(&security_info);
+  EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.mixed_content_status);
-  EXPECT_EQ(security_state::SecurityStateModel::CONTENT_STATUS_DISPLAYED,
+  EXPECT_EQ(security_state::CONTENT_STATUS_DISPLAYED,
             security_info.content_with_cert_errors_status);
-  EXPECT_EQ(security_state::SecurityStateModel::NONE,
-            security_info.security_level);
+  EXPECT_EQ(security_state::NONE, security_info.security_level);
   EXPECT_EQ(0u, security_info.cert_status);
 
   int img_width;
   EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
       tab, "window.domAutomationController.send(ImageWidth());", &img_width));
   // In order to check that the image was loaded, we check its width.
   // The actual image (Google logo) is 114 pixels wide, so we assume a good
   // image is greater than 100.
   EXPECT_GT(img_width, 100);
 }
@@ skipping 344 matching lines @@
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   content::TestNavigationObserver observer(
       contents,
       // With PlzNavigate, the renderer only sees one navigation (i.e. not the
       // redirect, since that happens in the browser).
       content::IsBrowserSideNavigationEnabled() ? 1 : 2);
   ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url);
   observer.Wait();
 
-  CheckSecurityState(contents, CertError::NONE,
-                     security_state::SecurityStateModel::SECURE,
+  CheckSecurityState(contents, CertError::NONE, security_state::SECURE,
                      AuthState::NONE);
   replacements.SetHostStr("mail.example.com");
   GURL https_server_new_url = https_server_url.ReplaceComponents(replacements);
   // Verify that the current URL is the suggested URL.
   EXPECT_EQ(https_server_new_url.spec(),
             contents->GetLastCommittedURL().spec());
 }
 
 // Visit the URL example.org on a server that presents a valid certificate
 // for www.example.org. Verify that the page redirects to www.example.org.
@@ skipping 37 matching lines @@
 
   WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
   content::TestNavigationObserver observer(
       contents,
       // With PlzNavigate, the renderer only sees one navigation (i.e. not the
       // redirect, since that happens in the browser).
       content::IsBrowserSideNavigationEnabled() ? 1 : 2);
   ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url);
   observer.Wait();
 
-  CheckSecurityState(contents, CertError::NONE,
-                     security_state::SecurityStateModel::SECURE,
+  CheckSecurityState(contents, CertError::NONE, security_state::SECURE,
                      AuthState::NONE);
 }
 
 // Tests this scenario:
 // - |CommonNameMismatchHandler| does not give a callback as it's set into the
 //   state |IGNORE_REQUESTS_FOR_TESTING|. So no suggested URL check result can
 //   arrive.
 // - A cert error triggers an interstitial timer with a very long timeout.
 // - No suggested URL check results arrive, causing the tab to appear as loading
 //   indefinitely (also because the timer has a long timeout).
@@ skipping 224 matching lines @@
   ASSERT_TRUE(https_server.Start());
 
   mock_cert_verifier()->set_default_result(
       net::ERR_CERT_NAME_CONSTRAINT_VIOLATION);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server.GetURL("/ssl/google.html"));
 
   CheckSecurityState(browser()->tab_strip_model()->GetActiveWebContents(),
                      net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION,
-                     security_state::SecurityStateModel::DANGEROUS,
+                     security_state::DANGEROUS,
                      AuthState::SHOWING_INTERSTITIAL);
 }
 
 IN_PROC_BROWSER_TEST_F(SSLUITest, RestoreHasSSLState) {
   ASSERT_TRUE(https_server_.Start());
   GURL url(https_server_.GetURL("/ssl/google.html"));
   ui_test_utils::NavigateToURL(browser(), url);
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   CheckAuthenticatedState(tab, AuthState::NONE);
 
@@ skipping 98 matching lines @@
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
 
   GURL url =
       GURL(https_server_.GetURL("/ssl/redirect.html").spec()
       + "?" +
       https_server_.GetURL("/ssl/page_displays_insecure_content.html").spec());
 
   ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(browser(), url, 2);
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
-  CheckSecurityState(tab, CertError::NONE,
-                     security_state::SecurityStateModel::NONE,
+  CheckSecurityState(tab, CertError::NONE, security_state::NONE,
                      AuthState::DISPLAYED_INSECURE_CONTENT);
 }
 
 // Checks that in-page navigations during page load preserves SSL state.
 IN_PROC_BROWSER_TEST_F(SSLUITest, InPageNavigationDuringLoadSSLState) {
   ASSERT_TRUE(https_server_.Start());
 
   ui_test_utils::NavigateToURL(
       browser(),
       https_server_.GetURL("/ssl/in_page_navigation_during_load.html"));
@@ skipping 48 matching lines @@
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.