Remove obsolete SHA-1 UX elements

chrome/browser/ssl/security_state_tab_helper_browser_tests.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/security_state_tab_helper.h"
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/strings/string_split.h"
@@ skipping 187 matching lines @@
   base::string16 secure_description = l10n_util::GetStringFUTF16(
       IDS_STRONG_SSL_DESCRIPTION, description_replacements, nullptr);
 
   EXPECT_EQ(secure_description,
             base::ASCIIToUTF16(secure_explanations.back().description));
 }
 
 void CheckSecurityInfoForSecure(
     content::WebContents* contents,
     security_state::SecurityLevel expect_security_level,
-    security_state::SHA1DeprecationStatus expect_sha1_status,
+    bool expect_sha1_in_chain,
     security_state::ContentStatus expect_mixed_content_status,
     bool pkp_bypassed,
     bool expect_cert_error) {
   ASSERT_TRUE(contents);
 
   SecurityStateTabHelper* helper =
       SecurityStateTabHelper::FromWebContents(contents);
   ASSERT_TRUE(helper);
   security_state::SecurityInfo security_info;
   helper->GetSecurityInfo(&security_info);
   EXPECT_EQ(expect_security_level, security_info.security_level);
-  EXPECT_EQ(expect_sha1_status, security_info.sha1_deprecation_status);
+  EXPECT_EQ(expect_sha1_in_chain, security_info.sha1_in_chain);
   EXPECT_EQ(expect_mixed_content_status, security_info.mixed_content_status);
   EXPECT_TRUE(security_info.sct_verify_statuses.empty());
   EXPECT_TRUE(security_info.scheme_is_cryptographic);
   EXPECT_EQ(pkp_bypassed, security_info.pkp_bypassed);
   EXPECT_EQ(expect_cert_error,
             net::IsCertStatusError(security_info.cert_status));
   EXPECT_GT(security_info.security_bits, 0);
   EXPECT_TRUE(!!security_info.certificate);
 }
 
 void CheckSecurityInfoForNonSecure(content::WebContents* contents) {
   ASSERT_TRUE(contents);
 
   SecurityStateTabHelper* helper =
       SecurityStateTabHelper::FromWebContents(contents);
   ASSERT_TRUE(helper);
   security_state::SecurityInfo security_info;
   helper->GetSecurityInfo(&security_info);
   EXPECT_EQ(security_state::NONE, security_info.security_level);
-  EXPECT_EQ(security_state::NO_DEPRECATED_SHA1,
-            security_info.sha1_deprecation_status);
+  EXPECT_FALSE(security_info.sha1_in_chain);
   EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.mixed_content_status);
   EXPECT_TRUE(security_info.sct_verify_statuses.empty());
   EXPECT_FALSE(security_info.scheme_is_cryptographic);
   EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status));
   EXPECT_EQ(-1, security_info.security_bits);
   EXPECT_FALSE(!!security_info.certificate);
 }
 
 void ProceedThroughInterstitial(content::WebContents* tab) {
@@ skipping 110 matching lines @@
   content::WebContents* contents =
       browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_TRUE(contents);
 
   SecurityStateTabHelper* helper =
       SecurityStateTabHelper::FromWebContents(contents);
   ASSERT_TRUE(helper);
   security_state::SecurityInfo security_info;
   helper->GetSecurityInfo(&security_info);
   EXPECT_EQ(security_state::NONE, security_info.security_level);
-  EXPECT_EQ(security_state::NO_DEPRECATED_SHA1,
-            security_info.sha1_deprecation_status);
+  EXPECT_FALSE(security_info.sha1_in_chain);
   EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.mixed_content_status);
   EXPECT_TRUE(security_info.sct_verify_statuses.empty());
   EXPECT_FALSE(security_info.scheme_is_cryptographic);
   EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status));
   EXPECT_FALSE(!!security_info.certificate);
   EXPECT_EQ(-1, security_info.security_bits);
   EXPECT_EQ(0, security_info.connection_status);
 }
 
 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, HttpsPage) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::SECURE, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_NONE, false,
+      security_state::SECURE, false, security_state::CONTENT_STATUS_NONE, false,
       false /* expect cert status error */);
 }
 
-IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, SHA1Certificate) {
+// Test a SHA-1 certificate

[estark, 2017/01/09 23:00:21]

Unfinished comment

+IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, SHA1CertificateBlocked) {
+  ASSERT_TRUE(https_server_.Start());
+  SetUpMockCertVerifierForHttpsServer(
+      net::CERT_STATUS_SHA1_SIGNATURE_PRESENT |
+          net::CERT_STATUS_WEAK_SIGNATURE_ALGORITHM,
+      net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM);
+
+  content::WebContents* web_contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  SecurityStyleTestObserver observer(web_contents);
+  ui_test_utils::NavigateToURL(browser(),
+                               https_server_.GetURL("/ssl/google.html"));
+  CheckSecurityInfoForSecure(
+      browser()->tab_strip_model()->GetActiveWebContents(),
+      security_state::DANGEROUS, true, security_state::CONTENT_STATUS_NONE,
+      false, true /* expect cert status error */);
+
+  const content::SecurityStyleExplanations& interstitial_explanation =
+      observer.latest_explanations();
+  ASSERT_EQ(1u, interstitial_explanation.broken_explanations.size());
+  ASSERT_EQ(1u, interstitial_explanation.unauthenticated_explanations.size());
+
+  ProceedThroughInterstitial(
+      browser()->tab_strip_model()->GetActiveWebContents());
+
+  CheckSecurityInfoForSecure(
+      browser()->tab_strip_model()->GetActiveWebContents(),
+      security_state::DANGEROUS, true, security_state::CONTENT_STATUS_NONE,
+      false, true /* expect cert status error */);
+
+  const content::SecurityStyleExplanations& page_explanation =
+      observer.latest_explanations();
+  ASSERT_EQ(1u, page_explanation.broken_explanations.size());
+  ASSERT_EQ(1u, page_explanation.unauthenticated_explanations.size());

[estark, 2017/01/09 23:00:21]

Optional nit: other tests in this file check the actual string in the
explanations, a la line 149 in CheckSecureExplanations().

I'm kind of torn on whether that's actually a good testing strategy -- it feels
a little brittle and/or like it's testing an internal implementation detail --
which is why I'm mentioning it as an optional nit only.

+}
+
+// Test a SHA-1 certificate that is allowed by policy
+IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, SHA1CertificateWarning) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT,
                                       net::OK);
 
+  content::WebContents* web_contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+  SecurityStyleTestObserver observer(web_contents);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::DEPRECATED_SHA1_MAJOR,
-      security_state::CONTENT_STATUS_NONE, false,
+      security_state::NONE, true, security_state::CONTENT_STATUS_NONE, false,
       false /* expect cert status error */);
+
+  const content::SecurityStyleExplanations& explanation =
+      observer.latest_explanations();
+
+  ASSERT_EQ(0u, explanation.broken_explanations.size());
+  ASSERT_EQ(1u, explanation.unauthenticated_explanations.size());
 }
 
 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, MixedContent) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
   host_resolver()->AddRule("example.test",
                            https_server_.GetURL("/title1.html").host());
 
   net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair();
   replacement_pair.set_host("example.test");
 
   // Navigate to an HTTPS page that displays mixed content.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html", replacement_pair,
       &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::NONE, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_DISPLAYED, false,
-      false /* expect cert status error */);
+      security_state::NONE, false, security_state::CONTENT_STATUS_DISPLAYED,
+      false, false /* expect cert status error */);
 
   // Navigate to an HTTPS page that displays mixed content dynamically.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_with_dynamic_insecure_content.html", replacement_pair,
       &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::SECURE, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_NONE, false,
+      security_state::SECURE, false, security_state::CONTENT_STATUS_NONE, false,
       false /* expect cert status error */);
   // Load the insecure image.
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();",
       &js_result));
   EXPECT_TRUE(js_result);
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::NONE, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_DISPLAYED, false,
-      false /* expect cert status error */);
+      security_state::NONE, false, security_state::CONTENT_STATUS_DISPLAYED,
+      false, false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs mixed content.
   GetFilePathWithHostAndPortReplacement("/ssl/page_runs_insecure_content.html",
                                         replacement_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_RAN, false,
-      false /* expect cert status error */);
+      security_state::DANGEROUS, false, security_state::CONTENT_STATUS_RAN,
+      false, false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs and displays mixed content.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_and_displays_insecure_content.html", replacement_pair,
       &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::NO_DEPRECATED_SHA1,
+      security_state::DANGEROUS, false,
       security_state::CONTENT_STATUS_DISPLAYED_AND_RAN, false,
       false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs mixed content in an iframe.
   net::HostPortPair host_port_pair =
       net::HostPortPair::FromURL(https_server_.GetURL("/title1.html"));
   host_port_pair.set_host("different-host.test");
   host_resolver()->AddRule("different-host.test",
                            https_server_.GetURL("/title1.html").host());
   host_resolver()->AddRule(
       "different-http-host.test",
       embedded_test_server()->GetURL("/title1.html").host());
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_insecure_content_in_iframe.html", host_port_pair,
       &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_RAN, false,
-      false /* expect cert status error */);
+      security_state::DANGEROUS, false, security_state::CONTENT_STATUS_RAN,
+      false, false /* expect cert status error */);
 }
 
 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest,
                        ActiveContentWithCertErrors) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   // Navigate to an HTTPS page and simulate active content with
   // certificate errors.
   ui_test_utils::NavigateToURL(browser(), https_server_.GetURL("/title1.html"));
@@ skipping 71 matching lines @@
   ASSERT_TRUE(helper);
   security_state::SecurityInfo security_info;
   helper->GetSecurityInfo(&security_info);
 
   EXPECT_FALSE(net::IsCertStatusError(security_info.cert_status));
   EXPECT_EQ(security_state::DANGEROUS, security_info.security_level);
   EXPECT_EQ(security_state::CONTENT_STATUS_DISPLAYED_AND_RAN,
             security_info.content_with_cert_errors_status);
 }
 
-// Same as the test above but with a long-lived SHA1 cert.
+// Same as SecurityStateTabHelperTest.ActiveAndPassiveContentWithCertErrors but
+// with a SHA1 cert.
 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, MixedContentWithSHA1Cert) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_SHA1_SIGNATURE_PRESENT,
                                       net::OK);
 
   host_resolver()->AddRule("example.test",
                            https_server_.GetURL("/title1.html").host());
 
   net::HostPortPair replacement_pair = embedded_test_server()->host_port_pair();
   replacement_pair.set_host("example.test");
 
   // Navigate to an HTTPS page that displays mixed content.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html", replacement_pair,
       &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::DEPRECATED_SHA1_MAJOR,
-      security_state::CONTENT_STATUS_DISPLAYED, false,
-      false /* expect cert status error */);
+      security_state::NONE, true, security_state::CONTENT_STATUS_DISPLAYED,
+      false, false /* expect cert status error */);
 
   // Navigate to an HTTPS page that displays mixed content dynamically.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_with_dynamic_insecure_content.html", replacement_pair,
       &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::DEPRECATED_SHA1_MAJOR,
-      security_state::CONTENT_STATUS_NONE, false,
+      security_state::NONE, true, security_state::CONTENT_STATUS_NONE, false,
       false /* expect cert status error */);
   // Load the insecure image.
   bool js_result = false;
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
       browser()->tab_strip_model()->GetActiveWebContents(), "loadBadImage();",
       &js_result));
   EXPECT_TRUE(js_result);
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::DEPRECATED_SHA1_MAJOR,
-      security_state::CONTENT_STATUS_DISPLAYED, false,
-      false /* expect cert status error */);
+      security_state::NONE, true, security_state::CONTENT_STATUS_DISPLAYED,
+      false, false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs mixed content.
   GetFilePathWithHostAndPortReplacement("/ssl/page_runs_insecure_content.html",
                                         replacement_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::DEPRECATED_SHA1_MAJOR,
-      security_state::CONTENT_STATUS_RAN, false,
-      false /* expect cert status error */);
+      security_state::DANGEROUS, true, security_state::CONTENT_STATUS_RAN,
+      false, false /* expect cert status error */);
 
   // Navigate to an HTTPS page that runs and displays mixed content.
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_and_displays_insecure_content.html", replacement_pair,
       &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::DEPRECATED_SHA1_MAJOR,
+      security_state::DANGEROUS, true,
       security_state::CONTENT_STATUS_DISPLAYED_AND_RAN, false,
       false /* expect cert status error */);
 }
 
 // Tests that the Content Security Policy block-all-mixed-content
 // directive stops mixed content from running.
 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, MixedContentStrictBlocking) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   // Navigate to an HTTPS page that tries to run mixed content in an
   // iframe, with strict mixed content blocking.
   std::string replacement_path;
   net::HostPortPair host_port_pair =
       net::HostPortPair::FromURL(https_server_.GetURL("/title1.html"));
   host_port_pair.set_host("different-host.test");
   host_resolver()->AddRule("different-host.test",
                            https_server_.GetURL("/title1.html").host());
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_runs_insecure_content_in_iframe_with_strict_blocking.html",
       host_port_pair, &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::SECURE, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_NONE, false,
+      security_state::SECURE, false, security_state::CONTENT_STATUS_NONE, false,
       false /* expect cert status error */);
 }
 
 IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, BrokenHTTPS) {
   ASSERT_TRUE(embedded_test_server()->Start());
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(net::CERT_STATUS_DATE_INVALID,
                                       net::ERR_CERT_DATE_INVALID);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_NONE, false,
-      true /* expect cert status error */);
+      security_state::DANGEROUS, false, security_state::CONTENT_STATUS_NONE,
+      false, true /* expect cert status error */);
 
   ProceedThroughInterstitial(
       browser()->tab_strip_model()->GetActiveWebContents());
 
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_NONE, false,
-      true /* expect cert status error */);
+      security_state::DANGEROUS, false, security_state::CONTENT_STATUS_NONE,
+      false, true /* expect cert status error */);
 
   // Navigate to a broken HTTPS page that displays mixed content.
   std::string replacement_path;
   GetFilePathWithHostAndPortReplacement(
       "/ssl/page_displays_insecure_content.html",
       embedded_test_server()->host_port_pair(), &replacement_path);
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL(replacement_path));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::DANGEROUS, security_state::NO_DEPRECATED_SHA1,
+      security_state::DANGEROUS, false,
       security_state::CONTENT_STATUS_DISPLAYED, false,
       true /* expect cert status error */);
 }
 
 const char kReportURI[] = "https://report-hpkp.test";
 
 class PKPModelClientTest : public SecurityStateTabHelperTest {
  public:
   void SetUpOnMainThread() override {
     ASSERT_TRUE(https_server_.Start());
@@ skipping 40 matching lines @@
   memset(hash.data(), 1, hash.size());
   verify_result.public_key_hashes.push_back(hash);
 
   mock_cert_verifier()->AddResultForCert(cert, verify_result, net::OK);
 
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
 
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::SECURE, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_NONE, true, false);
+      security_state::SECURE, false, security_state::CONTENT_STATUS_NONE, true,
+      false);
 
   const content::SecurityStyleExplanations& explanation =
       observer.latest_explanations();
   EXPECT_TRUE(explanation.pkp_bypassed);
   EXPECT_FALSE(explanation.info_explanations.empty());
 }
 
 IN_PROC_BROWSER_TEST_F(PKPModelClientTest, PKPEnforced) {
   content::WebContents* web_contents =
       browser()->tab_strip_model()->GetActiveWebContents();
@@ skipping 64 matching lines @@
 // updated.
 IN_PROC_BROWSER_TEST_F(SecurityStateLoadingTest, NavigationStateChanges) {
   ASSERT_TRUE(https_server_.Start());
   SetUpMockCertVerifierForHttpsServer(0, net::OK);
 
   // Navigate to an HTTPS page.
   ui_test_utils::NavigateToURL(browser(),
                                https_server_.GetURL("/ssl/google.html"));
   CheckSecurityInfoForSecure(
       browser()->tab_strip_model()->GetActiveWebContents(),
-      security_state::SECURE, security_state::NO_DEPRECATED_SHA1,
-      security_state::CONTENT_STATUS_NONE, false,
+      security_state::SECURE, false, security_state::CONTENT_STATUS_NONE, false,
       false /* expect cert status error */);
 
   // Navigate to a page that doesn't finish loading. Test that the
   // security state is neutral while the page is loading.
   browser()->OpenURL(content::OpenURLParams(
       embedded_test_server()->GetURL("/title1.html"), content::Referrer(),
       WindowOpenDisposition::CURRENT_TAB, ui::PAGE_TRANSITION_TYPED, false));
   CheckSecurityInfoForNonSecure(
       browser()->tab_strip_model()->GetActiveWebContents());
 }
@@ skipping 592 matching lines @@
   ASSERT_TRUE(tab);
 
   content::WebContents* new_contents = content::WebContents::Create(
       content::WebContents::CreateParams(tab->GetBrowserContext()));
   content::NavigationController& controller = new_contents->GetController();
   SecurityStateTabHelper::CreateForWebContents(new_contents);
   CheckSecurityInfoForNonSecure(new_contents);
   controller.LoadURL(https_server_.GetURL("/title1.html"), content::Referrer(),
                      ui::PAGE_TRANSITION_TYPED, std::string());
   EXPECT_TRUE(content::WaitForLoadStop(new_contents));
-  CheckSecurityInfoForSecure(new_contents, security_state::SECURE,
-                             security_state::NO_DEPRECATED_SHA1,
+  CheckSecurityInfoForSecure(new_contents, security_state::SECURE, false,
                              security_state::CONTENT_STATUS_NONE, false,
                              false /* expect cert status error */);
 
   browser()->tab_strip_model()->InsertWebContentsAt(0, new_contents,
                                                     TabStripModel::ADD_NONE);
-  CheckSecurityInfoForSecure(new_contents, security_state::SECURE,
-                             security_state::NO_DEPRECATED_SHA1,
+  CheckSecurityInfoForSecure(new_contents, security_state::SECURE, false,
                              security_state::CONTENT_STATUS_NONE, false,
                              false /* expect cert status error */);
 }
 
 // Tests that the WebContentsObserver::DidChangeVisibleSecurityState event fires
 // with the current style on HTTP, broken HTTPS, and valid HTTPS pages.
 IN_PROC_BROWSER_TEST_F(DidChangeVisibleSecurityStateTest,
                        DidChangeVisibleSecurityStateObserver) {
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(embedded_test_server()->Start());
@@ skipping 517 matching lines @@
   SecurityStateTabHelper* helper =
       SecurityStateTabHelper::FromWebContents(web_contents);
   ASSERT_TRUE(helper);
   security_state::SecurityInfo security_info;
   helper->GetSecurityInfo(&security_info);
   EXPECT_EQ(security_state::SECURE, security_info.security_level);
   EXPECT_EQ(kTestSCTStatuses, security_info.sct_verify_statuses);
 }
 
 }  // namespace