17 files changed, 601 insertions, 0 deletions

diff --git a/src/core/certificate_error_controller.cpp b/src/core/certificate_error_controller.cpp
new file mode 100644
index 000000000..64e5b36d4
--- /dev/null
+++ b/src/core/certificate_error_controller.cpp
@@ -0,0 +1,157 @@
+/****************************************************************************
+**
+** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
+** Contact: http://www.qt-project.org/legal
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and Digia.  For licensing terms and
+** conditions see http://qt.digia.com/licensing.  For further information
+** use the contact form at http://qt.digia.com/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPLv3 included in the
+** packaging of this file.  Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or later as published by the Free
+** Software Foundation and appearing in the file LICENSE.GPL included in
+** the packaging of this file.  Please review the following information to
+** ensure the GNU General Public License version 2.0 requirements will be
+** met: http://www.gnu.org/licenses/gpl-2.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#include "certificate_error_controller.h"
+#include "certificate_error_controller_p.h"
+
+#include <net/cert/x509_certificate.h>
+#include <net/ssl/ssl_info.h>
+#include <ui/base/l10n/l10n_util.h>
+#include "chrome/grit/generated_resources.h"
+#include "type_conversion.h"
+
+void CertificateErrorControllerPrivate::accept(bool accepted)
+{
+    callback.Run(accepted);
+}
+
+CertificateErrorControllerPrivate::CertificateErrorControllerPrivate(int cert_error,
+                                                                     const net::SSLInfo& ssl_info,
+                                                                     const GURL &request_url,
+                                                                     ResourceType::Type resource_type,
+                                                                     bool _overridable,
+                                                                     bool strict_enforcement,
+                                                                     const base::Callback<void(bool)>& cb
+                                                                    )
+    : certError(CertificateErrorController::CertificateError(cert_error))
+    , requestUrl(toQt(request_url))
+    , resourceType(CertificateErrorController::ResourceType(resource_type))
+    , overridable(_overridable)
+    , strictEnforcement(strict_enforcement)
+    , callback(cb)
+{
+    if (ssl_info.cert) {
+        validStart = toQt(ssl_info.cert->valid_start());
+        validExpiry = toQt(ssl_info.cert->valid_expiry());
+    }
+}
+
+CertificateErrorController::CertificateErrorController(CertificateErrorControllerPrivate *p) : d(p)
+{
+}
+
+CertificateErrorController::~CertificateErrorController()
+{
+    delete d;
+    d = 0;
+}
+
+CertificateErrorController::CertificateError CertificateErrorController::error() const
+{
+    return d->certError;
+}
+
+QUrl CertificateErrorController::url() const
+{
+    return d->requestUrl;
+}
+
+bool CertificateErrorController::overridable() const
+{
+    return d->overridable;
+}
+
+bool CertificateErrorController::strictEnforcement() const
+{
+    return d->strictEnforcement;
+}
+
+void CertificateErrorController::accept(bool accepted)
+{
+    d->accept(accepted);
+}
+
+CertificateErrorController::ResourceType CertificateErrorController::resourceType() const
+{
+    return d->resourceType;
+}
+
+static QString getQStringForMessageId(int message_id) {
+    base::string16 string = l10n_util::GetStringUTF16(message_id);
+    return QString::fromUtf16(string.data(), string.length());
+}
+
+QString CertificateErrorController::errorString() const
+{
+    // Try to use chromiums translation of the error strings, though not all are
+    // consistently described and we need to use versions that does not contain HTML
+    // formatted text.
+    switch (d->certError) {
+    case SslPinnedKeyNotInCertificateChain:
+        return getQStringForMessageId(IDS_ERRORPAGES_SUMMARY_PINNING_FAILURE);
+    case CertificateCommonNameInvalid:
+        return getQStringForMessageId(IDS_CERT_ERROR_COMMON_NAME_INVALID_DESCRIPTION);
+    case CertificateDateInvalid:
+        if (QDateTime::currentDateTime() > d->validExpiry)
+            return getQStringForMessageId(IDS_CERT_ERROR_EXPIRED_DESCRIPTION);
+        else
+            return getQStringForMessageId(IDS_CERT_ERROR_NOT_YET_VALID_DESCRIPTION);
+    case CertificateAuthorityInvalid:
+        return getQStringForMessageId(IDS_CERT_ERROR_AUTHORITY_INVALID_DESCRIPTION);
+    case CertificateContainsErrors:
+        return getQStringForMessageId(IDS_CERT_ERROR_CONTAINS_ERRORS_DESCRIPTION);
+    case CertificateNoRevocationMechanism:
+        return getQStringForMessageId(IDS_CERT_ERROR_NO_REVOCATION_MECHANISM_DETAILS);
+    case CertificateUnableToCheckRevocation:
+        return getQStringForMessageId(IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DETAILS);
+    case CertificateRevoked:
+        return getQStringForMessageId(IDS_CERT_ERROR_REVOKED_CERT_DESCRIPTION);
+    case CertificateInvalid:
+        return getQStringForMessageId(IDS_CERT_ERROR_INVALID_CERT_DESCRIPTION);
+    case CertificateWeakSignatureAlgorithm:
+        return getQStringForMessageId(IDS_CERT_ERROR_WEAK_SIGNATURE_ALGORITHM_DESCRIPTION);
+    case CertificateNonUniqueName:
+        return getQStringForMessageId(IDS_PAGE_INFO_SECURITY_TAB_NON_UNIQUE_NAME);
+    case CertificateWeakKey:
+        return getQStringForMessageId(IDS_CERT_ERROR_WEAK_KEY_DESCRIPTION);
+    case CertificateNameConstraintViolation:
+        return getQStringForMessageId(IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION);
+    default:
+        break;
+    }
+
+    return getQStringForMessageId(IDS_CERT_ERROR_UNKNOWN_ERROR_DESCRIPTION);
+}
diff --git a/src/core/certificate_error_controller.h b/src/core/certificate_error_controller.h
new file mode 100644
index 000000000..f1e7c5bd8
--- /dev/null
+++ b/src/core/certificate_error_controller.h
@@ -0,0 +1,110 @@
+/****************************************************************************
+**
+** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
+** Contact: http://www.qt-project.org/legal
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and Digia.  For licensing terms and
+** conditions see http://qt.digia.com/licensing.  For further information
+** use the contact form at http://qt.digia.com/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPLv3 included in the
+** packaging of this file.  Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or later as published by the Free
+** Software Foundation and appearing in the file LICENSE.GPL included in
+** the packaging of this file.  Please review the following information to
+** ensure the GNU General Public License version 2.0 requirements will be
+** met: http://www.gnu.org/licenses/gpl-2.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef CERTIFICATE_ERROR_CONTROLLER_H
+#define CERTIFICATE_ERROR_CONTROLLER_H
+
+#include "qtwebenginecoreglobal.h"
+
+#include <QtCore/QDateTime>
+#include <QtCore/QSharedData>
+#include <QtCore/QUrl>
+
+class CertificateErrorControllerPrivate;
+
+class QWEBENGINE_EXPORT CertificateErrorController : public QSharedData {
+public:
+    CertificateErrorController(CertificateErrorControllerPrivate *p);
+    ~CertificateErrorController();
+
+    // We can't use QSslError::SslErrors, because the error categories doesn't map.
+    // Keep up to date with net/base/net_errors.h and net::IsCertificateError():
+    enum CertificateError {
+        SslPinnedKeyNotInCertificateChain = -150,
+        CertificateCommonNameInvalid = -200,
+        CertificateDateInvalid = -201,
+        CertificateAuthorityInvalid = -202,
+        CertificateContainsErrors = -203,
+        CertificateNoRevocationMechanism = -204,
+        CertificateUnableToCheckRevocation = -205,
+        CertificateRevoked = -206,
+        CertificateInvalid = -207,
+        CertificateWeakSignatureAlgorithm = -208,
+        CertificateNonUniqueName = -210,
+        CertificateWeakKey = -211,
+        CertificateNameConstraintViolation = -212,
+    };
+
+    CertificateError error() const;
+    QUrl url() const;
+    bool overridable() const;
+    bool strictEnforcement() const;
+    QString errorString() const;
+    QDateTime validStart() const;
+    QDateTime validExpiry() const;
+
+    void accept(bool);
+
+    // Note: The resource type should probably not be exported, since once accepted the certificate exception
+    // counts for all resource types.
+    // Keep up to date with webkit/common/resource_type.h
+    enum ResourceType {
+        ResourceTypeMainFrame = 0,  // top level page
+        ResourceTypeSubFrame,       // frame or iframe
+        ResourceTypeStylesheet,     // a CSS stylesheet
+        ResourceTypeScript,         // an external script
+        ResourceTypeImage,          // an image (jpg/gif/png/etc)
+        ResourceTypeFont,           // a font
+        ResourceTypeOther,          // an "other" subresource.
+        ResourceTypeObject,         // an object (or embed) tag for a plugin,
+                                    // or a resource that a plugin requested.
+        ResourceTypeMedia,          // a media resource.
+        ResourceTypeWorker,         // the main resource of a dedicated worker.
+        ResourceTypeSharedWorker,   // the main resource of a shared worker.
+        ResourceTypePrefetch,       // an explicitly requested prefetch
+        ResourceTypeFavicon,        // a favicon
+        ResourceTypeXHR,            // a XMLHttpRequest
+        ResourceTypePing,           // a ping request for <a ping>
+        ResourceTypeServiceWorker,  // the main resource of a service worker.
+    };
+
+    ResourceType resourceType() const;
+
+private:
+    CertificateErrorControllerPrivate* d;
+};
+
+#endif // CERTIFICATE_ERROR_CONTROLLER_H
diff --git a/src/core/certificate_error_controller_p.h b/src/core/certificate_error_controller_p.h
new file mode 100644
index 000000000..af0ce12aa
--- /dev/null
+++ b/src/core/certificate_error_controller_p.h
@@ -0,0 +1,60 @@
+/****************************************************************************
+**
+** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
+** Contact: http://www.qt-project.org/legal
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and Digia.  For licensing terms and
+** conditions see http://qt.digia.com/licensing.  For further information
+** use the contact form at http://qt.digia.com/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPLv3 included in the
+** packaging of this file.  Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or later as published by the Free
+** Software Foundation and appearing in the file LICENSE.GPL included in
+** the packaging of this file.  Please review the following information to
+** ensure the GNU General Public License version 2.0 requirements will be
+** met: http://www.gnu.org/licenses/gpl-2.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef CERTIFICATE_ERROR_CONTROLLER_P_H
+#define CERTIFICATE_ERROR_CONTROLLER_P_H
+
+#include "content/public/browser/content_browser_client.h"
+
+#include "certificate_error_controller.h"
+
+class CertificateErrorControllerPrivate {
+public:
+    CertificateErrorControllerPrivate(int cert_error, const net::SSLInfo& ssl_info, const GURL& request_url, ResourceType::Type resource_type, bool overridable, bool strict_enforcement, const base::Callback<void(bool)>& callback);
+
+    void accept(bool accepted);
+
+    CertificateErrorController::CertificateError certError;
+    const QUrl requestUrl;
+    QDateTime validStart;
+    QDateTime validExpiry;
+    CertificateErrorController::ResourceType resourceType;
+    bool overridable;
+    bool strictEnforcement;
+    const base::Callback<void(bool)>& callback;
+};
+
+#endif // CERTIFICATE_ERROR_CONTROLLER_P_H
diff --git a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp
index aa404eced..f19199cc3 100644
--- a/src/core/content_browser_client_qt.cpp
+++ b/src/core/content_browser_client_qt.cpp
@@ -42,6 +42,7 @@
 #include "content/public/browser/browser_main_parts.h"
 #include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/media_observer.h"
+#include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/resource_dispatcher_host.h"
@@ -54,6 +55,8 @@
 #include "ui/gl/gl_share_group.h"
 
 #include "browser_context_qt.h"
+#include "certificate_error_controller.h"
+#include "certificate_error_controller_p.h"
 #include "desktop_screen_qt.h"
 #include "dev_tools_http_handler_delegate_qt.h"
 #include "media_capture_devices_dispatcher.h"
@@ -345,3 +348,22 @@ void ContentBrowserClientQt::enableInspector(bool enable)
         m_devtools.reset();
     }
 }
+
+void ContentBrowserClientQt::AllowCertificateError(int render_process_id, int render_frame_id, int cert_error,
+                                                   const net::SSLInfo& ssl_info, const GURL& request_url,
+                                                   ResourceType::Type resource_type,
+                                                   bool overridable, bool strict_enforcement,
+                                                   const base::Callback<void(bool)>& callback,
+                                                   content::CertificateRequestResultType* result)
+{
+    // We leave the result with its default value.
+    Q_UNUSED(result);
+
+    content::RenderFrameHost *frameHost = content::RenderFrameHost::FromID(render_process_id, render_frame_id);
+    WebContentsDelegateQt* contentsDelegate = 0;
+    if (content::WebContents *webContents = frameHost->GetRenderViewHost()->GetDelegate()->GetAsWebContents())
+        contentsDelegate = static_cast<WebContentsDelegateQt*>(webContents->GetDelegate());
+
+    QExplicitlySharedDataPointer<CertificateErrorController> errorController(new CertificateErrorController(new CertificateErrorControllerPrivate(cert_error, ssl_info, request_url, resource_type, overridable, strict_enforcement, callback)));
+    contentsDelegate->allowCertificateError(errorController);
+}
diff --git a/src/core/content_browser_client_qt.h b/src/core/content_browser_client_qt.h
index 5bb8ece47..9cf1695fe 100644
--- a/src/core/content_browser_client_qt.h
+++ b/src/core/content_browser_client_qt.h
@@ -79,6 +79,17 @@ public:
     virtual gfx::GLShareGroup* GetInProcessGpuShareGroup() Q_DECL_OVERRIDE;
     virtual content::MediaObserver* GetMediaObserver() Q_DECL_OVERRIDE;
     virtual void OverrideWebkitPrefs(content::RenderViewHost *, const GURL &, WebPreferences *) Q_DECL_OVERRIDE;
+    virtual void AllowCertificateError(
+        int render_process_id,
+        int render_frame_id,
+        int cert_error,
+        const net::SSLInfo& ssl_info,
+        const GURL& request_url,
+        ResourceType::Type resource_type,
+        bool overridable,
+        bool strict_enforcement,
+        const base::Callback<void(bool)>& callback,
+        content::CertificateRequestResultType* result) Q_DECL_OVERRIDE;
 
     BrowserContextQt* browser_context();
 
diff --git a/src/core/core_gyp_generator.pro b/src/core/core_gyp_generator.pro
index b10626000..2ca61bee2 100644
--- a/src/core/core_gyp_generator.pro
+++ b/src/core/core_gyp_generator.pro
@@ -39,6 +39,7 @@ SOURCES = \
         browser_accessibility_manager_qt.cpp \
         browser_accessibility_qt.cpp \
         browser_context_qt.cpp \
+        certificate_error_controller.cpp \
         chromium_gpu_helper.cpp \
         chromium_overrides.cpp \
         clipboard_qt.cpp \
@@ -85,6 +86,8 @@ HEADERS = \
         browser_accessibility_manager_qt.h \
         browser_accessibility_qt.h \
         browser_context_qt.h \
+        certificate_error_controller_p.h \
+        certificate_error_controller.h \
         chromium_overrides.h \
         clipboard_qt.h \
         common/qt_messages.h \
diff --git a/src/core/web_contents_adapter_client.h b/src/core/web_contents_adapter_client.h
index 4d918fef7..215942f8f 100644
--- a/src/core/web_contents_adapter_client.h
+++ b/src/core/web_contents_adapter_client.h
@@ -48,6 +48,7 @@
 
 QT_FORWARD_DECLARE_CLASS(QVariant)
 
+class CertificateErrorController;
 class JavaScriptDialogController;
 class RenderWidgetHostViewQt;
 class RenderWidgetHostViewQtDelegate;
@@ -172,6 +173,9 @@ public:
     virtual void authenticationRequired(const QUrl &requestUrl, const QString &realm, bool isProxy, const QString &challengingHost, QString *outUser, QString *outPassword) = 0;
     virtual void runMediaAccessPermissionRequest(const QUrl &securityOrigin, MediaRequestFlags requestFlags) = 0;
     virtual WebEngineSettings *webEngineSettings() const = 0;
+
+    virtual void allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &errorController) = 0;
+
 };
 
 #endif // WEB_CONTENTS_ADAPTER_CLIENT_H
diff --git a/src/core/web_contents_delegate_qt.cpp b/src/core/web_contents_delegate_qt.cpp
index 9916ca9e5..0523d8b22 100644
--- a/src/core/web_contents_delegate_qt.cpp
+++ b/src/core/web_contents_delegate_qt.cpp
@@ -275,3 +275,8 @@ WebContentsAdapter *WebContentsDelegateQt::createWindow(content::WebContents *ne
 
     return newAdapter;
 }
+
+void WebContentsDelegateQt::allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &errorController)
+{
+    m_viewClient->allowCertificateError(errorController);
+}
diff --git a/src/core/web_contents_delegate_qt.h b/src/core/web_contents_delegate_qt.h
index 22bc85548..c1f0c4647 100644
--- a/src/core/web_contents_delegate_qt.h
+++ b/src/core/web_contents_delegate_qt.h
@@ -50,8 +50,10 @@ namespace content {
     class JavaScriptDialogManager;
     class WebContents;
 }
+
 struct WebPreferences;
 class WebContentsAdapterClient;
+class CertificateErrorController;
 
 class WebContentsDelegateQt : public content::WebContentsDelegate
                             , public content::WebContentsObserver
@@ -84,6 +86,7 @@ public:
     virtual void DidNavigateAnyFrame(const content::LoadCommittedDetails&, const content::FrameNavigateParams& params) Q_DECL_OVERRIDE;
 
     void overrideWebPreferences(content::WebContents *, WebPreferences*);
+    void allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &) ;
 
 private:
     WebContentsAdapter *createWindow(content::WebContents *new_contents, WindowOpenDisposition disposition, const gfx::Rect& initial_pos, bool user_gesture);
diff --git a/src/webengine/api/qquickwebengineview.cpp b/src/webengine/api/qquickwebengineview.cpp
index 97ea61efd..e08232e78 100644
--- a/src/webengine/api/qquickwebengineview.cpp
+++ b/src/webengine/api/qquickwebengineview.cpp
@@ -37,6 +37,7 @@
 #include "qquickwebengineview_p.h"
 #include "qquickwebengineview_p_p.h"
 
+#include "certificate_error_controller.h"
 #include "javascript_dialog_controller.h"
 #include "qquickwebenginehistory_p.h"
 #include "qquickwebengineloadrequest_p.h"
@@ -206,6 +207,11 @@ void QQuickWebEngineViewPrivate::javascriptDialog(QSharedPointer<JavaScriptDialo
     ui()->showDialog(dialog);
 }
 
+void QQuickWebEngineViewPrivate::allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &errorController)
+{
+    // ### Implement a way to export this to QML
+    Q_UNUSED(errorController);
+}
 
 void QQuickWebEngineViewPrivate::runFileChooser(FileChooserMode mode, const QString &defaultFileName, const QStringList &acceptedMimeTypes)
 {
diff --git a/src/webengine/api/qquickwebengineview_p_p.h b/src/webengine/api/qquickwebengineview_p_p.h
index cbe6697e1..e26255535 100644
--- a/src/webengine/api/qquickwebengineview_p_p.h
+++ b/src/webengine/api/qquickwebengineview_p_p.h
@@ -174,6 +174,7 @@ public:
     virtual void runMediaAccessPermissionRequest(const QUrl &securityOrigin, MediaRequestFlags requestFlags) Q_DECL_OVERRIDE;
     virtual QObject *accessibilityParentObject() Q_DECL_OVERRIDE;
     virtual WebEngineSettings *webEngineSettings() const Q_DECL_OVERRIDE;
+    virtual void allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &errorController);
 
     void setDevicePixelRatio(qreal);
     void adoptWebContents(WebContentsAdapter *webContents);
diff --git a/src/webenginewidgets/api/qwebenginecertificateerror.cpp b/src/webenginewidgets/api/qwebenginecertificateerror.cpp
new file mode 100644
index 000000000..7be8c75d0
--- /dev/null
+++ b/src/webenginewidgets/api/qwebenginecertificateerror.cpp
@@ -0,0 +1,111 @@
+/****************************************************************************
+**
+** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
+** Contact: http://www.qt-project.org/legal
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and Digia.  For licensing terms and
+** conditions see http://qt.digia.com/licensing.  For further information
+** use the contact form at http://qt.digia.com/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPLv3 included in the
+** packaging of this file.  Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or later as published by the Free
+** Software Foundation and appearing in the file LICENSE.GPL included in
+** the packaging of this file.  Please review the following information to
+** ensure the GNU General Public License version 2.0 requirements will be
+** met: http://www.gnu.org/licenses/gpl-2.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#include "qwebenginecertificateerror.h"
+
+QT_BEGIN_NAMESPACE
+
+class QWebEngineCertificateErrorPrivate {
+public:
+    QWebEngineCertificateErrorPrivate(int error, QUrl url, bool overridable, QString errorDescription);
+
+    QWebEngineCertificateError::Error error;
+    QUrl url;
+    bool overridable;
+    QString errorDescription;
+};
+
+QWebEngineCertificateErrorPrivate::QWebEngineCertificateErrorPrivate(int error, QUrl url, bool overridable, QString errorDescription)
+    : error(QWebEngineCertificateError::Error(error))
+    , url(url)
+    , overridable(overridable)
+    , errorDescription(errorDescription)
+{ }
+
+
+QWebEngineCertificateError::QWebEngineCertificateError(int error, QUrl url, bool overridable, QString errorDescription)
+    : d_ptr(new QWebEngineCertificateErrorPrivate(error, url, overridable, errorDescription))
+{ }
+
+QWebEngineCertificateError::~QWebEngineCertificateError()
+{
+}
+
+/*!
+    Returns whether this error can be overridden and accepted.
+
+    \sa error(), errorDescription()
+*/
+bool QWebEngineCertificateError::isOverridable() const
+{
+    const Q_D(QWebEngineCertificateError);
+    return d->overridable;
+}
+
+/*!
+    Returns the URL that triggered the error.
+
+    \sa error(), errorDescription()
+*/
+QUrl QWebEngineCertificateError::url() const
+{
+    const Q_D(QWebEngineCertificateError);
+    return d->url;
+}
+
+/*!
+    Returns the type of the error.
+
+    \sa errorDescription(), isOverridable()
+*/
+QWebEngineCertificateError::Error QWebEngineCertificateError::error() const
+{
+    const Q_D(QWebEngineCertificateError);
+    return d->error;
+}
+
+/*!
+    Returns a short localized human-readable description of the error.
+
+    \sa error(), url(), isOverridable()
+*/
+QString QWebEngineCertificateError::errorDescription() const
+{
+    const Q_D(QWebEngineCertificateError);
+    return d->errorDescription;
+}
+
+QT_END_NAMESPACE
diff --git a/src/webenginewidgets/api/qwebenginecertificateerror.h b/src/webenginewidgets/api/qwebenginecertificateerror.h
new file mode 100644
index 000000000..8cdd6946c
--- /dev/null
+++ b/src/webenginewidgets/api/qwebenginecertificateerror.h
@@ -0,0 +1,84 @@
+/****************************************************************************
+**
+** Copyright (C) 2014 Digia Plc and/or its subsidiary(-ies).
+** Contact: http://www.qt-project.org/legal
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and Digia.  For licensing terms and
+** conditions see http://qt.digia.com/licensing.  For further information
+** use the contact form at http://qt.digia.com/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPLv3 included in the
+** packaging of this file.  Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or later as published by the Free
+** Software Foundation and appearing in the file LICENSE.GPL included in
+** the packaging of this file.  Please review the following information to
+** ensure the GNU General Public License version 2.0 requirements will be
+** met: http://www.gnu.org/licenses/gpl-2.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef QWEBENGINECERTIFICATEERROR_H
+#define QWEBENGINECERTIFICATEERROR_H
+
+#include "qtwebenginewidgetsglobal.h"
+
+#include <QtCore/QScopedPointer>
+#include <QtCore/QUrl>
+
+QT_BEGIN_NAMESPACE
+
+class QWebEngineCertificateErrorPrivate;
+
+class QWEBENGINEWIDGETS_EXPORT QWebEngineCertificateError {
+public:
+    QWebEngineCertificateError(int error, QUrl url, bool overridable, QString errorDescription);
+    ~QWebEngineCertificateError();
+
+    // Keep this identical to CertificateErrorController::CertificateError, or add mapping layer.
+    enum Error {
+        SslPinnedKeyNotInCertificateChain = -150,
+        CertificateCommonNameInvalid = -200,
+        CertificateDateInvalid = -201,
+        CertificateAuthorityInvalid = -202,
+        CertificateContainsErrors = -203,
+        CertificateNoRevocationMechanism = -204,
+        CertificateUnableToCheckRevocation = -205,
+        CertificateRevoked = -206,
+        CertificateInvalid = -207,
+        CertificateWeakSignatureAlgorithm = -208,
+        CertificateNonUniqueName = -210,
+        CertificateWeakKey = -211,
+        CertificateNameConstraintViolation = -212,
+    };
+
+    Error error() const;
+    QUrl url() const;
+    bool isOverridable() const;
+    QString errorDescription() const;
+
+private:
+    Q_DISABLE_COPY(QWebEngineCertificateError)
+    Q_DECLARE_PRIVATE(QWebEngineCertificateError);
+    QScopedPointer<QWebEngineCertificateErrorPrivate> d_ptr;
+};
+
+QT_END_NAMESPACE
+
+#endif // QWEBENGINECERTIFICATEERROR_H
diff --git a/src/webenginewidgets/api/qwebenginepage.cpp b/src/webenginewidgets/api/qwebenginepage.cpp
index e8f34a1ea..51e733e70 100644
--- a/src/webenginewidgets/api/qwebenginepage.cpp
+++ b/src/webenginewidgets/api/qwebenginepage.cpp
@@ -23,6 +23,7 @@
 #include "qwebenginepage.h"
 #include "qwebenginepage_p.h"
 
+#include "certificate_error_controller.h"
 #include "javascript_dialog_controller.h"
 #include "qwebenginehistory.h"
 #include "qwebenginehistory_p.h"
@@ -646,6 +647,18 @@ void QWebEnginePagePrivate::javascriptDialog(QSharedPointer<JavaScriptDialogCont
         controller->reject();
 }
 
+void QWebEnginePagePrivate::allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &controller)
+{
+    Q_Q(QWebEnginePage);
+    bool accepted = false;
+
+    QWebEngineCertificateError error(controller->error(), controller->url(), controller->overridable() && !controller->strictEnforcement(), controller->errorString());
+    accepted = q->certificateError(error);
+
+    if (error.isOverridable())
+        controller->accept(accepted);
+}
+
 void QWebEnginePagePrivate::javaScriptConsoleMessage(JavaScriptConsoleMessageLevel level, const QString &message, int lineNumber, const QString &sourceID)
 {
     Q_Q(QWebEnginePage);
@@ -919,6 +932,12 @@ void QWebEnginePage::javaScriptConsoleMessage(JavaScriptConsoleMessageLevel leve
     Q_UNUSED(lineNumber);
     Q_UNUSED(sourceID);
 }
+
+bool QWebEnginePage::certificateError(const QWebEngineCertificateError &)
+{
+    return false;
+}
+
 QT_END_NAMESPACE
 
 #include "moc_qwebenginepage.cpp"
diff --git a/src/webenginewidgets/api/qwebenginepage.h b/src/webenginewidgets/api/qwebenginepage.h
index e1afa14ee..667098032 100644
--- a/src/webenginewidgets/api/qwebenginepage.h
+++ b/src/webenginewidgets/api/qwebenginepage.h
@@ -38,6 +38,7 @@
 #define QWEBENGINEPAGE_H
 
 #include <QtWebEngineWidgets/qtwebenginewidgetsglobal.h>
+#include <QtWebEngineWidgets/qwebenginecertificateerror.h>
 
 #include <QtCore/qobject.h>
 #include <QtCore/qurl.h>
@@ -228,6 +229,7 @@ protected:
     virtual bool javaScriptConfirm(const QUrl &securityOrigin, const QString& msg);
     virtual bool javaScriptPrompt(const QUrl &securityOrigin, const QString& msg, const QString& defaultValue, QString* result);
     virtual void javaScriptConsoleMessage(JavaScriptConsoleMessageLevel level, const QString& message, int lineNumber, const QString& sourceID);
+    virtual bool certificateError(const QWebEngineCertificateError &certificateError);
 
 private:
     Q_DECLARE_PRIVATE(QWebEnginePage);
diff --git a/src/webenginewidgets/api/qwebenginepage_p.h b/src/webenginewidgets/api/qwebenginepage_p.h
index 40e44a07e..10a253d8d 100644
--- a/src/webenginewidgets/api/qwebenginepage_p.h
+++ b/src/webenginewidgets/api/qwebenginepage_p.h
@@ -137,6 +137,7 @@ public:
     virtual void runMediaAccessPermissionRequest(const QUrl &securityOrigin, MediaRequestFlags requestFlags) Q_DECL_OVERRIDE;
     virtual QObject *accessibilityParentObject() Q_DECL_OVERRIDE;
     virtual WebEngineSettings *webEngineSettings() const Q_DECL_OVERRIDE;
+    virtual void allowCertificateError(const QExplicitlySharedDataPointer<CertificateErrorController> &controller) Q_DECL_OVERRIDE;
 
     void updateAction(QWebEnginePage::WebAction) const;
     void updateNavigationActions();
diff --git a/src/webenginewidgets/webenginewidgets.pro b/src/webenginewidgets/webenginewidgets.pro
index d4cce2590..37a076307 100644
--- a/src/webenginewidgets/webenginewidgets.pro
+++ b/src/webenginewidgets/webenginewidgets.pro
@@ -14,6 +14,7 @@ INCLUDEPATH += $$PWD api ../core ../webengine/api
 
 SOURCES = \
         api/qtwebenginewidgetsglobal.cpp \
+        api/qwebenginecertificateerror.cpp \
         api/qwebenginehistory.cpp \
         api/qwebenginepage.cpp \
         api/qwebenginesettings.cpp \
@@ -22,6 +23,7 @@ SOURCES = \
 
 HEADERS = \
         api/qtwebenginewidgetsglobal.h \
+        api/qwebenginecertificateerror.h \
         api/qwebenginehistory.h \
         api/qwebenginepage.h \
         api/qwebenginepage_p.h \