Added DtlsCertificate, a ref counted object owning an SSLIdentity

talk/app/webrtc/webrtcsession.cc

 /*
  * libjingle
  * Copyright 2012 Google Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *  1. Redistributions of source code must retain the above copyright notice,
  *     this list of conditions and the following disclaimer.
  *  2. Redistributions in binary form must reproduce the above copyright notice,
@@ skipping 499 matching lines @@
     SignalVoiceChannelDestroyed();
     channel_manager_->DestroyVoiceChannel(voice_channel_.release(), nullptr);
   }
   if (data_channel_) {
     SignalDataChannelDestroyed();
     channel_manager_->DestroyDataChannel(data_channel_.release());
   }
   for (size_t i = 0; i < saved_candidates_.size(); ++i) {
     delete saved_candidates_[i];
   }
-  delete identity();
 }
 
 bool WebRtcSession::Initialize(
     const PeerConnectionFactoryInterface::Options& options,
-    const MediaConstraintsInterface*  constraints,
-    DTLSIdentityServiceInterface* dtls_identity_service,
+    const MediaConstraintsInterface* constraints,
+    rtc::scoped_refptr<webrtc::DtlsCertificate> certificate,

[Henrik Grunell WebRTC, 2015/08/05 07:41:20]

Who keeps references to the certificate? (Why does it have to be ref counted?)

[hbos, 2015/08/06 12:11:34]

The certificate (and its identity) is used in a lot of places, reference
counting helps to ensure that it is not deleted whilst, for example, the
identity that it owns is still used somewhere.

Certificates are now reusable things, you might have multiple peer connections
using the same certificate, so you can't delete it in ~WebRtcSession like the
SSLIdentity* previously was.

If we don't make it reference counted we have to leave ownership up to the
caller of CreatePeerConnection. In practice I'm guessing the owner of such a
DtlsCertificate* pointer would be RTCCertificate (blink wrapper version of
DtlsCertificate to be added in future patches). But I'm thinking blink might be
able to decide to delete the RTCCertificate before it deletes the
RTCPeerConnection (and friend objects, some of which are using
DtlsCertificate/SSLIdentity), and then the certificate would be deleted too
soon.

It's probably easier to have it ref counted, guarding it from premature
deletion.

[Henrik Grunell WebRTC, 2015/08/06 14:06:52]

Acknowledged.

     const PeerConnectionInterface::RTCConfiguration& rtc_configuration) {
   bundle_policy_ = rtc_configuration.bundle_policy;
   rtcp_mux_policy_ = rtc_configuration.rtcp_mux_policy;
   SetSslMaxProtocolVersion(options.ssl_max_version);
 
   // TODO(perkj): Take |constraints| into consideration. Return false if not all
   // mandatory constraints can be fulfilled. Note that |constraints|
   // can be null.
   bool value;
 
   if (options.disable_encryption) {
     dtls_enabled_ = false;
   } else {
-    // Enable DTLS by default if |dtls_identity_service| is valid.
-    dtls_enabled_ = (dtls_identity_service != NULL);
+    // Enable DTLS by default if |certificate| is valid.
+    dtls_enabled_ = (certificate.get() != nullptr);
     // |constraints| can override the default |dtls_enabled_| value.
     if (FindConstraint(
           constraints,
           MediaConstraintsInterface::kEnableDtlsSrtp,
-          &value, NULL)) {
+          &value, nullptr)) {
       dtls_enabled_ = value;
     }
   }
 
   // Enable creation of RTP data channels if the kEnableRtpDataChannels is set.
   // It takes precendence over the disable_sctp_data_channels
   // PeerConnectionFactoryInterface::Options.
   if (FindConstraint(
       constraints, MediaConstraintsInterface::kEnableRtpDataChannels,
       &value, NULL) && value) {
@@ skipping 98 matching lines @@
       JsepSessionDescription::kDefaultVideoCodecName,
       JsepSessionDescription::kMaxVideoCodecWidth,
       JsepSessionDescription::kMaxVideoCodecHeight,
       JsepSessionDescription::kDefaultVideoCodecFramerate,
       JsepSessionDescription::kDefaultVideoCodecPreference);
   channel_manager_->SetDefaultVideoEncoderConfig(
       cricket::VideoEncoderConfig(default_codec));
 
   webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
       signaling_thread(),
+      worker_thread(),
       channel_manager_,
       mediastream_signaling_,
-      dtls_identity_service,
+      certificate,
       this,
       id(),
       data_channel_type_,
       dtls_enabled_));
 
-  webrtc_session_desc_factory_->SignalIdentityReady.connect(
-      this, &WebRtcSession::OnIdentityReady);
+  webrtc_session_desc_factory_->SignalCertificateReady.connect(
+      this, &WebRtcSession::OnCertificateReady);
 
   if (options.disable_encryption) {
     webrtc_session_desc_factory_->SetSdesPolicy(cricket::SEC_DISABLED);
   }
   port_allocator()->set_candidate_filter(
       ConvertIceTransportTypeToCandidateFilter(rtc_configuration.type));
   return true;
 }
 
 void WebRtcSession::Terminate() {
@@ skipping 606 matching lines @@
 }
 
 bool WebRtcSession::IceRestartPending() const {
   return ice_restart_latch_->Get();
 }
 
 void WebRtcSession::ResetIceRestartLatch() {
   ice_restart_latch_->Reset();
 }
 
-void WebRtcSession::OnIdentityReady(rtc::SSLIdentity* identity) {
-  SetIdentity(identity);
+void WebRtcSession::OnCertificateReady(
+    rtc::scoped_refptr<DtlsCertificate> certificate) {
+  certificate_ = certificate;
+  SetIdentity(certificate_->identity());
 }
 
-bool WebRtcSession::waiting_for_identity() const {
-  return webrtc_session_desc_factory_->waiting_for_identity();
+bool WebRtcSession::waiting_for_certificate() const {
+  return webrtc_session_desc_factory_->waiting_for_certificate();
 }
 
 void WebRtcSession::SetIceConnectionState(
       PeerConnectionInterface::IceConnectionState state) {
   if (ice_connection_state_ == state) {
     return;
   }
 
   // ASSERT that the requested transition is allowed.  Note that
   // WebRtcSession does not implement "kIceConnectionClosed" (that is handled
@@ skipping 643 matching lines @@
 
   if (!srtp_cipher.empty()) {
     metrics_observer_->AddHistogramSample(srtp_name, srtp_cipher);
   }
   if (!ssl_cipher.empty()) {
     metrics_observer_->AddHistogramSample(ssl_name, ssl_cipher);
   }
 }
 
 }  // namespace webrtc