Added DtlsCertificate, a ref counted object owning an SSLIdentity

talk/app/webrtc/webrtcsession.cc

Index: talk/app/webrtc/webrtcsession.cc
diff --git a/talk/app/webrtc/webrtcsession.cc b/talk/app/webrtc/webrtcsession.cc
index 2533328968945e4c2c67a2694e95ae8d19c288ea..e8c6ad38e8f4942d3125bcfafeb1abf742b7b7c3 100644
--- a/talk/app/webrtc/webrtcsession.cc
+++ b/talk/app/webrtc/webrtcsession.cc
@@ -517,13 +517,12 @@ WebRtcSession::~WebRtcSession() {
   for (size_t i = 0; i < saved_candidates_.size(); ++i) {
     delete saved_candidates_[i];
   }
-  delete identity();
 }
 
 bool WebRtcSession::Initialize(
     const PeerConnectionFactoryInterface::Options& options,
-    const MediaConstraintsInterface*  constraints,
-    DTLSIdentityServiceInterface* dtls_identity_service,
+    const MediaConstraintsInterface* constraints,
+    rtc::scoped_refptr<webrtc::DtlsCertificate> certificate,

[Henrik Grunell WebRTC, 2015/08/05 07:41:20]

Who keeps references to the certificate? (Why does it have to be ref counted?)

[hbos, 2015/08/06 12:11:34]

The certificate (and its identity) is used in a lot of places, reference
counting helps to ensure that it is not deleted whilst, for example, the
identity that it owns is still used somewhere.

Certificates are now reusable things, you might have multiple peer connections
using the same certificate, so you can't delete it in ~WebRtcSession like the
SSLIdentity* previously was.

If we don't make it reference counted we have to leave ownership up to the
caller of CreatePeerConnection. In practice I'm guessing the owner of such a
DtlsCertificate* pointer would be RTCCertificate (blink wrapper version of
DtlsCertificate to be added in future patches). But I'm thinking blink might be
able to decide to delete the RTCCertificate before it deletes the
RTCPeerConnection (and friend objects, some of which are using
DtlsCertificate/SSLIdentity), and then the certificate would be deleted too
soon.

It's probably easier to have it ref counted, guarding it from premature
deletion.

[Henrik Grunell WebRTC, 2015/08/06 14:06:52]

Acknowledged.

     const PeerConnectionInterface::RTCConfiguration& rtc_configuration) {
   bundle_policy_ = rtc_configuration.bundle_policy;
   rtcp_mux_policy_ = rtc_configuration.rtcp_mux_policy;
@@ -537,13 +536,13 @@ bool WebRtcSession::Initialize(
   if (options.disable_encryption) {
     dtls_enabled_ = false;
   } else {
-    // Enable DTLS by default if |dtls_identity_service| is valid.
-    dtls_enabled_ = (dtls_identity_service != NULL);
+    // Enable DTLS by default if |certificate| is valid.
+    dtls_enabled_ = (certificate.get() != nullptr);
     // |constraints| can override the default |dtls_enabled_| value.
     if (FindConstraint(
           constraints,
           MediaConstraintsInterface::kEnableDtlsSrtp,
-          &value, NULL)) {
+          &value, nullptr)) {
       dtls_enabled_ = value;
     }
   }
@@ -662,16 +661,17 @@ bool WebRtcSession::Initialize(
 
   webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
       signaling_thread(),
+      worker_thread(),
       channel_manager_,
       mediastream_signaling_,
-      dtls_identity_service,
+      certificate,
       this,
       id(),
       data_channel_type_,
       dtls_enabled_));
 
-  webrtc_session_desc_factory_->SignalIdentityReady.connect(
-      this, &WebRtcSession::OnIdentityReady);
+  webrtc_session_desc_factory_->SignalCertificateReady.connect(
+      this, &WebRtcSession::OnCertificateReady);
 
   if (options.disable_encryption) {
     webrtc_session_desc_factory_->SetSdesPolicy(cricket::SEC_DISABLED);
@@ -1298,12 +1298,14 @@ void WebRtcSession::ResetIceRestartLatch() {
   ice_restart_latch_->Reset();
 }
 
-void WebRtcSession::OnIdentityReady(rtc::SSLIdentity* identity) {
-  SetIdentity(identity);
+void WebRtcSession::OnCertificateReady(
+    rtc::scoped_refptr<DtlsCertificate> certificate) {
+  certificate_ = certificate;
+  SetIdentity(certificate_->identity());
 }
 
-bool WebRtcSession::waiting_for_identity() const {
-  return webrtc_session_desc_factory_->waiting_for_identity();
+bool WebRtcSession::waiting_for_certificate() const {
+  return webrtc_session_desc_factory_->waiting_for_certificate();
 }
 
 void WebRtcSession::SetIceConnectionState(