Added DtlsCertificate, a ref counted object owning an SSLIdentity

webrtc/base/nssstreamadapter.cc

Index: webrtc/base/nssstreamadapter.cc
diff --git a/webrtc/base/nssstreamadapter.cc b/webrtc/base/nssstreamadapter.cc
index 22f2a2e2f47e203e43a1ff9e5d0843e97bd5251a..76dab7eee45c99638613c06dd02b7994e1b87dff 100644
--- a/webrtc/base/nssstreamadapter.cc
+++ b/webrtc/base/nssstreamadapter.cc
@@ -486,8 +486,8 @@ int NSSStreamAdapter::BeginSSL() {
     LOG(LS_INFO) << "BeginSSL: as server";
     NSSIdentity *identity;
 
-    if (identity_.get()) {
-      identity = static_cast<NSSIdentity *>(identity_.get());
+    if (dtlscertificate_.get()) {
+      identity = static_cast<NSSIdentity *>(dtlscertificate_->identity());
     } else {
       LOG(LS_ERROR) << "Can't be an SSL server without an identity";
       Error("BeginSSL", -1, false);
@@ -658,7 +658,7 @@ void NSSStreamAdapter::Cleanup() {
     ssl_fd_ = NULL;
   }
 
-  identity_.reset();
+  dtlscertificate_ = nullptr;
   peer_certificate_.reset();
 
   Thread::Current()->Clear(this, MSG_DTLS_TIMEOUT);
@@ -912,12 +912,13 @@ SECStatus NSSStreamAdapter::GetClientAuthDataHook(void *arg, PRFileDesc *fd,
   LOG(LS_INFO) << "Client cert requested";
   NSSStreamAdapter *stream = reinterpret_cast<NSSStreamAdapter *>(arg);
 
-  if (!stream->identity_.get()) {
+  if (!stream->dtlscertificate_.get()) {
     LOG(LS_ERROR) << "No identity available";
     return SECFailure;
   }
 
-  NSSIdentity *identity = static_cast<NSSIdentity *>(stream->identity_.get());
+  NSSIdentity *identity = static_cast<NSSIdentity *>(
+      stream->dtlscertificate_->identity());
   // Destroyed internally by NSS
   *pRetCert = CERT_DupCertificate(identity->certificate().certificate());
   *pRetKey = SECKEY_CopyPrivateKey(identity->keypair()->privkey());