Added DtlsCertificate, a ref counted object owning an SSLIdentity

talk/app/webrtc/webrtcsession.cc

Index: talk/app/webrtc/webrtcsession.cc
diff --git a/talk/app/webrtc/webrtcsession.cc b/talk/app/webrtc/webrtcsession.cc
index c37eadb8a82ceb0cc48f401ab0256957ed9f21f1..5b66c7de483ebccd702ca8673c1e3b514af84e3b 100644
--- a/talk/app/webrtc/webrtcsession.cc
+++ b/talk/app/webrtc/webrtcsession.cc
@@ -517,14 +517,86 @@ WebRtcSession::~WebRtcSession() {
   for (size_t i = 0; i < saved_candidates_.size(); ++i) {
     delete saved_candidates_[i];
   }
-  delete identity();
 }
 
 bool WebRtcSession::Initialize(
     const PeerConnectionFactoryInterface::Options& options,
-    const MediaConstraintsInterface*  constraints,
+    const MediaConstraintsInterface* constraints,
     rtc::scoped_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
     const PeerConnectionInterface::RTCConfiguration& rtc_configuration) {
+  // Default |dtls_enabled_| value, may get overwritten in InitializeCommon.
+  dtls_enabled_ = (dtls_identity_store != nullptr);
+
+  if (!InitializeInternal(options, constraints, rtc_configuration)) {
+    return false;
+  }
+
+  if (dtls_enabled_) {
+    webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
+          signaling_thread(),
+          worker_thread(),
+          channel_manager_,
+          mediastream_signaling_,
+          dtls_identity_store.Pass(),
+          this,
+          id(),
+          data_channel_type_));
+  } else {
+    webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
+          signaling_thread(),
+          worker_thread(),
+          channel_manager_,
+          mediastream_signaling_,
+          this,
+          id(),
+          data_channel_type_));
+  }
+  InitializeFactoryAfterConstruction(options);
+  return true;
+}
+
+bool WebRtcSession::Initialize(
+    const PeerConnectionFactoryInterface::Options& options,
+    const MediaConstraintsInterface* constraints,
+    const rtc::scoped_refptr<webrtc::DtlsCertificate>& certificate,
+    const PeerConnectionInterface::RTCConfiguration& rtc_configuration) {
+  DCHECK(certificate.get());
+
+  // Default |dtls_enabled_| value, may get overwritten in InitializeCommon.
+  dtls_enabled_ = true;
+
+  if (!InitializeInternal(options, constraints, rtc_configuration)) {
+    return false;
+  }
+
+  if (dtls_enabled_) {
+    webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
+          signaling_thread(),
+          worker_thread(),
+          channel_manager_,
+          mediastream_signaling_,
+          certificate,
+          this,
+          id(),
+          data_channel_type_));
+  } else {
+    webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
+          signaling_thread(),
+          worker_thread(),
+          channel_manager_,
+          mediastream_signaling_,
+          this,
+          id(),
+          data_channel_type_));
+  }
+  InitializeFactoryAfterConstruction(options);
+  return true;
+}
+
+bool WebRtcSession::InitializeInternal(
+    const PeerConnectionFactoryInterface::Options& options,
+    const MediaConstraintsInterface* constraints,
+    const PeerConnectionInterface::RTCConfiguration& rtc_configuration) {
   bundle_policy_ = rtc_configuration.bundle_policy;
   rtcp_mux_policy_ = rtc_configuration.rtcp_mux_policy;
   SetSslMaxProtocolVersion(options.ssl_max_version);
@@ -537,13 +609,11 @@ bool WebRtcSession::Initialize(
   if (options.disable_encryption) {
     dtls_enabled_ = false;
   } else {
-    // Enable DTLS by default if we have a |dtls_identity_store|.
-    dtls_enabled_ = (dtls_identity_store != nullptr);
     // |constraints| can override the default |dtls_enabled_| value.
     if (FindConstraint(
           constraints,
           MediaConstraintsInterface::kEnableDtlsSrtp,
-          &value, NULL)) {
+          &value, nullptr)) {
       dtls_enabled_ = value;
     }
   }
@@ -660,25 +730,18 @@ bool WebRtcSession::Initialize(
   channel_manager_->SetDefaultVideoEncoderConfig(
       cricket::VideoEncoderConfig(default_codec));
 
-  webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
-      signaling_thread(),
-      channel_manager_,
-      mediastream_signaling_,
-      dtls_identity_store.Pass(),
-      this,
-      id(),
-      data_channel_type_,
-      dtls_enabled_));
-
-  webrtc_session_desc_factory_->SignalIdentityReady.connect(
-      this, &WebRtcSession::OnIdentityReady);
+  port_allocator()->set_candidate_filter(
+      ConvertIceTransportTypeToCandidateFilter(rtc_configuration.type));
+  return true;
+}
 
+void WebRtcSession::InitializeFactoryAfterConstruction(
+    const PeerConnectionFactoryInterface::Options& options) {
+  webrtc_session_desc_factory_->SignalCertificateReady.connect(
+      this, &WebRtcSession::OnCertificateReady);
   if (options.disable_encryption) {
     webrtc_session_desc_factory_->SetSdesPolicy(cricket::SEC_DISABLED);
   }
-  port_allocator()->set_candidate_filter(
-      ConvertIceTransportTypeToCandidateFilter(rtc_configuration.type));
-  return true;
 }
 
 void WebRtcSession::Terminate() {
@@ -1304,12 +1367,14 @@ void WebRtcSession::ResetIceRestartLatch() {
   ice_restart_latch_->Reset();
 }
 
-void WebRtcSession::OnIdentityReady(rtc::SSLIdentity* identity) {
-  SetIdentity(identity);
+void WebRtcSession::OnCertificateReady(
+    const rtc::scoped_refptr<DtlsCertificate>& certificate) {
+  certificate_ = certificate;
+  SetCertificate(certificate_);
 }
 
-bool WebRtcSession::waiting_for_identity() const {
-  return webrtc_session_desc_factory_->waiting_for_identity();
+bool WebRtcSession::IsWaitingForCertificate() const {
+  return webrtc_session_desc_factory_->waiting_for_certificate();
 }
 
 void WebRtcSession::SetIceConnectionState(