RTCCertificates added to RTCConfiguration, used by WebRtcSession/-DescriptionFactory

talk/app/webrtc/webrtcsession.cc

Index: talk/app/webrtc/webrtcsession.cc
diff --git a/talk/app/webrtc/webrtcsession.cc b/talk/app/webrtc/webrtcsession.cc
index fde45104d61ddfafee2791b1e297d164ab6425ac..1b980a6987eafbd1eecb2f28940ac3ecbdde8aa4 100644
--- a/talk/app/webrtc/webrtcsession.cc
+++ b/talk/app/webrtc/webrtcsession.cc
@@ -576,6 +576,13 @@ bool WebRtcSession::Initialize(
   rtcp_mux_policy_ = rtc_configuration.rtcp_mux_policy;
   SetSslMaxProtocolVersion(options.ssl_max_version);
 
+  // Obtain a certificate from RTCConfiguration if any were provided (optional).
+  rtc::scoped_refptr<rtc::RTCCertificate> certificate;
+  if (!rtc_configuration.certificates.empty()) {
+    // TODO(hbos,torbjorng): How to decide which certificate to use?

[torbjorng (webrtc), 2015/08/24 15:34:34]

Please spell out the [0] uglyness in the comment.

[hbos, 2015/08/24 15:48:00]

Done.

+    certificate = rtc_configuration.certificates[0];
+  }
+
   // TODO(perkj): Take |constraints| into consideration. Return false if not all
   // mandatory constraints can be fulfilled. Note that |constraints|
   // can be null.
@@ -584,13 +591,13 @@ bool WebRtcSession::Initialize(
   if (options.disable_encryption) {
     dtls_enabled_ = false;
   } else {
-    // Enable DTLS by default if we have a |dtls_identity_store|.
-    dtls_enabled_ = (dtls_identity_store != nullptr);
+    // Enable DTLS by default if we have an identity store or a certificate.
+    dtls_enabled_ = (dtls_identity_store || certificate);
     // |constraints| can override the default |dtls_enabled_| value.
     if (FindConstraint(
           constraints,
           MediaConstraintsInterface::kEnableDtlsSrtp,
-          &value, NULL)) {
+          &value, nullptr)) {
       dtls_enabled_ = value;
     }
   }
@@ -707,15 +714,40 @@ bool WebRtcSession::Initialize(
   channel_manager_->SetDefaultVideoEncoderConfig(
       cricket::VideoEncoderConfig(default_codec));
 
-  webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
-      signaling_thread(),
-      channel_manager_,
-      mediastream_signaling_,
-      dtls_identity_store.Pass(),
-      this,
-      id(),
-      data_channel_type_,
-      dtls_enabled_));
+  if (!dtls_enabled_) {
+    // Construct with DTLS disabled.
+    webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
+        signaling_thread(),
+        channel_manager_,
+        mediastream_signaling_,
+        this,
+        id(),
+        data_channel_type_));
+  } else {
+    // Construct with DTLS enabled.
+    if (!certificate) {
+      // Use the |dtls_identity_store| to generate a certificate.
+      DCHECK(dtls_identity_store);
+      webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
+          signaling_thread(),
+          channel_manager_,
+          mediastream_signaling_,
+          dtls_identity_store.Pass(),
+          this,
+          id(),
+          data_channel_type_));
+    } else {
+      // Use the already generated certificate.
+      webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
+          signaling_thread(),
+          channel_manager_,
+          mediastream_signaling_,
+          certificate,
+          this,
+          id(),
+          data_channel_type_));
+    }
+  }
 
   webrtc_session_desc_factory_->SignalIdentityReady.connect(
       this, &WebRtcSession::OnIdentityReady);
@@ -1355,8 +1387,8 @@ void WebRtcSession::OnIdentityReady(rtc::SSLIdentity* identity) {
   SetIdentity(identity);
 }
 
-bool WebRtcSession::waiting_for_identity() const {
-  return webrtc_session_desc_factory_->waiting_for_identity();
+bool WebRtcSession::waiting_for_identity_for_testing() const {
+  return webrtc_session_desc_factory_->waiting_for_certificate_for_testing();
 }
 
 void WebRtcSession::SetIceConnectionState(