RTCCertificates added to RTCConfiguration, used by WebRtcSession/-DescriptionFactory

talk/app/webrtc/webrtcsession.cc

Index: talk/app/webrtc/webrtcsession.cc
diff --git a/talk/app/webrtc/webrtcsession.cc b/talk/app/webrtc/webrtcsession.cc
index fde45104d61ddfafee2791b1e297d164ab6425ac..31e96ad1a47c10d02981ae11f43c7f705b77d834 100644
--- a/talk/app/webrtc/webrtcsession.cc
+++ b/talk/app/webrtc/webrtcsession.cc
@@ -707,15 +707,42 @@ bool WebRtcSession::Initialize(
   channel_manager_->SetDefaultVideoEncoderConfig(
       cricket::VideoEncoderConfig(default_codec));
 
-  webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
-      signaling_thread(),
-      channel_manager_,
-      mediastream_signaling_,
-      dtls_identity_store.Pass(),
-      this,
-      id(),
-      data_channel_type_,
-      dtls_enabled_));
+  if (!dtls_enabled_) {
+    // Construct with DTLS disabled.
+    webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
+        signaling_thread(),
+        channel_manager_,
+        mediastream_signaling_,
+        this,
+        id(),
+        data_channel_type_));
+  } else {
+    // Construct with DTLS enabled.
+    rtc::scoped_refptr<rtc::RTCCertificate> certificate;
+    if (!rtc_configuration.certificates.empty())
+      certificate = rtc_configuration.certificates[0];
+    if (!certificate) {

[tommi, 2015/08/20 14:58:11]

I don't think you need this variable actually.
Here you could just do

if (rtc_configuration.certificates.empty()) {

[hbos, 2015/08/20 16:06:11]

You're right. In latest PS though certificate != nullptr became relevant in two
places and the variable more necessary so I still have it but it's moved.

+      // Use the |dtls_identity_store| to generate a certificate.
+      webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
+          signaling_thread(),
+          channel_manager_,
+          mediastream_signaling_,
+          dtls_identity_store.Pass(),
+          this,
+          id(),
+          data_channel_type_));
+    } else {
+      // Use the already generated certificate.

[tommi, 2015/08/20 14:58:11]

is the intent to support multiple certificates eventually?

[hbos, 2015/08/20 16:06:11]

The specs say if multiple are provided it is up to us to choose which one to use
but it doesn't say how to pick one. Unless there are compatibility issues(?)
this is one way to do it ;)

But yeah, me and torbjorng talked about this briefly. If which one to use
matters compatibility/security/performance-wise we should have a function that
decides which one to pick... (although performance-wise: at this point the
certificates have already been generated).

I'll add a TODO, forgot to do that.

+      webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
+          signaling_thread(),
+          channel_manager_,
+          mediastream_signaling_,
+          certificate,

[tommi, 2015/08/20 14:58:11]

...and here you could pass rtc_configuration.certificates[0]

+          this,
+          id(),
+          data_channel_type_));
+    }
+  }
 
   webrtc_session_desc_factory_->SignalIdentityReady.connect(
       this, &WebRtcSession::OnIdentityReady);
@@ -1356,7 +1383,7 @@ void WebRtcSession::OnIdentityReady(rtc::SSLIdentity* identity) {
 }
 
 bool WebRtcSession::waiting_for_identity() const {
-  return webrtc_session_desc_factory_->waiting_for_identity();
+  return webrtc_session_desc_factory_->waiting_for_certificate();
 }
 
 void WebRtcSession::SetIceConnectionState(