RTCCertificates added to RTCConfiguration, used by WebRtcSession/-DescriptionFactory

talk/app/webrtc/webrtcsessiondescriptionfactory.cc

Index: talk/app/webrtc/webrtcsessiondescriptionfactory.cc
diff --git a/talk/app/webrtc/webrtcsessiondescriptionfactory.cc b/talk/app/webrtc/webrtcsessiondescriptionfactory.cc
index 6c6981ce5a9987e12f185cc4b351bb105d438bbf..a3a053cc92accaf3ce106dbdbe552bc7b198adfa 100644
--- a/talk/app/webrtc/webrtcsessiondescriptionfactory.cc
+++ b/talk/app/webrtc/webrtcsessiondescriptionfactory.cc
@@ -68,7 +68,8 @@ static bool ValidStreams(const MediaSessionOptions::Streams& streams) {
 
 enum {
   MSG_CREATE_SESSIONDESCRIPTION_SUCCESS,
-  MSG_CREATE_SESSIONDESCRIPTION_FAILED
+  MSG_CREATE_SESSIONDESCRIPTION_FAILED,
+  MSG_USE_CONSTRUCTOR_CERTIFICATE
 };
 
 struct CreateSessionDescriptionMsg : public rtc::MessageData {
@@ -126,6 +127,7 @@ void WebRtcSessionDescriptionFactory::CopyCandidatesFromSessionDescription(
   }
 }
 
+// Private constructor called by other constructors.
 WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
     rtc::Thread* signaling_thread,
     cricket::ChannelManager* channel_manager,
@@ -147,28 +149,78 @@ WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
       session_(session),
       session_id_(session_id),
       data_channel_type_(dct),
-      identity_request_state_(IDENTITY_NOT_NEEDED) {
+      certificate_request_state_(CERTIFICATE_NOT_NEEDED) {
   session_desc_factory_.set_add_legacy_streams(false);
   // SRTP-SDES is disabled if DTLS is on.
   SetSdesPolicy(dtls_enabled ? cricket::SEC_DISABLED : cricket::SEC_REQUIRED);
+}
 
-  // If |dtls_enabled| we must have a |dtls_identity_store_|.
-  DCHECK(!dtls_enabled || dtls_identity_store_);
-
-  if (dtls_enabled && dtls_identity_store_) {
-    identity_request_observer_ =
-      new rtc::RefCountedObject<WebRtcIdentityRequestObserver>();
+WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
+    rtc::Thread* signaling_thread,
+    cricket::ChannelManager* channel_manager,
+    MediaStreamSignaling* mediastream_signaling,
+    WebRtcSession* session,
+    const std::string& session_id,
+    cricket::DataChannelType dct)
+    : WebRtcSessionDescriptionFactory(
+        signaling_thread, channel_manager, mediastream_signaling, nullptr,
+        session, session_id, dct, false) {
+  LOG(LS_VERBOSE) << "DTLS-SRTP disabled.";
+}
 
-    identity_request_observer_->SignalRequestFailed.connect(
-        this, &WebRtcSessionDescriptionFactory::OnIdentityRequestFailed);
-    identity_request_observer_->SignalIdentityReady.connect(
-        this, &WebRtcSessionDescriptionFactory::SetIdentity);
+WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
+    rtc::Thread* signaling_thread,
+    cricket::ChannelManager* channel_manager,
+    MediaStreamSignaling* mediastream_signaling,
+    rtc::scoped_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+    WebRtcSession* session,
+    const std::string& session_id,
+    cricket::DataChannelType dct)
+    : WebRtcSessionDescriptionFactory(
+        signaling_thread, channel_manager, mediastream_signaling,
+        dtls_identity_store.Pass(), session, session_id, dct, true) {
+  DCHECK(dtls_identity_store_);
+
+  certificate_request_state_ = CERTIFICATE_WAITING;
+
+  identity_request_observer_ =
+    new rtc::RefCountedObject<WebRtcIdentityRequestObserver>();

[tommi, 2015/08/20 14:58:11]

initialize in the initializer list?

[hbos, 2015/08/20 16:06:11]

Done. This required moving it to helper constructor's initializer list and
initializing it there, but it allowed it to be made const.

+  identity_request_observer_->SignalRequestFailed.connect(
+      this, &WebRtcSessionDescriptionFactory::OnIdentityRequestFailed);
+  identity_request_observer_->SignalIdentityReady.connect(
+      this, &WebRtcSessionDescriptionFactory::SetIdentity);
+
+  rtc::KeyType key_type = rtc::KT_DEFAULT;
+  LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request (key "
+                  << "type: " << key_type << ").";
+
+  // Request identity. This happens asynchronously, so the caller will have a
+  // chance to connect to SignalIdentityReady.
+  dtls_identity_store_->RequestIdentity(key_type, identity_request_observer_);
+}
 
-    LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request.";
-    identity_request_state_ = IDENTITY_WAITING;
-    dtls_identity_store_->RequestIdentity(rtc::KT_DEFAULT,
-                                          identity_request_observer_);
-  }
+WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
+    rtc::Thread* signaling_thread,
+    cricket::ChannelManager* channel_manager,
+    MediaStreamSignaling* mediastream_signaling,
+    rtc::scoped_refptr<rtc::RTCCertificate> certificate,
+    WebRtcSession* session,
+    const std::string& session_id,
+    cricket::DataChannelType dct)
+    : WebRtcSessionDescriptionFactory(
+        signaling_thread, channel_manager, mediastream_signaling, nullptr,
+        session, session_id, dct, true) {
+  DCHECK(certificate);
+
+  certificate_request_state_ = CERTIFICATE_WAITING;
+
+  LOG(LS_VERBOSE) << "DTLS-SRTP enabled; has certificate parameter.";
+  // We already have a certificate but we wait to do SetIdentity; if we do
+  // it in the constructor then the caller has not had a chance to connect to
+  // SignalIdentityReady.
+  signaling_thread_->Post(this, MSG_USE_CONSTRUCTOR_CERTIFICATE,
+                          new rtc::ScopedRefMessageData<rtc::RTCCertificate>(
+                              certificate));
 }
 
 WebRtcSessionDescriptionFactory::~WebRtcSessionDescriptionFactory() {
@@ -193,7 +245,7 @@ void WebRtcSessionDescriptionFactory::CreateOffer(
   cricket::MediaSessionOptions session_options;
 
   std::string error = "CreateOffer";
-  if (identity_request_state_ == IDENTITY_FAILED) {
+  if (certificate_request_state_ == CERTIFICATE_FAILED) {
     error += kFailedDueToIdentityFailed;
     LOG(LS_ERROR) << error;
     PostCreateSessionDescriptionFailed(observer, error);
@@ -222,11 +274,11 @@ void WebRtcSessionDescriptionFactory::CreateOffer(
 
   CreateSessionDescriptionRequest request(
       CreateSessionDescriptionRequest::kOffer, observer, session_options);
-  if (identity_request_state_ == IDENTITY_WAITING) {
+  if (certificate_request_state_ == CERTIFICATE_WAITING) {
     create_session_description_requests_.push(request);
   } else {
-    ASSERT(identity_request_state_ == IDENTITY_SUCCEEDED ||
-           identity_request_state_ == IDENTITY_NOT_NEEDED);
+    ASSERT(certificate_request_state_ == CERTIFICATE_SUCCEEDED ||
+           certificate_request_state_ == CERTIFICATE_NOT_NEEDED);
     InternalCreateOffer(request);
   }
 }
@@ -235,7 +287,7 @@ void WebRtcSessionDescriptionFactory::CreateAnswer(
     CreateSessionDescriptionObserver* observer,
     const MediaConstraintsInterface* constraints) {
   std::string error = "CreateAnswer";
-  if (identity_request_state_ == IDENTITY_FAILED) {
+  if (certificate_request_state_ == CERTIFICATE_FAILED) {
     error += kFailedDueToIdentityFailed;
     LOG(LS_ERROR) << error;
     PostCreateSessionDescriptionFailed(observer, error);
@@ -277,11 +329,11 @@ void WebRtcSessionDescriptionFactory::CreateAnswer(
 
   CreateSessionDescriptionRequest request(
       CreateSessionDescriptionRequest::kAnswer, observer, options);
-  if (identity_request_state_ == IDENTITY_WAITING) {
+  if (certificate_request_state_ == CERTIFICATE_WAITING) {
     create_session_description_requests_.push(request);
   } else {
-    ASSERT(identity_request_state_ == IDENTITY_SUCCEEDED ||
-           identity_request_state_ == IDENTITY_NOT_NEEDED);
+    ASSERT(certificate_request_state_ == CERTIFICATE_SUCCEEDED ||
+           certificate_request_state_ == CERTIFICATE_NOT_NEEDED);
     InternalCreateAnswer(request);
   }
 }
@@ -311,6 +363,17 @@ void WebRtcSessionDescriptionFactory::OnMessage(rtc::Message* msg) {
       delete param;
       break;
     }
+    case MSG_USE_CONSTRUCTOR_CERTIFICATE: {
+      rtc::ScopedRefMessageData<rtc::RTCCertificate>* param =
+          static_cast<rtc::ScopedRefMessageData<rtc::RTCCertificate>*>(
+              msg->pdata);
+      LOG(LS_INFO) << "Using certificate supplied to the constructor.";
+      // TODO(hbos): Pass around scoped_refptr<RTCCertificate> instead of
+      // SSLIdentity* (then there will be no need to do GetReference here).
+      SetIdentity(param->data()->identity()->GetReference());
+      delete param;
+      break;
+    }
     default:
       ASSERT(false);
       break;
@@ -429,7 +492,7 @@ void WebRtcSessionDescriptionFactory::OnIdentityRequestFailed(int error) {
   ASSERT(signaling_thread_->IsCurrent());
 
   LOG(LS_ERROR) << "Async identity request failed: error = " << error;
-  identity_request_state_ = IDENTITY_FAILED;
+  certificate_request_state_ = CERTIFICATE_FAILED;
 
   FailPendingRequests(kFailedDueToIdentityFailed);
 }
@@ -438,7 +501,7 @@ void WebRtcSessionDescriptionFactory::SetIdentity(
     rtc::SSLIdentity* identity) {
   LOG(LS_VERBOSE) << "Setting new identity";
 
-  identity_request_state_ = IDENTITY_SUCCEEDED;
+  certificate_request_state_ = CERTIFICATE_SUCCEEDED;
   SignalIdentityReady(identity);
 
   transport_desc_factory_.set_identity(identity);