Add option to enable ECDSA key for Java API.

talk/app/webrtc/java/jni/peerconnection_jni.cc

Index: talk/app/webrtc/java/jni/peerconnection_jni.cc
diff --git a/talk/app/webrtc/java/jni/peerconnection_jni.cc b/talk/app/webrtc/java/jni/peerconnection_jni.cc
index c326ccff6bede1e3e93e5605be72be86a672df7d..ad535cde3b21b57052f3f86a63fdacf33ff7f73a 100644
--- a/talk/app/webrtc/java/jni/peerconnection_jni.cc
+++ b/talk/app/webrtc/java/jni/peerconnection_jni.cc
@@ -125,6 +125,10 @@ namespace webrtc_jni {
 // Field trials initialization string
 static char *field_trials_init_string = NULL;
 
+// Passed to SSLIdentity::Generate, "WebRTC". Used for the certificates'
+// subject and issuer name.
+static const char kIdentityName[] = "WebRTC";
+
 #if defined(ANDROID) && !defined(WEBRTC_CHROMIUM_BUILD)
 // Set in PeerConnectionFactory_initializeAndroidGlobals().
 static bool factory_static_initialized = false;
@@ -1341,6 +1345,17 @@ JOW(jlong, PeerConnectionFactory_nativeCreatePeerConnection)(
   rtc_config.audio_jitter_buffer_fast_accelerate = GetBooleanField(
       jni, j_rtc_config, j_audio_jitter_buffer_fast_accelerate_id);
 
+  // Create ECDSA certificate.

[hbos, 2015/08/26 09:50:04]

This should probably not be placed here without having to explicitly enable it.
This would otherwise enable it for everything using this Java API which we do
not want to do.

I suggest adding a #ifdef JNI_CREATEPEERCONNECTION_USE_ECDSA (or if you can
think of a better name) around this code until we have added proper support to
control the certificates from the Java layers. You can build with this flag if
you want to do testing in the mean time.

Alternatively you could have a boolean flag or key type enum on the
RTCConfiguration that you would set from the application layer, but that could
only be temporary since the Java layer need to resemble the WebRTC RFC.

[AlexG, 2015/08/31 19:07:23]

Done. Added Java enum to configure certificate type

+  scoped_ptr<rtc::SSLIdentity> ssl_identity(
+      rtc::SSLIdentity::Generate(kIdentityName, rtc::KT_ECDSA));
+  if (ssl_identity.get()) {
+    rtc_config.certificates.push_back(
+        rtc::RTCCertificate::Create(ssl_identity.Pass()));
+    LOG(LS_INFO) << "ECDSA certificate created.";
+  } else {
+    LOG(LS_WARNING) << "Failed to generate SSLIdentity.";

[hbos, 2015/08/26 09:50:04]

While failing to generate is (exceptionally?) rare, it can happen. When this
happens this will not abort. Is that on purpose?

The peer connection subsequently created will use the default key type
(currently RSA, EC some time in the future, but you should not expect it to use
a specific type if you do not tell it to do so).

If it is on purpose, please add a comment clarifying that the peer connection
will created with default key type (and perhaps update the log message as well).
Otherwise, crash or find a way to abort safely.

[AlexG, 2015/08/31 19:07:23]

Done. Yes, this is on purpose. I added comment and updated log message.

+  }
+
   PCOJava* observer = reinterpret_cast<PCOJava*>(observer_p);
   observer->SetConstraints(new ConstraintsWrapper(jni, j_constraints));
   rtc::scoped_refptr<PeerConnectionInterface> pc(f->CreatePeerConnection(