Replaces SSLIdentity* with scoped_refptr<RTCCertificate> in cricket::Transport layer.

webrtc/p2p/base/dtlstransport.h

Index: webrtc/p2p/base/dtlstransport.h
diff --git a/webrtc/p2p/base/dtlstransport.h b/webrtc/p2p/base/dtlstransport.h
index 27cece49d04ea9cfe328ad0084eca36a7b967f93..d551a6f4492fd8b3be3312b159c74080530faf7d 100644
--- a/webrtc/p2p/base/dtlstransport.h
+++ b/webrtc/p2p/base/dtlstransport.h
@@ -30,9 +30,9 @@ class DtlsTransport : public Base {
                 rtc::Thread* worker_thread,
                 const std::string& content_name,
                 PortAllocator* allocator,
-                rtc::SSLIdentity* identity)
+                const rtc::scoped_refptr<rtc::RTCCertificate>& certificate)
       : Base(signaling_thread, worker_thread, content_name, allocator),
-        identity_(identity),
+        certificate_(certificate),
         secure_role_(rtc::SSL_CLIENT),
         ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10) {
   }
@@ -40,14 +40,16 @@ class DtlsTransport : public Base {
   ~DtlsTransport() {
     Base::DestroyAllChannels();
   }
-  virtual void SetIdentity_w(rtc::SSLIdentity* identity) {
-    identity_ = identity;
+  void SetCertificate_w(
+      const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override {

[tommi, 2015/08/25 10:28:08]

since this is a _w method, can we DCHECK that we're on the worker thread?  (I
know the code hasn't' been doing this, but since you're modifying it, maybe it's
not that much extra work)

[hbos, 2015/08/25 15:45:44]

Done. (And for other _w methods)

+    certificate_ = certificate;
   }
-  virtual bool GetIdentity_w(rtc::SSLIdentity** identity) {
-    if (!identity_)
+  bool GetCertificate_w(
+      rtc::scoped_refptr<rtc::RTCCertificate>* certificate) override {
+    if (!certificate_)
       return false;
 
-    *identity = identity_->GetReference();
+    *certificate = certificate_;
     return true;
   }
 
@@ -63,10 +65,10 @@ class DtlsTransport : public Base {
 
     if (local_fp) {
       // Sanity check local fingerprint.
-      if (identity_) {
+      if (certificate_) {
         rtc::scoped_ptr<rtc::SSLFingerprint> local_fp_tmp(
             rtc::SSLFingerprint::Create(local_fp->algorithm,
-                                              identity_));
+                                        certificate_->identity()));
         ASSERT(local_fp_tmp.get() != NULL);
         if (!(*local_fp_tmp == *local_fp)) {
           std::ostringstream desc;
@@ -81,10 +83,12 @@ class DtlsTransport : public Base {
             error_desc);
       }
     } else {
-      identity_ = NULL;
+      certificate_ = nullptr;
     }
 
-    if (!channel->SetLocalIdentity(identity_)) {
+    // TODO(hbos): SetLocalCertificate

[tommi, 2015/08/25 10:28:08]

will this be addressed before checkin? It's not clear what the todo means.

[hbos, 2015/08/25 15:45:44]

Oh, sorry, that's sort of a "note to self"... I split this identity->cert
replace work up into a series of 3 CLs (they're all done but I'm gonna upload
them one at a time so I can merge in-between). The TODOs I'm adding in one of
these CLs is immediately addressed in the next one.
Should I make the TODOs more elaborate before landing or is it OK because
they're super temporary?

+    if (!channel->SetLocalIdentity(
+        certificate_ ? certificate_->identity() : nullptr)) {
       return BadTransportDescription("Failed to set local identity.",
                                      error_desc);
     }
@@ -237,7 +241,7 @@ class DtlsTransport : public Base {
     return Base::ApplyNegotiatedTransportDescription_w(channel, error_desc);
   }
 
-  rtc::SSLIdentity* identity_;
+  rtc::scoped_refptr<rtc::RTCCertificate> certificate_;
   rtc::SSLRole secure_role_;
   rtc::SSLProtocolVersion ssl_max_version_;
   rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint_;