Revert of Replacing DtlsIdentityStoreInterface with RTCCertificateGeneratorInterface. (patchset #2 id:20001 of https://codereview.webrtc.org/2013523002/ )

Reason for revert:
There are more CreatePeerConnection calls than I anticipated/had found in Chromium, like remoting/protocol/webrtc_transport.cc. Reverting due to broken Chromium FYI bots.

Original issue's description:
> Replacing DtlsIdentityStoreInterface with RTCCertificateGeneratorInterface.
>
> The store was used in WebRtcSessionDescriptionFactory to generate certificates,
> now a generator is used instead (new API). PeerConnection[Factory][Interface],
> and WebRtcSession are updated to pass generators all the way down to the
> WebRtcSessionDescriptionFactory instead of stores.
>
> The webrtc implementation of a generator, RTCCertificateGenerator, is used as
> the default generator (peerconnectionfactory.cc:189) instead of the webrtc
> implementation of a store, DtlsIdentityStoreImpl.
>   The generator is fully parameterized and does not generate RSA-1024 unless you
> ask for it (which makes sense not to do beforehand since ECDSA is now default).
> The store was not fully parameterized (known filed bug).
>
> The "top" layer, PeerConnectionFactoryInterface::CreatePeerConnection, is
> updated to take a generator instead of a store. But as to not break Chromium,
> the old function signature taking a store is kept. It is implemented to invoke
> the generator version by wrapping the store in an
> RTCCertificateGeneratorStoreWrapper. As soon as Chromium is updated to use the
> new function signature we can remove the old CreatePeerConnection.
>   Due to having multiple CreatePeerConnection signatures, some calling places
> are updated to resolve the ambiguity introduced.
>
> BUG=webrtc:5707, webrtc:5708
> R=phoglund@webrtc.org, tommi@webrtc.org
> TBR=tkchin@webrc.org
>
> Committed: 400781a209

TBR=tkchin@webrtc.org,tommi@webrtc.org,phoglund@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:5707, webrtc:5708

Review-Url: https://codereview.webrtc.org/2020633002
Cr-Commit-Position: refs/heads/master@{#12948}

talk/app/webrtc/objc/RTCPeerConnection.mm

@@ -279,11 +279,7 @@ class RTCStatsObserver : public StatsObserver {
     config.servers = iceServers;
     _observer.reset(new webrtc::RTCPeerConnectionObserver(self));
     _peerConnection = factory->CreatePeerConnection(
-        config,
+        config, constraints, nullptr, nullptr, _observer.get());
-        constraints,
-        nullptr,
-        std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
-        _observer.get());
     _localStreams = [[NSMutableArray alloc] init];
   }
   return self;
@@ -297,12 +293,7 @@ class RTCStatsObserver : public StatsObserver {
   if (self = [super init]) {
     _observer.reset(new webrtc::RTCPeerConnectionObserver(self));
     _peerConnection =
-        factory->CreatePeerConnection(
+        factory->CreatePeerConnection(config, constraints, nullptr, nullptr, _observer.get());
-            config,
-            constraints,
-            nullptr,
-            std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
-            _observer.get());
     _localStreams = [[NSMutableArray alloc] init];
     _delegate = delegate;
   }

webrtc/api/java/jni/peerconnection_jni.cc

@@ -1603,11 +1603,7 @@ JOW(jlong, PeerConnectionFactory_nativeCreatePeerConnection)(
   PCOJava* observer = reinterpret_cast<PCOJava*>(observer_p);
   observer->SetConstraints(new ConstraintsWrapper(jni, j_constraints));
   rtc::scoped_refptr<PeerConnectionInterface> pc(f->CreatePeerConnection(
-      rtc_config,
+      rtc_config, observer->constraints(), NULL, NULL, observer));
-      observer->constraints(),
-      nullptr,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
-      observer));
   return (jlong)pc.release();
 }
 

webrtc/api/peerconnection.cc

@@ -566,7 +566,7 @@ PeerConnection::~PeerConnection() {
 bool PeerConnection::Initialize(
     const PeerConnectionInterface::RTCConfiguration& configuration,
     std::unique_ptr<cricket::PortAllocator> allocator,
-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+    std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
     PeerConnectionObserver* observer) {
   TRACE_EVENT0("webrtc", "PeerConnection::Initialize");
   RTC_DCHECK(observer != nullptr);
@@ -594,7 +594,7 @@ bool PeerConnection::Initialize(
   stats_.reset(new StatsCollector(this));
 
   // Initialize the WebRtcSession. It creates transport channels etc.
-  if (!session_->Initialize(factory_->options(), std::move(cert_generator),
+  if (!session_->Initialize(factory_->options(), std::move(dtls_identity_store),
                             configuration)) {
     return false;
   }

webrtc/api/peerconnection.h

@@ -16,6 +16,7 @@
 #include <memory>
 #include <vector>
 
+#include "webrtc/api/dtlsidentitystore.h"
 #include "webrtc/api/peerconnectionfactory.h"
 #include "webrtc/api/peerconnectioninterface.h"
 #include "webrtc/api/rtpreceiverinterface.h"
@@ -69,7 +70,7 @@ class PeerConnection : public PeerConnectionInterface,
   bool Initialize(
       const PeerConnectionInterface::RTCConfiguration& configuration,
       std::unique_ptr<cricket::PortAllocator> allocator,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+      std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
       PeerConnectionObserver* observer);
 
   rtc::scoped_refptr<StreamCollectionInterface> local_streams() override;

webrtc/api/peerconnectionfactory.cc

@@ -36,27 +36,25 @@ namespace webrtc {
 
 namespace {
 
-// Passes down the calls to |cert_generator_|. See usage in
+// Passes down the calls to |store_|. See usage in CreatePeerConnection.
-// |CreatePeerConnection|.
+class DtlsIdentityStoreWrapper : public DtlsIdentityStoreInterface {
-class RTCCertificateGeneratorWrapper
-    : public rtc::RTCCertificateGeneratorInterface {
  public:
-  RTCCertificateGeneratorWrapper(
+  DtlsIdentityStoreWrapper(
-      const rtc::scoped_refptr<RefCountedRTCCertificateGenerator>& cert_gen)
+      const rtc::scoped_refptr<RefCountedDtlsIdentityStore>& store)
-      : cert_generator_(cert_gen) {
+      : store_(store) {
-    RTC_DCHECK(cert_generator_);
+    RTC_DCHECK(store_);
   }
 
-  void GenerateCertificateAsync(
+  void RequestIdentity(
       const rtc::KeyParams& key_params,
       const rtc::Optional<uint64_t>& expires_ms,
-      const rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback>& callback)
+      const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>&
-          override {
+          observer) override {
-    cert_generator_->GenerateCertificateAsync(key_params, expires_ms, callback);
+    store_->RequestIdentity(key_params, expires_ms, observer);
   }
 
  private:
-  rtc::scoped_refptr<RefCountedRTCCertificateGenerator> cert_generator_;
+  rtc::scoped_refptr<RefCountedDtlsIdentityStore> store_;
 };
 
 }  // anonymous namespace
@@ -143,9 +141,9 @@ PeerConnectionFactory::~PeerConnectionFactory() {
   channel_manager_.reset(nullptr);
 
   // Make sure |worker_thread_| and |signaling_thread_| outlive
-  // |cert_generator_|, |default_socket_factory_| and
+  // |dtls_identity_store_|, |default_socket_factory_| and
   // |default_network_manager_|.
-  cert_generator_ = nullptr;
+  dtls_identity_store_ = nullptr;
   default_socket_factory_ = nullptr;
   default_network_manager_ = nullptr;
 
@@ -186,8 +184,8 @@ bool PeerConnectionFactory::Initialize() {
     return false;
   }
 
-  cert_generator_ =
+  dtls_identity_store_ =
-      new RefCountedRTCCertificateGenerator(signaling_thread_, network_thread_);
+      new RefCountedDtlsIdentityStore(signaling_thread_, network_thread_);
 
   return true;
 }
@@ -257,7 +255,7 @@ PeerConnectionFactory::CreatePeerConnection(
     const PeerConnectionInterface::RTCConfiguration& configuration_in,
     const MediaConstraintsInterface* constraints,
     std::unique_ptr<cricket::PortAllocator> allocator,
-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+    std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
     PeerConnectionObserver* observer) {
   RTC_DCHECK(signaling_thread_->IsCurrent());
 
@@ -266,23 +264,23 @@ PeerConnectionFactory::CreatePeerConnection(
   CopyConstraintsIntoRtcConfiguration(constraints, &configuration);
 
   return CreatePeerConnection(configuration, std::move(allocator),
-                              std::move(cert_generator), observer);
+                              std::move(dtls_identity_store), observer);
 }
 
 rtc::scoped_refptr<PeerConnectionInterface>
 PeerConnectionFactory::CreatePeerConnection(
     const PeerConnectionInterface::RTCConfiguration& configuration,
     std::unique_ptr<cricket::PortAllocator> allocator,
-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+    std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
     PeerConnectionObserver* observer) {
   RTC_DCHECK(signaling_thread_->IsCurrent());
 
-  if (!cert_generator.get()) {
+  if (!dtls_identity_store.get()) {
-    // Because |pc|->Initialize takes ownership of the generator we need a new
+    // Because |pc|->Initialize takes ownership of the store we need a new
     // wrapper object that can be deleted without deleting the underlying
-    // |cert_generator_|, protecting it from being deleted multiple times.
+    // |dtls_identity_store_|, protecting it from being deleted multiple times.
-    cert_generator.reset(
+    dtls_identity_store.reset(
-        new RTCCertificateGeneratorWrapper(cert_generator_));
+        new DtlsIdentityStoreWrapper(dtls_identity_store_));
   }
 
   if (!allocator) {
@@ -297,7 +295,7 @@ PeerConnectionFactory::CreatePeerConnection(
       new rtc::RefCountedObject<PeerConnection>(this));
 
   if (!pc->Initialize(configuration, std::move(allocator),
-                      std::move(cert_generator), observer)) {
+                      std::move(dtls_identity_store), observer)) {
     return nullptr;
   }
   return PeerConnectionProxy::Create(signaling_thread(), pc);

webrtc/api/peerconnectionfactory.h

@@ -14,12 +14,12 @@
 #include <memory>
 #include <string>
 
+#include "webrtc/api/dtlsidentitystore.h"
 #include "webrtc/api/mediacontroller.h"
 #include "webrtc/api/mediastreaminterface.h"
 #include "webrtc/api/peerconnectioninterface.h"
 #include "webrtc/base/scoped_ref_ptr.h"
 #include "webrtc/base/thread.h"
-#include "webrtc/base/rtccertificategenerator.h"
 #include "webrtc/pc/channelmanager.h"
 
 namespace rtc {
@@ -29,8 +29,8 @@ class BasicPacketSocketFactory;
 
 namespace webrtc {
 
-typedef rtc::RefCountedObject<rtc::RTCCertificateGenerator>
+typedef rtc::RefCountedObject<DtlsIdentityStoreImpl>
-    RefCountedRTCCertificateGenerator;
+    RefCountedDtlsIdentityStore;
 
 class PeerConnectionFactory : public PeerConnectionFactoryInterface {
  public:
@@ -43,13 +43,13 @@ class PeerConnectionFactory : public PeerConnectionFactoryInterface {
       const PeerConnectionInterface::RTCConfiguration& configuration,
       const MediaConstraintsInterface* constraints,
       std::unique_ptr<cricket::PortAllocator> allocator,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+      std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
       PeerConnectionObserver* observer) override;
 
   virtual rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
       const PeerConnectionInterface::RTCConfiguration& configuration,
       std::unique_ptr<cricket::PortAllocator> allocator,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+      std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
       PeerConnectionObserver* observer) override;
 
   bool Initialize();
@@ -129,7 +129,7 @@ class PeerConnectionFactory : public PeerConnectionFactoryInterface {
   std::unique_ptr<rtc::BasicNetworkManager> default_network_manager_;
   std::unique_ptr<rtc::BasicPacketSocketFactory> default_socket_factory_;
 
-  rtc::scoped_refptr<RefCountedRTCCertificateGenerator> cert_generator_;
+  rtc::scoped_refptr<RefCountedDtlsIdentityStore> dtls_identity_store_;
 };
 
 }  // namespace webrtc

webrtc/api/peerconnectionfactoryproxy.h

@@ -29,7 +29,7 @@ BEGIN_SIGNALING_PROXY_MAP(PeerConnectionFactory)
       const PeerConnectionInterface::RTCConfiguration& a1,
       const MediaConstraintsInterface* a2,
       std::unique_ptr<cricket::PortAllocator> a3,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> a4,
+      std::unique_ptr<DtlsIdentityStoreInterface> a4,
       PeerConnectionObserver* a5) override {
     return signaling_thread_
         ->Invoke<rtc::scoped_refptr<PeerConnectionInterface>>(
@@ -39,7 +39,7 @@ BEGIN_SIGNALING_PROXY_MAP(PeerConnectionFactory)
   rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
       const PeerConnectionInterface::RTCConfiguration& a1,
       std::unique_ptr<cricket::PortAllocator> a3,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> a4,
+      std::unique_ptr<DtlsIdentityStoreInterface> a4,
       PeerConnectionObserver* a5) override {
     return signaling_thread_
         ->Invoke<rtc::scoped_refptr<PeerConnectionInterface>>(
@@ -77,10 +77,10 @@ BEGIN_SIGNALING_PROXY_MAP(PeerConnectionFactory)
       const PeerConnectionInterface::RTCConfiguration& a1,
       const MediaConstraintsInterface* a2,
       cricket::PortAllocator* a3,
-      rtc::RTCCertificateGeneratorInterface* a4,
+      DtlsIdentityStoreInterface* a4,
       PeerConnectionObserver* a5) {
     std::unique_ptr<cricket::PortAllocator> ptr_a3(a3);
-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> ptr_a4(a4);
+    std::unique_ptr<DtlsIdentityStoreInterface> ptr_a4(a4);
     return c_->CreatePeerConnection(a1, a2, std::move(ptr_a3),
                                     std::move(ptr_a4), a5);
   }
@@ -88,10 +88,10 @@ BEGIN_SIGNALING_PROXY_MAP(PeerConnectionFactory)
   rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection_ot(
       const PeerConnectionInterface::RTCConfiguration& a1,
       cricket::PortAllocator* a3,
-      rtc::RTCCertificateGeneratorInterface* a4,
+      DtlsIdentityStoreInterface* a4,
       PeerConnectionObserver* a5) {
     std::unique_ptr<cricket::PortAllocator> ptr_a3(a3);
-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> ptr_a4(a4);
+    std::unique_ptr<DtlsIdentityStoreInterface> ptr_a4(a4);
     return c_->CreatePeerConnection(a1, std::move(ptr_a3), std::move(ptr_a4),
                                     a5);
   }

webrtc/api/peerconnectioninterface.h

@@ -68,7 +68,6 @@
 #include "webrtc/base/fileutils.h"
 #include "webrtc/base/network.h"
 #include "webrtc/base/rtccertificate.h"
-#include "webrtc/base/rtccertificategenerator.h"
 #include "webrtc/base/socketaddress.h"
 #include "webrtc/base/sslstreamadapter.h"
 #include "webrtc/media/base/mediachannel.h"
@@ -578,51 +577,17 @@ class PeerConnectionFactoryInterface : public rtc::RefCountInterface {
   virtual void SetOptions(const Options& options) = 0;
 
   virtual rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
-      const PeerConnectionInterface::RTCConfiguration& configuration,
-      const MediaConstraintsInterface* constraints,
-      std::unique_ptr<cricket::PortAllocator> allocator,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
-      PeerConnectionObserver* observer) = 0;
-  // TODO(hbos): To be removed in favor of the |cert_generator| version as soon
-  // as Chromium stops using this version. See bugs.webrtc.org/5707,
-  // bugs.webrtc.org/5708.
-  rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
       const PeerConnectionInterface::RTCConfiguration& configuration,
       const MediaConstraintsInterface* constraints,
       std::unique_ptr<cricket::PortAllocator> allocator,
       std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
-      PeerConnectionObserver* observer) {
+      PeerConnectionObserver* observer) = 0;
-    return CreatePeerConnection(
-        configuration,
-        constraints,
-        std::move(allocator),
-        std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(
-            dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper(
-                std::move(dtls_identity_store)) : nullptr),
-        observer);
-  }
 
   virtual rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
-      const PeerConnectionInterface::RTCConfiguration& configuration,
-      std::unique_ptr<cricket::PortAllocator> allocator,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
-      PeerConnectionObserver* observer) = 0;
-  // TODO(hbos): To be removed in favor of the |cert_generator| version as soon
-  // as Chromium stops using this version. See bugs.webrtc.org/5707,
-  // bugs.webrtc.org/5708.
-  rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
       const PeerConnectionInterface::RTCConfiguration& configuration,
       std::unique_ptr<cricket::PortAllocator> allocator,
       std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
-      PeerConnectionObserver* observer) {
+      PeerConnectionObserver* observer) = 0;
-    return CreatePeerConnection(
-        configuration,
-        std::move(allocator),
-        std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(
-            dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper(
-                std::move(dtls_identity_store)) : nullptr),
-        observer);
-  }
 
   virtual rtc::scoped_refptr<MediaStreamInterface>
       CreateLocalMediaStream(const std::string& label) = 0;

webrtc/api/peerconnectioninterface_unittest.cc

@@ -616,12 +616,8 @@ class PeerConnectionInterfaceTest : public testing::Test {
     config.servers.push_back(server);
 
     scoped_refptr<PeerConnectionInterface> pc;
-    pc = pc_factory_->CreatePeerConnection(
+    pc = pc_factory_->CreatePeerConnection(config, nullptr, nullptr, nullptr,
-        config,
+                                           &observer_);
-        nullptr,
-        nullptr,
-        std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
-        &observer_);
     EXPECT_EQ(nullptr, pc);
   }
 

webrtc/api/webrtcsession.cc

@@ -512,7 +512,7 @@ WebRtcSession::~WebRtcSession() {
 
 bool WebRtcSession::Initialize(
     const PeerConnectionFactoryInterface::Options& options,
-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+    std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
     const PeerConnectionInterface::RTCConfiguration& rtc_configuration) {
   bundle_policy_ = rtc_configuration.bundle_policy;
   rtcp_mux_policy_ = rtc_configuration.rtcp_mux_policy;
@@ -533,7 +533,7 @@ bool WebRtcSession::Initialize(
     dtls_enabled_ = false;
   } else {
     // Enable DTLS by default if we have an identity store or a certificate.
-    dtls_enabled_ = (cert_generator || certificate);
+    dtls_enabled_ = (dtls_identity_store || certificate);
     // |rtc_configuration| can override the default |dtls_enabled_| value.
     if (rtc_configuration.enable_dtls_srtp) {
       dtls_enabled_ = *(rtc_configuration.enable_dtls_srtp);
@@ -566,18 +566,19 @@ bool WebRtcSession::Initialize(
   if (!dtls_enabled_) {
     // Construct with DTLS disabled.
     webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
-        signaling_thread(), channel_manager_, this, id(),
+        signaling_thread(), channel_manager_, this, id()));
-        std::unique_ptr<rtc::RTCCertificateGeneratorInterface>()));
   } else {
     // Construct with DTLS enabled.
     if (!certificate) {
+      // Use the |dtls_identity_store| to generate a certificate.
+      RTC_DCHECK(dtls_identity_store);
       webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
-          signaling_thread(), channel_manager_, this, id(),
+          signaling_thread(), channel_manager_, std::move(dtls_identity_store),
-          std::move(cert_generator)));
+          this, id()));
     } else {
       // Use the already generated certificate.
       webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
-          signaling_thread(), channel_manager_, this, id(), certificate));
+          signaling_thread(), channel_manager_, certificate, this, id()));
     }
   }
 

webrtc/api/webrtcsession.h

@@ -153,7 +153,7 @@ class WebRtcSession : public AudioProviderInterface,
 
   bool Initialize(
       const PeerConnectionFactoryInterface::Options& options,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+      std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
       const PeerConnectionInterface::RTCConfiguration& rtc_configuration);
   // Deletes the voice, video and data channel and changes the session state
   // to STATE_CLOSED.

webrtc/api/webrtcsession_unittest.cc

@@ -397,10 +397,7 @@ class WebRtcSessionTest
     EXPECT_EQ(PeerConnectionInterface::kIceGatheringNew,
         observer_.ice_gathering_state_);
 
-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator(
+    EXPECT_TRUE(session_->Initialize(options_, std::move(dtls_identity_store),
-        dtls_identity_store ? new webrtc::RTCCertificateGeneratorStoreWrapper(
-            std::move(dtls_identity_store)) : nullptr);
-    EXPECT_TRUE(session_->Initialize(options_, std::move(cert_generator),
                                      configuration_));
     session_->set_metrics_observer(metrics_observer_);
   }

webrtc/api/webrtcsessiondescriptionfactory.cc

@@ -12,6 +12,7 @@
 
 #include <utility>
 
+#include "webrtc/api/dtlsidentitystore.h"
 #include "webrtc/api/jsep.h"
 #include "webrtc/api/jsepsessiondescription.h"
 #include "webrtc/api/mediaconstraintsinterface.h"
@@ -67,13 +68,28 @@ struct CreateSessionDescriptionMsg : public rtc::MessageData {
 };
 }  // namespace
 
-void WebRtcCertificateGeneratorCallback::OnFailure() {
+void WebRtcIdentityRequestObserver::OnFailure(int error) {
-  SignalRequestFailed();
+  SignalRequestFailed(error);
 }
 
-void WebRtcCertificateGeneratorCallback::OnSuccess(
+void WebRtcIdentityRequestObserver::OnSuccess(
-    const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) {
+    const std::string& der_cert, const std::string& der_private_key) {
-  SignalCertificateReady(certificate);
+  std::string pem_cert = rtc::SSLIdentity::DerToPem(
+      rtc::kPemTypeCertificate,
+      reinterpret_cast<const unsigned char*>(der_cert.data()),
+      der_cert.length());
+  std::string pem_key = rtc::SSLIdentity::DerToPem(
+      rtc::kPemTypeRsaPrivateKey,
+      reinterpret_cast<const unsigned char*>(der_private_key.data()),
+      der_private_key.length());
+  std::unique_ptr<rtc::SSLIdentity> identity(
+      rtc::SSLIdentity::FromPEMStrings(pem_key, pem_cert));
+  SignalCertificateReady(rtc::RTCCertificate::Create(std::move(identity)));
+}
+
+void WebRtcIdentityRequestObserver::OnSuccess(
+    std::unique_ptr<rtc::SSLIdentity> identity) {
+  SignalCertificateReady(rtc::RTCCertificate::Create(std::move(identity)));
 }
 
 // static
@@ -111,10 +127,12 @@ void WebRtcSessionDescriptionFactory::CopyCandidatesFromSessionDescription(
 WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
     rtc::Thread* signaling_thread,
     cricket::ChannelManager* channel_manager,
+    std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+    const rtc::scoped_refptr<WebRtcIdentityRequestObserver>&
+        identity_request_observer,
     WebRtcSession* session,
     const std::string& session_id,
-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+    bool dtls_enabled)
-    const rtc::scoped_refptr<rtc::RTCCertificate>& certificate)
     : signaling_thread_(signaling_thread),
       session_desc_factory_(channel_manager, &transport_desc_factory_),
       // RFC 4566 suggested a Network Time Protocol (NTP) format timestamp
@@ -122,81 +140,89 @@ WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
       // to just use a random number as session id and start version from
       // |kInitSessionVersion|.
       session_version_(kInitSessionVersion),
-      cert_generator_(std::move(cert_generator)),
+      dtls_identity_store_(std::move(dtls_identity_store)),
+      identity_request_observer_(identity_request_observer),
       session_(session),
       session_id_(session_id),
       certificate_request_state_(CERTIFICATE_NOT_NEEDED) {
-  RTC_DCHECK(signaling_thread_);
   session_desc_factory_.set_add_legacy_streams(false);
-  bool dtls_enabled = cert_generator_ || certificate;
   // SRTP-SDES is disabled if DTLS is on.
   SetSdesPolicy(dtls_enabled ? cricket::SEC_DISABLED : cricket::SEC_REQUIRED);
-  if (!dtls_enabled) {
-    LOG(LS_VERBOSE) << "DTLS-SRTP disabled.";
-    return;
-  }
-
-  if (certificate) {
-    // Use |certificate|.
-    certificate_request_state_ = CERTIFICATE_WAITING;
-
-    LOG(LS_VERBOSE) << "DTLS-SRTP enabled; has certificate parameter.";
-    // We already have a certificate but we wait to do |SetIdentity|; if we do
-    // it in the constructor then the caller has not had a chance to connect to
-    // |SignalCertificateReady|.
-    signaling_thread_->Post(
-        this, MSG_USE_CONSTRUCTOR_CERTIFICATE,
-        new rtc::ScopedRefMessageData<rtc::RTCCertificate>(certificate));
-  } else {
-    // Generate certificate.
-    certificate_request_state_ = CERTIFICATE_WAITING;
-
-    rtc::scoped_refptr<WebRtcCertificateGeneratorCallback> callback(
-        new rtc::RefCountedObject<WebRtcCertificateGeneratorCallback>());
-    callback->SignalRequestFailed.connect(
-        this, &WebRtcSessionDescriptionFactory::OnCertificateRequestFailed);
-    callback->SignalCertificateReady.connect(
-        this, &WebRtcSessionDescriptionFactory::SetCertificate);
-
-    rtc::KeyParams key_params = rtc::KeyParams();
-    LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request (key "
-                    << "type: " << key_params.type() << ").";
-
-    // Request certificate. This happens asynchronously, so that the caller gets
-    // a chance to connect to |SignalCertificateReady|.
-    cert_generator_->GenerateCertificateAsync(
-        key_params, rtc::Optional<uint64_t>(), callback);
-  }
 }
 
 WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
     rtc::Thread* signaling_thread,
     cricket::ChannelManager* channel_manager,
     WebRtcSession* session,
-    const std::string& session_id,
+    const std::string& session_id)
-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator)
+    : WebRtcSessionDescriptionFactory(signaling_thread,
+                                      channel_manager,
+                                      nullptr,
+                                      nullptr,
+                                      session,
+                                      session_id,
+                                      false) {
+  LOG(LS_VERBOSE) << "DTLS-SRTP disabled.";
+}
+
+WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
+    rtc::Thread* signaling_thread,
+    cricket::ChannelManager* channel_manager,
+    std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+    WebRtcSession* session,
+    const std::string& session_id)
     : WebRtcSessionDescriptionFactory(
           signaling_thread,
           channel_manager,
+          std::move(dtls_identity_store),
+          new rtc::RefCountedObject<WebRtcIdentityRequestObserver>(),
           session,
           session_id,
-          std::move(cert_generator),
+          true) {
-          nullptr) {
+  RTC_DCHECK(dtls_identity_store_);
+
+  certificate_request_state_ = CERTIFICATE_WAITING;
+
+  identity_request_observer_->SignalRequestFailed.connect(
+      this, &WebRtcSessionDescriptionFactory::OnIdentityRequestFailed);
+  identity_request_observer_->SignalCertificateReady.connect(
+      this, &WebRtcSessionDescriptionFactory::SetCertificate);
+
+  rtc::KeyParams key_params = rtc::KeyParams();
+  LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request (key "
+                  << "type: " << key_params.type() << ").";
+
+  // Request identity. This happens asynchronously, so the caller will have a
+  // chance to connect to SignalIdentityReady.
+  dtls_identity_store_->RequestIdentity(key_params,
+                                        rtc::Optional<uint64_t>(),
+                                        identity_request_observer_);
 }
 
 WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
     rtc::Thread* signaling_thread,
     cricket::ChannelManager* channel_manager,
+    const rtc::scoped_refptr<rtc::RTCCertificate>& certificate,
     WebRtcSession* session,
-    const std::string& session_id,
+    const std::string& session_id)
-    const rtc::scoped_refptr<rtc::RTCCertificate>& certificate)
     : WebRtcSessionDescriptionFactory(signaling_thread,
                                       channel_manager,
+                                      nullptr,
+                                      nullptr,
                                       session,
                                       session_id,
-                                      nullptr,
+                                      true) {
-                                      certificate) {
   RTC_DCHECK(certificate);
+
+  certificate_request_state_ = CERTIFICATE_WAITING;
+
+  LOG(LS_VERBOSE) << "DTLS-SRTP enabled; has certificate parameter.";
+  // We already have a certificate but we wait to do SetIdentity; if we do
+  // it in the constructor then the caller has not had a chance to connect to
+  // SignalIdentityReady.
+  signaling_thread_->Post(
+      this, MSG_USE_CONSTRUCTOR_CERTIFICATE,
+      new rtc::ScopedRefMessageData<rtc::RTCCertificate>(certificate));
 }
 
 WebRtcSessionDescriptionFactory::~WebRtcSessionDescriptionFactory() {
@@ -462,10 +488,10 @@ void WebRtcSessionDescriptionFactory::PostCreateSessionDescriptionSucceeded(
   signaling_thread_->Post(this, MSG_CREATE_SESSIONDESCRIPTION_SUCCESS, msg);
 }
 
-void WebRtcSessionDescriptionFactory::OnCertificateRequestFailed() {
+void WebRtcSessionDescriptionFactory::OnIdentityRequestFailed(int error) {
   ASSERT(signaling_thread_->IsCurrent());
 
-  LOG(LS_ERROR) << "Asynchronous certificate generation request failed.";
+  LOG(LS_ERROR) << "Async identity request failed: error = " << error;
   certificate_request_state_ = CERTIFICATE_FAILED;
 
   FailPendingRequests(kFailedDueToIdentityFailed);
@@ -474,7 +500,7 @@ void WebRtcSessionDescriptionFactory::OnCertificateRequestFailed() {
 void WebRtcSessionDescriptionFactory::SetCertificate(
     const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) {
   RTC_DCHECK(certificate);
-  LOG(LS_VERBOSE) << "Setting new certificate.";
+  LOG(LS_VERBOSE) << "Setting new certificate";
 
   certificate_request_state_ = CERTIFICATE_SUCCEEDED;
   SignalCertificateReady(certificate);

webrtc/api/webrtcsessiondescriptionfactory.h

@@ -18,7 +18,6 @@
 #include "webrtc/base/constructormagic.h"
 #include "webrtc/base/messagehandler.h"
 #include "webrtc/base/rtccertificate.h"
-#include "webrtc/base/rtccertificategenerator.h"
 #include "webrtc/p2p/base/transportdescriptionfactory.h"
 #include "webrtc/pc/mediasession.h"
 
@@ -33,17 +32,17 @@ class MediaConstraintsInterface;
 class SessionDescriptionInterface;
 class WebRtcSession;
 
-// DTLS certificate request callback class.
+// DTLS identity request callback class.
-class WebRtcCertificateGeneratorCallback
+class WebRtcIdentityRequestObserver : public DtlsIdentityRequestObserver,
-    : public rtc::RTCCertificateGeneratorCallback,
+                                      public sigslot::has_slots<> {
-      public sigslot::has_slots<> {
  public:
-  // |rtc::RTCCertificateGeneratorCallback| overrides.
+  // DtlsIdentityRequestObserver overrides.
-  void OnSuccess(
+  void OnFailure(int error) override;
-      const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override;
+  void OnSuccess(const std::string& der_cert,
-  void OnFailure() override;
+                 const std::string& der_private_key) override;
+  void OnSuccess(std::unique_ptr<rtc::SSLIdentity> identity) override;
 
-  sigslot::signal0<> SignalRequestFailed;
+  sigslot::signal1<int> SignalRequestFailed;
   sigslot::signal1<const rtc::scoped_refptr<rtc::RTCCertificate>&>
       SignalCertificateReady;
 };
@@ -67,29 +66,37 @@ struct CreateSessionDescriptionRequest {
   cricket::MediaSessionOptions options;
 };
 
-// This class is used to create offer/answer session description. Certificates
+// This class is used to create offer/answer session description with regards to
-// for WebRtcSession/DTLS are either supplied at construction or generated
+// the async DTLS identity generation for WebRtcSession.
-// asynchronously. It queues the create offer/answer request until the
+// It queues the create offer/answer request until the DTLS identity
-// certificate generation has completed, i.e. when OnCertificateRequestFailed or
+// request has completed, i.e. when OnIdentityRequestFailed or OnIdentityReady
-// OnCertificateReady is called.
+// is called.
 class WebRtcSessionDescriptionFactory : public rtc::MessageHandler,
                                         public sigslot::has_slots<> {
  public:
-  // If |certificate_generator| is not null, DTLS is enabled and a default
+  // Construct with DTLS disabled.
-  // certificate is generated asynchronously; otherwise DTLS is disabled.
+  WebRtcSessionDescriptionFactory(rtc::Thread* signaling_thread,
+                                  cricket::ChannelManager* channel_manager,
+                                  WebRtcSession* session,
+                                  const std::string& session_id);
+
+  // Construct with DTLS enabled using the specified |dtls_identity_store| to
+  // generate a certificate.
   WebRtcSessionDescriptionFactory(
       rtc::Thread* signaling_thread,
       cricket::ChannelManager* channel_manager,
+      std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
       WebRtcSession* session,
-      const std::string& session_id,
+      const std::string& session_id);
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator);
+
-  // Construct with DTLS enabled using the specified |certificate|.
+  // Construct with DTLS enabled using the specified (already generated)
+  // |certificate|.
   WebRtcSessionDescriptionFactory(
       rtc::Thread* signaling_thread,
       cricket::ChannelManager* channel_manager,
+      const rtc::scoped_refptr<rtc::RTCCertificate>& certificate,
       WebRtcSession* session,
-      const std::string& session_id,
+      const std::string& session_id);
-      const rtc::scoped_refptr<rtc::RTCCertificate>& certificate);
   virtual ~WebRtcSessionDescriptionFactory();
 
   static void CopyCandidatesFromSessionDescription(
@@ -123,15 +130,15 @@ class WebRtcSessionDescriptionFactory : public rtc::MessageHandler,
     CERTIFICATE_FAILED,
   };
 
-  // If |certificate_generator| or |certificate| is not null DTLS is enabled,
-  // otherwise DTLS is disabled.
   WebRtcSessionDescriptionFactory(
       rtc::Thread* signaling_thread,
       cricket::ChannelManager* channel_manager,
+      std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+      const rtc::scoped_refptr<WebRtcIdentityRequestObserver>&
+          identity_request_observer,
       WebRtcSession* session,
       const std::string& session_id,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+      bool dtls_enabled);
-      const rtc::scoped_refptr<rtc::RTCCertificate>& certificate);
 
   // MessageHandler implementation.
   virtual void OnMessage(rtc::Message* msg);
@@ -147,7 +154,7 @@ class WebRtcSessionDescriptionFactory : public rtc::MessageHandler,
       CreateSessionDescriptionObserver* observer,
       SessionDescriptionInterface* description);
 
-  void OnCertificateRequestFailed();
+  void OnIdentityRequestFailed(int error);
   void SetCertificate(
       const rtc::scoped_refptr<rtc::RTCCertificate>& certificate);
 
@@ -157,7 +164,9 @@ class WebRtcSessionDescriptionFactory : public rtc::MessageHandler,
   cricket::TransportDescriptionFactory transport_desc_factory_;
   cricket::MediaSessionDescriptionFactory session_desc_factory_;
   uint64_t session_version_;
-  const std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator_;
+  const std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store_;
+  const rtc::scoped_refptr<WebRtcIdentityRequestObserver>
+      identity_request_observer_;
   // TODO(jiayl): remove the dependency on session once bug 2264 is fixed.
   WebRtcSession* const session_;
   const std::string session_id_;

webrtc/examples/peerconnection/client/conductor.cc

@@ -129,11 +129,7 @@ bool Conductor::CreatePeerConnection(bool dtls) {
   }
 
   peer_connection_ = peer_connection_factory_->CreatePeerConnection(
-      config,
+      config, &constraints, NULL, NULL, this);
-      &constraints,
-      nullptr,
-      std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
-      this);
   return peer_connection_.get() != NULL;
 }
 

webrtc/sdk/objc/Framework/Classes/RTCPeerConnection.mm

@@ -226,12 +226,11 @@ void PeerConnectionDelegateAdapter::OnIceCandidatesRemoved(
     std::unique_ptr<webrtc::MediaConstraints> nativeConstraints =
         constraints.nativeConstraints;
     _peerConnection =
-        factory.nativeFactory->CreatePeerConnection(
+        factory.nativeFactory->CreatePeerConnection(*config,
-            *config,
+                                                    nativeConstraints.get(),
-            nativeConstraints.get(),
+                                                    nullptr,
-            nullptr,
+                                                    nullptr,
-            std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
+                                                    _observer.get());
-            _observer.get());
     _localStreams = [[NSMutableArray alloc] init];
     _delegate = delegate;
   }