Adds RTCCertificate, a reference counted object indirectly owning an SSLCertificate (by owning the SSLIdentity).

BUG=webrtc:4927
R=tommi@chromium.org, tommi@webrtc.org, torbjorng@webrtc.org

Review URL: https://codereview.webrtc.org/1299223002 .

Cr-Commit-Position: refs/heads/master@{#9741}

4 files changed, 100 insertions, 0 deletions

diff --git a/webrtc/base/BUILD.gn b/webrtc/base/BUILD.gn
index c91869c24a..573de14f44 100644
--- a/webrtc/base/BUILD.gn
+++ b/webrtc/base/BUILD.gn
@@ -272,6 +272,8 @@ static_library("rtc_base") {
     "ratelimiter.h",
     "ratetracker.cc",
     "ratetracker.h",
+    "rtccertificate.cc",
+    "rtccertificate.h",
     "scoped_autorelease_pool.h",
     "scoped_autorelease_pool.mm",
     "sha1.cc",
diff --git a/webrtc/base/base.gyp b/webrtc/base/base.gyp
index a5a140fd84..780ae7f4bc 100644
--- a/webrtc/base/base.gyp
+++ b/webrtc/base/base.gyp
@@ -248,6 +248,8 @@
         'refcount.h',
         'referencecountedsingletonfactory.h',
         'rollingaccumulator.h',
+        'rtccertificate.cc',
+        'rtccertificate.h',
         'schanneladapter.cc',
         'schanneladapter.h',
         'scoped_autorelease_pool.h',
diff --git a/webrtc/base/rtccertificate.cc b/webrtc/base/rtccertificate.cc
new file mode 100644
index 0000000000..5279fd4b85
--- /dev/null
+++ b/webrtc/base/rtccertificate.cc
@@ -0,0 +1,44 @@
+/*
+ *  Copyright 2015 The WebRTC Project Authors. All rights reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#include "webrtc/base/rtccertificate.h"
+
+#include "webrtc/base/checks.h"
+#include "webrtc/base/timeutils.h"
+
+namespace rtc {
+
+scoped_refptr<RTCCertificate> RTCCertificate::Create(
+    scoped_ptr<SSLIdentity> identity) {
+  return new RefCountedObject<RTCCertificate>(identity.release());
+}
+
+RTCCertificate::RTCCertificate(SSLIdentity* identity)
+    : identity_(identity) {
+  DCHECK(identity_);
+}
+
+RTCCertificate::~RTCCertificate() {
+}
+
+uint64 RTCCertificate::expires_timestamp_ns() const {
+  // TODO(hbos): Update once SSLIdentity/SSLCertificate supports expires field.
+  return 0;
+}
+
+bool RTCCertificate::HasExpired() const {
+  return expires_timestamp_ns() <= TimeNanos();
+}
+
+const SSLCertificate& RTCCertificate::ssl_certificate() const {
+  return identity_->certificate();
+}
+
+}  // namespace rtc
diff --git a/webrtc/base/rtccertificate.h b/webrtc/base/rtccertificate.h
new file mode 100644
index 0000000000..cb6835566e
--- /dev/null
+++ b/webrtc/base/rtccertificate.h
@@ -0,0 +1,52 @@
+/*
+ *  Copyright 2015 The WebRTC Project Authors. All rights reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef WEBRTC_BASE_RTCCERTIFICATE_H_
+#define WEBRTC_BASE_RTCCERTIFICATE_H_
+
+#include "webrtc/base/basictypes.h"
+#include "webrtc/base/refcount.h"
+#include "webrtc/base/scoped_ptr.h"
+#include "webrtc/base/scoped_ref_ptr.h"
+#include "webrtc/base/sslidentity.h"
+
+namespace rtc {
+
+// A thin abstraction layer between "lower level crypto stuff" like
+// SSLCertificate and WebRTC usage. Takes ownership of some lower level objects,
+// reference counting protects these from premature destruction.
+class RTCCertificate : public RefCountInterface {
+ public:
+  // Takes ownership of |identity|.
+  static scoped_refptr<RTCCertificate> Create(scoped_ptr<SSLIdentity> identity);
+
+  uint64 expires_timestamp_ns() const;
+  bool HasExpired() const;
+  const SSLCertificate& ssl_certificate() const;
+
+  // TODO(hbos): If possible, remove once RTCCertificate and its
+  // ssl_certificate() is used in all relevant places. Should not pass around
+  // raw SSLIdentity* for the sake of accessing SSLIdentity::certificate().
+  // However, some places might need SSLIdentity* for its public/private key...
+  SSLIdentity* identity() const { return identity_.get(); }
+
+ protected:
+  explicit RTCCertificate(SSLIdentity* identity);
+  ~RTCCertificate() override;
+
+ private:
+  // The SSLIdentity is the owner of the SSLCertificate. To protect our
+  // ssl_certificate() we take ownership of |identity_|.
+  scoped_ptr<SSLIdentity> identity_;
+};
+
+}  // namespace rtc
+
+#endif  // WEBRTC_BASE_RTCCERTIFICATE_H_