Added DtlsCertificate, a ref counted object owning an SSLIdentity

webrtc/base/nssstreamadapter.cc

Index: webrtc/base/nssstreamadapter.cc
diff --git a/webrtc/base/nssstreamadapter.cc b/webrtc/base/nssstreamadapter.cc
index 2e78adfc0e2ae9ec994c63d6ccd9018067c5eca1..5991e799669bf15d649f2dfb27bbbfb5fd2c4a6d 100644
--- a/webrtc/base/nssstreamadapter.cc
+++ b/webrtc/base/nssstreamadapter.cc
@@ -490,8 +490,8 @@ int NSSStreamAdapter::BeginSSL() {
     LOG(LS_INFO) << "BeginSSL: as server";
     NSSIdentity *identity;
 
-    if (identity_.get()) {
-      identity = static_cast<NSSIdentity *>(identity_.get());
+    if (dtlscertificate_.get()) {
+      identity = static_cast<NSSIdentity *>(dtlscertificate_->identity());
     } else {
       LOG(LS_ERROR) << "Can't be an SSL server without an identity";
       Error("BeginSSL", -1, false);
@@ -662,7 +662,7 @@ void NSSStreamAdapter::Cleanup() {
     ssl_fd_ = NULL;
   }
 
-  identity_.reset();
+  dtlscertificate_ = nullptr;
   peer_certificate_.reset();
 
   Thread::Current()->Clear(this, MSG_DTLS_TIMEOUT);
@@ -916,12 +916,13 @@ SECStatus NSSStreamAdapter::GetClientAuthDataHook(void *arg, PRFileDesc *fd,
   LOG(LS_INFO) << "Client cert requested";
   NSSStreamAdapter *stream = reinterpret_cast<NSSStreamAdapter *>(arg);
 
-  if (!stream->identity_.get()) {
+  if (!stream->dtlscertificate_.get()) {
     LOG(LS_ERROR) << "No identity available";
     return SECFailure;
   }
 
-  NSSIdentity *identity = static_cast<NSSIdentity *>(stream->identity_.get());
+  NSSIdentity *identity = static_cast<NSSIdentity *>(
+      stream->dtlscertificate_->identity());
   // Destroyed internally by NSS
   *pRetCert = CERT_DupCertificate(identity->certificate().certificate());
   *pRetKey = SECKEY_CopyPrivateKey(identity->keypair()->privkey());