Turning FakeDtlsIdentityStore into FakeRTCCertificateGenerator.

This is one less DtlsIdentityStoreInterface implementation, and one step closer to removing this interface in favor of RTCCertificateGeneratorInterface. This also removes PeerConnectionInterface::CreatePeerConnectionWithStore which is no longer needed. BUG=webrtc:5707, webrtc:5708 R=tommi@webrtc.org Review URL: https://codereview.webrtc.org/2020623002 . Cr-Commit-Position: refs/heads/master@{#12990}
2016-06-01 13:58:50 +02:00 · 2016-06-01 13:58:50 +02:00 · d79599d74a
commit d79599d74a
parent 0f380d8ffa
8 changed files with 105 additions and 156 deletions
--- a/webrtc/api/api_tests.gyp
+++ b/webrtc/api/api_tests.gyp
@ -51,8 +51,8 @@
        'test/fakeaudiocapturemodule_unittest.cc',
        'test/fakeconstraints.h',
        'test/fakedatachannelprovider.h',
-        'test/fakedtlsidentitystore.h',
        'test/fakeperiodicvideocapturer.h',
+        'test/fakertccertificategenerator.h',
        'test/fakevideotrackrenderer.h',
        'test/mockpeerconnectionobservers.h',
        'test/peerconnectiontestwrapper.h',
--- a/webrtc/api/peerconnection_unittest.cc
+++ b/webrtc/api/peerconnection_unittest.cc
@ -26,8 +26,8 @@
 #include "webrtc/api/peerconnectioninterface.h"
 #include "webrtc/api/test/fakeaudiocapturemodule.h"
 #include "webrtc/api/test/fakeconstraints.h"
-#include "webrtc/api/test/fakedtlsidentitystore.h"
 #include "webrtc/api/test/fakeperiodicvideocapturer.h"
+#include "webrtc/api/test/fakertccertificategenerator.h"
 #include "webrtc/api/test/fakevideotrackrenderer.h"
 #include "webrtc/api/test/mockpeerconnectionobservers.h"
 #include "webrtc/base/gunit.h"
@ -154,12 +154,12 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
      const std::string& id,
      const MediaConstraintsInterface* constraints,
      const PeerConnectionFactory::Options* options,
-      std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store,
+      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
      bool prefer_constraint_apis,
      rtc::Thread* network_thread,
      rtc::Thread* worker_thread) {
    PeerConnectionTestClient* client(new PeerConnectionTestClient(id));
-    if (!client->Init(constraints, options, std::move(dtls_identity_store),
+    if (!client->Init(constraints, options, std::move(cert_generator),
                      prefer_constraint_apis, network_thread, worker_thread)) {
      delete client;
      return nullptr;
@ -173,12 +173,12 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
      const PeerConnectionFactory::Options* options,
      rtc::Thread* network_thread,
      rtc::Thread* worker_thread) {
-    std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store(
-        rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeDtlsIdentityStore()
-                                              : nullptr);
+    std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+        rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+            new FakeRTCCertificateGenerator() : nullptr);

    return CreateClientWithDtlsIdentityStore(
-        id, constraints, options, std::move(dtls_identity_store), true,
+        id, constraints, options, std::move(cert_generator), true,
        network_thread, worker_thread);
  }

@ -187,12 +187,12 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
      const PeerConnectionFactory::Options* options,
      rtc::Thread* network_thread,
      rtc::Thread* worker_thread) {
-    std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store(
-        rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeDtlsIdentityStore()
-                                              : nullptr);
+    std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+        rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+            new FakeRTCCertificateGenerator() : nullptr);

    return CreateClientWithDtlsIdentityStore(
-        id, nullptr, options, std::move(dtls_identity_store), false,
+        id, nullptr, options, std::move(cert_generator), false,
        network_thread, worker_thread);
  }

@ -810,7 +810,7 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
  bool Init(
      const MediaConstraintsInterface* constraints,
      const PeerConnectionFactory::Options* options,
-      std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store,
+      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
      bool prefer_constraint_apis,
      rtc::Thread* network_thread,
      rtc::Thread* worker_thread) {
@ -842,23 +842,23 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
      peer_connection_factory_->SetOptions(*options);
    }
    peer_connection_ = CreatePeerConnection(
-        std::move(port_allocator), constraints, std::move(dtls_identity_store));
+        std::move(port_allocator), constraints, std::move(cert_generator));
    return peer_connection_.get() != nullptr;
  }

  rtc::scoped_refptr<webrtc::PeerConnectionInterface> CreatePeerConnection(
      std::unique_ptr<cricket::PortAllocator> port_allocator,
      const MediaConstraintsInterface* constraints,
-      std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store) {
+      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator) {
    // CreatePeerConnection with RTCConfiguration.
    webrtc::PeerConnectionInterface::RTCConfiguration config;
    webrtc::PeerConnectionInterface::IceServer ice_server;
    ice_server.uri = "stun:stun.l.google.com:19302";
    config.servers.push_back(ice_server);

-    return peer_connection_factory_->CreatePeerConnectionWithStore(
+    return peer_connection_factory_->CreatePeerConnection(
        config, constraints, std::move(port_allocator),
-        std::move(dtls_identity_store), this);
+        std::move(cert_generator), this);
  }

  void HandleIncomingOffer(const std::string& msg) {
@ -1266,15 +1266,15 @@ class P2PTestConductor : public testing::Test {
    setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
                                   true);

-    std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store(
-        rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeDtlsIdentityStore()
-                                              : nullptr);
-    dtls_identity_store->use_alternate_key();
+    std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+        rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+            new FakeRTCCertificateGenerator() : nullptr);
+    cert_generator->use_alternate_key();

    // Make sure the new client is using a different certificate.
    return PeerConnectionTestClient::CreateClientWithDtlsIdentityStore(
        "New Peer: ", &setup_constraints, nullptr,
-        std::move(dtls_identity_store), prefer_constraint_apis_,
+        std::move(cert_generator), prefer_constraint_apis_,
        network_thread_.get(), worker_thread_.get());
  }

--- a/webrtc/api/peerconnectionfactory_unittest.cc
+++ b/webrtc/api/peerconnectionfactory_unittest.cc
@ -17,7 +17,7 @@
 #ifdef WEBRTC_ANDROID
 #include "webrtc/api/test/androidtestinitializer.h"
 #endif
-#include "webrtc/api/test/fakedtlsidentitystore.h"
+#include "webrtc/api/test/fakertccertificategenerator.h"
 #include "webrtc/api/test/fakevideotrackrenderer.h"
 #include "webrtc/base/gunit.h"
 #include "webrtc/base/thread.h"
@ -142,11 +142,10 @@ TEST(PeerConnectionFactoryTestInternal, CreatePCUsingInternalModules) {
  NullPeerConnectionObserver observer;
  webrtc::PeerConnectionInterface::RTCConfiguration config;

-  std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory->CreatePeerConnectionWithStore(
-          config, nullptr, nullptr, std::move(dtls_identity_store), &observer));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory->CreatePeerConnection(
+      config, nullptr, nullptr, std::move(cert_generator), &observer));

  EXPECT_TRUE(pc.get() != nullptr);
 }
@ -164,12 +163,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingIceServers) {
  ice_server.uri = kTurnIceServerWithTransport;
  ice_server.password = kTurnPassword;
  config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-          config, nullptr, std::move(port_allocator_),
-          std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
  ASSERT_TRUE(pc.get() != NULL);
  cricket::ServerAddresses stun_servers;
  rtc::SocketAddress stun1("stun.l.google.com", 19302);
@ -195,12 +193,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingIceServersUrls) {
  ice_server.urls.push_back(kTurnIceServerWithTransport);
  ice_server.password = kTurnPassword;
  config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-        config, nullptr, std::move(port_allocator_),
-        std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
  ASSERT_TRUE(pc.get() != NULL);
  cricket::ServerAddresses stun_servers;
  rtc::SocketAddress stun1("stun.l.google.com", 19302);
@ -225,12 +222,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingNoUsernameInUri) {
  ice_server.username = kTurnUsername;
  ice_server.password = kTurnPassword;
  config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-          config, nullptr, std::move(port_allocator_),
-          std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
  ASSERT_TRUE(pc.get() != NULL);
  std::vector<cricket::RelayServerConfig> turn_servers;
  cricket::RelayServerConfig turn("test.com", 1234, kTurnUsername,
@ -247,12 +243,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingTurnUrlWithTransportParam) {
  ice_server.uri = kTurnIceServerWithTransport;
  ice_server.password = kTurnPassword;
  config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-          config, nullptr, std::move(port_allocator_),
-          std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
  ASSERT_TRUE(pc.get() != NULL);
  std::vector<cricket::RelayServerConfig> turn_servers;
  cricket::RelayServerConfig turn("hello.com", kDefaultStunPort, "test",
@ -273,12 +268,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingSecureTurnUrl) {
  ice_server.uri = kSecureTurnIceServerWithoutTransportAndPortParam;
  ice_server.password = kTurnPassword;
  config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-          config, nullptr, std::move(port_allocator_),
-          std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
  ASSERT_TRUE(pc.get() != NULL);
  std::vector<cricket::RelayServerConfig> turn_servers;
  cricket::RelayServerConfig turn1("hello.com", kDefaultStunTlsPort, "test",
@ -309,12 +303,11 @@ TEST_F(PeerConnectionFactoryTest, CreatePCUsingIPLiteralAddress) {
  ice_server.uri = kTurnIceServerWithIPv6Address;
  ice_server.password = kTurnPassword;
  config.servers.push_back(ice_server);
-  std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store(
-      new FakeDtlsIdentityStore());
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      factory_->CreatePeerConnectionWithStore(
-          config, nullptr, std::move(port_allocator_),
-          std::move(dtls_identity_store), &observer_));
+  std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+      new FakeRTCCertificateGenerator());
+  rtc::scoped_refptr<PeerConnectionInterface> pc(factory_->CreatePeerConnection(
+      config, nullptr, std::move(port_allocator_), std::move(cert_generator),
+      &observer_));
  ASSERT_TRUE(pc.get() != NULL);
  cricket::ServerAddresses stun_servers;
  rtc::SocketAddress stun1("1.2.3.4", 1234);
--- a/webrtc/api/peerconnectioninterface.h
+++ b/webrtc/api/peerconnectioninterface.h
@ -603,46 +603,12 @@ class PeerConnectionFactoryInterface : public rtc::RefCountInterface {
      std::unique_ptr<cricket::PortAllocator> allocator,
      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
      PeerConnectionObserver* observer) = 0;
-  // TODO(hbos): To be removed in favor of the |cert_generator| version as soon
-  // as unittests stop using this version. See bugs.webrtc.org/5707,
-  // bugs.webrtc.org/5708.
-  rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnectionWithStore(
-      const PeerConnectionInterface::RTCConfiguration& configuration,
-      const MediaConstraintsInterface* constraints,
-      std::unique_ptr<cricket::PortAllocator> allocator,
-      std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
-      PeerConnectionObserver* observer) {
-    return CreatePeerConnection(
-        configuration,
-        constraints,
-        std::move(allocator),
-        std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(
-            dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper(
-                std::move(dtls_identity_store)) : nullptr),
-        observer);
-  }

  virtual rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
      const PeerConnectionInterface::RTCConfiguration& configuration,
      std::unique_ptr<cricket::PortAllocator> allocator,
      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
      PeerConnectionObserver* observer) = 0;
-  // TODO(hbos): To be removed in favor of the |cert_generator| version as soon
-  // as unittests stop using this version. See bugs.webrtc.org/5707,
-  // bugs.webrtc.org/5708.
-  rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnectionWithStore(
-      const PeerConnectionInterface::RTCConfiguration& configuration,
-      std::unique_ptr<cricket::PortAllocator> allocator,
-      std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
-      PeerConnectionObserver* observer) {
-    return CreatePeerConnection(
-        configuration,
-        std::move(allocator),
-        std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(
-            dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper(
-                std::move(dtls_identity_store)) : nullptr),
-        observer);
-  }

  virtual rtc::scoped_refptr<MediaStreamInterface>
      CreateLocalMediaStream(const std::string& label) = 0;
--- a/webrtc/api/peerconnectioninterface_unittest.cc
+++ b/webrtc/api/peerconnectioninterface_unittest.cc
@ -26,7 +26,7 @@
 #include "webrtc/api/test/androidtestinitializer.h"
 #endif
 #include "webrtc/api/test/fakeconstraints.h"
-#include "webrtc/api/test/fakedtlsidentitystore.h"
+#include "webrtc/api/test/fakertccertificategenerator.h"
 #include "webrtc/api/test/fakevideotracksource.h"
 #include "webrtc/api/test/mockpeerconnectionobservers.h"
 #include "webrtc/api/test/testsdpstrings.h"
@ -595,17 +595,17 @@ class PeerConnectionInterfaceTest : public testing::Test {
          webrtc::MediaConstraintsInterface::kEnableDtlsSrtp, false);
    }

-    std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store;
+    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator;
    bool dtls;
    if (FindConstraint(constraints,
                       webrtc::MediaConstraintsInterface::kEnableDtlsSrtp,
                       &dtls,
                       nullptr) && dtls) {
-      dtls_identity_store.reset(new FakeDtlsIdentityStore());
+      cert_generator.reset(new FakeRTCCertificateGenerator());
    }
-    pc_ = pc_factory_->CreatePeerConnectionWithStore(
+    pc_ = pc_factory_->CreatePeerConnection(
        config, constraints, std::move(port_allocator),
-        std::move(dtls_identity_store), &observer_);
+        std::move(cert_generator), &observer_);
    ASSERT_TRUE(pc_.get() != NULL);
    observer_.SetPeerConnectionInterface(pc_.get());
    EXPECT_EQ(PeerConnectionInterface::kStable, observer_.state_);
--- a/webrtc/api/test/fakertccertificategenerator.h
+++ b/webrtc/api/test/fakertccertificategenerator.h
@ -8,8 +8,8 @@
 *  be found in the AUTHORS file in the root of the source tree.
 */

-#ifndef WEBRTC_API_TEST_FAKEDTLSIDENTITYSERVICE_H_
-#define WEBRTC_API_TEST_FAKEDTLSIDENTITYSERVICE_H_
+#ifndef WEBRTC_API_TEST_FAKERTCCERTIFICATEGENERATOR_H_
+#define WEBRTC_API_TEST_FAKERTCCERTIFICATEGENERATOR_H_

 #include <memory>
 #include <string>
@ -118,13 +118,14 @@ static const rtc::RTCCertificatePEM kEcdsaPems[] = {
        "-----END CERTIFICATE-----\n")
 };

-class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
-                              public rtc::MessageHandler {
+class FakeRTCCertificateGenerator
+    : public rtc::RTCCertificateGeneratorInterface,
+      public rtc::MessageHandler {
 public:
  typedef rtc::TypedMessageData<rtc::scoped_refptr<
-      webrtc::DtlsIdentityRequestObserver> > MessageData;
+      rtc::RTCCertificateGeneratorCallback> > MessageData;

-  FakeDtlsIdentityStore() : should_fail_(false) {}
+  FakeRTCCertificateGenerator() : should_fail_(false) {}

  void set_should_fail(bool should_fail) {
    should_fail_ = should_fail;
@ -133,16 +134,16 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
  void use_original_key() { key_index_ = 0; }
  void use_alternate_key() { key_index_ = 1; }

-  void RequestIdentity(
+  void GenerateCertificateAsync(
      const rtc::KeyParams& key_params,
      const rtc::Optional<uint64_t>& expires_ms,
-      const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>&
-          observer) override {
+      const rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback>&
+          callback) override {
    // The certificates are created from constant PEM strings and use its coded
    // expiration time, we do not support modifying it.
    RTC_DCHECK(!expires_ms);
    MessageData* msg = new MessageData(
-        rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>(observer));
+        rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback>(callback));
    uint32_t msg_id;
    // Only supports RSA-1024-0x10001 and ECDSA-P256.
    if (should_fail_) {
@ -160,22 +161,15 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
  }

  static rtc::scoped_refptr<rtc::RTCCertificate> GenerateCertificate() {
-    std::unique_ptr<rtc::SSLIdentity> identity;
    switch (rtc::KT_DEFAULT) {
    case rtc::KT_RSA:
-      identity.reset(
-          rtc::SSLIdentity::FromPEMStrings(kRsaPems[0].private_key(),
-                                           kRsaPems[0].certificate()));
-      break;
+      return rtc::RTCCertificate::FromPEM(kRsaPems[0]);
    case rtc::KT_ECDSA:
-      identity.reset(
-          rtc::SSLIdentity::FromPEMStrings(kEcdsaPems[0].private_key(),
-                                           kEcdsaPems[0].certificate()));
-      break;
+      return rtc::RTCCertificate::FromPEM(kEcdsaPems[0]);
    default:
      RTC_NOTREACHED();
+      return nullptr;
    }
-    return rtc::RTCCertificate::Create(std::move(identity));
  }

 private:
@ -206,21 +200,21 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
  // rtc::MessageHandler implementation.
  void OnMessage(rtc::Message* msg) override {
    MessageData* message_data = static_cast<MessageData*>(msg->pdata);
-    rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer =
+    rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback> callback =
        message_data->data();
+    rtc::scoped_refptr<rtc::RTCCertificate> certificate;
    switch (msg->message_id) {
      case MSG_SUCCESS_RSA:
      case MSG_SUCCESS_ECDSA: {
        rtc::KeyType key_type =
            msg->message_id == MSG_SUCCESS_RSA ? rtc::KT_RSA : rtc::KT_ECDSA;
-        std::unique_ptr<rtc::SSLIdentity> identity(
-            rtc::SSLIdentity::FromPEMStrings(get_key(key_type),
-                                             get_cert(key_type)));
-        observer->OnSuccess(std::move(identity));
+        certificate = rtc::RTCCertificate::FromPEM(get_pem(key_type));
+        RTC_DCHECK(certificate);
+        callback->OnSuccess(certificate);
        break;
      }
      case MSG_FAILURE:
-        observer->OnFailure(0);
+        callback->OnFailure();
        break;
    }
    delete message_data;
@ -230,4 +224,4 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
  int key_index_ = 0;
 };

-#endif  // WEBRTC_API_TEST_FAKEDTLSIDENTITYSERVICE_H_
+#endif  // WEBRTC_API_TEST_FAKERTCCERTIFICATEGENERATOR_H_
--- a/webrtc/api/test/peerconnectiontestwrapper.cc
+++ b/webrtc/api/test/peerconnectiontestwrapper.cc
@ -10,8 +10,8 @@

 #include <utility>

-#include "webrtc/api/test/fakedtlsidentitystore.h"
 #include "webrtc/api/test/fakeperiodicvideocapturer.h"
+#include "webrtc/api/test/fakertccertificategenerator.h"
 #include "webrtc/api/test/mockpeerconnectionobservers.h"
 #include "webrtc/api/test/peerconnectiontestwrapper.h"
 #include "webrtc/base/gunit.h"
@ -79,12 +79,12 @@ bool PeerConnectionTestWrapper::CreatePc(
  webrtc::PeerConnectionInterface::IceServer ice_server;
  ice_server.uri = "stun:stun.l.google.com:19302";
  config.servers.push_back(ice_server);
-  std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store(
-      rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeDtlsIdentityStore()
+  std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator(
+      rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeRTCCertificateGenerator()
                                            : nullptr);
-  peer_connection_ = peer_connection_factory_->CreatePeerConnectionWithStore(
-      config, constraints, std::move(port_allocator),
-      std::move(dtls_identity_store), this);
+  peer_connection_ = peer_connection_factory_->CreatePeerConnection(
+      config, constraints, std::move(port_allocator), std::move(cert_generator),
+      this);

  return peer_connection_.get() != NULL;
 }
--- a/webrtc/api/webrtcsession_unittest.cc
+++ b/webrtc/api/webrtcsession_unittest.cc
@ -19,7 +19,7 @@
 #include "webrtc/api/jsepsessiondescription.h"
 #include "webrtc/api/peerconnection.h"
 #include "webrtc/api/sctputils.h"
-#include "webrtc/api/test/fakedtlsidentitystore.h"
+#include "webrtc/api/test/fakertccertificategenerator.h"
 #include "webrtc/api/videotrack.h"
 #include "webrtc/api/webrtcsession.h"
 #include "webrtc/api/webrtcsessiondescriptionfactory.h"
@ -376,13 +376,12 @@ class WebRtcSessionTest
    network_manager_.RemoveInterface(addr);
  }

-  // If |dtls_identity_store| != null or |rtc_configuration| contains
-  // |certificates| then DTLS will be enabled unless explicitly disabled by
-  // |rtc_configuration| options. When DTLS is enabled a certificate will be
-  // used if provided, otherwise one will be generated using the
-  // |dtls_identity_store|.
+  // If |cert_generator| != null or |rtc_configuration| contains |certificates|
+  // then DTLS will be enabled unless explicitly disabled by |rtc_configuration|
+  // options. When DTLS is enabled a certificate will be used if provided,
+  // otherwise one will be generated using the |cert_generator|.
  void Init(
-      std::unique_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store) {
+      std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator) {
    ASSERT_TRUE(session_.get() == NULL);
    session_.reset(new WebRtcSessionForTest(
        media_controller_.get(), rtc::Thread::Current(), rtc::Thread::Current(),
@ -397,9 +396,6 @@ class WebRtcSessionTest
    EXPECT_EQ(PeerConnectionInterface::kIceGatheringNew,
        observer_.ice_gathering_state_);

-    std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator(
-        dtls_identity_store ? new webrtc::RTCCertificateGeneratorStoreWrapper(
-            std::move(dtls_identity_store)) : nullptr);
    EXPECT_TRUE(session_->Initialize(options_, std::move(cert_generator),
                                     configuration_));
    session_->set_metrics_observer(metrics_observer_);
@ -431,25 +427,25 @@ class WebRtcSessionTest
  // Successfully init with DTLS; with a certificate generated and supplied or
  // with a store that generates it for us.
  void InitWithDtls(RTCCertificateGenerationMethod cert_gen_method) {
-    std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store;
+    std::unique_ptr<FakeRTCCertificateGenerator> cert_generator;
    if (cert_gen_method == ALREADY_GENERATED) {
      configuration_.certificates.push_back(
-          FakeDtlsIdentityStore::GenerateCertificate());
+          FakeRTCCertificateGenerator::GenerateCertificate());
    } else if (cert_gen_method == DTLS_IDENTITY_STORE) {
-      dtls_identity_store.reset(new FakeDtlsIdentityStore());
-      dtls_identity_store->set_should_fail(false);
+      cert_generator.reset(new FakeRTCCertificateGenerator());
+      cert_generator->set_should_fail(false);
    } else {
      RTC_CHECK(false);
    }
-    Init(std::move(dtls_identity_store));
+    Init(std::move(cert_generator));
  }

  // Init with DTLS with a store that will fail to generate a certificate.
  void InitWithDtlsIdentityGenFail() {
-    std::unique_ptr<FakeDtlsIdentityStore> dtls_identity_store(
-        new FakeDtlsIdentityStore());
-    dtls_identity_store->set_should_fail(true);
-    Init(std::move(dtls_identity_store));
+    std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
+        new FakeRTCCertificateGenerator());
+    cert_generator->set_should_fail(true);
+    Init(std::move(cert_generator));
  }

  void InitWithDtmfCodec() {
@ -4106,7 +4102,7 @@ TEST_P(WebRtcSessionTest, TestSctpDataChannelOpenMessage) {

 TEST_P(WebRtcSessionTest, TestUsesProvidedCertificate) {
  rtc::scoped_refptr<rtc::RTCCertificate> certificate =
-      FakeDtlsIdentityStore::GenerateCertificate();
+      FakeRTCCertificateGenerator::GenerateCertificate();

  configuration_.certificates.push_back(certificate);
  Init();