WebRTC uses DTLS in two ways:
The W3C WebRTC API represents this as the DtlsTransport.
The DTLS handshake happens after the ICE transport becomes writable and has found a valid pair. It results in a set of keys being derived for DTLS-SRTP as well as a fingerprint of the remote certificate which is compared to the one given in the SDP a=fingerprint: line.
This documentation provides an overview of how DTLS is implemented, i.e how the following classes interact.
The webrtc::DtlsTransport class is a wrapper around the cricket::DtlsTransportInternal and allows registering observers implementing the webrtc::DtlsTransportObserverInterface. The webrtc::DtlsTransportObserverInterface will provide updates to the observers, passing around a snapshot of the transports state such as the connection state, the remote certificate(s) and the SRTP ciphers as DtlsTransportInformation.
The cricket::DtlsTransportInternal class is an interface. Its implementation is cricket::DtlsTransport. The cricket::DtlsTransport sends and receives network packets via an ICE transport. It also demultiplexes DTLS packets and SRTP packets according to the scheme described in RFC 5764.
The webrtc::DtlsSrtpTransport class is responsŃ–ble for extracting the SRTP keys after the DTLS handshake as well as protection and unprotection of SRTP packets via its cricket::SrtpSession.