session.go 19.8 KB
Newer Older
1
package irmaclient
2
3

import (
Koen van Ingen's avatar
Koen van Ingen committed
4
	"encoding/json"
Sietse Ringers's avatar
Sietse Ringers committed
5
	"fmt"
6
	"net/url"
7
8
	"strings"

9
	"github.com/go-errors/errors"
10
	"github.com/mhe/gabi"
11
	"github.com/mhe/gabi/big"
12
	"github.com/privacybydesign/irmago"
13
14
)

Sietse Ringers's avatar
Sietse Ringers committed
15
16
17
// This file contains the logic and state of performing IRMA sessions, communicates
// with IRMA API servers, and uses the calling Client to construct messages and replies
// in the IRMA protocol.
Sietse Ringers's avatar
Sietse Ringers committed
18

Sietse Ringers's avatar
Sietse Ringers committed
19
20
// PermissionHandler is a callback for providing permission for an IRMA session
// and specifying the attributes to be disclosed.
21
type PermissionHandler func(proceed bool, choice *irma.DisclosureChoice)
22

Sietse Ringers's avatar
Sietse Ringers committed
23
// PinHandler is used to provide the user's PIN code.
24
25
type PinHandler func(proceed bool, pin string)

26
27
// A Handler contains callbacks for communication to the user.
type Handler interface {
28
	StatusUpdate(action irma.Action, status irma.Status)
29
30
31
32
	Success(result string)
	Cancelled()
	Failure(err *irma.SessionError)
	UnsatisfiableRequest(ServerName string, missing irma.AttributeDisjunctionList)
33
34

	KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int)
35
	KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier)
36
	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
37
	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
38
39
40
41
42

	RequestIssuancePermission(request irma.IssuanceRequest, ServerName string, callback PermissionHandler)
	RequestVerificationPermission(request irma.DisclosureRequest, ServerName string, callback PermissionHandler)
	RequestSignaturePermission(request irma.SignatureRequest, ServerName string, callback PermissionHandler)
	RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
Sietse Ringers's avatar
Sietse Ringers committed
43

44
	RequestPin(remainingAttempts int, callback PinHandler)
45
46
}

Sietse Ringers's avatar
Sietse Ringers committed
47
// SessionDismisser can dismiss the current IRMA session.
48
49
50
51
type SessionDismisser interface {
	Dismiss()
}

Sietse Ringers's avatar
Sietse Ringers committed
52
type session struct {
53
54
55
56
	Action     irma.Action
	Handler    Handler
	Version    *irma.ProtocolVersion
	ServerName string
57

58
59
60
61
	choice  *irma.DisclosureChoice
	client  *Client
	request irma.SessionRequest
	done    bool
62

63
64
65
66
	// State for issuance protocol
	issuerProofNonce *big.Int
	builders         gabi.ProofBuilderList

67
	// These are empty on manual sessions
68
	ServerURL string
Koen van Ingen's avatar
Koen van Ingen committed
69
	transport *irma.HTTPTransport
70
71
}

72
// We implement the handler for the keyshare protocol
73
var _ keyshareSessionHandler = (*session)(nil)
74

75
76
// Supported protocol versions. Minor version numbers should be reverse sorted.
var supportedVersions = map[int][]int{
Sietse Ringers's avatar
Sietse Ringers committed
77
	2: {4},
78
}
Sietse Ringers's avatar
Sietse Ringers committed
79
80
81
var minVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][0]}
var maxVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][len(supportedVersions[2])-1]}

82
// Session constructors
83

84
85
// NewSession starts a new IRMA session, given (along with a handler to pass feedback to) a session request.
// When the request is not suitable to start an IRMA session from, it calls the Failure method of the specified Handler.
86
87
88
89
90
91
92
93
func (client *Client) NewSession(sessionrequest string, handler Handler) SessionDismisser {
	bts := []byte(sessionrequest)

	qr := &irma.Qr{}
	if err := irma.UnmarshalValidate(bts, qr); err == nil {
		return client.newQrSession(qr, handler)
	}

94
95
96
97
98
99
100
	schemeRequest := &irma.SchemeManagerRequest{}
	if err := irma.UnmarshalValidate(bts, schemeRequest); err == nil {
		return client.newSchemeSession(schemeRequest, handler)
	}

	sigRequest := &irma.SignatureRequest{}
	if err := irma.UnmarshalValidate(bts, sigRequest); err == nil {
101
102
103
104
105
106
		return client.newManualSession(sigRequest, handler, irma.ActionSigning)
	}

	disclosureRequest := &irma.DisclosureRequest{}
	if err := irma.UnmarshalValidate(bts, disclosureRequest); err == nil {
		return client.newManualSession(disclosureRequest, handler, irma.ActionDisclosing)
Koen van Ingen's avatar
Koen van Ingen committed
107
108
	}

109
	handler.Failure(&irma.SessionError{Err: errors.New("Session request could not be parsed")})
110
111
112
113
	return nil
}

// newManualSession starts a manual session, given a signature request in JSON and a handler to pass messages to
114
func (client *Client) newManualSession(request irma.SessionRequest, handler Handler, action irma.Action) SessionDismisser {
115
	session := &session{
116
		Action:     action,
117
118
		Handler:    handler,
		client:     client,
Sietse Ringers's avatar
Sietse Ringers committed
119
		Version:    minVersion,
120
121
		ServerName: "",
		request:    request,
Koen van Ingen's avatar
Koen van Ingen committed
122
	}
123
	session.Handler.StatusUpdate(session.Action, irma.StatusManualStarted)
Koen van Ingen's avatar
Koen van Ingen committed
124

125
	session.processSessionInfo()
126
	return session
127
128
}

129
130
131
132
133
134
135
136
137
138
139
140
141
142
func (client *Client) newSchemeSession(qr *irma.SchemeManagerRequest, handler Handler) SessionDismisser {
	session := &session{
		ServerURL: qr.URL,
		transport: irma.NewHTTPTransport(qr.URL),
		Action:    irma.ActionSchemeManager,
		Handler:   handler,
		client:    client,
	}
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)

	go session.managerSession()
	return session
}

143
144
// newQrSession creates and starts a new interactive IRMA session
func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisser {
145
	u, _ := url.ParseRequestURI(qr.URL) // Qr validator already checked this for errors
146
	session := &session{
147
148
149
150
151
152
		ServerURL:  qr.URL,
		ServerName: u.Hostname(),
		transport:  irma.NewHTTPTransport(qr.URL),
		Action:     irma.Action(qr.Type),
		Handler:    handler,
		client:     client,
153
	}
154
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
155

156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
	// Check if the action is one of the supported types
	switch session.Action {
	case irma.ActionDisclosing:
		session.request = &irma.DisclosureRequest{}
	case irma.ActionSigning:
		session.request = &irma.SignatureRequest{}
	case irma.ActionIssuing:
		session.request = &irma.IssuanceRequest{}
	case irma.ActionUnknown:
		fallthrough
	default:
		session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownAction, Info: string(session.Action)})
		return nil
	}

171
172
	session.transport.SetHeader(irma.MinVersionHeader, minVersion.String())
	session.transport.SetHeader(irma.MaxVersionHeader, maxVersion.String())
173
174
175
	if !strings.HasSuffix(session.ServerURL, "/") {
		session.ServerURL += "/"
	}
176

Sietse Ringers's avatar
Sietse Ringers committed
177
	go session.getSessionInfo()
178
	return session
179
180
}

181
182
// Core session methods

183
// getSessionInfo retrieves the first message in the IRMA protocol (only in interactive sessions)
Sietse Ringers's avatar
Sietse Ringers committed
184
185
func (session *session) getSessionInfo() {
	defer session.recoverFromPanic()
186

187
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
188

Sietse Ringers's avatar
Sietse Ringers committed
189
	// Get the first IRMA protocol message and parse it
190
	err := session.transport.Get("", session.request)
Sietse Ringers's avatar
Sietse Ringers committed
191
	if err != nil {
192
		session.fail(err.(*irma.SessionError))
Sietse Ringers's avatar
Sietse Ringers committed
193
194
		return
	}
195

196
	session.processSessionInfo()
197
198
199
200
}

// processSessionInfo continues the session after all session state has been received:
// it checks if the session can be performed and asks the user for consent.
201
func (session *session) processSessionInfo() {
202
203
	defer session.recoverFromPanic()

204
	if !session.checkAndUpateConfiguration() {
205
206
207
		return
	}

208
209
210
211
212
213
214
215
	confirmedProtocolVersion := session.request.GetVersion()
	if confirmedProtocolVersion != nil {
		session.Version = confirmedProtocolVersion
	} else {
		session.Version = irma.NewVersion(2, 0)
		session.request.SetVersion(session.Version)
	}

216
	if session.Action == irma.ActionIssuing {
217
		ir := session.request.(*irma.IssuanceRequest)
Tomas's avatar
Tomas committed
218
219
220
221
222
223
224
		_, err := ir.GetCredentialInfoList(session.client.Configuration, session.Version)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownCredentialType, Err: err})
			return
		}

		// Calculate singleton credentials to be removed
225
		ir.RemovalCredentialInfoList = irma.CredentialInfoList{}
Sietse Ringers's avatar
Sietse Ringers committed
226
		for _, credreq := range ir.Credentials {
227
			preexistingCredentials := session.client.attrs(credreq.CredentialTypeID)
228
229
230
			if len(preexistingCredentials) != 0 && preexistingCredentials[0].IsValid() && preexistingCredentials[0].CredentialType().IsSingleton {
				ir.RemovalCredentialInfoList = append(ir.RemovalCredentialInfoList, preexistingCredentials[0].Info())
			}
231
232
233
		}
	}

234
	candidates, missing := session.client.CheckSatisfiability(session.request.ToDisclose())
235
	if len(missing) > 0 {
236
		session.Handler.UnsatisfiableRequest(session.ServerName, missing)
237
238
		return
	}
239
	session.request.SetCandidates(candidates)
240

Sietse Ringers's avatar
Sietse Ringers committed
241
	// Ask for permission to execute the session
242
	callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
Sietse Ringers's avatar
Sietse Ringers committed
243
		session.choice = choice
244
		session.request.SetDisclosureChoice(choice)
Sietse Ringers's avatar
Sietse Ringers committed
245
		go session.doSession(proceed)
246
	})
247
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
248
	switch session.Action {
249
	case irma.ActionDisclosing:
250
		session.Handler.RequestVerificationPermission(
251
			*session.request.(*irma.DisclosureRequest), session.ServerName, callback)
252
	case irma.ActionSigning:
253
		session.Handler.RequestSignaturePermission(
254
			*session.request.(*irma.SignatureRequest), session.ServerName, callback)
255
	case irma.ActionIssuing:
256
		session.Handler.RequestIssuancePermission(
257
			*session.request.(*irma.IssuanceRequest), session.ServerName, callback)
258
259
260
261
262
	default:
		panic("Invalid session type") // does not happen, session.Action has been checked earlier
	}
}

263
264
265
// doSession performs the session: it computes all proofs of knowledge, constructs credentials in case of issuance,
// asks for the pin and performs the keyshare session, and finishes the session by either POSTing the result to the
// API server or returning it to the caller (in case of interactive and noninteractive sessions, respectively).
Sietse Ringers's avatar
Sietse Ringers committed
266
267
func (session *session) doSession(proceed bool) {
	defer session.recoverFromPanic()
268

269
	if !proceed {
270
		session.cancel()
271
272
		return
	}
273
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
274

275
	if !session.Distributed() {
Koen van Ingen's avatar
Koen van Ingen committed
276
		message, err := session.getProof()
Sietse Ringers's avatar
Sietse Ringers committed
277
		if err != nil {
278
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
279
280
281
282
			return
		}
		session.sendResponse(message)
	} else {
283
284
		var err error
		session.builders, session.issuerProofNonce, err = session.getBuilders()
Sietse Ringers's avatar
Sietse Ringers committed
285
		if err != nil {
286
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
287
		}
288
289
290
		startKeyshareSession(
			session,
			session.Handler,
291
			session.builders,
292
			session.request,
293
			session.client.Configuration,
294
			session.client.keyshareServers,
295
			session.issuerProofNonce,
296
		)
297
	}
Sietse Ringers's avatar
Sietse Ringers committed
298
}
299

Sietse Ringers's avatar
Sietse Ringers committed
300
301
type disclosureResponse string

302
303
// sendResponse sends the proofs of knowledge of the hidden attributes and/or the secret key, or the constructed
// attribute-based signature, to the API server.
304
func (session *session) sendResponse(message interface{}) {
Sietse Ringers's avatar
Sietse Ringers committed
305
	var log *LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
306
	var err error
307
308
	var messageJson []byte

309
310
	switch session.Action {
	case irma.ActionSigning:
311
		irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message)
312
313
314
315
316
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

317
318
319
320
321
322
323
		messageJson, err = json.Marshal(irmaSignature)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
			return
		}

		if session.IsInteractive() {
324
			var response disclosureResponse
325
			if err = session.transport.Post("proofs", &response, irmaSignature); err != nil {
326
327
328
329
330
331
332
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
333
		}
334
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
335
	case irma.ActionDisclosing:
336
337
338
		messageJson, err = json.Marshal(message)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
339
340
			return
		}
341
342
343
344
345
346
347
348
349
350
		if session.IsInteractive() {
			var response disclosureResponse
			if err = session.transport.Post("proofs", &response, message); err != nil {
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
351
352
353
354
355
356
357
358
		}
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
	case irma.ActionIssuing:
		response := []*gabi.IssueSignatureMessage{}
		if err = session.transport.Post("commitments", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
359
		if err = session.client.ConstructCredentials(response, session.request.(*irma.IssuanceRequest), session.builders); err != nil {
360
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
361
362
			return
		}
363
		log, _ = session.createLogEntry(message) // TODO err
364
365
	}

366
	_ = session.client.addLogEntry(log) // TODO err
367
	if session.Action == irma.ActionIssuing {
368
		session.client.handler.UpdateAttributes()
369
	}
370
	session.done = true
371
	session.Handler.Success(string(messageJson))
372
373
}

374
// managerSession performs a "session" in which a new scheme manager is added (asking for permission first).
375
func (session *session) managerSession() {
376
	defer session.recoverFromPanic()
377
378
379
380

	// We have to download the scheme manager description.xml here before installing it,
	// because we need to show its contents (name, description, website) to the user
	// when asking installation permission.
381
	manager, err := irma.DownloadSchemeManager(session.ServerURL)
382
	if err != nil {
383
		session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
384
385
		return
	}
386

387
	session.Handler.RequestSchemeManagerPermission(manager, func(proceed bool) {
388
		if !proceed {
389
			session.Handler.Cancelled() // No need to DELETE session here
390
391
			return
		}
392
		if err := session.client.Configuration.InstallSchemeManager(manager); err != nil {
393
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
394
395
			return
		}
396
397

		// Update state and inform user of success
398
		session.client.handler.UpdateConfiguration(
399
400
401
402
			&irma.IrmaIdentifierSet{
				SchemeManagers:  map[irma.SchemeManagerIdentifier]struct{}{manager.Identifier(): {}},
				Issuers:         map[irma.IssuerIdentifier]struct{}{},
				CredentialTypes: map[irma.CredentialTypeIdentifier]struct{}{},
Sietse Ringers's avatar
Sietse Ringers committed
403
404
			},
		)
405
		session.Handler.Success("")
406
407
408
	})
	return
}
409

410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
// Response calculation methods

// getBuilders computes the builders for disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively).
func (session *session) getBuilders() (gabi.ProofBuilderList, *big.Int, error) {
	var builders gabi.ProofBuilderList
	var err error

	var issuerProofNonce *big.Int
	switch session.Action {
	case irma.ActionSigning:
		builders, err = session.client.ProofBuilders(session.choice, session.request, true)
	case irma.ActionDisclosing:
		builders, err = session.client.ProofBuilders(session.choice, session.request, false)
	case irma.ActionIssuing:
		builders, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
	}

	return builders, issuerProofNonce, err
}

// getProofs computes the disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively) to be sent to the server.
func (session *session) getProof() (interface{}, error) {
	var message interface{}
	var err error

	switch session.Action {
	case irma.ActionSigning:
		message, err = session.client.Proofs(session.choice, session.request, true)
	case irma.ActionDisclosing:
		message, err = session.client.Proofs(session.choice, session.request, false)
	case irma.ActionIssuing:
		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
	}

	return message, err
}

// Helper functions

// checkKeyshareEnrollment checks if we are enrolled into all involved keyshare servers,
// and aborts the session if not
func (session *session) checkKeyshareEnrollment() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, ok := session.client.Configuration.SchemeManagers[id]
		if !ok {
457
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorUnknownSchemeManager, Info: id.String()})
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
			return false
		}
		distributed := manager.Distributed()
		_, enrolled := session.client.keyshareServers[id]
		if distributed && !enrolled {
			session.Handler.KeyshareEnrollmentMissing(id)
			return false
		}
	}
	return true
}

func (session *session) checkAndUpateConfiguration() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, contains := session.client.Configuration.SchemeManagers[id]
		if !contains {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorUnknownSchemeManager,
				Info:      id.String(),
			})
			return false
		}
		if !manager.Valid {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorInvalidSchemeManager,
				Info:      string(manager.Status),
			})
			return false
		}
	}

	// Check if we are enrolled into all involved keyshare servers
	if !session.checkKeyshareEnrollment() {
		return false
	}

	// Download missing credential types/issuers/public keys from the scheme manager
	downloaded, err := session.client.Configuration.Download(session.request)
	if err != nil {
		session.fail(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
		return false
	}
	if downloaded != nil && !downloaded.Empty() {
		session.client.handler.UpdateConfiguration(downloaded)
	}
	return true
}

// IsInteractive returns whether this session uses an API server or not.
func (session *session) IsInteractive() bool {
	return session.ServerURL != ""
}

// Distributed returns whether or not this session involves a keyshare server.
func (session *session) Distributed() bool {
	var smi irma.SchemeManagerIdentifier
	if session.Action == irma.ActionIssuing {
		for _, credreq := range session.request.(*irma.IssuanceRequest).Credentials {
			smi = credreq.CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
			if session.client.Configuration.SchemeManagers[smi].Distributed() {
				return true
			}
		}
	}

	if session.choice == nil || session.choice.Attributes == nil {
		return false
	}

	for _, ai := range session.choice.Attributes {
		smi = ai.Type.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()
		if session.client.Configuration.SchemeManagers[smi].Distributed() {
			return true
		}
	}

	return false
}

537
538
// Session lifetime functions

539
540
541
func (session *session) recoverFromPanic() {
	if e := recover(); e != nil {
		if session.Handler != nil {
542
			session.Handler.Failure(panicToError(e))
543
544
545
546
		}
	}
}

547
548
549
550
551
552
553
554
555
556
func panicToError(e interface{}) *irma.SessionError {
	var info string
	switch x := e.(type) {
	case string:
		info = x
	case error:
		info = x.Error()
	case fmt.Stringer:
		info = x.String()
	default: // nop
557
	}
558
	fmt.Println("Panic: " + info)
559
	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info}
560
561
562
}

// Idempotently send DELETE to remote server, returning whether or not we did something
563
func (session *session) delete() bool {
564
	if !session.done {
565
566
567
		if session.IsInteractive() {
			session.transport.Delete()
		}
568
		session.done = true
569
570
571
572
573
		return true
	}
	return false
}

574
func (session *session) fail(err *irma.SessionError) {
575
576
	if session.delete() {
		err.Err = errors.Wrap(err.Err, 0)
577
		session.Handler.Failure(err)
578
579
580
	}
}

581
func (session *session) cancel() {
582
	if session.delete() {
583
		session.Handler.Cancelled()
584
585
586
	}
}

587
func (session *session) Dismiss() {
588
589
	session.cancel()
}
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630

// Keyshare session handler methods

func (session *session) KeyshareDone(message interface{}) {
	session.sendResponse(message)
}

func (session *session) KeyshareCancelled() {
	session.cancel()
}

func (session *session) KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentIncomplete(manager)
}

func (session *session) KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentDeleted(manager)
}

func (session *session) KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int) {
	session.Handler.KeyshareBlocked(manager, duration)
}

func (session *session) KeyshareError(manager *irma.SchemeManagerIdentifier, err error) {
	var serr *irma.SessionError
	var ok bool
	if serr, ok = err.(*irma.SessionError); !ok {
		serr = &irma.SessionError{ErrorType: irma.ErrorKeyshare, Err: err}
	} else {
		serr.ErrorType = irma.ErrorKeyshare
	}
	session.fail(serr)
}

func (session *session) KeysharePin() {
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
}

func (session *session) KeysharePinOK() {
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
}