session.go 20.1 KB
Newer Older
1
package irmaclient
2
3

import (
Koen van Ingen's avatar
Koen van Ingen committed
4
	"encoding/json"
Sietse Ringers's avatar
Sietse Ringers committed
5
6
	"fmt"
	"sort"
7
8
	"strings"

9
10
	"math/big"

11
	"github.com/go-errors/errors"
12
	"github.com/mhe/gabi"
13
	"github.com/privacybydesign/irmago"
14
15
)

Sietse Ringers's avatar
Sietse Ringers committed
16
17
18
// This file contains the logic and state of performing IRMA sessions, communicates
// with IRMA API servers, and uses the calling Client to construct messages and replies
// in the IRMA protocol.
Sietse Ringers's avatar
Sietse Ringers committed
19

Sietse Ringers's avatar
Sietse Ringers committed
20
21
// PermissionHandler is a callback for providing permission for an IRMA session
// and specifying the attributes to be disclosed.
22
type PermissionHandler func(proceed bool, choice *irma.DisclosureChoice)
23

Sietse Ringers's avatar
Sietse Ringers committed
24
// PinHandler is used to provide the user's PIN code.
25
26
type PinHandler func(proceed bool, pin string)

27
28
// A Handler contains callbacks for communication to the user.
type Handler interface {
29
	StatusUpdate(action irma.Action, status irma.Status)
30
	Success(action irma.Action, result string)
31
32
	Cancelled(action irma.Action)
	Failure(action irma.Action, err *irma.SessionError)
33
	UnsatisfiableRequest(action irma.Action, ServerName string, missing irma.AttributeDisjunctionList)
34
35

	KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int)
36
	KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier)
37
	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
38
	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
39
40
41
42
43

	RequestIssuancePermission(request irma.IssuanceRequest, ServerName string, callback PermissionHandler)
	RequestVerificationPermission(request irma.DisclosureRequest, ServerName string, callback PermissionHandler)
	RequestSignaturePermission(request irma.SignatureRequest, ServerName string, callback PermissionHandler)
	RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
Sietse Ringers's avatar
Sietse Ringers committed
44

45
	RequestPin(remainingAttempts int, callback PinHandler)
46
47
}

Sietse Ringers's avatar
Sietse Ringers committed
48
// SessionDismisser can dismiss the current IRMA session.
49
50
51
52
type SessionDismisser interface {
	Dismiss()
}

Sietse Ringers's avatar
Sietse Ringers committed
53
type session struct {
Koen van Ingen's avatar
Koen van Ingen committed
54
55
	Action  irma.Action
	Handler Handler
56
	Version *irma.ProtocolVersion
57

58
59
60
61
	choice  *irma.DisclosureChoice
	client  *Client
	request irma.SessionRequest
	done    bool
62

63
64
65
66
	// State for issuance protocol
	issuerProofNonce *big.Int
	builders         gabi.ProofBuilderList

67
	// These are empty on manual sessions
68
	ServerURL string
Koen van Ingen's avatar
Koen van Ingen committed
69
	transport *irma.HTTPTransport
70
71
}

72
// We implement the handler for the keyshare protocol
73
var _ keyshareSessionHandler = (*session)(nil)
74

75
76
// Supported protocol versions. Minor version numbers should be reverse sorted.
var supportedVersions = map[int][]int{
77
	2: {4, 3, 2, 1},
78
79
}

80
// Session constructors
81

82
// NewSession starts a new IRMA session, given (along with a handler to pass feedback to)
83
// either an irma.QR or *irma.QR; a string that contains a JSON-serialized irma.QR;
84
85
// or a string that contains a serialized *irma.SignatureRequest.
// In any other case it calls the Failure method of the specified Handler.
86
87
88
89
90
91
92
93
94
95
96
97
func (client *Client) NewSession(sessionrequest string, handler Handler) SessionDismisser {
	bts := []byte(sessionrequest)

	// Try to deserialize it as a Qr or SignatureRequest
	qr := &irma.Qr{}
	if err := irma.UnmarshalValidate(bts, qr); err == nil {
		return client.newQrSession(qr, handler)
	}

	sigrequest := &irma.SignatureRequest{}
	if err := irma.UnmarshalValidate(bts, sigrequest); err == nil {
		return client.newManualSession(sigrequest, handler)
Koen van Ingen's avatar
Koen van Ingen committed
98
99
	}

100
	handler.Failure(irma.ActionUnknown, &irma.SessionError{Err: errors.New("Session request could not be parsed")})
101
102
103
104
105
	return nil
}

// newManualSession starts a manual session, given a signature request in JSON and a handler to pass messages to
func (client *Client) newManualSession(sigrequest *irma.SignatureRequest, handler Handler) SessionDismisser {
106
	session := &session{
107
108
109
110
111
		Action:  irma.ActionSigning, // TODO hardcoded for now
		Handler: handler,
		client:  client,
		Version: irma.NewVersion(2, 0), // TODO hardcoded for now
		request: sigrequest,
Koen van Ingen's avatar
Koen van Ingen committed
112
113
	}

114
	sigrequest.RequestorName = "Email request"
Koen van Ingen's avatar
Koen van Ingen committed
115
	session.Handler.StatusUpdate(session.Action, irma.StatusManualStarted)
116
	session.processSessionInfo()
117
	return session
118
119
}

120
121
// newQrSession creates and starts a new interactive IRMA session
func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisser {
122
	session := &session{
123
		ServerURL: qr.URL,
124
		transport: irma.NewHTTPTransport(qr.URL),
125
126
127
		Action:    irma.Action(qr.Type),
		Handler:   handler,
		client:    client,
128
	}
129
130
131
132
133
134

	if session.Action == irma.ActionSchemeManager {
		go session.managerSession()
		return session
	}

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
	// Check if the action is one of the supported types
	switch session.Action {
	case irma.ActionDisclosing:
		session.request = &irma.DisclosureRequest{}
	case irma.ActionSigning:
		session.request = &irma.SignatureRequest{}
	case irma.ActionIssuing:
		session.request = &irma.IssuanceRequest{}
	case irma.ActionUnknown:
		fallthrough
	default:
		session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownAction, Info: string(session.Action)})
		return nil
	}

150
151
	version, err := calcVersion(qr)
	if err != nil {
152
		session.fail(&irma.SessionError{ErrorType: irma.ErrorProtocolVersionNotSupported, Err: err})
153
		return nil
154
	}
155
156
	session.Version = version
	session.transport.SetHeader("X-IRMA-ProtocolVersion", version.String())
157
158
159
	if !strings.HasSuffix(session.ServerURL, "/") {
		session.ServerURL += "/"
	}
160

Sietse Ringers's avatar
Sietse Ringers committed
161
	go session.getSessionInfo()
162
	return session
163
164
}

165
166
// Core session methods

167
// getSessionInfo retrieves the first message in the IRMA protocol (only in interactive sessions)
Sietse Ringers's avatar
Sietse Ringers committed
168
169
func (session *session) getSessionInfo() {
	defer session.recoverFromPanic()
170

171
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
172

Sietse Ringers's avatar
Sietse Ringers committed
173
	// Get the first IRMA protocol message and parse it
174
	err := session.transport.Get("", session.request)
Sietse Ringers's avatar
Sietse Ringers committed
175
	if err != nil {
176
		session.fail(err.(*irma.SessionError))
Sietse Ringers's avatar
Sietse Ringers committed
177
178
		return
	}
179

180
	session.processSessionInfo()
181
182
183
184
}

// processSessionInfo continues the session after all session state has been received:
// it checks if the session can be performed and asks the user for consent.
185
func (session *session) processSessionInfo() {
186
187
	defer session.recoverFromPanic()

188
	if !session.checkAndUpateConfiguration() {
189
190
191
		return
	}

192
193
194
195
196
197
198
199
	confirmedProtocolVersion := session.request.GetVersion()
	if confirmedProtocolVersion != nil {
		session.Version = confirmedProtocolVersion
	} else {
		session.Version = irma.NewVersion(2, 0)
		session.request.SetVersion(session.Version)
	}

200
	if session.Action == irma.ActionIssuing {
201
		ir := session.request.(*irma.IssuanceRequest)
Tomas's avatar
Tomas committed
202
203
204
205
206
207
208
		_, err := ir.GetCredentialInfoList(session.client.Configuration, session.Version)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownCredentialType, Err: err})
			return
		}

		// Calculate singleton credentials to be removed
Sietse Ringers's avatar
Sietse Ringers committed
209
		for _, credreq := range ir.Credentials {
210
211
212
213
			preexistingCredentials := session.client.attrs(*credreq.CredentialTypeID)
			if len(preexistingCredentials) != 0 && preexistingCredentials[0].IsValid() && preexistingCredentials[0].CredentialType().IsSingleton {
				ir.RemovalCredentialInfoList = append(ir.RemovalCredentialInfoList, preexistingCredentials[0].Info())
			}
214
215
216
		}
	}

217
	candidates, missing := session.client.CheckSatisfiability(session.request.ToDisclose())
218
	if len(missing) > 0 {
219
		session.Handler.UnsatisfiableRequest(session.Action, session.request.GetRequestorName(), missing)
220
221
		return
	}
222
	session.request.SetCandidates(candidates)
223

Sietse Ringers's avatar
Sietse Ringers committed
224
	// Ask for permission to execute the session
225
	callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
Sietse Ringers's avatar
Sietse Ringers committed
226
		session.choice = choice
227
		session.request.SetDisclosureChoice(choice)
Sietse Ringers's avatar
Sietse Ringers committed
228
		go session.doSession(proceed)
229
	})
230
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
231
	switch session.Action {
232
	case irma.ActionDisclosing:
233
		session.Handler.RequestVerificationPermission(
234
			*session.request.(*irma.DisclosureRequest), session.request.GetRequestorName(), callback)
235
	case irma.ActionSigning:
236
		session.Handler.RequestSignaturePermission(
237
			*session.request.(*irma.SignatureRequest), session.request.GetRequestorName(), callback)
238
	case irma.ActionIssuing:
239
		session.Handler.RequestIssuancePermission(
240
			*session.request.(*irma.IssuanceRequest), session.request.GetRequestorName(), callback)
241
242
243
244
245
	default:
		panic("Invalid session type") // does not happen, session.Action has been checked earlier
	}
}

246
247
248
// doSession performs the session: it computes all proofs of knowledge, constructs credentials in case of issuance,
// asks for the pin and performs the keyshare session, and finishes the session by either POSTing the result to the
// API server or returning it to the caller (in case of interactive and noninteractive sessions, respectively).
Sietse Ringers's avatar
Sietse Ringers committed
249
250
func (session *session) doSession(proceed bool) {
	defer session.recoverFromPanic()
251

252
	if !proceed {
253
		session.cancel()
254
255
		return
	}
256
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
257

258
	if !session.Distributed() {
Koen van Ingen's avatar
Koen van Ingen committed
259
		message, err := session.getProof()
Sietse Ringers's avatar
Sietse Ringers committed
260
		if err != nil {
261
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
262
263
264
265
			return
		}
		session.sendResponse(message)
	} else {
266
267
		var err error
		session.builders, session.issuerProofNonce, err = session.getBuilders()
Sietse Ringers's avatar
Sietse Ringers committed
268
		if err != nil {
269
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
270
		}
271
272
273
		startKeyshareSession(
			session,
			session.Handler,
274
			session.builders,
275
			session.request,
276
			session.client.Configuration,
277
			session.client.keyshareServers,
278
			session.issuerProofNonce,
279
		)
280
	}
Sietse Ringers's avatar
Sietse Ringers committed
281
}
282

Sietse Ringers's avatar
Sietse Ringers committed
283
284
type disclosureResponse string

285
286
// sendResponse sends the proofs of knowledge of the hidden attributes and/or the secret key, or the constructed
// attribute-based signature, to the API server.
287
func (session *session) sendResponse(message interface{}) {
Sietse Ringers's avatar
Sietse Ringers committed
288
	var log *LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
289
	var err error
290
291
	var messageJson []byte

292
293
	switch session.Action {
	case irma.ActionSigning:
294
		request, ok := session.request.(*irma.SignatureRequest)
295
296
297
298
299
		if !ok {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

300
301
302
303
304
305
		irmaSignature, err := request.SignatureFromMessage(message)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

306
307
308
309
310
311
312
		messageJson, err = json.Marshal(irmaSignature)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
			return
		}

		if session.IsInteractive() {
313
			var response disclosureResponse
314
			if err = session.transport.Post("proofs", &response, irmaSignature); err != nil {
315
316
317
318
319
320
321
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
322
		}
323
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
	case irma.ActionDisclosing:
		var response disclosureResponse
		if err = session.transport.Post("proofs", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
		if response != "VALID" {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
			return
		}
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
	case irma.ActionIssuing:
		response := []*gabi.IssueSignatureMessage{}
		if err = session.transport.Post("commitments", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
341
		if err = session.client.ConstructCredentials(response, session.request.(*irma.IssuanceRequest), session.builders); err != nil {
342
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
343
344
			return
		}
345
		log, _ = session.createLogEntry(message) // TODO err
346
347
	}

348
	_ = session.client.addLogEntry(log) // TODO err
349
	if session.Action == irma.ActionIssuing {
350
		session.client.handler.UpdateAttributes()
351
	}
352
	session.done = true
353
354
355
	session.Handler.Success(session.Action, string(messageJson))
}

356
// managerSession performs a "session" in which a new scheme manager is added (asking for permission first).
357
func (session *session) managerSession() {
358
	defer session.recoverFromPanic()
359
360
361
362

	// We have to download the scheme manager description.xml here before installing it,
	// because we need to show its contents (name, description, website) to the user
	// when asking installation permission.
363
	manager, err := irma.DownloadSchemeManager(session.ServerURL)
364
	if err != nil {
365
		session.Handler.Failure(session.Action, &irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
366
367
		return
	}
368

369
	session.Handler.RequestSchemeManagerPermission(manager, func(proceed bool) {
370
		if !proceed {
371
			session.Handler.Cancelled(session.Action) // No need to DELETE session here
372
373
			return
		}
374
		if err := session.client.Configuration.InstallSchemeManager(manager); err != nil {
375
			session.Handler.Failure(session.Action, &irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
376
377
			return
		}
378
379

		// Update state and inform user of success
380
		session.client.handler.UpdateConfiguration(
381
382
383
384
			&irma.IrmaIdentifierSet{
				SchemeManagers:  map[irma.SchemeManagerIdentifier]struct{}{manager.Identifier(): {}},
				Issuers:         map[irma.IssuerIdentifier]struct{}{},
				CredentialTypes: map[irma.CredentialTypeIdentifier]struct{}{},
Sietse Ringers's avatar
Sietse Ringers committed
385
386
			},
		)
387
		session.Handler.Success(session.Action, "")
388
389
390
	})
	return
}
391

392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
// Response calculation methods

// getBuilders computes the builders for disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively).
func (session *session) getBuilders() (gabi.ProofBuilderList, *big.Int, error) {
	var builders gabi.ProofBuilderList
	var err error

	var issuerProofNonce *big.Int
	switch session.Action {
	case irma.ActionSigning:
		builders, err = session.client.ProofBuilders(session.choice, session.request, true)
	case irma.ActionDisclosing:
		builders, err = session.client.ProofBuilders(session.choice, session.request, false)
	case irma.ActionIssuing:
		builders, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
	}

	return builders, issuerProofNonce, err
}

// getProofs computes the disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively) to be sent to the server.
func (session *session) getProof() (interface{}, error) {
	var message interface{}
	var err error

	switch session.Action {
	case irma.ActionSigning:
		message, err = session.client.Proofs(session.choice, session.request, true)
	case irma.ActionDisclosing:
		message, err = session.client.Proofs(session.choice, session.request, false)
	case irma.ActionIssuing:
		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
	}

	return message, err
}

// Helper functions

func calcVersion(qr *irma.Qr) (*irma.ProtocolVersion, error) {
	// Iterate supportedVersions in reverse sorted order (i.e. biggest major number first)
	keys := make([]int, 0, len(supportedVersions))
	for k := range supportedVersions {
		keys = append(keys, k)
	}
	sort.Sort(sort.Reverse(sort.IntSlice(keys)))
	for _, major := range keys {
		for _, minor := range supportedVersions[major] {
			aboveMinimum := major > qr.ProtocolVersion.Major || (major == qr.ProtocolVersion.Major && minor >= qr.ProtocolVersion.Minor)
			underMaximum := major < qr.ProtocolMaxVersion.Major || (major == qr.ProtocolMaxVersion.Major && minor <= qr.ProtocolMaxVersion.Minor)
			if aboveMinimum && underMaximum {
				return irma.NewVersion(major, minor), nil
			}
		}
	}
	return nil, fmt.Errorf("No supported protocol version between %s and %s", qr.ProtocolVersion.String(), qr.ProtocolMaxVersion.String())
}

// checkKeyshareEnrollment checks if we are enrolled into all involved keyshare servers,
// and aborts the session if not
func (session *session) checkKeyshareEnrollment() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, ok := session.client.Configuration.SchemeManagers[id]
		if !ok {
			session.Handler.Failure(session.Action, &irma.SessionError{ErrorType: irma.ErrorUnknownSchemeManager, Info: id.String()})
			return false
		}
		distributed := manager.Distributed()
		_, enrolled := session.client.keyshareServers[id]
		if distributed && !enrolled {
			session.Handler.KeyshareEnrollmentMissing(id)
			return false
		}
	}
	return true
}

func (session *session) checkAndUpateConfiguration() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, contains := session.client.Configuration.SchemeManagers[id]
		if !contains {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorUnknownSchemeManager,
				Info:      id.String(),
			})
			return false
		}
		if !manager.Valid {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorInvalidSchemeManager,
				Info:      string(manager.Status),
			})
			return false
		}
	}

	// Check if we are enrolled into all involved keyshare servers
	if !session.checkKeyshareEnrollment() {
		return false
	}

	// Download missing credential types/issuers/public keys from the scheme manager
	downloaded, err := session.client.Configuration.Download(session.request)
	if err != nil {
		session.fail(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
		return false
	}
	if downloaded != nil && !downloaded.Empty() {
		session.client.handler.UpdateConfiguration(downloaded)
	}
	return true
}

// IsInteractive returns whether this session uses an API server or not.
func (session *session) IsInteractive() bool {
	return session.ServerURL != ""
}

// Distributed returns whether or not this session involves a keyshare server.
func (session *session) Distributed() bool {
	var smi irma.SchemeManagerIdentifier
	if session.Action == irma.ActionIssuing {
		for _, credreq := range session.request.(*irma.IssuanceRequest).Credentials {
			smi = credreq.CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
			if session.client.Configuration.SchemeManagers[smi].Distributed() {
				return true
			}
		}
	}

	if session.choice == nil || session.choice.Attributes == nil {
		return false
	}

	for _, ai := range session.choice.Attributes {
		smi = ai.Type.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()
		if session.client.Configuration.SchemeManagers[smi].Distributed() {
			return true
		}
	}

	return false
}

538
539
// Session lifetime functions

540
541
542
543
544
545
546
547
func (session *session) recoverFromPanic() {
	if e := recover(); e != nil {
		if session.Handler != nil {
			session.Handler.Failure(session.Action, panicToError(e))
		}
	}
}

548
549
550
551
552
553
554
555
556
557
func panicToError(e interface{}) *irma.SessionError {
	var info string
	switch x := e.(type) {
	case string:
		info = x
	case error:
		info = x.Error()
	case fmt.Stringer:
		info = x.String()
	default: // nop
558
	}
559
	fmt.Println("Panic: " + info)
560
	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info}
561
562
563
}

// Idempotently send DELETE to remote server, returning whether or not we did something
564
func (session *session) delete() bool {
565
	if !session.done {
566
567
568
		if session.IsInteractive() {
			session.transport.Delete()
		}
569
		session.done = true
570
571
572
573
574
		return true
	}
	return false
}

575
func (session *session) fail(err *irma.SessionError) {
576
577
578
579
580
581
	if session.delete() {
		err.Err = errors.Wrap(err.Err, 0)
		session.Handler.Failure(session.Action, err)
	}
}

582
func (session *session) cancel() {
583
584
585
586
587
	if session.delete() {
		session.Handler.Cancelled(session.Action)
	}
}

588
func (session *session) Dismiss() {
589
590
	session.cancel()
}
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631

// Keyshare session handler methods

func (session *session) KeyshareDone(message interface{}) {
	session.sendResponse(message)
}

func (session *session) KeyshareCancelled() {
	session.cancel()
}

func (session *session) KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentIncomplete(manager)
}

func (session *session) KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentDeleted(manager)
}

func (session *session) KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int) {
	session.Handler.KeyshareBlocked(manager, duration)
}

func (session *session) KeyshareError(manager *irma.SchemeManagerIdentifier, err error) {
	var serr *irma.SessionError
	var ok bool
	if serr, ok = err.(*irma.SessionError); !ok {
		serr = &irma.SessionError{ErrorType: irma.ErrorKeyshare, Err: err}
	} else {
		serr.ErrorType = irma.ErrorKeyshare
	}
	session.fail(serr)
}

func (session *session) KeysharePin() {
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
}

func (session *session) KeysharePinOK() {
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
}