session.go 20.3 KB
Newer Older
1
package irmaclient
2
3

import (
Koen van Ingen's avatar
Koen van Ingen committed
4
	"encoding/json"
Sietse Ringers's avatar
Sietse Ringers committed
5
6
	"fmt"
	"sort"
7
8
	"strings"

9
10
	"math/big"

11
	"github.com/go-errors/errors"
12
	"github.com/mhe/gabi"
13
	"github.com/privacybydesign/irmago"
14
15
)

Sietse Ringers's avatar
Sietse Ringers committed
16
17
18
// This file contains the logic and state of performing IRMA sessions, communicates
// with IRMA API servers, and uses the calling Client to construct messages and replies
// in the IRMA protocol.
Sietse Ringers's avatar
Sietse Ringers committed
19

Sietse Ringers's avatar
Sietse Ringers committed
20
21
// PermissionHandler is a callback for providing permission for an IRMA session
// and specifying the attributes to be disclosed.
22
type PermissionHandler func(proceed bool, choice *irma.DisclosureChoice)
23

Sietse Ringers's avatar
Sietse Ringers committed
24
// PinHandler is used to provide the user's PIN code.
25
26
type PinHandler func(proceed bool, pin string)

27
28
// A Handler contains callbacks for communication to the user.
type Handler interface {
29
	StatusUpdate(action irma.Action, status irma.Status)
30
31
32
33
	Success(result string)
	Cancelled()
	Failure(err *irma.SessionError)
	UnsatisfiableRequest(ServerName string, missing irma.AttributeDisjunctionList)
34
35

	KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int)
36
	KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier)
37
	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
38
	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
39
40
41
42
43

	RequestIssuancePermission(request irma.IssuanceRequest, ServerName string, callback PermissionHandler)
	RequestVerificationPermission(request irma.DisclosureRequest, ServerName string, callback PermissionHandler)
	RequestSignaturePermission(request irma.SignatureRequest, ServerName string, callback PermissionHandler)
	RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
Sietse Ringers's avatar
Sietse Ringers committed
44

45
	RequestPin(remainingAttempts int, callback PinHandler)
46
47
}

Sietse Ringers's avatar
Sietse Ringers committed
48
// SessionDismisser can dismiss the current IRMA session.
49
50
51
52
type SessionDismisser interface {
	Dismiss()
}

Sietse Ringers's avatar
Sietse Ringers committed
53
type session struct {
Koen van Ingen's avatar
Koen van Ingen committed
54
55
	Action  irma.Action
	Handler Handler
56
	Version *irma.ProtocolVersion
57

58
59
60
61
	choice  *irma.DisclosureChoice
	client  *Client
	request irma.SessionRequest
	done    bool
62

63
64
65
66
	// State for issuance protocol
	issuerProofNonce *big.Int
	builders         gabi.ProofBuilderList

67
	// These are empty on manual sessions
68
	ServerURL string
Koen van Ingen's avatar
Koen van Ingen committed
69
	transport *irma.HTTPTransport
70
71
}

72
// We implement the handler for the keyshare protocol
73
var _ keyshareSessionHandler = (*session)(nil)
74

75
76
// Supported protocol versions. Minor version numbers should be reverse sorted.
var supportedVersions = map[int][]int{
77
	2: {4, 3, 2, 1},
78
79
}

80
// Session constructors
81

82
83
// NewSession starts a new IRMA session, given (along with a handler to pass feedback to) a session request.
// When the request is not suitable to start an IRMA session from, it calls the Failure method of the specified Handler.
84
85
86
87
88
89
90
91
func (client *Client) NewSession(sessionrequest string, handler Handler) SessionDismisser {
	bts := []byte(sessionrequest)

	qr := &irma.Qr{}
	if err := irma.UnmarshalValidate(bts, qr); err == nil {
		return client.newQrSession(qr, handler)
	}

92
93
94
95
96
97
98
99
	schemeRequest := &irma.SchemeManagerRequest{}
	if err := irma.UnmarshalValidate(bts, schemeRequest); err == nil {
		return client.newSchemeSession(schemeRequest, handler)
	}

	sigRequest := &irma.SignatureRequest{}
	if err := irma.UnmarshalValidate(bts, sigRequest); err == nil {
		return client.newManualSession(sigRequest, handler)
Koen van Ingen's avatar
Koen van Ingen committed
100
101
	}

102
	handler.Failure(&irma.SessionError{Err: errors.New("Session request could not be parsed")})
103
104
105
106
107
	return nil
}

// newManualSession starts a manual session, given a signature request in JSON and a handler to pass messages to
func (client *Client) newManualSession(sigrequest *irma.SignatureRequest, handler Handler) SessionDismisser {
108
	session := &session{
109
110
111
112
113
		Action:  irma.ActionSigning, // TODO hardcoded for now
		Handler: handler,
		client:  client,
		Version: irma.NewVersion(2, 0), // TODO hardcoded for now
		request: sigrequest,
Koen van Ingen's avatar
Koen van Ingen committed
114
	}
115
	session.Handler.StatusUpdate(session.Action, irma.StatusManualStarted)
Koen van Ingen's avatar
Koen van Ingen committed
116

117
118
	sigrequest.RequestorName = "Email request"
	session.processSessionInfo()
119
	return session
120
121
}

122
123
124
125
126
127
128
129
130
131
132
133
134
135
func (client *Client) newSchemeSession(qr *irma.SchemeManagerRequest, handler Handler) SessionDismisser {
	session := &session{
		ServerURL: qr.URL,
		transport: irma.NewHTTPTransport(qr.URL),
		Action:    irma.ActionSchemeManager,
		Handler:   handler,
		client:    client,
	}
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)

	go session.managerSession()
	return session
}

136
137
// newQrSession creates and starts a new interactive IRMA session
func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisser {
138
	session := &session{
139
		ServerURL: qr.URL,
140
		transport: irma.NewHTTPTransport(qr.URL),
141
142
143
		Action:    irma.Action(qr.Type),
		Handler:   handler,
		client:    client,
144
	}
145
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
146

147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
	// Check if the action is one of the supported types
	switch session.Action {
	case irma.ActionDisclosing:
		session.request = &irma.DisclosureRequest{}
	case irma.ActionSigning:
		session.request = &irma.SignatureRequest{}
	case irma.ActionIssuing:
		session.request = &irma.IssuanceRequest{}
	case irma.ActionUnknown:
		fallthrough
	default:
		session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownAction, Info: string(session.Action)})
		return nil
	}

162
163
	version, err := calcVersion(qr)
	if err != nil {
164
		session.fail(&irma.SessionError{ErrorType: irma.ErrorProtocolVersionNotSupported, Err: err})
165
		return nil
166
	}
167
168
	session.Version = version
	session.transport.SetHeader("X-IRMA-ProtocolVersion", version.String())
169
170
171
	if !strings.HasSuffix(session.ServerURL, "/") {
		session.ServerURL += "/"
	}
172

Sietse Ringers's avatar
Sietse Ringers committed
173
	go session.getSessionInfo()
174
	return session
175
176
}

177
178
// Core session methods

179
// getSessionInfo retrieves the first message in the IRMA protocol (only in interactive sessions)
Sietse Ringers's avatar
Sietse Ringers committed
180
181
func (session *session) getSessionInfo() {
	defer session.recoverFromPanic()
182

183
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
184

Sietse Ringers's avatar
Sietse Ringers committed
185
	// Get the first IRMA protocol message and parse it
186
	err := session.transport.Get("", session.request)
Sietse Ringers's avatar
Sietse Ringers committed
187
	if err != nil {
188
		session.fail(err.(*irma.SessionError))
Sietse Ringers's avatar
Sietse Ringers committed
189
190
		return
	}
191

192
	session.processSessionInfo()
193
194
195
196
}

// processSessionInfo continues the session after all session state has been received:
// it checks if the session can be performed and asks the user for consent.
197
func (session *session) processSessionInfo() {
198
199
	defer session.recoverFromPanic()

200
	if !session.checkAndUpateConfiguration() {
201
202
203
		return
	}

204
205
206
207
208
209
210
211
	confirmedProtocolVersion := session.request.GetVersion()
	if confirmedProtocolVersion != nil {
		session.Version = confirmedProtocolVersion
	} else {
		session.Version = irma.NewVersion(2, 0)
		session.request.SetVersion(session.Version)
	}

212
	if session.Action == irma.ActionIssuing {
213
		ir := session.request.(*irma.IssuanceRequest)
Tomas's avatar
Tomas committed
214
215
216
217
218
219
220
		_, err := ir.GetCredentialInfoList(session.client.Configuration, session.Version)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownCredentialType, Err: err})
			return
		}

		// Calculate singleton credentials to be removed
Sietse Ringers's avatar
Sietse Ringers committed
221
		for _, credreq := range ir.Credentials {
222
223
224
225
			preexistingCredentials := session.client.attrs(*credreq.CredentialTypeID)
			if len(preexistingCredentials) != 0 && preexistingCredentials[0].IsValid() && preexistingCredentials[0].CredentialType().IsSingleton {
				ir.RemovalCredentialInfoList = append(ir.RemovalCredentialInfoList, preexistingCredentials[0].Info())
			}
226
227
228
		}
	}

229
	candidates, missing := session.client.CheckSatisfiability(session.request.ToDisclose())
230
	if len(missing) > 0 {
231
		session.Handler.UnsatisfiableRequest(session.request.GetRequestorName(), missing)
232
233
		return
	}
234
	session.request.SetCandidates(candidates)
235

Sietse Ringers's avatar
Sietse Ringers committed
236
	// Ask for permission to execute the session
237
	callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
Sietse Ringers's avatar
Sietse Ringers committed
238
		session.choice = choice
239
		session.request.SetDisclosureChoice(choice)
Sietse Ringers's avatar
Sietse Ringers committed
240
		go session.doSession(proceed)
241
	})
242
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
243
	switch session.Action {
244
	case irma.ActionDisclosing:
245
		session.Handler.RequestVerificationPermission(
246
			*session.request.(*irma.DisclosureRequest), session.request.GetRequestorName(), callback)
247
	case irma.ActionSigning:
248
		session.Handler.RequestSignaturePermission(
249
			*session.request.(*irma.SignatureRequest), session.request.GetRequestorName(), callback)
250
	case irma.ActionIssuing:
251
		session.Handler.RequestIssuancePermission(
252
			*session.request.(*irma.IssuanceRequest), session.request.GetRequestorName(), callback)
253
254
255
256
257
	default:
		panic("Invalid session type") // does not happen, session.Action has been checked earlier
	}
}

258
259
260
// doSession performs the session: it computes all proofs of knowledge, constructs credentials in case of issuance,
// asks for the pin and performs the keyshare session, and finishes the session by either POSTing the result to the
// API server or returning it to the caller (in case of interactive and noninteractive sessions, respectively).
Sietse Ringers's avatar
Sietse Ringers committed
261
262
func (session *session) doSession(proceed bool) {
	defer session.recoverFromPanic()
263

264
	if !proceed {
265
		session.cancel()
266
267
		return
	}
268
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
269

270
	if !session.Distributed() {
Koen van Ingen's avatar
Koen van Ingen committed
271
		message, err := session.getProof()
Sietse Ringers's avatar
Sietse Ringers committed
272
		if err != nil {
273
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
274
275
276
277
			return
		}
		session.sendResponse(message)
	} else {
278
279
		var err error
		session.builders, session.issuerProofNonce, err = session.getBuilders()
Sietse Ringers's avatar
Sietse Ringers committed
280
		if err != nil {
281
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
282
		}
283
284
285
		startKeyshareSession(
			session,
			session.Handler,
286
			session.builders,
287
			session.request,
288
			session.client.Configuration,
289
			session.client.keyshareServers,
290
			session.issuerProofNonce,
291
		)
292
	}
Sietse Ringers's avatar
Sietse Ringers committed
293
}
294

Sietse Ringers's avatar
Sietse Ringers committed
295
296
type disclosureResponse string

297
298
// sendResponse sends the proofs of knowledge of the hidden attributes and/or the secret key, or the constructed
// attribute-based signature, to the API server.
299
func (session *session) sendResponse(message interface{}) {
Sietse Ringers's avatar
Sietse Ringers committed
300
	var log *LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
301
	var err error
302
303
	var messageJson []byte

304
305
	switch session.Action {
	case irma.ActionSigning:
306
		request, ok := session.request.(*irma.SignatureRequest)
307
308
309
310
311
		if !ok {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

312
313
314
315
316
317
		irmaSignature, err := request.SignatureFromMessage(message)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

318
319
320
321
322
323
324
		messageJson, err = json.Marshal(irmaSignature)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
			return
		}

		if session.IsInteractive() {
325
			var response disclosureResponse
326
			if err = session.transport.Post("proofs", &response, irmaSignature); err != nil {
327
328
329
330
331
332
333
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
334
		}
335
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
	case irma.ActionDisclosing:
		var response disclosureResponse
		if err = session.transport.Post("proofs", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
		if response != "VALID" {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
			return
		}
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
	case irma.ActionIssuing:
		response := []*gabi.IssueSignatureMessage{}
		if err = session.transport.Post("commitments", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
353
		if err = session.client.ConstructCredentials(response, session.request.(*irma.IssuanceRequest), session.builders); err != nil {
354
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
355
356
			return
		}
357
		log, _ = session.createLogEntry(message) // TODO err
358
359
	}

360
	_ = session.client.addLogEntry(log) // TODO err
361
	if session.Action == irma.ActionIssuing {
362
		session.client.handler.UpdateAttributes()
363
	}
364
	session.done = true
365
	session.Handler.Success(string(messageJson))
366
367
}

368
// managerSession performs a "session" in which a new scheme manager is added (asking for permission first).
369
func (session *session) managerSession() {
370
	defer session.recoverFromPanic()
371
372
373
374

	// We have to download the scheme manager description.xml here before installing it,
	// because we need to show its contents (name, description, website) to the user
	// when asking installation permission.
375
	manager, err := irma.DownloadSchemeManager(session.ServerURL)
376
	if err != nil {
377
		session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
378
379
		return
	}
380

381
	session.Handler.RequestSchemeManagerPermission(manager, func(proceed bool) {
382
		if !proceed {
383
			session.Handler.Cancelled() // No need to DELETE session here
384
385
			return
		}
386
		if err := session.client.Configuration.InstallSchemeManager(manager); err != nil {
387
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
388
389
			return
		}
390
391

		// Update state and inform user of success
392
		session.client.handler.UpdateConfiguration(
393
394
395
396
			&irma.IrmaIdentifierSet{
				SchemeManagers:  map[irma.SchemeManagerIdentifier]struct{}{manager.Identifier(): {}},
				Issuers:         map[irma.IssuerIdentifier]struct{}{},
				CredentialTypes: map[irma.CredentialTypeIdentifier]struct{}{},
Sietse Ringers's avatar
Sietse Ringers committed
397
398
			},
		)
399
		session.Handler.Success("")
400
401
402
	})
	return
}
403

404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
// Response calculation methods

// getBuilders computes the builders for disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively).
func (session *session) getBuilders() (gabi.ProofBuilderList, *big.Int, error) {
	var builders gabi.ProofBuilderList
	var err error

	var issuerProofNonce *big.Int
	switch session.Action {
	case irma.ActionSigning:
		builders, err = session.client.ProofBuilders(session.choice, session.request, true)
	case irma.ActionDisclosing:
		builders, err = session.client.ProofBuilders(session.choice, session.request, false)
	case irma.ActionIssuing:
		builders, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
	}

	return builders, issuerProofNonce, err
}

// getProofs computes the disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively) to be sent to the server.
func (session *session) getProof() (interface{}, error) {
	var message interface{}
	var err error

	switch session.Action {
	case irma.ActionSigning:
		message, err = session.client.Proofs(session.choice, session.request, true)
	case irma.ActionDisclosing:
		message, err = session.client.Proofs(session.choice, session.request, false)
	case irma.ActionIssuing:
		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
	}

	return message, err
}

// Helper functions

func calcVersion(qr *irma.Qr) (*irma.ProtocolVersion, error) {
	// Iterate supportedVersions in reverse sorted order (i.e. biggest major number first)
	keys := make([]int, 0, len(supportedVersions))
	for k := range supportedVersions {
		keys = append(keys, k)
	}
	sort.Sort(sort.Reverse(sort.IntSlice(keys)))
	for _, major := range keys {
		for _, minor := range supportedVersions[major] {
			aboveMinimum := major > qr.ProtocolVersion.Major || (major == qr.ProtocolVersion.Major && minor >= qr.ProtocolVersion.Minor)
			underMaximum := major < qr.ProtocolMaxVersion.Major || (major == qr.ProtocolMaxVersion.Major && minor <= qr.ProtocolMaxVersion.Minor)
			if aboveMinimum && underMaximum {
				return irma.NewVersion(major, minor), nil
			}
		}
	}
	return nil, fmt.Errorf("No supported protocol version between %s and %s", qr.ProtocolVersion.String(), qr.ProtocolMaxVersion.String())
}

// checkKeyshareEnrollment checks if we are enrolled into all involved keyshare servers,
// and aborts the session if not
func (session *session) checkKeyshareEnrollment() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, ok := session.client.Configuration.SchemeManagers[id]
		if !ok {
470
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorUnknownSchemeManager, Info: id.String()})
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
			return false
		}
		distributed := manager.Distributed()
		_, enrolled := session.client.keyshareServers[id]
		if distributed && !enrolled {
			session.Handler.KeyshareEnrollmentMissing(id)
			return false
		}
	}
	return true
}

func (session *session) checkAndUpateConfiguration() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, contains := session.client.Configuration.SchemeManagers[id]
		if !contains {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorUnknownSchemeManager,
				Info:      id.String(),
			})
			return false
		}
		if !manager.Valid {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorInvalidSchemeManager,
				Info:      string(manager.Status),
			})
			return false
		}
	}

	// Check if we are enrolled into all involved keyshare servers
	if !session.checkKeyshareEnrollment() {
		return false
	}

	// Download missing credential types/issuers/public keys from the scheme manager
	downloaded, err := session.client.Configuration.Download(session.request)
	if err != nil {
		session.fail(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
		return false
	}
	if downloaded != nil && !downloaded.Empty() {
		session.client.handler.UpdateConfiguration(downloaded)
	}
	return true
}

// IsInteractive returns whether this session uses an API server or not.
func (session *session) IsInteractive() bool {
	return session.ServerURL != ""
}

// Distributed returns whether or not this session involves a keyshare server.
func (session *session) Distributed() bool {
	var smi irma.SchemeManagerIdentifier
	if session.Action == irma.ActionIssuing {
		for _, credreq := range session.request.(*irma.IssuanceRequest).Credentials {
			smi = credreq.CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
			if session.client.Configuration.SchemeManagers[smi].Distributed() {
				return true
			}
		}
	}

	if session.choice == nil || session.choice.Attributes == nil {
		return false
	}

	for _, ai := range session.choice.Attributes {
		smi = ai.Type.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()
		if session.client.Configuration.SchemeManagers[smi].Distributed() {
			return true
		}
	}

	return false
}

550
551
// Session lifetime functions

552
553
554
func (session *session) recoverFromPanic() {
	if e := recover(); e != nil {
		if session.Handler != nil {
555
			session.Handler.Failure(panicToError(e))
556
557
558
559
		}
	}
}

560
561
562
563
564
565
566
567
568
569
func panicToError(e interface{}) *irma.SessionError {
	var info string
	switch x := e.(type) {
	case string:
		info = x
	case error:
		info = x.Error()
	case fmt.Stringer:
		info = x.String()
	default: // nop
570
	}
571
	fmt.Println("Panic: " + info)
572
	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info}
573
574
575
}

// Idempotently send DELETE to remote server, returning whether or not we did something
576
func (session *session) delete() bool {
577
	if !session.done {
578
579
580
		if session.IsInteractive() {
			session.transport.Delete()
		}
581
		session.done = true
582
583
584
585
586
		return true
	}
	return false
}

587
func (session *session) fail(err *irma.SessionError) {
588
589
	if session.delete() {
		err.Err = errors.Wrap(err.Err, 0)
590
		session.Handler.Failure(err)
591
592
593
	}
}

594
func (session *session) cancel() {
595
	if session.delete() {
596
		session.Handler.Cancelled()
597
598
599
	}
}

600
func (session *session) Dismiss() {
601
602
	session.cancel()
}
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643

// Keyshare session handler methods

func (session *session) KeyshareDone(message interface{}) {
	session.sendResponse(message)
}

func (session *session) KeyshareCancelled() {
	session.cancel()
}

func (session *session) KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentIncomplete(manager)
}

func (session *session) KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentDeleted(manager)
}

func (session *session) KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int) {
	session.Handler.KeyshareBlocked(manager, duration)
}

func (session *session) KeyshareError(manager *irma.SchemeManagerIdentifier, err error) {
	var serr *irma.SessionError
	var ok bool
	if serr, ok = err.(*irma.SessionError); !ok {
		serr = &irma.SessionError{ErrorType: irma.ErrorKeyshare, Err: err}
	} else {
		serr.ErrorType = irma.ErrorKeyshare
	}
	session.fail(serr)
}

func (session *session) KeysharePin() {
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
}

func (session *session) KeysharePinOK() {
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
}