session.go 21.3 KB
Newer Older
1
package irmaclient
2
3

import (
Koen van Ingen's avatar
Koen van Ingen committed
4
	"encoding/json"
Sietse Ringers's avatar
Sietse Ringers committed
5
	"fmt"
6
	"net/url"
7
	"reflect"
8
	"runtime/debug"
9
10
	"strings"

11
	"github.com/go-errors/errors"
12
13
	"github.com/privacybydesign/gabi"
	"github.com/privacybydesign/gabi/big"
14
	"github.com/privacybydesign/irmago"
15
16
)

Sietse Ringers's avatar
Sietse Ringers committed
17
18
19
// This file contains the logic and state of performing IRMA sessions, communicates
// with IRMA API servers, and uses the calling Client to construct messages and replies
// in the IRMA protocol.
Sietse Ringers's avatar
Sietse Ringers committed
20

Sietse Ringers's avatar
Sietse Ringers committed
21
22
// PermissionHandler is a callback for providing permission for an IRMA session
// and specifying the attributes to be disclosed.
23
type PermissionHandler func(proceed bool, choice *irma.DisclosureChoice)
24

Sietse Ringers's avatar
Sietse Ringers committed
25
// PinHandler is used to provide the user's PIN code.
26
27
type PinHandler func(proceed bool, pin string)

28
29
// A Handler contains callbacks for communication to the user.
type Handler interface {
30
	StatusUpdate(action irma.Action, status irma.Status)
31
32
33
	Success(result string)
	Cancelled()
	Failure(err *irma.SessionError)
34
	UnsatisfiableRequest(ServerName irma.TranslatedString, missing irma.AttributeDisjunctionList)
35
36

	KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int)
37
	KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier)
38
	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
39
	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
40

41
42
43
	RequestIssuancePermission(request irma.IssuanceRequest, ServerName irma.TranslatedString, callback PermissionHandler)
	RequestVerificationPermission(request irma.DisclosureRequest, ServerName irma.TranslatedString, callback PermissionHandler)
	RequestSignaturePermission(request irma.SignatureRequest, ServerName irma.TranslatedString, callback PermissionHandler)
44
	RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
Sietse Ringers's avatar
Sietse Ringers committed
45

46
	RequestPin(remainingAttempts int, callback PinHandler)
47
48
}

Sietse Ringers's avatar
Sietse Ringers committed
49
// SessionDismisser can dismiss the current IRMA session.
50
51
52
53
type SessionDismisser interface {
	Dismiss()
}

Sietse Ringers's avatar
Sietse Ringers committed
54
type session struct {
55
56
57
	Action     irma.Action
	Handler    Handler
	Version    *irma.ProtocolVersion
58
	ServerName irma.TranslatedString
59

60
61
62
63
64
	choice      *irma.DisclosureChoice
	attrIndices irma.DisclosedAttributeIndices
	client      *Client
	request     irma.SessionRequest
	done        bool
65

66
67
68
69
	// State for issuance protocol
	issuerProofNonce *big.Int
	builders         gabi.ProofBuilderList

70
	// These are empty on manual sessions
71
	Hostname  string
72
	ServerURL string
Koen van Ingen's avatar
Koen van Ingen committed
73
	transport *irma.HTTPTransport
74
75
}

76
// We implement the handler for the keyshare protocol
77
var _ keyshareSessionHandler = (*session)(nil)
78

79
80
// Supported protocol versions. Minor version numbers should be reverse sorted.
var supportedVersions = map[int][]int{
Sietse Ringers's avatar
Sietse Ringers committed
81
	2: {4},
82
}
Sietse Ringers's avatar
Sietse Ringers committed
83
84
85
var minVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][0]}
var maxVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][len(supportedVersions[2])-1]}

86
// Session constructors
87

88
89
// NewSession starts a new IRMA session, given (along with a handler to pass feedback to) a session request.
// When the request is not suitable to start an IRMA session from, it calls the Failure method of the specified Handler.
90
91
92
93
94
95
96
97
func (client *Client) NewSession(sessionrequest string, handler Handler) SessionDismisser {
	bts := []byte(sessionrequest)

	qr := &irma.Qr{}
	if err := irma.UnmarshalValidate(bts, qr); err == nil {
		return client.newQrSession(qr, handler)
	}

98
99
100
101
102
103
104
	schemeRequest := &irma.SchemeManagerRequest{}
	if err := irma.UnmarshalValidate(bts, schemeRequest); err == nil {
		return client.newSchemeSession(schemeRequest, handler)
	}

	sigRequest := &irma.SignatureRequest{}
	if err := irma.UnmarshalValidate(bts, sigRequest); err == nil {
105
106
107
108
109
110
		return client.newManualSession(sigRequest, handler, irma.ActionSigning)
	}

	disclosureRequest := &irma.DisclosureRequest{}
	if err := irma.UnmarshalValidate(bts, disclosureRequest); err == nil {
		return client.newManualSession(disclosureRequest, handler, irma.ActionDisclosing)
Koen van Ingen's avatar
Koen van Ingen committed
111
112
	}

113
	handler.Failure(&irma.SessionError{Err: errors.New("Session request could not be parsed"), Info: sessionrequest})
114
115
116
117
	return nil
}

// newManualSession starts a manual session, given a signature request in JSON and a handler to pass messages to
118
func (client *Client) newManualSession(request irma.SessionRequest, handler Handler, action irma.Action) SessionDismisser {
119
	session := &session{
120
121
122
123
124
		Action:  action,
		Handler: handler,
		client:  client,
		Version: minVersion,
		request: request,
Koen van Ingen's avatar
Koen van Ingen committed
125
	}
126
	session.Handler.StatusUpdate(session.Action, irma.StatusManualStarted)
Koen van Ingen's avatar
Koen van Ingen committed
127

128
	session.processSessionInfo()
129
	return session
130
131
}

132
133
134
135
136
137
138
139
140
141
142
143
144
145
func (client *Client) newSchemeSession(qr *irma.SchemeManagerRequest, handler Handler) SessionDismisser {
	session := &session{
		ServerURL: qr.URL,
		transport: irma.NewHTTPTransport(qr.URL),
		Action:    irma.ActionSchemeManager,
		Handler:   handler,
		client:    client,
	}
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)

	go session.managerSession()
	return session
}

146
147
// newQrSession creates and starts a new interactive IRMA session
func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisser {
148
	u, _ := url.ParseRequestURI(qr.URL) // Qr validator already checked this for errors
149
	session := &session{
150
151
152
153
154
155
		ServerURL: qr.URL,
		Hostname:  u.Hostname(),
		transport: irma.NewHTTPTransport(qr.URL),
		Action:    irma.Action(qr.Type),
		Handler:   handler,
		client:    client,
156
	}
157
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
158

159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
	// Check if the action is one of the supported types
	switch session.Action {
	case irma.ActionDisclosing:
		session.request = &irma.DisclosureRequest{}
	case irma.ActionSigning:
		session.request = &irma.SignatureRequest{}
	case irma.ActionIssuing:
		session.request = &irma.IssuanceRequest{}
	case irma.ActionUnknown:
		fallthrough
	default:
		session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownAction, Info: string(session.Action)})
		return nil
	}

174
175
	session.transport.SetHeader(irma.MinVersionHeader, minVersion.String())
	session.transport.SetHeader(irma.MaxVersionHeader, maxVersion.String())
176
177
178
	if !strings.HasSuffix(session.ServerURL, "/") {
		session.ServerURL += "/"
	}
179

Sietse Ringers's avatar
Sietse Ringers committed
180
	go session.getSessionInfo()
181
	return session
182
183
}

184
185
// Core session methods

186
// getSessionInfo retrieves the first message in the IRMA protocol (only in interactive sessions)
Sietse Ringers's avatar
Sietse Ringers committed
187
188
func (session *session) getSessionInfo() {
	defer session.recoverFromPanic()
189

190
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
191

Sietse Ringers's avatar
Sietse Ringers committed
192
	// Get the first IRMA protocol message and parse it
193
	err := session.transport.Get("", session.request)
Sietse Ringers's avatar
Sietse Ringers committed
194
	if err != nil {
195
		session.fail(err.(*irma.SessionError))
Sietse Ringers's avatar
Sietse Ringers committed
196
197
		return
	}
198

199
	session.processSessionInfo()
200
201
}

202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
func serverName(hostname string, request irma.SessionRequest, conf *irma.Configuration) irma.TranslatedString {
	sn := irma.NewTranslatedString(&hostname)

	if ir, ok := request.(*irma.IssuanceRequest); ok {
		// If there is only one issuer in the current request, use its name as ServerName
		var iss irma.TranslatedString
		for _, credreq := range ir.Credentials {
			credIssuer := conf.Issuers[credreq.CredentialTypeID.IssuerIdentifier()].Name
			if !reflect.DeepEqual(credIssuer, iss) { // Can't just test pointer equality: credIssuer != iss
				if len(iss) != 0 {
					return sn
				}
				iss = credIssuer
			}
		}
		if len(iss) != 0 {
			return iss
		}
	}

	return sn
}

225
226
// processSessionInfo continues the session after all session state has been received:
// it checks if the session can be performed and asks the user for consent.
227
func (session *session) processSessionInfo() {
228
229
	defer session.recoverFromPanic()

230
	if !session.checkAndUpateConfiguration() {
231
232
233
		return
	}

234
235
236
237
238
239
240
241
	confirmedProtocolVersion := session.request.GetVersion()
	if confirmedProtocolVersion != nil {
		session.Version = confirmedProtocolVersion
	} else {
		session.Version = irma.NewVersion(2, 0)
		session.request.SetVersion(session.Version)
	}

242
243
	session.ServerName = serverName(session.Hostname, session.request, session.client.Configuration)

244
	if session.Action == irma.ActionIssuing {
245
		ir := session.request.(*irma.IssuanceRequest)
Tomas's avatar
Tomas committed
246
247
248
249
250
251
252
		_, err := ir.GetCredentialInfoList(session.client.Configuration, session.Version)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownCredentialType, Err: err})
			return
		}

		// Calculate singleton credentials to be removed
253
		ir.RemovalCredentialInfoList = irma.CredentialInfoList{}
Sietse Ringers's avatar
Sietse Ringers committed
254
		for _, credreq := range ir.Credentials {
255
			preexistingCredentials := session.client.attrs(credreq.CredentialTypeID)
256
257
258
			if len(preexistingCredentials) != 0 && preexistingCredentials[0].IsValid() && preexistingCredentials[0].CredentialType().IsSingleton {
				ir.RemovalCredentialInfoList = append(ir.RemovalCredentialInfoList, preexistingCredentials[0].Info())
			}
259
260
261
		}
	}

262
	candidates, missing := session.client.CheckSatisfiability(session.request.ToDisclose())
263
	if len(missing) > 0 {
264
		session.Handler.UnsatisfiableRequest(session.ServerName, missing)
265
266
		return
	}
267
	session.request.SetCandidates(candidates)
268

Sietse Ringers's avatar
Sietse Ringers committed
269
	// Ask for permission to execute the session
270
	callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
Sietse Ringers's avatar
Sietse Ringers committed
271
		session.choice = choice
272
		session.request.SetDisclosureChoice(choice)
Sietse Ringers's avatar
Sietse Ringers committed
273
		go session.doSession(proceed)
274
	})
275
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
276
	switch session.Action {
277
	case irma.ActionDisclosing:
278
		session.Handler.RequestVerificationPermission(
279
			*session.request.(*irma.DisclosureRequest), session.ServerName, callback)
280
	case irma.ActionSigning:
281
		session.Handler.RequestSignaturePermission(
282
			*session.request.(*irma.SignatureRequest), session.ServerName, callback)
283
	case irma.ActionIssuing:
284
		session.Handler.RequestIssuancePermission(
285
			*session.request.(*irma.IssuanceRequest), session.ServerName, callback)
286
287
288
289
290
	default:
		panic("Invalid session type") // does not happen, session.Action has been checked earlier
	}
}

291
292
293
// doSession performs the session: it computes all proofs of knowledge, constructs credentials in case of issuance,
// asks for the pin and performs the keyshare session, and finishes the session by either POSTing the result to the
// API server or returning it to the caller (in case of interactive and noninteractive sessions, respectively).
Sietse Ringers's avatar
Sietse Ringers committed
294
295
func (session *session) doSession(proceed bool) {
	defer session.recoverFromPanic()
296

297
	if !proceed {
298
		session.cancel()
299
300
		return
	}
301
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
302

303
	if !session.Distributed() {
Koen van Ingen's avatar
Koen van Ingen committed
304
		message, err := session.getProof()
Sietse Ringers's avatar
Sietse Ringers committed
305
		if err != nil {
306
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
307
308
309
310
			return
		}
		session.sendResponse(message)
	} else {
311
		var err error
312
		session.builders, session.attrIndices, session.issuerProofNonce, err = session.getBuilders()
Sietse Ringers's avatar
Sietse Ringers committed
313
		if err != nil {
314
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
315
		}
316
317
318
		startKeyshareSession(
			session,
			session.Handler,
319
			session.builders,
320
			session.request,
321
			session.client.Configuration,
322
			session.client.keyshareServers,
323
			session.issuerProofNonce,
324
		)
325
	}
Sietse Ringers's avatar
Sietse Ringers committed
326
}
327

Sietse Ringers's avatar
Sietse Ringers committed
328
329
type disclosureResponse string

330
331
// sendResponse sends the proofs of knowledge of the hidden attributes and/or the secret key, or the constructed
// attribute-based signature, to the API server.
332
func (session *session) sendResponse(message interface{}) {
Sietse Ringers's avatar
Sietse Ringers committed
333
	var log *LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
334
	var err error
335
336
	var messageJson []byte

337
338
	switch session.Action {
	case irma.ActionSigning:
339
		irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message)
340
341
342
343
344
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

345
346
347
348
349
350
351
		messageJson, err = json.Marshal(irmaSignature)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
			return
		}

		if session.IsInteractive() {
352
			var response disclosureResponse
353
			if err = session.transport.Post("proofs", &response, irmaSignature); err != nil {
354
355
356
357
358
359
360
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
361
		}
362
		log, _ = session.createLogEntry(message) // TODO err
363
	case irma.ActionDisclosing:
364
365
366
		messageJson, err = json.Marshal(message)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
367
368
			return
		}
369
370
371
372
373
374
375
376
377
378
		if session.IsInteractive() {
			var response disclosureResponse
			if err = session.transport.Post("proofs", &response, message); err != nil {
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
379
		}
380
		log, _ = session.createLogEntry(message) // TODO err
381
382
383
384
385
386
	case irma.ActionIssuing:
		response := []*gabi.IssueSignatureMessage{}
		if err = session.transport.Post("commitments", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
387
		if err = session.client.ConstructCredentials(response, session.request.(*irma.IssuanceRequest), session.builders); err != nil {
388
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
389
390
			return
		}
391
		log, _ = session.createLogEntry(message) // TODO err
392
393
	}

394
	_ = session.client.addLogEntry(log) // TODO err
395
	if session.Action == irma.ActionIssuing {
396
		session.client.handler.UpdateAttributes()
397
	}
398
	session.done = true
399
	session.Handler.Success(string(messageJson))
400
401
}

402
// managerSession performs a "session" in which a new scheme manager is added (asking for permission first).
403
func (session *session) managerSession() {
404
	defer session.recoverFromPanic()
405
406
407
408

	// We have to download the scheme manager description.xml here before installing it,
	// because we need to show its contents (name, description, website) to the user
	// when asking installation permission.
409
	manager, err := irma.DownloadSchemeManager(session.ServerURL)
410
	if err != nil {
411
		session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
412
413
		return
	}
414

415
	session.Handler.RequestSchemeManagerPermission(manager, func(proceed bool) {
416
		if !proceed {
417
			session.Handler.Cancelled() // No need to DELETE session here
418
419
			return
		}
420
		if err := session.client.Configuration.InstallSchemeManager(manager, nil); err != nil {
421
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
422
423
			return
		}
424
425

		// Update state and inform user of success
426
		session.client.handler.UpdateConfiguration(
427
428
429
430
			&irma.IrmaIdentifierSet{
				SchemeManagers:  map[irma.SchemeManagerIdentifier]struct{}{manager.Identifier(): {}},
				Issuers:         map[irma.IssuerIdentifier]struct{}{},
				CredentialTypes: map[irma.CredentialTypeIdentifier]struct{}{},
Sietse Ringers's avatar
Sietse Ringers committed
431
432
			},
		)
433
		session.Handler.Success("")
434
435
436
	})
	return
}
437

438
439
440
441
// Response calculation methods

// getBuilders computes the builders for disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively).
442
func (session *session) getBuilders() (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *big.Int, error) {
443
444
445
	var builders gabi.ProofBuilderList
	var err error
	var issuerProofNonce *big.Int
446
447
	var choices irma.DisclosedAttributeIndices

448
449
	switch session.Action {
	case irma.ActionSigning:
450
		builders, choices, err = session.client.ProofBuilders(session.choice, session.request, true)
451
	case irma.ActionDisclosing:
452
		builders, choices, err = session.client.ProofBuilders(session.choice, session.request, false)
453
	case irma.ActionIssuing:
454
		builders, choices, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
455
456
	}

457
	return builders, choices, issuerProofNonce, err
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
}

// getProofs computes the disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively) to be sent to the server.
func (session *session) getProof() (interface{}, error) {
	var message interface{}
	var err error

	switch session.Action {
	case irma.ActionSigning:
		message, err = session.client.Proofs(session.choice, session.request, true)
	case irma.ActionDisclosing:
		message, err = session.client.Proofs(session.choice, session.request, false)
	case irma.ActionIssuing:
		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
	}

	return message, err
}

// Helper functions

// checkKeyshareEnrollment checks if we are enrolled into all involved keyshare servers,
// and aborts the session if not
func (session *session) checkKeyshareEnrollment() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, ok := session.client.Configuration.SchemeManagers[id]
		if !ok {
486
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorUnknownSchemeManager, Info: id.String()})
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
			return false
		}
		distributed := manager.Distributed()
		_, enrolled := session.client.keyshareServers[id]
		if distributed && !enrolled {
			session.Handler.KeyshareEnrollmentMissing(id)
			return false
		}
	}
	return true
}

func (session *session) checkAndUpateConfiguration() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, contains := session.client.Configuration.SchemeManagers[id]
		if !contains {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorUnknownSchemeManager,
				Info:      id.String(),
			})
			return false
		}
		if !manager.Valid {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorInvalidSchemeManager,
				Info:      string(manager.Status),
			})
			return false
		}
	}

	// Check if we are enrolled into all involved keyshare servers
	if !session.checkKeyshareEnrollment() {
		return false
	}

	// Download missing credential types/issuers/public keys from the scheme manager
	downloaded, err := session.client.Configuration.Download(session.request)
	if err != nil {
		session.fail(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
		return false
	}
	if downloaded != nil && !downloaded.Empty() {
		session.client.handler.UpdateConfiguration(downloaded)
	}
	return true
}

// IsInteractive returns whether this session uses an API server or not.
func (session *session) IsInteractive() bool {
	return session.ServerURL != ""
}

// Distributed returns whether or not this session involves a keyshare server.
func (session *session) Distributed() bool {
	var smi irma.SchemeManagerIdentifier
	if session.Action == irma.ActionIssuing {
		for _, credreq := range session.request.(*irma.IssuanceRequest).Credentials {
			smi = credreq.CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
			if session.client.Configuration.SchemeManagers[smi].Distributed() {
				return true
			}
		}
	}

	if session.choice == nil || session.choice.Attributes == nil {
		return false
	}

	for _, ai := range session.choice.Attributes {
		smi = ai.Type.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()
		if session.client.Configuration.SchemeManagers[smi].Distributed() {
			return true
		}
	}

	return false
}

566
567
// Session lifetime functions

568
569
570
func (session *session) recoverFromPanic() {
	if e := recover(); e != nil {
		if session.Handler != nil {
571
			session.Handler.Failure(panicToError(e))
572
573
574
575
		}
	}
}

576
577
578
579
580
581
582
583
584
585
func panicToError(e interface{}) *irma.SessionError {
	var info string
	switch x := e.(type) {
	case string:
		info = x
	case error:
		info = x.Error()
	case fmt.Stringer:
		info = x.String()
	default: // nop
586
	}
587
	fmt.Println("Panic: " + info)
588
	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info + "\n\n" + string(debug.Stack())}
589
590
591
}

// Idempotently send DELETE to remote server, returning whether or not we did something
592
func (session *session) delete() bool {
593
	if !session.done {
594
595
596
		if session.IsInteractive() {
			session.transport.Delete()
		}
597
		session.done = true
598
599
600
601
602
		return true
	}
	return false
}

603
func (session *session) fail(err *irma.SessionError) {
604
605
	if session.delete() {
		err.Err = errors.Wrap(err.Err, 0)
606
		session.Handler.Failure(err)
607
608
609
	}
}

610
func (session *session) cancel() {
611
	if session.delete() {
612
		session.Handler.Cancelled()
613
614
615
	}
}

616
func (session *session) Dismiss() {
617
618
	session.cancel()
}
619
620
621
622

// Keyshare session handler methods

func (session *session) KeyshareDone(message interface{}) {
623
624
625
626
627
628
629
630
631
632
633
634
635
636
	switch session.Action {
	case irma.ActionSigning:
		fallthrough
	case irma.ActionDisclosing:
		session.sendResponse(&irma.Disclosure{
			Proofs:  message.(gabi.ProofList),
			Indices: session.attrIndices,
		})
	case irma.ActionIssuing:
		session.sendResponse(&irma.IssueCommitmentMessage{
			IssueCommitmentMessage: message.(*gabi.IssueCommitmentMessage),
			Indices:                session.attrIndices,
		})
	}
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
}

func (session *session) KeyshareCancelled() {
	session.cancel()
}

func (session *session) KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentIncomplete(manager)
}

func (session *session) KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentDeleted(manager)
}

func (session *session) KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int) {
	session.Handler.KeyshareBlocked(manager, duration)
}

func (session *session) KeyshareError(manager *irma.SchemeManagerIdentifier, err error) {
	var serr *irma.SessionError
	var ok bool
	if serr, ok = err.(*irma.SessionError); !ok {
		serr = &irma.SessionError{ErrorType: irma.ErrorKeyshare, Err: err}
	} else {
		serr.ErrorType = irma.ErrorKeyshare
	}
	session.fail(serr)
}

func (session *session) KeysharePin() {
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
}

func (session *session) KeysharePinOK() {
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
}