session.go 20.4 KB
Newer Older
1
package irmaclient
2
3

import (
Koen van Ingen's avatar
Koen van Ingen committed
4
	"encoding/json"
Sietse Ringers's avatar
Sietse Ringers committed
5
	"fmt"
6
	"net/url"
Sietse Ringers's avatar
Sietse Ringers committed
7
	"sort"
8
9
	"strings"

10
11
	"math/big"

12
	"github.com/go-errors/errors"
13
	"github.com/mhe/gabi"
14
	"github.com/privacybydesign/irmago"
15
16
)

Sietse Ringers's avatar
Sietse Ringers committed
17
18
19
// This file contains the logic and state of performing IRMA sessions, communicates
// with IRMA API servers, and uses the calling Client to construct messages and replies
// in the IRMA protocol.
Sietse Ringers's avatar
Sietse Ringers committed
20

Sietse Ringers's avatar
Sietse Ringers committed
21
22
// PermissionHandler is a callback for providing permission for an IRMA session
// and specifying the attributes to be disclosed.
23
type PermissionHandler func(proceed bool, choice *irma.DisclosureChoice)
24

Sietse Ringers's avatar
Sietse Ringers committed
25
// PinHandler is used to provide the user's PIN code.
26
27
type PinHandler func(proceed bool, pin string)

28
29
// A Handler contains callbacks for communication to the user.
type Handler interface {
30
	StatusUpdate(action irma.Action, status irma.Status)
31
32
33
34
	Success(result string)
	Cancelled()
	Failure(err *irma.SessionError)
	UnsatisfiableRequest(ServerName string, missing irma.AttributeDisjunctionList)
35
36

	KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int)
37
	KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier)
38
	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
39
	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
40
41
42
43
44

	RequestIssuancePermission(request irma.IssuanceRequest, ServerName string, callback PermissionHandler)
	RequestVerificationPermission(request irma.DisclosureRequest, ServerName string, callback PermissionHandler)
	RequestSignaturePermission(request irma.SignatureRequest, ServerName string, callback PermissionHandler)
	RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
Sietse Ringers's avatar
Sietse Ringers committed
45

46
	RequestPin(remainingAttempts int, callback PinHandler)
47
48
}

Sietse Ringers's avatar
Sietse Ringers committed
49
// SessionDismisser can dismiss the current IRMA session.
50
51
52
53
type SessionDismisser interface {
	Dismiss()
}

Sietse Ringers's avatar
Sietse Ringers committed
54
type session struct {
55
56
57
58
	Action     irma.Action
	Handler    Handler
	Version    *irma.ProtocolVersion
	ServerName string
59

60
61
62
63
	choice  *irma.DisclosureChoice
	client  *Client
	request irma.SessionRequest
	done    bool
64

65
66
67
68
	// State for issuance protocol
	issuerProofNonce *big.Int
	builders         gabi.ProofBuilderList

69
	// These are empty on manual sessions
70
	ServerURL string
Koen van Ingen's avatar
Koen van Ingen committed
71
	transport *irma.HTTPTransport
72
73
}

74
// We implement the handler for the keyshare protocol
75
var _ keyshareSessionHandler = (*session)(nil)
76

77
78
// Supported protocol versions. Minor version numbers should be reverse sorted.
var supportedVersions = map[int][]int{
79
	2: {4, 3, 2, 1},
80
81
}

82
// Session constructors
83

84
85
// NewSession starts a new IRMA session, given (along with a handler to pass feedback to) a session request.
// When the request is not suitable to start an IRMA session from, it calls the Failure method of the specified Handler.
86
87
88
89
90
91
92
93
func (client *Client) NewSession(sessionrequest string, handler Handler) SessionDismisser {
	bts := []byte(sessionrequest)

	qr := &irma.Qr{}
	if err := irma.UnmarshalValidate(bts, qr); err == nil {
		return client.newQrSession(qr, handler)
	}

94
95
96
97
98
99
100
101
	schemeRequest := &irma.SchemeManagerRequest{}
	if err := irma.UnmarshalValidate(bts, schemeRequest); err == nil {
		return client.newSchemeSession(schemeRequest, handler)
	}

	sigRequest := &irma.SignatureRequest{}
	if err := irma.UnmarshalValidate(bts, sigRequest); err == nil {
		return client.newManualSession(sigRequest, handler)
Koen van Ingen's avatar
Koen van Ingen committed
102
103
	}

104
	handler.Failure(&irma.SessionError{Err: errors.New("Session request could not be parsed")})
105
106
107
108
109
	return nil
}

// newManualSession starts a manual session, given a signature request in JSON and a handler to pass messages to
func (client *Client) newManualSession(sigrequest *irma.SignatureRequest, handler Handler) SessionDismisser {
110
	session := &session{
111
112
113
114
115
116
		Action:     irma.ActionSigning, // TODO hardcoded for now
		Handler:    handler,
		client:     client,
		Version:    irma.NewVersion(2, 0), // TODO hardcoded for now
		ServerName: "Email request",
		request:    sigrequest,
Koen van Ingen's avatar
Koen van Ingen committed
117
	}
118
	session.Handler.StatusUpdate(session.Action, irma.StatusManualStarted)
Koen van Ingen's avatar
Koen van Ingen committed
119

120
	session.processSessionInfo()
121
	return session
122
123
}

124
125
126
127
128
129
130
131
132
133
134
135
136
137
func (client *Client) newSchemeSession(qr *irma.SchemeManagerRequest, handler Handler) SessionDismisser {
	session := &session{
		ServerURL: qr.URL,
		transport: irma.NewHTTPTransport(qr.URL),
		Action:    irma.ActionSchemeManager,
		Handler:   handler,
		client:    client,
	}
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)

	go session.managerSession()
	return session
}

138
139
// newQrSession creates and starts a new interactive IRMA session
func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisser {
140
	u, _ := url.ParseRequestURI(qr.URL) // Qr validator already checked this for errors
141
	session := &session{
142
143
144
145
146
147
		ServerURL:  qr.URL,
		ServerName: u.Hostname(),
		transport:  irma.NewHTTPTransport(qr.URL),
		Action:     irma.Action(qr.Type),
		Handler:    handler,
		client:     client,
148
	}
149
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
150

151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
	// Check if the action is one of the supported types
	switch session.Action {
	case irma.ActionDisclosing:
		session.request = &irma.DisclosureRequest{}
	case irma.ActionSigning:
		session.request = &irma.SignatureRequest{}
	case irma.ActionIssuing:
		session.request = &irma.IssuanceRequest{}
	case irma.ActionUnknown:
		fallthrough
	default:
		session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownAction, Info: string(session.Action)})
		return nil
	}

166
167
	version, err := calcVersion(qr)
	if err != nil {
168
		session.fail(&irma.SessionError{ErrorType: irma.ErrorProtocolVersionNotSupported, Err: err})
169
		return nil
170
	}
171
172
	session.Version = version
	session.transport.SetHeader("X-IRMA-ProtocolVersion", version.String())
173
174
175
	if !strings.HasSuffix(session.ServerURL, "/") {
		session.ServerURL += "/"
	}
176

Sietse Ringers's avatar
Sietse Ringers committed
177
	go session.getSessionInfo()
178
	return session
179
180
}

181
182
// Core session methods

183
// getSessionInfo retrieves the first message in the IRMA protocol (only in interactive sessions)
Sietse Ringers's avatar
Sietse Ringers committed
184
185
func (session *session) getSessionInfo() {
	defer session.recoverFromPanic()
186

187
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
188

Sietse Ringers's avatar
Sietse Ringers committed
189
	// Get the first IRMA protocol message and parse it
190
	err := session.transport.Get("", session.request)
Sietse Ringers's avatar
Sietse Ringers committed
191
	if err != nil {
192
		session.fail(err.(*irma.SessionError))
Sietse Ringers's avatar
Sietse Ringers committed
193
194
		return
	}
195

196
	session.processSessionInfo()
197
198
199
200
}

// processSessionInfo continues the session after all session state has been received:
// it checks if the session can be performed and asks the user for consent.
201
func (session *session) processSessionInfo() {
202
203
	defer session.recoverFromPanic()

204
	if !session.checkAndUpateConfiguration() {
205
206
207
		return
	}

208
209
210
211
212
213
214
215
	confirmedProtocolVersion := session.request.GetVersion()
	if confirmedProtocolVersion != nil {
		session.Version = confirmedProtocolVersion
	} else {
		session.Version = irma.NewVersion(2, 0)
		session.request.SetVersion(session.Version)
	}

216
	if session.Action == irma.ActionIssuing {
217
		ir := session.request.(*irma.IssuanceRequest)
Tomas's avatar
Tomas committed
218
219
220
221
222
223
224
		_, err := ir.GetCredentialInfoList(session.client.Configuration, session.Version)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownCredentialType, Err: err})
			return
		}

		// Calculate singleton credentials to be removed
Sietse Ringers's avatar
Sietse Ringers committed
225
		for _, credreq := range ir.Credentials {
226
227
228
229
			preexistingCredentials := session.client.attrs(*credreq.CredentialTypeID)
			if len(preexistingCredentials) != 0 && preexistingCredentials[0].IsValid() && preexistingCredentials[0].CredentialType().IsSingleton {
				ir.RemovalCredentialInfoList = append(ir.RemovalCredentialInfoList, preexistingCredentials[0].Info())
			}
230
231
232
		}
	}

233
	candidates, missing := session.client.CheckSatisfiability(session.request.ToDisclose())
234
	if len(missing) > 0 {
235
		session.Handler.UnsatisfiableRequest(session.ServerName, missing)
236
237
		return
	}
238
	session.request.SetCandidates(candidates)
239

Sietse Ringers's avatar
Sietse Ringers committed
240
	// Ask for permission to execute the session
241
	callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
Sietse Ringers's avatar
Sietse Ringers committed
242
		session.choice = choice
243
		session.request.SetDisclosureChoice(choice)
Sietse Ringers's avatar
Sietse Ringers committed
244
		go session.doSession(proceed)
245
	})
246
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
247
	switch session.Action {
248
	case irma.ActionDisclosing:
249
		session.Handler.RequestVerificationPermission(
250
			*session.request.(*irma.DisclosureRequest), session.ServerName, callback)
251
	case irma.ActionSigning:
252
		session.Handler.RequestSignaturePermission(
253
			*session.request.(*irma.SignatureRequest), session.ServerName, callback)
254
	case irma.ActionIssuing:
255
		session.Handler.RequestIssuancePermission(
256
			*session.request.(*irma.IssuanceRequest), session.ServerName, callback)
257
258
259
260
261
	default:
		panic("Invalid session type") // does not happen, session.Action has been checked earlier
	}
}

262
263
264
// doSession performs the session: it computes all proofs of knowledge, constructs credentials in case of issuance,
// asks for the pin and performs the keyshare session, and finishes the session by either POSTing the result to the
// API server or returning it to the caller (in case of interactive and noninteractive sessions, respectively).
Sietse Ringers's avatar
Sietse Ringers committed
265
266
func (session *session) doSession(proceed bool) {
	defer session.recoverFromPanic()
267

268
	if !proceed {
269
		session.cancel()
270
271
		return
	}
272
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
273

274
	if !session.Distributed() {
Koen van Ingen's avatar
Koen van Ingen committed
275
		message, err := session.getProof()
Sietse Ringers's avatar
Sietse Ringers committed
276
		if err != nil {
277
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
278
279
280
281
			return
		}
		session.sendResponse(message)
	} else {
282
283
		var err error
		session.builders, session.issuerProofNonce, err = session.getBuilders()
Sietse Ringers's avatar
Sietse Ringers committed
284
		if err != nil {
285
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
286
		}
287
288
289
		startKeyshareSession(
			session,
			session.Handler,
290
			session.builders,
291
			session.request,
292
			session.client.Configuration,
293
			session.client.keyshareServers,
294
			session.issuerProofNonce,
295
		)
296
	}
Sietse Ringers's avatar
Sietse Ringers committed
297
}
298

Sietse Ringers's avatar
Sietse Ringers committed
299
300
type disclosureResponse string

301
302
// sendResponse sends the proofs of knowledge of the hidden attributes and/or the secret key, or the constructed
// attribute-based signature, to the API server.
303
func (session *session) sendResponse(message interface{}) {
Sietse Ringers's avatar
Sietse Ringers committed
304
	var log *LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
305
	var err error
306
307
	var messageJson []byte

308
309
	switch session.Action {
	case irma.ActionSigning:
310
		request, ok := session.request.(*irma.SignatureRequest)
311
312
313
314
315
		if !ok {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

316
317
318
319
320
321
		irmaSignature, err := request.SignatureFromMessage(message)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

322
323
324
325
326
327
328
		messageJson, err = json.Marshal(irmaSignature)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
			return
		}

		if session.IsInteractive() {
329
			var response disclosureResponse
330
			if err = session.transport.Post("proofs", &response, irmaSignature); err != nil {
331
332
333
334
335
336
337
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
338
		}
339
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
	case irma.ActionDisclosing:
		var response disclosureResponse
		if err = session.transport.Post("proofs", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
		if response != "VALID" {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
			return
		}
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
	case irma.ActionIssuing:
		response := []*gabi.IssueSignatureMessage{}
		if err = session.transport.Post("commitments", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
357
		if err = session.client.ConstructCredentials(response, session.request.(*irma.IssuanceRequest), session.builders); err != nil {
358
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
359
360
			return
		}
361
		log, _ = session.createLogEntry(message) // TODO err
362
363
	}

364
	_ = session.client.addLogEntry(log) // TODO err
365
	if session.Action == irma.ActionIssuing {
366
		session.client.handler.UpdateAttributes()
367
	}
368
	session.done = true
369
	session.Handler.Success(string(messageJson))
370
371
}

372
// managerSession performs a "session" in which a new scheme manager is added (asking for permission first).
373
func (session *session) managerSession() {
374
	defer session.recoverFromPanic()
375
376
377
378

	// We have to download the scheme manager description.xml here before installing it,
	// because we need to show its contents (name, description, website) to the user
	// when asking installation permission.
379
	manager, err := irma.DownloadSchemeManager(session.ServerURL)
380
	if err != nil {
381
		session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
382
383
		return
	}
384

385
	session.Handler.RequestSchemeManagerPermission(manager, func(proceed bool) {
386
		if !proceed {
387
			session.Handler.Cancelled() // No need to DELETE session here
388
389
			return
		}
390
		if err := session.client.Configuration.InstallSchemeManager(manager); err != nil {
391
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
392
393
			return
		}
394
395

		// Update state and inform user of success
396
		session.client.handler.UpdateConfiguration(
397
398
399
400
			&irma.IrmaIdentifierSet{
				SchemeManagers:  map[irma.SchemeManagerIdentifier]struct{}{manager.Identifier(): {}},
				Issuers:         map[irma.IssuerIdentifier]struct{}{},
				CredentialTypes: map[irma.CredentialTypeIdentifier]struct{}{},
Sietse Ringers's avatar
Sietse Ringers committed
401
402
			},
		)
403
		session.Handler.Success("")
404
405
406
	})
	return
}
407

408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
// Response calculation methods

// getBuilders computes the builders for disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively).
func (session *session) getBuilders() (gabi.ProofBuilderList, *big.Int, error) {
	var builders gabi.ProofBuilderList
	var err error

	var issuerProofNonce *big.Int
	switch session.Action {
	case irma.ActionSigning:
		builders, err = session.client.ProofBuilders(session.choice, session.request, true)
	case irma.ActionDisclosing:
		builders, err = session.client.ProofBuilders(session.choice, session.request, false)
	case irma.ActionIssuing:
		builders, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
	}

	return builders, issuerProofNonce, err
}

// getProofs computes the disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively) to be sent to the server.
func (session *session) getProof() (interface{}, error) {
	var message interface{}
	var err error

	switch session.Action {
	case irma.ActionSigning:
		message, err = session.client.Proofs(session.choice, session.request, true)
	case irma.ActionDisclosing:
		message, err = session.client.Proofs(session.choice, session.request, false)
	case irma.ActionIssuing:
		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
	}

	return message, err
}

// Helper functions

func calcVersion(qr *irma.Qr) (*irma.ProtocolVersion, error) {
	// Iterate supportedVersions in reverse sorted order (i.e. biggest major number first)
	keys := make([]int, 0, len(supportedVersions))
	for k := range supportedVersions {
		keys = append(keys, k)
	}
	sort.Sort(sort.Reverse(sort.IntSlice(keys)))
	for _, major := range keys {
		for _, minor := range supportedVersions[major] {
			aboveMinimum := major > qr.ProtocolVersion.Major || (major == qr.ProtocolVersion.Major && minor >= qr.ProtocolVersion.Minor)
			underMaximum := major < qr.ProtocolMaxVersion.Major || (major == qr.ProtocolMaxVersion.Major && minor <= qr.ProtocolMaxVersion.Minor)
			if aboveMinimum && underMaximum {
				return irma.NewVersion(major, minor), nil
			}
		}
	}
	return nil, fmt.Errorf("No supported protocol version between %s and %s", qr.ProtocolVersion.String(), qr.ProtocolMaxVersion.String())
}

// checkKeyshareEnrollment checks if we are enrolled into all involved keyshare servers,
// and aborts the session if not
func (session *session) checkKeyshareEnrollment() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, ok := session.client.Configuration.SchemeManagers[id]
		if !ok {
474
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorUnknownSchemeManager, Info: id.String()})
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
			return false
		}
		distributed := manager.Distributed()
		_, enrolled := session.client.keyshareServers[id]
		if distributed && !enrolled {
			session.Handler.KeyshareEnrollmentMissing(id)
			return false
		}
	}
	return true
}

func (session *session) checkAndUpateConfiguration() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, contains := session.client.Configuration.SchemeManagers[id]
		if !contains {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorUnknownSchemeManager,
				Info:      id.String(),
			})
			return false
		}
		if !manager.Valid {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorInvalidSchemeManager,
				Info:      string(manager.Status),
			})
			return false
		}
	}

	// Check if we are enrolled into all involved keyshare servers
	if !session.checkKeyshareEnrollment() {
		return false
	}

	// Download missing credential types/issuers/public keys from the scheme manager
	downloaded, err := session.client.Configuration.Download(session.request)
	if err != nil {
		session.fail(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
		return false
	}
	if downloaded != nil && !downloaded.Empty() {
		session.client.handler.UpdateConfiguration(downloaded)
	}
	return true
}

// IsInteractive returns whether this session uses an API server or not.
func (session *session) IsInteractive() bool {
	return session.ServerURL != ""
}

// Distributed returns whether or not this session involves a keyshare server.
func (session *session) Distributed() bool {
	var smi irma.SchemeManagerIdentifier
	if session.Action == irma.ActionIssuing {
		for _, credreq := range session.request.(*irma.IssuanceRequest).Credentials {
			smi = credreq.CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
			if session.client.Configuration.SchemeManagers[smi].Distributed() {
				return true
			}
		}
	}

	if session.choice == nil || session.choice.Attributes == nil {
		return false
	}

	for _, ai := range session.choice.Attributes {
		smi = ai.Type.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()
		if session.client.Configuration.SchemeManagers[smi].Distributed() {
			return true
		}
	}

	return false
}

554
555
// Session lifetime functions

556
557
558
func (session *session) recoverFromPanic() {
	if e := recover(); e != nil {
		if session.Handler != nil {
559
			session.Handler.Failure(panicToError(e))
560
561
562
563
		}
	}
}

564
565
566
567
568
569
570
571
572
573
func panicToError(e interface{}) *irma.SessionError {
	var info string
	switch x := e.(type) {
	case string:
		info = x
	case error:
		info = x.Error()
	case fmt.Stringer:
		info = x.String()
	default: // nop
574
	}
575
	fmt.Println("Panic: " + info)
576
	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info}
577
578
579
}

// Idempotently send DELETE to remote server, returning whether or not we did something
580
func (session *session) delete() bool {
581
	if !session.done {
582
583
584
		if session.IsInteractive() {
			session.transport.Delete()
		}
585
		session.done = true
586
587
588
589
590
		return true
	}
	return false
}

591
func (session *session) fail(err *irma.SessionError) {
592
593
	if session.delete() {
		err.Err = errors.Wrap(err.Err, 0)
594
		session.Handler.Failure(err)
595
596
597
	}
}

598
func (session *session) cancel() {
599
	if session.delete() {
600
		session.Handler.Cancelled()
601
602
603
	}
}

604
func (session *session) Dismiss() {
605
606
	session.cancel()
}
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647

// Keyshare session handler methods

func (session *session) KeyshareDone(message interface{}) {
	session.sendResponse(message)
}

func (session *session) KeyshareCancelled() {
	session.cancel()
}

func (session *session) KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentIncomplete(manager)
}

func (session *session) KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentDeleted(manager)
}

func (session *session) KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int) {
	session.Handler.KeyshareBlocked(manager, duration)
}

func (session *session) KeyshareError(manager *irma.SchemeManagerIdentifier, err error) {
	var serr *irma.SessionError
	var ok bool
	if serr, ok = err.(*irma.SessionError); !ok {
		serr = &irma.SessionError{ErrorType: irma.ErrorKeyshare, Err: err}
	} else {
		serr.ErrorType = irma.ErrorKeyshare
	}
	session.fail(serr)
}

func (session *session) KeysharePin() {
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
}

func (session *session) KeysharePinOK() {
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
}