session.go 20.5 KB
Newer Older
1
package irmaclient
2
3

import (
Koen van Ingen's avatar
Koen van Ingen committed
4
	"encoding/json"
Sietse Ringers's avatar
Sietse Ringers committed
5
	"fmt"
6
	"net/url"
7
8
	"strings"

9
	"github.com/go-errors/errors"
10
11
	"github.com/privacybydesign/gabi"
	"github.com/privacybydesign/gabi/big"
12
	"github.com/privacybydesign/irmago"
13
14
)

Sietse Ringers's avatar
Sietse Ringers committed
15
16
17
// This file contains the logic and state of performing IRMA sessions, communicates
// with IRMA API servers, and uses the calling Client to construct messages and replies
// in the IRMA protocol.
Sietse Ringers's avatar
Sietse Ringers committed
18

Sietse Ringers's avatar
Sietse Ringers committed
19
20
// PermissionHandler is a callback for providing permission for an IRMA session
// and specifying the attributes to be disclosed.
21
type PermissionHandler func(proceed bool, choice *irma.DisclosureChoice)
22

Sietse Ringers's avatar
Sietse Ringers committed
23
// PinHandler is used to provide the user's PIN code.
24
25
type PinHandler func(proceed bool, pin string)

26
27
// A Handler contains callbacks for communication to the user.
type Handler interface {
28
	StatusUpdate(action irma.Action, status irma.Status)
29
30
31
	Success(result string)
	Cancelled()
	Failure(err *irma.SessionError)
32
	UnsatisfiableRequest(ServerName irma.TranslatedString, missing irma.AttributeDisjunctionList)
33
34

	KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int)
35
	KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier)
36
	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
37
	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
38

39
40
41
	RequestIssuancePermission(request irma.IssuanceRequest, ServerName irma.TranslatedString, callback PermissionHandler)
	RequestVerificationPermission(request irma.DisclosureRequest, ServerName irma.TranslatedString, callback PermissionHandler)
	RequestSignaturePermission(request irma.SignatureRequest, ServerName irma.TranslatedString, callback PermissionHandler)
42
	RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
Sietse Ringers's avatar
Sietse Ringers committed
43

44
	RequestPin(remainingAttempts int, callback PinHandler)
45
46
}

Sietse Ringers's avatar
Sietse Ringers committed
47
// SessionDismisser can dismiss the current IRMA session.
48
49
50
51
type SessionDismisser interface {
	Dismiss()
}

Sietse Ringers's avatar
Sietse Ringers committed
52
type session struct {
53
54
55
56
	Action     irma.Action
	Handler    Handler
	Version    *irma.ProtocolVersion
	ServerName string
57

58
59
60
61
62
	choice      *irma.DisclosureChoice
	attrIndices irma.DisclosedAttributeIndices
	client      *Client
	request     irma.SessionRequest
	done        bool
63

64
65
66
67
	// State for issuance protocol
	issuerProofNonce *big.Int
	builders         gabi.ProofBuilderList

68
	// These are empty on manual sessions
69
	ServerURL string
Koen van Ingen's avatar
Koen van Ingen committed
70
	transport *irma.HTTPTransport
71
72
}

73
// We implement the handler for the keyshare protocol
74
var _ keyshareSessionHandler = (*session)(nil)
75

76
77
// Supported protocol versions. Minor version numbers should be reverse sorted.
var supportedVersions = map[int][]int{
Sietse Ringers's avatar
Sietse Ringers committed
78
	2: {4},
79
}
Sietse Ringers's avatar
Sietse Ringers committed
80
81
82
var minVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][0]}
var maxVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][len(supportedVersions[2])-1]}

83
// Session constructors
84

85
86
// NewSession starts a new IRMA session, given (along with a handler to pass feedback to) a session request.
// When the request is not suitable to start an IRMA session from, it calls the Failure method of the specified Handler.
87
88
89
90
91
92
93
94
func (client *Client) NewSession(sessionrequest string, handler Handler) SessionDismisser {
	bts := []byte(sessionrequest)

	qr := &irma.Qr{}
	if err := irma.UnmarshalValidate(bts, qr); err == nil {
		return client.newQrSession(qr, handler)
	}

95
96
97
98
99
100
101
	schemeRequest := &irma.SchemeManagerRequest{}
	if err := irma.UnmarshalValidate(bts, schemeRequest); err == nil {
		return client.newSchemeSession(schemeRequest, handler)
	}

	sigRequest := &irma.SignatureRequest{}
	if err := irma.UnmarshalValidate(bts, sigRequest); err == nil {
102
103
104
105
106
107
		return client.newManualSession(sigRequest, handler, irma.ActionSigning)
	}

	disclosureRequest := &irma.DisclosureRequest{}
	if err := irma.UnmarshalValidate(bts, disclosureRequest); err == nil {
		return client.newManualSession(disclosureRequest, handler, irma.ActionDisclosing)
Koen van Ingen's avatar
Koen van Ingen committed
108
109
	}

110
	handler.Failure(&irma.SessionError{Err: errors.New("Session request could not be parsed"), Info: sessionrequest})
111
112
113
114
	return nil
}

// newManualSession starts a manual session, given a signature request in JSON and a handler to pass messages to
115
func (client *Client) newManualSession(request irma.SessionRequest, handler Handler, action irma.Action) SessionDismisser {
116
	session := &session{
117
		Action:     action,
118
119
		Handler:    handler,
		client:     client,
Sietse Ringers's avatar
Sietse Ringers committed
120
		Version:    minVersion,
121
122
		ServerName: "",
		request:    request,
Koen van Ingen's avatar
Koen van Ingen committed
123
	}
124
	session.Handler.StatusUpdate(session.Action, irma.StatusManualStarted)
Koen van Ingen's avatar
Koen van Ingen committed
125

126
	session.processSessionInfo()
127
	return session
128
129
}

130
131
132
133
134
135
136
137
138
139
140
141
142
143
func (client *Client) newSchemeSession(qr *irma.SchemeManagerRequest, handler Handler) SessionDismisser {
	session := &session{
		ServerURL: qr.URL,
		transport: irma.NewHTTPTransport(qr.URL),
		Action:    irma.ActionSchemeManager,
		Handler:   handler,
		client:    client,
	}
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)

	go session.managerSession()
	return session
}

144
145
// newQrSession creates and starts a new interactive IRMA session
func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisser {
146
	u, _ := url.ParseRequestURI(qr.URL) // Qr validator already checked this for errors
147
	session := &session{
148
149
150
151
152
153
		ServerURL:  qr.URL,
		ServerName: u.Hostname(),
		transport:  irma.NewHTTPTransport(qr.URL),
		Action:     irma.Action(qr.Type),
		Handler:    handler,
		client:     client,
154
	}
155
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
156

157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
	// Check if the action is one of the supported types
	switch session.Action {
	case irma.ActionDisclosing:
		session.request = &irma.DisclosureRequest{}
	case irma.ActionSigning:
		session.request = &irma.SignatureRequest{}
	case irma.ActionIssuing:
		session.request = &irma.IssuanceRequest{}
	case irma.ActionUnknown:
		fallthrough
	default:
		session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownAction, Info: string(session.Action)})
		return nil
	}

172
173
	session.transport.SetHeader(irma.MinVersionHeader, minVersion.String())
	session.transport.SetHeader(irma.MaxVersionHeader, maxVersion.String())
174
175
176
	if !strings.HasSuffix(session.ServerURL, "/") {
		session.ServerURL += "/"
	}
177

Sietse Ringers's avatar
Sietse Ringers committed
178
	go session.getSessionInfo()
179
	return session
180
181
}

182
183
// Core session methods

184
// getSessionInfo retrieves the first message in the IRMA protocol (only in interactive sessions)
Sietse Ringers's avatar
Sietse Ringers committed
185
186
func (session *session) getSessionInfo() {
	defer session.recoverFromPanic()
187

188
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
189

Sietse Ringers's avatar
Sietse Ringers committed
190
	// Get the first IRMA protocol message and parse it
191
	err := session.transport.Get("", session.request)
Sietse Ringers's avatar
Sietse Ringers committed
192
	if err != nil {
193
		session.fail(err.(*irma.SessionError))
Sietse Ringers's avatar
Sietse Ringers committed
194
195
		return
	}
196

197
	session.processSessionInfo()
198
199
200
201
}

// processSessionInfo continues the session after all session state has been received:
// it checks if the session can be performed and asks the user for consent.
202
func (session *session) processSessionInfo() {
203
204
	defer session.recoverFromPanic()

205
	if !session.checkAndUpateConfiguration() {
206
207
208
		return
	}

209
210
211
212
213
214
215
216
	confirmedProtocolVersion := session.request.GetVersion()
	if confirmedProtocolVersion != nil {
		session.Version = confirmedProtocolVersion
	} else {
		session.Version = irma.NewVersion(2, 0)
		session.request.SetVersion(session.Version)
	}

217
	if session.Action == irma.ActionIssuing {
218
		ir := session.request.(*irma.IssuanceRequest)
Tomas's avatar
Tomas committed
219
220
221
222
223
224
225
		_, err := ir.GetCredentialInfoList(session.client.Configuration, session.Version)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownCredentialType, Err: err})
			return
		}

		// Calculate singleton credentials to be removed
226
		ir.RemovalCredentialInfoList = irma.CredentialInfoList{}
Sietse Ringers's avatar
Sietse Ringers committed
227
		for _, credreq := range ir.Credentials {
228
			preexistingCredentials := session.client.attrs(credreq.CredentialTypeID)
229
230
231
			if len(preexistingCredentials) != 0 && preexistingCredentials[0].IsValid() && preexistingCredentials[0].CredentialType().IsSingleton {
				ir.RemovalCredentialInfoList = append(ir.RemovalCredentialInfoList, preexistingCredentials[0].Info())
			}
232
233
234
		}
	}

235
	serverName := irma.NewTranslatedString(&session.ServerName)
236
	candidates, missing := session.client.CheckSatisfiability(session.request.ToDisclose())
237
	if len(missing) > 0 {
238
		session.Handler.UnsatisfiableRequest(serverName, missing)
239
240
		return
	}
241
	session.request.SetCandidates(candidates)
242

Sietse Ringers's avatar
Sietse Ringers committed
243
	// Ask for permission to execute the session
244
	callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
Sietse Ringers's avatar
Sietse Ringers committed
245
		session.choice = choice
246
		session.request.SetDisclosureChoice(choice)
Sietse Ringers's avatar
Sietse Ringers committed
247
		go session.doSession(proceed)
248
	})
249
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
250
	switch session.Action {
251
	case irma.ActionDisclosing:
252
		session.Handler.RequestVerificationPermission(
253
			*session.request.(*irma.DisclosureRequest), serverName, callback)
254
	case irma.ActionSigning:
255
		session.Handler.RequestSignaturePermission(
256
			*session.request.(*irma.SignatureRequest), serverName, callback)
257
	case irma.ActionIssuing:
258
		session.Handler.RequestIssuancePermission(
259
			*session.request.(*irma.IssuanceRequest), serverName, callback)
260
261
262
263
264
	default:
		panic("Invalid session type") // does not happen, session.Action has been checked earlier
	}
}

265
266
267
// doSession performs the session: it computes all proofs of knowledge, constructs credentials in case of issuance,
// asks for the pin and performs the keyshare session, and finishes the session by either POSTing the result to the
// API server or returning it to the caller (in case of interactive and noninteractive sessions, respectively).
Sietse Ringers's avatar
Sietse Ringers committed
268
269
func (session *session) doSession(proceed bool) {
	defer session.recoverFromPanic()
270

271
	if !proceed {
272
		session.cancel()
273
274
		return
	}
275
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
276

277
	if !session.Distributed() {
Koen van Ingen's avatar
Koen van Ingen committed
278
		message, err := session.getProof()
Sietse Ringers's avatar
Sietse Ringers committed
279
		if err != nil {
280
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
281
282
283
284
			return
		}
		session.sendResponse(message)
	} else {
285
		var err error
286
		session.builders, session.attrIndices, session.issuerProofNonce, err = session.getBuilders()
Sietse Ringers's avatar
Sietse Ringers committed
287
		if err != nil {
288
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
289
		}
290
291
292
		startKeyshareSession(
			session,
			session.Handler,
293
			session.builders,
294
			session.request,
295
			session.client.Configuration,
296
			session.client.keyshareServers,
297
			session.issuerProofNonce,
298
		)
299
	}
Sietse Ringers's avatar
Sietse Ringers committed
300
}
301

Sietse Ringers's avatar
Sietse Ringers committed
302
303
type disclosureResponse string

304
305
// sendResponse sends the proofs of knowledge of the hidden attributes and/or the secret key, or the constructed
// attribute-based signature, to the API server.
306
func (session *session) sendResponse(message interface{}) {
Sietse Ringers's avatar
Sietse Ringers committed
307
	var log *LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
308
	var err error
309
310
	var messageJson []byte

311
312
	switch session.Action {
	case irma.ActionSigning:
313
		irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message)
314
315
316
317
318
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

319
320
321
322
323
324
325
		messageJson, err = json.Marshal(irmaSignature)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
			return
		}

		if session.IsInteractive() {
326
			var response disclosureResponse
327
			if err = session.transport.Post("proofs", &response, irmaSignature); err != nil {
328
329
330
331
332
333
334
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
335
		}
336
		log, _ = session.createLogEntry(message) // TODO err
337
	case irma.ActionDisclosing:
338
339
340
		messageJson, err = json.Marshal(message)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
341
342
			return
		}
343
344
345
346
347
348
349
350
351
352
		if session.IsInteractive() {
			var response disclosureResponse
			if err = session.transport.Post("proofs", &response, message); err != nil {
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
353
		}
354
		log, _ = session.createLogEntry(message) // TODO err
355
356
357
358
359
360
	case irma.ActionIssuing:
		response := []*gabi.IssueSignatureMessage{}
		if err = session.transport.Post("commitments", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
361
		if err = session.client.ConstructCredentials(response, session.request.(*irma.IssuanceRequest), session.builders); err != nil {
362
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
363
364
			return
		}
365
		log, _ = session.createLogEntry(message) // TODO err
366
367
	}

368
	_ = session.client.addLogEntry(log) // TODO err
369
	if session.Action == irma.ActionIssuing {
370
		session.client.handler.UpdateAttributes()
371
	}
372
	session.done = true
373
	session.Handler.Success(string(messageJson))
374
375
}

376
// managerSession performs a "session" in which a new scheme manager is added (asking for permission first).
377
func (session *session) managerSession() {
378
	defer session.recoverFromPanic()
379
380
381
382

	// We have to download the scheme manager description.xml here before installing it,
	// because we need to show its contents (name, description, website) to the user
	// when asking installation permission.
383
	manager, err := irma.DownloadSchemeManager(session.ServerURL)
384
	if err != nil {
385
		session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
386
387
		return
	}
388

389
	session.Handler.RequestSchemeManagerPermission(manager, func(proceed bool) {
390
		if !proceed {
391
			session.Handler.Cancelled() // No need to DELETE session here
392
393
			return
		}
394
		if err := session.client.Configuration.InstallSchemeManager(manager, nil); err != nil {
395
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
396
397
			return
		}
398
399

		// Update state and inform user of success
400
		session.client.handler.UpdateConfiguration(
401
402
403
404
			&irma.IrmaIdentifierSet{
				SchemeManagers:  map[irma.SchemeManagerIdentifier]struct{}{manager.Identifier(): {}},
				Issuers:         map[irma.IssuerIdentifier]struct{}{},
				CredentialTypes: map[irma.CredentialTypeIdentifier]struct{}{},
Sietse Ringers's avatar
Sietse Ringers committed
405
406
			},
		)
407
		session.Handler.Success("")
408
409
410
	})
	return
}
411

412
413
414
415
// Response calculation methods

// getBuilders computes the builders for disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively).
416
func (session *session) getBuilders() (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *big.Int, error) {
417
418
419
	var builders gabi.ProofBuilderList
	var err error
	var issuerProofNonce *big.Int
420
421
	var choices irma.DisclosedAttributeIndices

422
423
	switch session.Action {
	case irma.ActionSigning:
424
		builders, choices, err = session.client.ProofBuilders(session.choice, session.request, true)
425
	case irma.ActionDisclosing:
426
		builders, choices, err = session.client.ProofBuilders(session.choice, session.request, false)
427
	case irma.ActionIssuing:
428
		builders, choices, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
429
430
	}

431
	return builders, choices, issuerProofNonce, err
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
}

// getProofs computes the disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively) to be sent to the server.
func (session *session) getProof() (interface{}, error) {
	var message interface{}
	var err error

	switch session.Action {
	case irma.ActionSigning:
		message, err = session.client.Proofs(session.choice, session.request, true)
	case irma.ActionDisclosing:
		message, err = session.client.Proofs(session.choice, session.request, false)
	case irma.ActionIssuing:
		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
	}

	return message, err
}

// Helper functions

// checkKeyshareEnrollment checks if we are enrolled into all involved keyshare servers,
// and aborts the session if not
func (session *session) checkKeyshareEnrollment() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, ok := session.client.Configuration.SchemeManagers[id]
		if !ok {
460
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorUnknownSchemeManager, Info: id.String()})
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
			return false
		}
		distributed := manager.Distributed()
		_, enrolled := session.client.keyshareServers[id]
		if distributed && !enrolled {
			session.Handler.KeyshareEnrollmentMissing(id)
			return false
		}
	}
	return true
}

func (session *session) checkAndUpateConfiguration() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, contains := session.client.Configuration.SchemeManagers[id]
		if !contains {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorUnknownSchemeManager,
				Info:      id.String(),
			})
			return false
		}
		if !manager.Valid {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorInvalidSchemeManager,
				Info:      string(manager.Status),
			})
			return false
		}
	}

	// Check if we are enrolled into all involved keyshare servers
	if !session.checkKeyshareEnrollment() {
		return false
	}

	// Download missing credential types/issuers/public keys from the scheme manager
	downloaded, err := session.client.Configuration.Download(session.request)
	if err != nil {
		session.fail(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
		return false
	}
	if downloaded != nil && !downloaded.Empty() {
		session.client.handler.UpdateConfiguration(downloaded)
	}
	return true
}

// IsInteractive returns whether this session uses an API server or not.
func (session *session) IsInteractive() bool {
	return session.ServerURL != ""
}

// Distributed returns whether or not this session involves a keyshare server.
func (session *session) Distributed() bool {
	var smi irma.SchemeManagerIdentifier
	if session.Action == irma.ActionIssuing {
		for _, credreq := range session.request.(*irma.IssuanceRequest).Credentials {
			smi = credreq.CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
			if session.client.Configuration.SchemeManagers[smi].Distributed() {
				return true
			}
		}
	}

	if session.choice == nil || session.choice.Attributes == nil {
		return false
	}

	for _, ai := range session.choice.Attributes {
		smi = ai.Type.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()
		if session.client.Configuration.SchemeManagers[smi].Distributed() {
			return true
		}
	}

	return false
}

540
541
// Session lifetime functions

542
543
544
func (session *session) recoverFromPanic() {
	if e := recover(); e != nil {
		if session.Handler != nil {
545
			session.Handler.Failure(panicToError(e))
546
547
548
549
		}
	}
}

550
551
552
553
554
555
556
557
558
559
func panicToError(e interface{}) *irma.SessionError {
	var info string
	switch x := e.(type) {
	case string:
		info = x
	case error:
		info = x.Error()
	case fmt.Stringer:
		info = x.String()
	default: // nop
560
	}
561
	fmt.Println("Panic: " + info)
562
	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info}
563
564
565
}

// Idempotently send DELETE to remote server, returning whether or not we did something
566
func (session *session) delete() bool {
567
	if !session.done {
568
569
570
		if session.IsInteractive() {
			session.transport.Delete()
		}
571
		session.done = true
572
573
574
575
576
		return true
	}
	return false
}

577
func (session *session) fail(err *irma.SessionError) {
578
579
	if session.delete() {
		err.Err = errors.Wrap(err.Err, 0)
580
		session.Handler.Failure(err)
581
582
583
	}
}

584
func (session *session) cancel() {
585
	if session.delete() {
586
		session.Handler.Cancelled()
587
588
589
	}
}

590
func (session *session) Dismiss() {
591
592
	session.cancel()
}
593
594
595
596

// Keyshare session handler methods

func (session *session) KeyshareDone(message interface{}) {
597
598
599
600
601
602
603
604
605
606
607
608
609
610
	switch session.Action {
	case irma.ActionSigning:
		fallthrough
	case irma.ActionDisclosing:
		session.sendResponse(&irma.Disclosure{
			Proofs:  message.(gabi.ProofList),
			Indices: session.attrIndices,
		})
	case irma.ActionIssuing:
		session.sendResponse(&irma.IssueCommitmentMessage{
			IssueCommitmentMessage: message.(*gabi.IssueCommitmentMessage),
			Indices:                session.attrIndices,
		})
	}
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
}

func (session *session) KeyshareCancelled() {
	session.cancel()
}

func (session *session) KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentIncomplete(manager)
}

func (session *session) KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentDeleted(manager)
}

func (session *session) KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int) {
	session.Handler.KeyshareBlocked(manager, duration)
}

func (session *session) KeyshareError(manager *irma.SchemeManagerIdentifier, err error) {
	var serr *irma.SessionError
	var ok bool
	if serr, ok = err.(*irma.SessionError); !ok {
		serr = &irma.SessionError{ErrorType: irma.ErrorKeyshare, Err: err}
	} else {
		serr.ErrorType = irma.ErrorKeyshare
	}
	session.fail(serr)
}

func (session *session) KeysharePin() {
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
}

func (session *session) KeysharePinOK() {
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
}