session.go 20.9 KB
Newer Older
1
package irmaclient
2
3

import (
Koen van Ingen's avatar
Koen van Ingen committed
4
	"encoding/json"
Sietse Ringers's avatar
Sietse Ringers committed
5
6
	"fmt"
	"sort"
7
8
	"strings"

9
10
	"math/big"

11
	"github.com/go-errors/errors"
12
	"github.com/mhe/gabi"
13
	"github.com/privacybydesign/irmago"
14
15
)

Sietse Ringers's avatar
Sietse Ringers committed
16
17
18
// This file contains the logic and state of performing IRMA sessions, communicates
// with IRMA API servers, and uses the calling Client to construct messages and replies
// in the IRMA protocol.
Sietse Ringers's avatar
Sietse Ringers committed
19

Sietse Ringers's avatar
Sietse Ringers committed
20
21
// PermissionHandler is a callback for providing permission for an IRMA session
// and specifying the attributes to be disclosed.
22
type PermissionHandler func(proceed bool, choice *irma.DisclosureChoice)
23

Sietse Ringers's avatar
Sietse Ringers committed
24
// PinHandler is used to provide the user's PIN code.
25
26
type PinHandler func(proceed bool, pin string)

27
28
// A Handler contains callbacks for communication to the user.
type Handler interface {
29
	StatusUpdate(action irma.Action, status irma.Status)
30
	Success(action irma.Action, result string)
31
32
	Cancelled(action irma.Action)
	Failure(action irma.Action, err *irma.SessionError)
33
	UnsatisfiableRequest(action irma.Action, ServerName string, missing irma.AttributeDisjunctionList)
34
35

	KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int)
36
	KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier)
37
	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
38
	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
39
40
41
42
43

	RequestIssuancePermission(request irma.IssuanceRequest, ServerName string, callback PermissionHandler)
	RequestVerificationPermission(request irma.DisclosureRequest, ServerName string, callback PermissionHandler)
	RequestSignaturePermission(request irma.SignatureRequest, ServerName string, callback PermissionHandler)
	RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
Sietse Ringers's avatar
Sietse Ringers committed
44

45
	RequestPin(remainingAttempts int, callback PinHandler)
46
47
}

Sietse Ringers's avatar
Sietse Ringers committed
48
// SessionDismisser can dismiss the current IRMA session.
49
50
51
52
type SessionDismisser interface {
	Dismiss()
}

Sietse Ringers's avatar
Sietse Ringers committed
53
type session struct {
Koen van Ingen's avatar
Koen van Ingen committed
54
55
	Action  irma.Action
	Handler Handler
56
	Version *irma.ProtocolVersion
57

58
59
60
61
	choice  *irma.DisclosureChoice
	client  *Client
	request irma.SessionRequest
	done    bool
62

63
64
65
66
	// State for issuance protocol
	issuerProofNonce *big.Int
	builders         gabi.ProofBuilderList

67
	// These are empty on manual sessions
68
	ServerURL string
Koen van Ingen's avatar
Koen van Ingen committed
69
	transport *irma.HTTPTransport
70
71
}

72
// We implement the handler for the keyshare protocol
73
var _ keyshareSessionHandler = (*session)(nil)
74

75
76
// Supported protocol versions. Minor version numbers should be reverse sorted.
var supportedVersions = map[int][]int{
77
	2: {4, 3, 2, 1},
78
79
}

80
// Session constructors
81

82
// NewSession starts a new IRMA session, given (along with a handler to pass feedback to)
83
// either an irma.QR or *irma.QR; a string that contains a JSON-serialized irma.QR;
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
// or a string that contains a serialized *irma.SignatureRequest.
// In any other case it calls the Failure method of the specified Handler.
func (client *Client) NewSession(info interface{}, handler Handler) SessionDismisser {
	parsed := map[string]interface{}{}

	switch x := info.(type) {
	case *irma.Qr: // Just start the session directly
		return client.newQrSession(x, handler)
	case irma.Qr:
		return client.newQrSession(&x, handler)

	// We assume the string contains a JSON object
	// Deserialize it into a temp to see which fields it contains, and infer from that what kind of object it is
	case string:
		bts := []byte(x)
		if err := json.Unmarshal(bts, &parsed); err != nil {
			handler.Failure(irma.ActionUnknown, &irma.SessionError{Err: err})
			return nil
		}

		if _, isqr := parsed["irmaqr"]; isqr {
			qr := &irma.Qr{}
			if err := json.Unmarshal(bts, qr); err != nil {
				handler.Failure(irma.ActionUnknown, &irma.SessionError{Err: err})
				return nil
			}
			return client.newQrSession(qr, handler)
		}

		if _, isSigRequest := parsed["message"]; isSigRequest {
			sigrequest := &irma.SignatureRequest{}
			if err := json.Unmarshal([]byte(x), sigrequest); err != nil {
				handler.Failure(irma.ActionUnknown, &irma.SessionError{Err: err})
				return nil
			}
			return client.newManualSession(sigrequest, handler)
		}
Koen van Ingen's avatar
Koen van Ingen committed
121
122
	}

123
124
125
126
127
128
	handler.Failure(irma.ActionUnknown, &irma.SessionError{Err: errors.New("Info specified of unsupported type")})
	return nil
}

// newManualSession starts a manual session, given a signature request in JSON and a handler to pass messages to
func (client *Client) newManualSession(sigrequest *irma.SignatureRequest, handler Handler) SessionDismisser {
129
	session := &session{
130
131
132
133
134
		Action:  irma.ActionSigning, // TODO hardcoded for now
		Handler: handler,
		client:  client,
		Version: irma.NewVersion(2, 0), // TODO hardcoded for now
		request: sigrequest,
Koen van Ingen's avatar
Koen van Ingen committed
135
136
	}

137
	sigrequest.RequestorName = "Email request"
Koen van Ingen's avatar
Koen van Ingen committed
138
	session.Handler.StatusUpdate(session.Action, irma.StatusManualStarted)
139
	session.processSessionInfo()
140
	return session
141
142
}

143
144
// newQrSession creates and starts a new interactive IRMA session
func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisser {
145
	session := &session{
146
		ServerURL: qr.URL,
147
		transport: irma.NewHTTPTransport(qr.URL),
148
149
150
		Action:    irma.Action(qr.Type),
		Handler:   handler,
		client:    client,
151
	}
152
153
154
155
156
157

	if session.Action == irma.ActionSchemeManager {
		go session.managerSession()
		return session
	}

158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
	// Check if the action is one of the supported types
	switch session.Action {
	case irma.ActionDisclosing:
		session.request = &irma.DisclosureRequest{}
	case irma.ActionSigning:
		session.request = &irma.SignatureRequest{}
	case irma.ActionIssuing:
		session.request = &irma.IssuanceRequest{}
	case irma.ActionUnknown:
		fallthrough
	default:
		session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownAction, Info: string(session.Action)})
		return nil
	}

173
174
	version, err := calcVersion(qr)
	if err != nil {
175
		session.fail(&irma.SessionError{ErrorType: irma.ErrorProtocolVersionNotSupported, Err: err})
176
		return nil
177
	}
178
179
	session.Version = version
	session.transport.SetHeader("X-IRMA-ProtocolVersion", version.String())
180
181
182
	if !strings.HasSuffix(session.ServerURL, "/") {
		session.ServerURL += "/"
	}
183

Sietse Ringers's avatar
Sietse Ringers committed
184
	go session.getSessionInfo()
185
	return session
186
187
}

188
189
// Core session methods

190
// getSessionInfo retrieves the first message in the IRMA protocol (only in interactive sessions)
Sietse Ringers's avatar
Sietse Ringers committed
191
192
func (session *session) getSessionInfo() {
	defer session.recoverFromPanic()
193

194
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
195

Sietse Ringers's avatar
Sietse Ringers committed
196
	// Get the first IRMA protocol message and parse it
197
	err := session.transport.Get("", session.request)
Sietse Ringers's avatar
Sietse Ringers committed
198
	if err != nil {
199
		session.fail(err.(*irma.SessionError))
Sietse Ringers's avatar
Sietse Ringers committed
200
201
		return
	}
202

203
	session.processSessionInfo()
204
205
206
207
}

// processSessionInfo continues the session after all session state has been received:
// it checks if the session can be performed and asks the user for consent.
208
func (session *session) processSessionInfo() {
209
210
	defer session.recoverFromPanic()

211
	if !session.checkAndUpateConfiguration() {
212
213
214
		return
	}

215
216
217
218
219
220
221
222
	confirmedProtocolVersion := session.request.GetVersion()
	if confirmedProtocolVersion != nil {
		session.Version = confirmedProtocolVersion
	} else {
		session.Version = irma.NewVersion(2, 0)
		session.request.SetVersion(session.Version)
	}

223
	if session.Action == irma.ActionIssuing {
224
		ir := session.request.(*irma.IssuanceRequest)
Tomas's avatar
Tomas committed
225
226
227
228
229
230
231
		_, err := ir.GetCredentialInfoList(session.client.Configuration, session.Version)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownCredentialType, Err: err})
			return
		}

		// Calculate singleton credentials to be removed
Sietse Ringers's avatar
Sietse Ringers committed
232
		for _, credreq := range ir.Credentials {
233
234
235
236
			preexistingCredentials := session.client.attrs(*credreq.CredentialTypeID)
			if len(preexistingCredentials) != 0 && preexistingCredentials[0].IsValid() && preexistingCredentials[0].CredentialType().IsSingleton {
				ir.RemovalCredentialInfoList = append(ir.RemovalCredentialInfoList, preexistingCredentials[0].Info())
			}
237
238
239
		}
	}

240
	candidates, missing := session.client.CheckSatisfiability(session.request.ToDisclose())
241
	if len(missing) > 0 {
242
		session.Handler.UnsatisfiableRequest(session.Action, session.request.GetRequestorName(), missing)
243
244
		return
	}
245
	session.request.SetCandidates(candidates)
246

Sietse Ringers's avatar
Sietse Ringers committed
247
	// Ask for permission to execute the session
248
	callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
Sietse Ringers's avatar
Sietse Ringers committed
249
		session.choice = choice
250
		session.request.SetDisclosureChoice(choice)
Sietse Ringers's avatar
Sietse Ringers committed
251
		go session.doSession(proceed)
252
	})
253
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
254
	switch session.Action {
255
	case irma.ActionDisclosing:
256
		session.Handler.RequestVerificationPermission(
257
			*session.request.(*irma.DisclosureRequest), session.request.GetRequestorName(), callback)
258
	case irma.ActionSigning:
259
		session.Handler.RequestSignaturePermission(
260
			*session.request.(*irma.SignatureRequest), session.request.GetRequestorName(), callback)
261
	case irma.ActionIssuing:
262
		session.Handler.RequestIssuancePermission(
263
			*session.request.(*irma.IssuanceRequest), session.request.GetRequestorName(), callback)
264
265
266
267
268
	default:
		panic("Invalid session type") // does not happen, session.Action has been checked earlier
	}
}

269
270
271
// doSession performs the session: it computes all proofs of knowledge, constructs credentials in case of issuance,
// asks for the pin and performs the keyshare session, and finishes the session by either POSTing the result to the
// API server or returning it to the caller (in case of interactive and noninteractive sessions, respectively).
Sietse Ringers's avatar
Sietse Ringers committed
272
273
func (session *session) doSession(proceed bool) {
	defer session.recoverFromPanic()
274

275
	if !proceed {
276
		session.cancel()
277
278
		return
	}
279
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
280

281
	if !session.Distributed() {
Koen van Ingen's avatar
Koen van Ingen committed
282
		message, err := session.getProof()
Sietse Ringers's avatar
Sietse Ringers committed
283
		if err != nil {
284
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
285
286
287
288
			return
		}
		session.sendResponse(message)
	} else {
289
290
		var err error
		session.builders, session.issuerProofNonce, err = session.getBuilders()
Sietse Ringers's avatar
Sietse Ringers committed
291
		if err != nil {
292
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
293
		}
294
295
296
		startKeyshareSession(
			session,
			session.Handler,
297
			session.builders,
298
			session.request,
299
			session.client.Configuration,
300
			session.client.keyshareServers,
301
			session.issuerProofNonce,
302
		)
303
	}
Sietse Ringers's avatar
Sietse Ringers committed
304
}
305

Sietse Ringers's avatar
Sietse Ringers committed
306
307
type disclosureResponse string

308
309
// sendResponse sends the proofs of knowledge of the hidden attributes and/or the secret key, or the constructed
// attribute-based signature, to the API server.
310
func (session *session) sendResponse(message interface{}) {
Sietse Ringers's avatar
Sietse Ringers committed
311
	var log *LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
312
	var err error
313
314
	var messageJson []byte

315
316
	switch session.Action {
	case irma.ActionSigning:
317
		request, ok := session.request.(*irma.SignatureRequest)
318
319
320
321
322
		if !ok {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

323
324
325
326
327
328
		irmaSignature, err := request.SignatureFromMessage(message)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

329
330
331
332
333
334
335
		messageJson, err = json.Marshal(irmaSignature)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
			return
		}

		if session.IsInteractive() {
336
			var response disclosureResponse
337
			if err = session.transport.Post("proofs", &response, irmaSignature); err != nil {
338
339
340
341
342
343
344
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
345
		}
346
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
	case irma.ActionDisclosing:
		var response disclosureResponse
		if err = session.transport.Post("proofs", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
		if response != "VALID" {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
			return
		}
		log, _ = session.createLogEntry(message.(gabi.ProofList)) // TODO err
	case irma.ActionIssuing:
		response := []*gabi.IssueSignatureMessage{}
		if err = session.transport.Post("commitments", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
364
		if err = session.client.ConstructCredentials(response, session.request.(*irma.IssuanceRequest), session.builders); err != nil {
365
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
366
367
			return
		}
368
		log, _ = session.createLogEntry(message) // TODO err
369
370
	}

371
	_ = session.client.addLogEntry(log) // TODO err
372
	if session.Action == irma.ActionIssuing {
373
		session.client.handler.UpdateAttributes()
374
	}
375
	session.done = true
376
377
378
	session.Handler.Success(session.Action, string(messageJson))
}

379
// managerSession performs a "session" in which a new scheme manager is added (asking for permission first).
380
func (session *session) managerSession() {
381
	defer session.recoverFromPanic()
382
383
384
385

	// We have to download the scheme manager description.xml here before installing it,
	// because we need to show its contents (name, description, website) to the user
	// when asking installation permission.
386
	manager, err := irma.DownloadSchemeManager(session.ServerURL)
387
	if err != nil {
388
		session.Handler.Failure(session.Action, &irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
389
390
		return
	}
391

392
	session.Handler.RequestSchemeManagerPermission(manager, func(proceed bool) {
393
		if !proceed {
394
			session.Handler.Cancelled(session.Action) // No need to DELETE session here
395
396
			return
		}
397
		if err := session.client.Configuration.InstallSchemeManager(manager); err != nil {
398
			session.Handler.Failure(session.Action, &irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
399
400
			return
		}
401
402

		// Update state and inform user of success
403
		session.client.handler.UpdateConfiguration(
404
405
406
407
			&irma.IrmaIdentifierSet{
				SchemeManagers:  map[irma.SchemeManagerIdentifier]struct{}{manager.Identifier(): {}},
				Issuers:         map[irma.IssuerIdentifier]struct{}{},
				CredentialTypes: map[irma.CredentialTypeIdentifier]struct{}{},
Sietse Ringers's avatar
Sietse Ringers committed
408
409
			},
		)
410
		session.Handler.Success(session.Action, "")
411
412
413
	})
	return
}
414

415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
// Response calculation methods

// getBuilders computes the builders for disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively).
func (session *session) getBuilders() (gabi.ProofBuilderList, *big.Int, error) {
	var builders gabi.ProofBuilderList
	var err error

	var issuerProofNonce *big.Int
	switch session.Action {
	case irma.ActionSigning:
		builders, err = session.client.ProofBuilders(session.choice, session.request, true)
	case irma.ActionDisclosing:
		builders, err = session.client.ProofBuilders(session.choice, session.request, false)
	case irma.ActionIssuing:
		builders, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
	}

	return builders, issuerProofNonce, err
}

// getProofs computes the disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively) to be sent to the server.
func (session *session) getProof() (interface{}, error) {
	var message interface{}
	var err error

	switch session.Action {
	case irma.ActionSigning:
		message, err = session.client.Proofs(session.choice, session.request, true)
	case irma.ActionDisclosing:
		message, err = session.client.Proofs(session.choice, session.request, false)
	case irma.ActionIssuing:
		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
	}

	return message, err
}

// Helper functions

func calcVersion(qr *irma.Qr) (*irma.ProtocolVersion, error) {
	// Iterate supportedVersions in reverse sorted order (i.e. biggest major number first)
	keys := make([]int, 0, len(supportedVersions))
	for k := range supportedVersions {
		keys = append(keys, k)
	}
	sort.Sort(sort.Reverse(sort.IntSlice(keys)))
	for _, major := range keys {
		for _, minor := range supportedVersions[major] {
			aboveMinimum := major > qr.ProtocolVersion.Major || (major == qr.ProtocolVersion.Major && minor >= qr.ProtocolVersion.Minor)
			underMaximum := major < qr.ProtocolMaxVersion.Major || (major == qr.ProtocolMaxVersion.Major && minor <= qr.ProtocolMaxVersion.Minor)
			if aboveMinimum && underMaximum {
				return irma.NewVersion(major, minor), nil
			}
		}
	}
	return nil, fmt.Errorf("No supported protocol version between %s and %s", qr.ProtocolVersion.String(), qr.ProtocolMaxVersion.String())
}

// checkKeyshareEnrollment checks if we are enrolled into all involved keyshare servers,
// and aborts the session if not
func (session *session) checkKeyshareEnrollment() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, ok := session.client.Configuration.SchemeManagers[id]
		if !ok {
			session.Handler.Failure(session.Action, &irma.SessionError{ErrorType: irma.ErrorUnknownSchemeManager, Info: id.String()})
			return false
		}
		distributed := manager.Distributed()
		_, enrolled := session.client.keyshareServers[id]
		if distributed && !enrolled {
			session.Handler.KeyshareEnrollmentMissing(id)
			return false
		}
	}
	return true
}

func (session *session) checkAndUpateConfiguration() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, contains := session.client.Configuration.SchemeManagers[id]
		if !contains {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorUnknownSchemeManager,
				Info:      id.String(),
			})
			return false
		}
		if !manager.Valid {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorInvalidSchemeManager,
				Info:      string(manager.Status),
			})
			return false
		}
	}

	// Check if we are enrolled into all involved keyshare servers
	if !session.checkKeyshareEnrollment() {
		return false
	}

	// Download missing credential types/issuers/public keys from the scheme manager
	downloaded, err := session.client.Configuration.Download(session.request)
	if err != nil {
		session.fail(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
		return false
	}
	if downloaded != nil && !downloaded.Empty() {
		session.client.handler.UpdateConfiguration(downloaded)
	}
	return true
}

// IsInteractive returns whether this session uses an API server or not.
func (session *session) IsInteractive() bool {
	return session.ServerURL != ""
}

// Distributed returns whether or not this session involves a keyshare server.
func (session *session) Distributed() bool {
	var smi irma.SchemeManagerIdentifier
	if session.Action == irma.ActionIssuing {
		for _, credreq := range session.request.(*irma.IssuanceRequest).Credentials {
			smi = credreq.CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
			if session.client.Configuration.SchemeManagers[smi].Distributed() {
				return true
			}
		}
	}

	if session.choice == nil || session.choice.Attributes == nil {
		return false
	}

	for _, ai := range session.choice.Attributes {
		smi = ai.Type.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()
		if session.client.Configuration.SchemeManagers[smi].Distributed() {
			return true
		}
	}

	return false
}

561
562
// Session lifetime functions

563
564
565
566
567
568
569
570
func (session *session) recoverFromPanic() {
	if e := recover(); e != nil {
		if session.Handler != nil {
			session.Handler.Failure(session.Action, panicToError(e))
		}
	}
}

571
572
573
574
575
576
577
578
579
580
func panicToError(e interface{}) *irma.SessionError {
	var info string
	switch x := e.(type) {
	case string:
		info = x
	case error:
		info = x.Error()
	case fmt.Stringer:
		info = x.String()
	default: // nop
581
	}
582
	fmt.Println("Panic: " + info)
583
	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info}
584
585
586
}

// Idempotently send DELETE to remote server, returning whether or not we did something
587
func (session *session) delete() bool {
588
	if !session.done {
589
590
591
		if session.IsInteractive() {
			session.transport.Delete()
		}
592
		session.done = true
593
594
595
596
597
		return true
	}
	return false
}

598
func (session *session) fail(err *irma.SessionError) {
599
600
601
602
603
604
	if session.delete() {
		err.Err = errors.Wrap(err.Err, 0)
		session.Handler.Failure(session.Action, err)
	}
}

605
func (session *session) cancel() {
606
607
608
609
610
	if session.delete() {
		session.Handler.Cancelled(session.Action)
	}
}

611
func (session *session) Dismiss() {
612
613
	session.cancel()
}
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654

// Keyshare session handler methods

func (session *session) KeyshareDone(message interface{}) {
	session.sendResponse(message)
}

func (session *session) KeyshareCancelled() {
	session.cancel()
}

func (session *session) KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentIncomplete(manager)
}

func (session *session) KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentDeleted(manager)
}

func (session *session) KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int) {
	session.Handler.KeyshareBlocked(manager, duration)
}

func (session *session) KeyshareError(manager *irma.SchemeManagerIdentifier, err error) {
	var serr *irma.SessionError
	var ok bool
	if serr, ok = err.(*irma.SessionError); !ok {
		serr = &irma.SessionError{ErrorType: irma.ErrorKeyshare, Err: err}
	} else {
		serr.ErrorType = irma.ErrorKeyshare
	}
	session.fail(serr)
}

func (session *session) KeysharePin() {
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
}

func (session *session) KeysharePinOK() {
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
}