session.go 21.2 KB
Newer Older
1
package irmaclient
2
3

import (
Koen van Ingen's avatar
Koen van Ingen committed
4
	"encoding/json"
Sietse Ringers's avatar
Sietse Ringers committed
5
	"fmt"
6
	"net/url"
7
	"reflect"
8
9
	"strings"

10
	"github.com/go-errors/errors"
11
12
	"github.com/privacybydesign/gabi"
	"github.com/privacybydesign/gabi/big"
13
	"github.com/privacybydesign/irmago"
14
15
)

Sietse Ringers's avatar
Sietse Ringers committed
16
17
18
// This file contains the logic and state of performing IRMA sessions, communicates
// with IRMA API servers, and uses the calling Client to construct messages and replies
// in the IRMA protocol.
Sietse Ringers's avatar
Sietse Ringers committed
19

Sietse Ringers's avatar
Sietse Ringers committed
20
21
// PermissionHandler is a callback for providing permission for an IRMA session
// and specifying the attributes to be disclosed.
22
type PermissionHandler func(proceed bool, choice *irma.DisclosureChoice)
23

Sietse Ringers's avatar
Sietse Ringers committed
24
// PinHandler is used to provide the user's PIN code.
25
26
type PinHandler func(proceed bool, pin string)

27
28
// A Handler contains callbacks for communication to the user.
type Handler interface {
29
	StatusUpdate(action irma.Action, status irma.Status)
30
31
32
	Success(result string)
	Cancelled()
	Failure(err *irma.SessionError)
33
	UnsatisfiableRequest(ServerName irma.TranslatedString, missing irma.AttributeDisjunctionList)
34
35

	KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int)
36
	KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier)
37
	KeyshareEnrollmentMissing(manager irma.SchemeManagerIdentifier)
38
	KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier)
39

40
41
42
	RequestIssuancePermission(request irma.IssuanceRequest, ServerName irma.TranslatedString, callback PermissionHandler)
	RequestVerificationPermission(request irma.DisclosureRequest, ServerName irma.TranslatedString, callback PermissionHandler)
	RequestSignaturePermission(request irma.SignatureRequest, ServerName irma.TranslatedString, callback PermissionHandler)
43
	RequestSchemeManagerPermission(manager *irma.SchemeManager, callback func(proceed bool))
Sietse Ringers's avatar
Sietse Ringers committed
44

45
	RequestPin(remainingAttempts int, callback PinHandler)
46
47
}

Sietse Ringers's avatar
Sietse Ringers committed
48
// SessionDismisser can dismiss the current IRMA session.
49
50
51
52
type SessionDismisser interface {
	Dismiss()
}

Sietse Ringers's avatar
Sietse Ringers committed
53
type session struct {
54
55
56
	Action     irma.Action
	Handler    Handler
	Version    *irma.ProtocolVersion
57
	ServerName irma.TranslatedString
58

59
60
61
62
63
	choice      *irma.DisclosureChoice
	attrIndices irma.DisclosedAttributeIndices
	client      *Client
	request     irma.SessionRequest
	done        bool
64

65
66
67
68
	// State for issuance protocol
	issuerProofNonce *big.Int
	builders         gabi.ProofBuilderList

69
	// These are empty on manual sessions
70
	Hostname  string
71
	ServerURL string
Koen van Ingen's avatar
Koen van Ingen committed
72
	transport *irma.HTTPTransport
73
74
}

75
// We implement the handler for the keyshare protocol
76
var _ keyshareSessionHandler = (*session)(nil)
77

78
79
// Supported protocol versions. Minor version numbers should be reverse sorted.
var supportedVersions = map[int][]int{
Sietse Ringers's avatar
Sietse Ringers committed
80
	2: {4},
81
}
Sietse Ringers's avatar
Sietse Ringers committed
82
83
84
var minVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][0]}
var maxVersion = &irma.ProtocolVersion{Major: 2, Minor: supportedVersions[2][len(supportedVersions[2])-1]}

85
// Session constructors
86

87
88
// NewSession starts a new IRMA session, given (along with a handler to pass feedback to) a session request.
// When the request is not suitable to start an IRMA session from, it calls the Failure method of the specified Handler.
89
90
91
92
93
94
95
96
func (client *Client) NewSession(sessionrequest string, handler Handler) SessionDismisser {
	bts := []byte(sessionrequest)

	qr := &irma.Qr{}
	if err := irma.UnmarshalValidate(bts, qr); err == nil {
		return client.newQrSession(qr, handler)
	}

97
98
99
100
101
102
103
	schemeRequest := &irma.SchemeManagerRequest{}
	if err := irma.UnmarshalValidate(bts, schemeRequest); err == nil {
		return client.newSchemeSession(schemeRequest, handler)
	}

	sigRequest := &irma.SignatureRequest{}
	if err := irma.UnmarshalValidate(bts, sigRequest); err == nil {
104
105
106
107
108
109
		return client.newManualSession(sigRequest, handler, irma.ActionSigning)
	}

	disclosureRequest := &irma.DisclosureRequest{}
	if err := irma.UnmarshalValidate(bts, disclosureRequest); err == nil {
		return client.newManualSession(disclosureRequest, handler, irma.ActionDisclosing)
Koen van Ingen's avatar
Koen van Ingen committed
110
111
	}

112
	handler.Failure(&irma.SessionError{Err: errors.New("Session request could not be parsed"), Info: sessionrequest})
113
114
115
116
	return nil
}

// newManualSession starts a manual session, given a signature request in JSON and a handler to pass messages to
117
func (client *Client) newManualSession(request irma.SessionRequest, handler Handler, action irma.Action) SessionDismisser {
118
	session := &session{
119
120
121
122
123
		Action:  action,
		Handler: handler,
		client:  client,
		Version: minVersion,
		request: request,
Koen van Ingen's avatar
Koen van Ingen committed
124
	}
125
	session.Handler.StatusUpdate(session.Action, irma.StatusManualStarted)
Koen van Ingen's avatar
Koen van Ingen committed
126

127
	session.processSessionInfo()
128
	return session
129
130
}

131
132
133
134
135
136
137
138
139
140
141
142
143
144
func (client *Client) newSchemeSession(qr *irma.SchemeManagerRequest, handler Handler) SessionDismisser {
	session := &session{
		ServerURL: qr.URL,
		transport: irma.NewHTTPTransport(qr.URL),
		Action:    irma.ActionSchemeManager,
		Handler:   handler,
		client:    client,
	}
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)

	go session.managerSession()
	return session
}

145
146
// newQrSession creates and starts a new interactive IRMA session
func (client *Client) newQrSession(qr *irma.Qr, handler Handler) SessionDismisser {
147
	u, _ := url.ParseRequestURI(qr.URL) // Qr validator already checked this for errors
148
	session := &session{
149
150
151
152
153
154
		ServerURL: qr.URL,
		Hostname:  u.Hostname(),
		transport: irma.NewHTTPTransport(qr.URL),
		Action:    irma.Action(qr.Type),
		Handler:   handler,
		client:    client,
155
	}
156
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
157

158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
	// Check if the action is one of the supported types
	switch session.Action {
	case irma.ActionDisclosing:
		session.request = &irma.DisclosureRequest{}
	case irma.ActionSigning:
		session.request = &irma.SignatureRequest{}
	case irma.ActionIssuing:
		session.request = &irma.IssuanceRequest{}
	case irma.ActionUnknown:
		fallthrough
	default:
		session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownAction, Info: string(session.Action)})
		return nil
	}

173
174
	session.transport.SetHeader(irma.MinVersionHeader, minVersion.String())
	session.transport.SetHeader(irma.MaxVersionHeader, maxVersion.String())
175
176
177
	if !strings.HasSuffix(session.ServerURL, "/") {
		session.ServerURL += "/"
	}
178

Sietse Ringers's avatar
Sietse Ringers committed
179
	go session.getSessionInfo()
180
	return session
181
182
}

183
184
// Core session methods

185
// getSessionInfo retrieves the first message in the IRMA protocol (only in interactive sessions)
Sietse Ringers's avatar
Sietse Ringers committed
186
187
func (session *session) getSessionInfo() {
	defer session.recoverFromPanic()
188

189
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
190

Sietse Ringers's avatar
Sietse Ringers committed
191
	// Get the first IRMA protocol message and parse it
192
	err := session.transport.Get("", session.request)
Sietse Ringers's avatar
Sietse Ringers committed
193
	if err != nil {
194
		session.fail(err.(*irma.SessionError))
Sietse Ringers's avatar
Sietse Ringers committed
195
196
		return
	}
197

198
	session.processSessionInfo()
199
200
}

201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
func serverName(hostname string, request irma.SessionRequest, conf *irma.Configuration) irma.TranslatedString {
	sn := irma.NewTranslatedString(&hostname)

	if ir, ok := request.(*irma.IssuanceRequest); ok {
		// If there is only one issuer in the current request, use its name as ServerName
		var iss irma.TranslatedString
		for _, credreq := range ir.Credentials {
			credIssuer := conf.Issuers[credreq.CredentialTypeID.IssuerIdentifier()].Name
			if !reflect.DeepEqual(credIssuer, iss) { // Can't just test pointer equality: credIssuer != iss
				if len(iss) != 0 {
					return sn
				}
				iss = credIssuer
			}
		}
		if len(iss) != 0 {
			return iss
		}
	}

	return sn
}

224
225
// processSessionInfo continues the session after all session state has been received:
// it checks if the session can be performed and asks the user for consent.
226
func (session *session) processSessionInfo() {
227
228
	defer session.recoverFromPanic()

229
	if !session.checkAndUpateConfiguration() {
230
231
232
		return
	}

233
234
235
236
237
238
239
240
	confirmedProtocolVersion := session.request.GetVersion()
	if confirmedProtocolVersion != nil {
		session.Version = confirmedProtocolVersion
	} else {
		session.Version = irma.NewVersion(2, 0)
		session.request.SetVersion(session.Version)
	}

241
242
	session.ServerName = serverName(session.Hostname, session.request, session.client.Configuration)

243
	if session.Action == irma.ActionIssuing {
244
		ir := session.request.(*irma.IssuanceRequest)
Tomas's avatar
Tomas committed
245
246
247
248
249
250
251
		_, err := ir.GetCredentialInfoList(session.client.Configuration, session.Version)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorUnknownCredentialType, Err: err})
			return
		}

		// Calculate singleton credentials to be removed
252
		ir.RemovalCredentialInfoList = irma.CredentialInfoList{}
Sietse Ringers's avatar
Sietse Ringers committed
253
		for _, credreq := range ir.Credentials {
254
			preexistingCredentials := session.client.attrs(credreq.CredentialTypeID)
255
256
257
			if len(preexistingCredentials) != 0 && preexistingCredentials[0].IsValid() && preexistingCredentials[0].CredentialType().IsSingleton {
				ir.RemovalCredentialInfoList = append(ir.RemovalCredentialInfoList, preexistingCredentials[0].Info())
			}
258
259
260
		}
	}

261
	candidates, missing := session.client.CheckSatisfiability(session.request.ToDisclose())
262
	if len(missing) > 0 {
263
		session.Handler.UnsatisfiableRequest(session.ServerName, missing)
264
265
		return
	}
266
	session.request.SetCandidates(candidates)
267

Sietse Ringers's avatar
Sietse Ringers committed
268
	// Ask for permission to execute the session
269
	callback := PermissionHandler(func(proceed bool, choice *irma.DisclosureChoice) {
Sietse Ringers's avatar
Sietse Ringers committed
270
		session.choice = choice
271
		session.request.SetDisclosureChoice(choice)
Sietse Ringers's avatar
Sietse Ringers committed
272
		go session.doSession(proceed)
273
	})
274
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
275
	switch session.Action {
276
	case irma.ActionDisclosing:
277
		session.Handler.RequestVerificationPermission(
278
			*session.request.(*irma.DisclosureRequest), session.ServerName, callback)
279
	case irma.ActionSigning:
280
		session.Handler.RequestSignaturePermission(
281
			*session.request.(*irma.SignatureRequest), session.ServerName, callback)
282
	case irma.ActionIssuing:
283
		session.Handler.RequestIssuancePermission(
284
			*session.request.(*irma.IssuanceRequest), session.ServerName, callback)
285
286
287
288
289
	default:
		panic("Invalid session type") // does not happen, session.Action has been checked earlier
	}
}

290
291
292
// doSession performs the session: it computes all proofs of knowledge, constructs credentials in case of issuance,
// asks for the pin and performs the keyshare session, and finishes the session by either POSTing the result to the
// API server or returning it to the caller (in case of interactive and noninteractive sessions, respectively).
Sietse Ringers's avatar
Sietse Ringers committed
293
294
func (session *session) doSession(proceed bool) {
	defer session.recoverFromPanic()
295

296
	if !proceed {
297
		session.cancel()
298
299
		return
	}
300
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
301

302
	if !session.Distributed() {
Koen van Ingen's avatar
Koen van Ingen committed
303
		message, err := session.getProof()
Sietse Ringers's avatar
Sietse Ringers committed
304
		if err != nil {
305
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
306
307
308
309
			return
		}
		session.sendResponse(message)
	} else {
310
		var err error
311
		session.builders, session.attrIndices, session.issuerProofNonce, err = session.getBuilders()
Sietse Ringers's avatar
Sietse Ringers committed
312
		if err != nil {
313
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
314
		}
315
316
317
		startKeyshareSession(
			session,
			session.Handler,
318
			session.builders,
319
			session.request,
320
			session.client.Configuration,
321
			session.client.keyshareServers,
322
			session.issuerProofNonce,
323
		)
324
	}
Sietse Ringers's avatar
Sietse Ringers committed
325
}
326

Sietse Ringers's avatar
Sietse Ringers committed
327
328
type disclosureResponse string

329
330
// sendResponse sends the proofs of knowledge of the hidden attributes and/or the secret key, or the constructed
// attribute-based signature, to the API server.
331
func (session *session) sendResponse(message interface{}) {
Sietse Ringers's avatar
Sietse Ringers committed
332
	var log *LogEntry
Sietse Ringers's avatar
Sietse Ringers committed
333
	var err error
334
335
	var messageJson []byte

336
337
	switch session.Action {
	case irma.ActionSigning:
338
		irmaSignature, err := session.request.(*irma.SignatureRequest).SignatureFromMessage(message)
339
340
341
342
343
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Info: "Type assertion failed"})
			return
		}

344
345
346
347
348
349
350
		messageJson, err = json.Marshal(irmaSignature)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
			return
		}

		if session.IsInteractive() {
351
			var response disclosureResponse
352
			if err = session.transport.Post("proofs", &response, irmaSignature); err != nil {
353
354
355
356
357
358
359
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
Sietse Ringers's avatar
Sietse Ringers committed
360
		}
361
		log, _ = session.createLogEntry(message) // TODO err
362
	case irma.ActionDisclosing:
363
364
365
		messageJson, err = json.Marshal(message)
		if err != nil {
			session.fail(&irma.SessionError{ErrorType: irma.ErrorSerialization, Err: err})
366
367
			return
		}
368
369
370
371
372
373
374
375
376
377
		if session.IsInteractive() {
			var response disclosureResponse
			if err = session.transport.Post("proofs", &response, message); err != nil {
				session.fail(err.(*irma.SessionError))
				return
			}
			if response != "VALID" {
				session.fail(&irma.SessionError{ErrorType: irma.ErrorRejected, Info: string(response)})
				return
			}
378
		}
379
		log, _ = session.createLogEntry(message) // TODO err
380
381
382
383
384
385
	case irma.ActionIssuing:
		response := []*gabi.IssueSignatureMessage{}
		if err = session.transport.Post("commitments", &response, message); err != nil {
			session.fail(err.(*irma.SessionError))
			return
		}
386
		if err = session.client.ConstructCredentials(response, session.request.(*irma.IssuanceRequest), session.builders); err != nil {
387
			session.fail(&irma.SessionError{ErrorType: irma.ErrorCrypto, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
388
389
			return
		}
390
		log, _ = session.createLogEntry(message) // TODO err
391
392
	}

393
	_ = session.client.addLogEntry(log) // TODO err
394
	if session.Action == irma.ActionIssuing {
395
		session.client.handler.UpdateAttributes()
396
	}
397
	session.done = true
398
	session.Handler.Success(string(messageJson))
399
400
}

401
// managerSession performs a "session" in which a new scheme manager is added (asking for permission first).
402
func (session *session) managerSession() {
403
	defer session.recoverFromPanic()
404
405
406
407

	// We have to download the scheme manager description.xml here before installing it,
	// because we need to show its contents (name, description, website) to the user
	// when asking installation permission.
408
	manager, err := irma.DownloadSchemeManager(session.ServerURL)
409
	if err != nil {
410
		session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
411
412
		return
	}
413

414
	session.Handler.RequestSchemeManagerPermission(manager, func(proceed bool) {
415
		if !proceed {
416
			session.Handler.Cancelled() // No need to DELETE session here
417
418
			return
		}
419
		if err := session.client.Configuration.InstallSchemeManager(manager, nil); err != nil {
420
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
Sietse Ringers's avatar
Sietse Ringers committed
421
422
			return
		}
423
424

		// Update state and inform user of success
425
		session.client.handler.UpdateConfiguration(
426
427
428
429
			&irma.IrmaIdentifierSet{
				SchemeManagers:  map[irma.SchemeManagerIdentifier]struct{}{manager.Identifier(): {}},
				Issuers:         map[irma.IssuerIdentifier]struct{}{},
				CredentialTypes: map[irma.CredentialTypeIdentifier]struct{}{},
Sietse Ringers's avatar
Sietse Ringers committed
430
431
			},
		)
432
		session.Handler.Success("")
433
434
435
	})
	return
}
436

437
438
439
440
// Response calculation methods

// getBuilders computes the builders for disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively).
441
func (session *session) getBuilders() (gabi.ProofBuilderList, irma.DisclosedAttributeIndices, *big.Int, error) {
442
443
444
	var builders gabi.ProofBuilderList
	var err error
	var issuerProofNonce *big.Int
445
446
	var choices irma.DisclosedAttributeIndices

447
448
	switch session.Action {
	case irma.ActionSigning:
449
		builders, choices, err = session.client.ProofBuilders(session.choice, session.request, true)
450
	case irma.ActionDisclosing:
451
		builders, choices, err = session.client.ProofBuilders(session.choice, session.request, false)
452
	case irma.ActionIssuing:
453
		builders, choices, issuerProofNonce, err = session.client.IssuanceProofBuilders(session.request.(*irma.IssuanceRequest))
454
455
	}

456
	return builders, choices, issuerProofNonce, err
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
}

// getProofs computes the disclosure proofs or secretkey-knowledge proof (in case of disclosure/signing
// and issuing respectively) to be sent to the server.
func (session *session) getProof() (interface{}, error) {
	var message interface{}
	var err error

	switch session.Action {
	case irma.ActionSigning:
		message, err = session.client.Proofs(session.choice, session.request, true)
	case irma.ActionDisclosing:
		message, err = session.client.Proofs(session.choice, session.request, false)
	case irma.ActionIssuing:
		message, session.builders, err = session.client.IssueCommitments(session.request.(*irma.IssuanceRequest))
	}

	return message, err
}

// Helper functions

// checkKeyshareEnrollment checks if we are enrolled into all involved keyshare servers,
// and aborts the session if not
func (session *session) checkKeyshareEnrollment() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, ok := session.client.Configuration.SchemeManagers[id]
		if !ok {
485
			session.Handler.Failure(&irma.SessionError{ErrorType: irma.ErrorUnknownSchemeManager, Info: id.String()})
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
			return false
		}
		distributed := manager.Distributed()
		_, enrolled := session.client.keyshareServers[id]
		if distributed && !enrolled {
			session.Handler.KeyshareEnrollmentMissing(id)
			return false
		}
	}
	return true
}

func (session *session) checkAndUpateConfiguration() bool {
	for id := range session.request.Identifiers().SchemeManagers {
		manager, contains := session.client.Configuration.SchemeManagers[id]
		if !contains {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorUnknownSchemeManager,
				Info:      id.String(),
			})
			return false
		}
		if !manager.Valid {
			session.fail(&irma.SessionError{
				ErrorType: irma.ErrorInvalidSchemeManager,
				Info:      string(manager.Status),
			})
			return false
		}
	}

	// Check if we are enrolled into all involved keyshare servers
	if !session.checkKeyshareEnrollment() {
		return false
	}

	// Download missing credential types/issuers/public keys from the scheme manager
	downloaded, err := session.client.Configuration.Download(session.request)
	if err != nil {
		session.fail(&irma.SessionError{ErrorType: irma.ErrorConfigurationDownload, Err: err})
		return false
	}
	if downloaded != nil && !downloaded.Empty() {
		session.client.handler.UpdateConfiguration(downloaded)
	}
	return true
}

// IsInteractive returns whether this session uses an API server or not.
func (session *session) IsInteractive() bool {
	return session.ServerURL != ""
}

// Distributed returns whether or not this session involves a keyshare server.
func (session *session) Distributed() bool {
	var smi irma.SchemeManagerIdentifier
	if session.Action == irma.ActionIssuing {
		for _, credreq := range session.request.(*irma.IssuanceRequest).Credentials {
			smi = credreq.CredentialTypeID.IssuerIdentifier().SchemeManagerIdentifier()
			if session.client.Configuration.SchemeManagers[smi].Distributed() {
				return true
			}
		}
	}

	if session.choice == nil || session.choice.Attributes == nil {
		return false
	}

	for _, ai := range session.choice.Attributes {
		smi = ai.Type.CredentialTypeIdentifier().IssuerIdentifier().SchemeManagerIdentifier()
		if session.client.Configuration.SchemeManagers[smi].Distributed() {
			return true
		}
	}

	return false
}

565
566
// Session lifetime functions

567
568
569
func (session *session) recoverFromPanic() {
	if e := recover(); e != nil {
		if session.Handler != nil {
570
			session.Handler.Failure(panicToError(e))
571
572
573
574
		}
	}
}

575
576
577
578
579
580
581
582
583
584
func panicToError(e interface{}) *irma.SessionError {
	var info string
	switch x := e.(type) {
	case string:
		info = x
	case error:
		info = x.Error()
	case fmt.Stringer:
		info = x.String()
	default: // nop
585
	}
586
	fmt.Println("Panic: " + info)
587
	return &irma.SessionError{ErrorType: irma.ErrorPanic, Info: info}
588
589
590
}

// Idempotently send DELETE to remote server, returning whether or not we did something
591
func (session *session) delete() bool {
592
	if !session.done {
593
594
595
		if session.IsInteractive() {
			session.transport.Delete()
		}
596
		session.done = true
597
598
599
600
601
		return true
	}
	return false
}

602
func (session *session) fail(err *irma.SessionError) {
603
604
	if session.delete() {
		err.Err = errors.Wrap(err.Err, 0)
605
		session.Handler.Failure(err)
606
607
608
	}
}

609
func (session *session) cancel() {
610
	if session.delete() {
611
		session.Handler.Cancelled()
612
613
614
	}
}

615
func (session *session) Dismiss() {
616
617
	session.cancel()
}
618
619
620
621

// Keyshare session handler methods

func (session *session) KeyshareDone(message interface{}) {
622
623
624
625
626
627
628
629
630
631
632
633
634
635
	switch session.Action {
	case irma.ActionSigning:
		fallthrough
	case irma.ActionDisclosing:
		session.sendResponse(&irma.Disclosure{
			Proofs:  message.(gabi.ProofList),
			Indices: session.attrIndices,
		})
	case irma.ActionIssuing:
		session.sendResponse(&irma.IssueCommitmentMessage{
			IssueCommitmentMessage: message.(*gabi.IssueCommitmentMessage),
			Indices:                session.attrIndices,
		})
	}
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
}

func (session *session) KeyshareCancelled() {
	session.cancel()
}

func (session *session) KeyshareEnrollmentIncomplete(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentIncomplete(manager)
}

func (session *session) KeyshareEnrollmentDeleted(manager irma.SchemeManagerIdentifier) {
	session.Handler.KeyshareEnrollmentDeleted(manager)
}

func (session *session) KeyshareBlocked(manager irma.SchemeManagerIdentifier, duration int) {
	session.Handler.KeyshareBlocked(manager, duration)
}

func (session *session) KeyshareError(manager *irma.SchemeManagerIdentifier, err error) {
	var serr *irma.SessionError
	var ok bool
	if serr, ok = err.(*irma.SessionError); !ok {
		serr = &irma.SessionError{ErrorType: irma.ErrorKeyshare, Err: err}
	} else {
		serr.ErrorType = irma.ErrorKeyshare
	}
	session.fail(serr)
}

func (session *session) KeysharePin() {
	session.Handler.StatusUpdate(session.Action, irma.StatusConnected)
}

func (session *session) KeysharePinOK() {
	session.Handler.StatusUpdate(session.Action, irma.StatusCommunicating)
}