function _idResCheckNonce($message, $endpoint)
{
if ($message->isOpenID1()) {
// This indicates that the nonce was generated by the consumer
$nonce = $this->_idResGetNonceOpenID1($message, $endpoint);
$server_url = '';
} else {
$nonce = $message->getArg(Auth_OpenID_OPENID2_NS, 'response_nonce');
$server_url = $endpoint->server_url;
}
if ($nonce === null) {
return new Auth_OpenID_FailureResponse($endpoint, "Nonce missing from response");
}
$parts = Auth_OpenID_splitNonce($nonce);
if ($parts === null) {
return new Auth_OpenID_FailureResponse($endpoint, "Malformed nonce in response");
}
list($timestamp, $salt) = $parts;
if (!$this->store->useNonce($server_url, $timestamp, $salt)) {
return new Auth_OpenID_FailureResponse($endpoint, "Nonce already used or out of range");
}
return null;
}