function _idResCheckForFields($message)
{
$basic_fields = array('return_to', 'assoc_handle', 'sig', 'signed');
$basic_sig_fields = array('return_to', 'identity');
$require_fields = array(Auth_OpenID_OPENID2_NS => array_merge($basic_fields, array('op_endpoint')), Auth_OpenID_OPENID1_NS => array_merge($basic_fields, array('identity')));
$require_sigs = array(Auth_OpenID_OPENID2_NS => array_merge($basic_sig_fields, array('response_nonce', 'claimed_id', 'assoc_handle', 'op_endpoint')), Auth_OpenID_OPENID1_NS => array_merge($basic_sig_fields, array('nonce')));
foreach ($require_fields[$message->getOpenIDNamespace()] as $field) {
if (!$message->hasKey(Auth_OpenID_OPENID_NS, $field)) {
return new Auth_OpenID_FailureResponse(null, "Missing required field '" . $field . "'");
}
}
$signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS, 'signed', Auth_OpenID_NO_DEFAULT);
if (Auth_OpenID::isFailure($signed_list_str)) {
return $signed_list_str;
}
$signed_list = explode(',', $signed_list_str);
foreach ($require_sigs[$message->getOpenIDNamespace()] as $field) {
// Field is present and not in signed list
if ($message->hasKey(Auth_OpenID_OPENID_NS, $field) && !in_array($field, $signed_list)) {
return new Auth_OpenID_FailureResponse(null, "'" . $field . "' not signed");
}
}
return null;
}
