function _verifyDiscoveryResultsOpenID2($message, $endpoint)
{
$to_match = new Auth_OpenID_ServiceEndpoint();
$to_match->type_uris = array(Auth_OpenID_TYPE_2_0);
$to_match->claimed_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'claimed_id');
$to_match->local_id = $message->getArg(Auth_OpenID_OPENID2_NS, 'identity');
$to_match->server_url = $message->getArg(Auth_OpenID_OPENID2_NS, 'op_endpoint');
if ($to_match->server_url === null) {
return new Auth_OpenID_FailureResponse($endpoint, "OP Endpoint URL missing");
}
// claimed_id and identifier must both be present or both be
// absent
if ($to_match->claimed_id === null && $to_match->local_id !== null) {
return new Auth_OpenID_FailureResponse($endpoint, 'openid.identity is present without openid.claimed_id');
}
if ($to_match->claimed_id !== null && $to_match->local_id === null) {
return new Auth_OpenID_FailureResponse($endpoint, 'openid.claimed_id is present without openid.identity');
}
if ($to_match->claimed_id === null) {
// This is a response without identifiers, so there's
// really no checking that we can do, so return an
// endpoint that's for the specified `openid.op_endpoint'
return Auth_OpenID_ServiceEndpoint::fromOPEndpointURL($to_match->server_url);
}
if (!$endpoint) {
// The claimed ID doesn't match, so we have to do
// discovery again. This covers not using sessions, OP
// identifier endpoints and responses that didn't match
// the original request.
// oidutil.log('No pre-discovered information supplied.')
return $this->_discoverAndVerify($to_match->claimed_id, array($to_match));
} else {
// The claimed ID matches, so we use the endpoint that we
// discovered in initiation. This should be the most
// common case.
$result = $this->_verifyDiscoverySingle($endpoint, $to_match);
if (Auth_OpenID::isFailure($result)) {
$endpoint = $this->_discoverAndVerify($to_match->claimed_id, array($to_match));
if (Auth_OpenID::isFailure($endpoint)) {
return $endpoint;
}
}
}
// The endpoint we return should have the claimed ID from the
// message we just verified, fragment and all.
if ($endpoint->claimed_id != $to_match->claimed_id) {
$endpoint->claimed_id = $to_match->claimed_id;
}
return $endpoint;
}