function sign($response)
{
$signed_response = $response;
$assoc_handle = $response->request->assoc_handle;
if ($assoc_handle) {
// normal mode
$assoc = $this->getAssociation($assoc_handle, false, false);
if (!$assoc || $assoc->getExpiresIn() <= 0) {
// fall back to dumb mode
$signed_response->fields->setArg(Auth_OpenID_OPENID_NS, 'invalidate_handle', $assoc_handle);
$assoc_type = $assoc ? $assoc->assoc_type : 'HMAC-SHA1';
if ($assoc && $assoc->getExpiresIn() <= 0) {
$this->invalidate($assoc_handle, false);
}
$assoc = $this->createAssociation(true, $assoc_type);
}
} else {
// dumb mode.
$assoc = $this->createAssociation(true);
}
$signed_response->fields = $assoc->signMessage($signed_response->fields);
return $signed_response;
}