Wrong behaviour of AuthSuccess.isValid method. LibVersion is 0.9.1.39

Finite part of the method is wrong. My comments are marked as [xxx84692] 
in code below

public boolean isValid() {
  .........
---------
  [xxx84692] Wrong. "op_endpoint" is absent as in spec. OpenID Auth. Ver 
1.1. Also I haven't found it in the last published draft OpenID Auth. Ver 
2.0 Draft11
---------

        // either compatibility mode or op_endpoint signed
        if ( compatibility == signedFields.contains("op_endpoint") )
            return false;

---------
  [xxx84692]In the last published draft OpenID Auth. Ver 2.0 Draft11 there 
is not any requirements about existence "assoc_handle" in signList:

This list MUST contain at least "return_to" and "response_nonce", and if 
present in the response, "claimed_id" and "identity". For 
example, "identity,claimed_id,return_to,response_nonce"
---------

        // assoc_handle must be signed in v2
        if ( ! compatibility && ! signedFields.contains("assoc_handle") )
            return false;

---------
  [xxx84692] Wrong. "claimed_id" is absent in OpenID Auth. Ver 1.1.
---------

        // if the IdP is making an assertion about an Identifier,
        // the "identity" and "claimed_id" fields MUST be signed
        return ( hasParameter("openid.identity") ==
                 (signedFields.contains("identity") &&
                  signedFields.contains("claimed_id")) );

}

Original issue reported on code.google.com by alisi...@gmail.com on 13 Dec 2006 at 11:57

greenbays / openid4java

Wrong behaviour of AuthSuccess.isValid method. LibVersion is 0.9.1.39 #3