# File lib/gapps_openid.rb, line 183
    def fetch_secure_xrds(authority, url, cache=true) 
      return if url.nil?

      OpenID.logger.debug("Retrieving XRDS from #{url}") unless OpenID.logger.nil?
 
      cached_xrds = get_cache("XRDS_#{url}")
      return cached_xrds unless cached_xrds.nil?

      http_resp = fetch_url(url)
      return nil if http_resp.nil?

      body = http_resp.body
      put_cache("XRDS_#{url}", body)

      signature = http_resp["Signature"]
      signed_by = SimpleSign.verify(body, signature)

      if signed_by.nil?
        put_cache("XRDS_#{url}", body) if cache
        return [body, false]      
      elsif signed_by.casecmp(authority) || signed_by.casecmp('hosted-id.google.com')
        put_cache("XRDS_#{url}", body) if cache
        return [body, true]
      else
        OpenID.logger.warn("Expected signature from #{authority} but found #{signed_by}") unless OpenID.logger.nil?        
        return nil # Signed, but not by the right domain.
      end
    end