def fetch_secure_xrds(authority, url, cache=true)
return if url.nil?
OpenID.logger.debug("Retrieving XRDS from #{url}") unless OpenID.logger.nil?
cached_xrds = get_cache("XRDS_#{url}")
return cached_xrds unless cached_xrds.nil?
http_resp = fetch_url(url)
return nil if http_resp.nil?
body = http_resp.body
put_cache("XRDS_#{url}", body)
signature = http_resp["Signature"]
signed_by = SimpleSign.verify(body, signature)
if signed_by.nil?
put_cache("XRDS_#{url}", body) if cache
return [body, false]
elsif signed_by.casecmp(authority) || signed_by.casecmp('hosted-id.google.com')
put_cache("XRDS_#{url}", body) if cache
return [body, true]
else
OpenID.logger.warn("Expected signature from #{authority} but found #{signed_by}") unless OpenID.logger.nil?
return nil
end
end