$idpmeta = $metadata->getMetaDataConfig($idpentityid, 'saml20-idp-hosted');
$availableCerts = array();
$keys = array();
$certInfo = Crypto::loadPublicKey($idpmeta, false, 'new_');
if ($certInfo !== null) {
$availableCerts['new_idp.crt'] = $certInfo;
$keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => true, 'X509Certificate' => $certInfo['certData']);
$hasNewCert = true;
} else {
$hasNewCert = false;
}
$certInfo = Crypto::loadPublicKey($idpmeta, true);
$availableCerts['idp.crt'] = $certInfo;
$keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => $hasNewCert ? false : true, 'X509Certificate' => $certInfo['certData']);
if ($idpmeta->hasValue('https.certificate')) {
$httpsCert = Crypto::loadPublicKey($idpmeta, true, 'https.');
assert('isset($httpsCert["certData"])');
$availableCerts['https.crt'] = $httpsCert;
$keys[] = array('type' => 'X509Certificate', 'signing' => true, 'encryption' => false, 'X509Certificate' => $httpsCert['certData']);
}
$metaArray = array('metadata-set' => 'saml20-idp-remote', 'entityid' => $idpentityid);
$ssob = $metadata->getGenerated('SingleSignOnServiceBinding', 'saml20-idp-hosted');
$slob = $metadata->getGenerated('SingleLogoutServiceBinding', 'saml20-idp-hosted');
$ssol = $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted');
$slol = $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted');
if (is_array($ssob)) {
foreach ($ssob as $binding) {
$metaArray['SingleSignOnService'][] = array('Binding' => $binding, 'Location' => $ssol);
}
} else {
$metaArray['SingleSignOnService'][] = array('Binding' => $ssob, 'Location' => $ssol);