From 2a79098522ae3c0b4b579ee1dc4c159a0084a989 Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Mon, 25 Nov 2013 12:02:07 +0000
Subject: [PATCH] Add checking for a blacklist of known-compromised 1024-bit
 RSA keys.

---
 build.xml                                    |  2 ++
 mdx/_openssl_blacklists/compromised-1024.txt | 18 ++++++++++++++++++
 mdx/common-beans.xml                         |  2 ++
 mdx/uk/beans.xml                             |  2 ++
 mdx/uk/verbs.xml                             | 12 ++++++------
 mdx/validation-beans.xml                     | 13 +++++++++++++
 6 files changed, 43 insertions(+), 6 deletions(-)
 create mode 100644 mdx/_openssl_blacklists/compromised-1024.txt

diff --git a/build.xml b/build.xml
index 21e66cf0..4f5d409a 100644
--- a/build.xml
+++ b/build.xml
@@ -964,7 +964,9 @@
     	<CHANNEL.do verb="importProduction" channel="it_idem"/>
     	<CHANNEL.do verb="importProduction" channel="jp_gakunin"/>
     	<CHANNEL.do verb="importProduction" channel="lv_laife"/>
+    	<!--
     	<CHANNEL.do verb="importProduction" channel="nl_surfnet"/>
+    	-->
     	<CHANNEL.do verb="importProduction" channel="no_feide"/>
     	<CHANNEL.do verb="importProduction" channel="nz_tuakiri"/>
     	<CHANNEL.do verb="importProduction" channel="se_swamid"/>
diff --git a/mdx/_openssl_blacklists/compromised-1024.txt b/mdx/_openssl_blacklists/compromised-1024.txt
new file mode 100644
index 00000000..d30f19e8
--- /dev/null
+++ b/mdx/_openssl_blacklists/compromised-1024.txt
@@ -0,0 +1,18 @@
+#
+# This is a list of known-compromised 1024-bit keys in OpenSSL format.
+#
+# Derive new values from a private key file as follows:
+#
+#   openssl rsa -noout -modulus -in /tmp/key.pem | sha1sum | cut -d ' ' -f 1
+#
+# You can also derive a new blacklist value from an X.509 certificate as follows:
+#
+#   openssl x509 -noout -modulus -in /tmp/cert.pem | sha1sum | cut -d ' ' -f 2
+#
+# In either case, you should then remove the first 20 characters; in other words,
+# the blacklist line should be the lower 80 bits of the fingerprint).
+#
+# simpleSAMLphp example key, shipped up to version 1.11
+4817f3e0b5df319289ad
+# Shibboleth SP dummy key, shipped in pre-2.0.0 releases
+8a69bcdc8677c7ecb37a
diff --git a/mdx/common-beans.xml b/mdx/common-beans.xml
index 06192a98..d7038ba6 100644
--- a/mdx/common-beans.xml
+++ b/mdx/common-beans.xml
@@ -942,6 +942,8 @@
                             <ref bean="debian.1024"/>
                             <ref bean="debian.2048"/>
                             <ref bean="debian.4096"/>
+                            <!-- Compromised key blacklists. -->
+                            <ref bean="compromised.1024"/>
                         </list>
                     </property>
                 </bean>
diff --git a/mdx/uk/beans.xml b/mdx/uk/beans.xml
index ef1fee44..a9a66472 100644
--- a/mdx/uk/beans.xml
+++ b/mdx/uk/beans.xml
@@ -433,6 +433,8 @@
                             <ref bean="debian.1024"/>
                             <ref bean="debian.2048"/>
                             <ref bean="debian.4096"/>
+                            <!-- Compromised key blacklists. -->
+                            <ref bean="compromised.1024"/>
                         </list>
                     </property>
                 </bean>
diff --git a/mdx/uk/verbs.xml b/mdx/uk/verbs.xml
index 8a9aa5cb..3cc88a3f 100644
--- a/mdx/uk/verbs.xml
+++ b/mdx/uk/verbs.xml
@@ -171,6 +171,10 @@
                 <ref bean="uk_populateIds"/>
                 <ref bean="populateRegistrationAuthorities"/>
                 
+                <!--
+                    Additional X.509 certificate checks, over and above those
+                    performed in uk_registeredEntities.
+                -->
                 <bean parent="X509CertificateValidationStage"
                     p:id="checkCertificates">
                     <property name="validators">
@@ -178,14 +182,8 @@
                             <!-- Error on RSA key length less than 2048 bits. -->
                             <bean parent="X509CertificateRSAKeyLengthValidator"
                                 p:warningBoundary="0" p:errorBoundary="2048"/>
-                            <!-- Error on small RSA public exponents. -->
-                            <bean parent="X509CertificateRSAExponentValidator"/>
                             <!-- Error on inconsistent subjectAltNames. -->
                             <bean parent="X509CertificateConsistentNameValidator"/>
-                            <!-- Debian weak key blacklists. -->
-                            <ref bean="debian.1024"/>
-                            <ref bean="debian.2048"/>
-                            <ref bean="debian.4096"/>
                         </list>
                     </property>
                 </bean>
@@ -318,6 +316,8 @@
                             <ref bean="debian.1024"/>
                             <ref bean="debian.2048"/>
                             <ref bean="debian.4096"/>
+                            <!-- Compromised key blacklists. -->
+                            <ref bean="compromised.1024"/>
                         </list>
                     </property>
                 </bean>
diff --git a/mdx/validation-beans.xml b/mdx/validation-beans.xml
index b7484336..ae5d1657 100644
--- a/mdx/validation-beans.xml
+++ b/mdx/validation-beans.xml
@@ -720,6 +720,19 @@
         </property>
     </bean>
     
+    <!--
+        Blacklist of known compromised 1024-bit keys, e.g., "dummy" keys shipped with
+        SAML products that are sometimes deployed by accident.
+    -->
+    <bean id="compromised.1024" parent="X509CertificateRSAOpenSSLBlacklistValidator"
+        p:id="compromised.1024" p:keySize="1024">
+        <property name="blacklistResource">
+            <bean parent="ClasspathResource">
+                <constructor-arg value="_openssl_blacklists/compromised-1024.txt"/>
+            </bean>
+        </property>
+    </bean>
+    
     <!--
         *********************************************
         ***                                       ***