Update to ukf-mda 0.8.2 to get more X.509 certificate validators.

standardImportActions now includes Debian weak key and small exponent check.
Import transform and check.uk.future now include Debian weak key, inconsistent subjectAltName and small exponent check.

mdx/common-beans.xml

@@ -208,10 +208,20 @@
 
     <bean id="X509CertificateValidationStage" abstract="true" parent="stage_parent"
         class="uk.org.ukfederation.mda.validate.X509CertificateValidationStage"/>
+
+    <bean id="validator_parent" abstract="true" parent="component_parent"/>
 
-    <bean id="X509CertificateRSAKeyLengthValidator" abstract="true"
+    <bean id="X509CertificateConsistentNameValidator" abstract="true" parent="validator_parent"
+        class="uk.org.ukfederation.mda.validate.X509CertificateConsistentNameValidator"/>
+
+    <bean id="X509CertificateRSAExponentValidator" abstract="true" parent="validator_parent"
+        class="uk.org.ukfederation.mda.validate.X509CertificateRSAExponentValidator"/>
+
+    <bean id="X509CertificateRSAKeyLengthValidator" abstract="true" parent="validator_parent"
         class="uk.org.ukfederation.mda.validate.X509CertificateRSAKeyLengthValidator"/>
 
+    <bean id="X509CertificateRSAOpenSSLBlacklistValidator" abstract="true" parent="validator_parent"
+        class="uk.org.ukfederation.mda.validate.X509CertificateRSAOpenSSLBlacklistValidator"/>
 
     <!--
         ***********************************************
@@ -926,6 +936,12 @@
                             <!-- Error on RSA key length less than 1024 bits. -->
                             <bean parent="X509CertificateRSAKeyLengthValidator"
                                 p:warningBoundary="0" p:errorBoundary="1024"/>
+                            <!-- Error on small RSA public exponents. -->
+                            <bean parent="X509CertificateRSAExponentValidator"/>
+                            <!-- Debian weak key blacklists. -->
+                            <ref bean="debian.1024"/>
+                            <ref bean="debian.2048"/>
+                            <ref bean="debian.4096"/>
                         </list>
                     </property>
                 </bean>

mdx/uk/beans.xml

@@ -427,6 +427,12 @@
                             <!-- Error on RSA key length less than 1024 bits. -->
                             <bean parent="X509CertificateRSAKeyLengthValidator"
                                 p:warningBoundary="0" p:errorBoundary="1024"/>
+                            <!-- Error on small RSA public exponents. -->
+                            <bean parent="X509CertificateRSAExponentValidator"/>
+                            <!-- Debian weak key blacklists. -->
+                            <ref bean="debian.1024"/>
+                            <ref bean="debian.2048"/>
+                            <ref bean="debian.4096"/>
                         </list>
                     </property>
                 </bean>

mdx/uk/verbs.xml

@@ -178,6 +178,14 @@
                             <!-- Error on RSA key length less than 2048 bits. -->
                             <bean parent="X509CertificateRSAKeyLengthValidator"
                                 p:warningBoundary="0" p:errorBoundary="2048"/>
+                            <!-- Error on small RSA public exponents. -->
+                            <bean parent="X509CertificateRSAExponentValidator"/>
+                            <!-- Error on inconsistent subjectAltNames. -->
+                            <bean parent="X509CertificateConsistentNameValidator"/>
+                            <!-- Debian weak key blacklists. -->
+                            <ref bean="debian.1024"/>
+                            <ref bean="debian.2048"/>
+                            <ref bean="debian.4096"/>
                         </list>
                     </property>
                 </bean>
@@ -302,6 +310,14 @@
                             <!-- Error on RSA key length less than 2048 bits. -->
                             <bean parent="X509CertificateRSAKeyLengthValidator"
                                 p:warningBoundary="0" p:errorBoundary="2048"/>
+                            <!-- Error on small RSA public exponents. -->
+                            <bean parent="X509CertificateRSAExponentValidator"/>
+                            <!-- Error on inconsistent subjectAltNames. -->
+                            <bean parent="X509CertificateConsistentNameValidator"/>
+                            <!-- Debian weak key blacklists. -->
+                            <ref bean="debian.1024"/>
+                            <ref bean="debian.2048"/>
+                            <ref bean="debian.4096"/>
                         </list>
                     </property>
                 </bean>

mdx/validation-beans.xml

@@ -681,6 +681,45 @@
         p:id="check_dup_display"
         class="uk.org.ukfederation.mda.IdPDisplayNameDuplicateDetectingStage"/>
 
+    <!--
+        ***********************************************
+        ***                                         ***
+        ***   X . 5 0 9   C E R T I F I C A T E S   ***
+        ***                                         ***
+        ***********************************************
+    -->
+
+    <!--
+        Debian weak key blacklists.
+    -->
+
+    <bean id="debian.1024" parent="X509CertificateRSAOpenSSLBlacklistValidator"
+        p:id="debian.1024" p:keySize="1024">
+        <property name="blacklistResource">
+            <bean parent="ClasspathResource">
+                <constructor-arg value="_openssl_blacklists/blacklist.RSA-1024"/>
+            </bean>
+        </property>
+    </bean>
+
+    <bean id="debian.2048" parent="X509CertificateRSAOpenSSLBlacklistValidator"
+        p:id="debian.2048" p:keySize="2048">
+        <property name="blacklistResource">
+            <bean parent="ClasspathResource">
+                <constructor-arg value="_openssl_blacklists/blacklist.RSA-2048"/>
+            </bean>
+        </property>
+    </bean>
+
+    <bean id="debian.4096" parent="X509CertificateRSAOpenSSLBlacklistValidator"
+        p:id="debian.4096" p:keySize="4096">
+        <property name="blacklistResource">
+            <bean parent="ClasspathResource">
+                <constructor-arg value="_openssl_blacklists/blacklist.RSA-4096"/>
+            </bean>
+        </property>
+    </bean>
+
     <!--
         *********************************************
         ***                                       ***