Gather statistics about distinct RSA moduli used

See ukf/ukf-meta#113.

build.xml

@@ -2434,6 +2434,29 @@
         <delete file="${temp.dir}/embedded.pem" quiet="true" verbose="false"/>
     </target>
 
+    <!--
+        Check embedded certificates in our production aggregate.
+
+        You can ignore almost all of the output from this, other than
+        the summary information at the end and in particular the
+        number of distinct RSA moduli.
+    -->
+    <target name="check.embedded.all">
+        <echo>Extracting embedded certificates</echo>
+        <XALAN
+            i="${aggregates.dir}/${mdaggr.prod.signed}"
+            o="${temp.dir}/embedded.pem"
+            x="${build.dir}/extract_embedded.xsl"/>
+        <echo>Checking embedded certificates</echo>
+        <echo>Note: ignore expiry on eduGAIN entities</echo>
+        <exec executable="perl" dir="${utilities.dir}"
+            input="${temp.dir}/embedded.pem">
+            <arg value="${utilities.dir}/check_embedded.pl"/>
+            <arg value="${entities.dir}/expiry_whitelist.txt"/>
+        </exec>
+        <delete file="${temp.dir}/embedded.pem" quiet="true" verbose="false"/>
+    </target>
+
     <!--
        Check for IdPs using the single-port configuration.
     -->

utilities/check_embedded.pl

@@ -311,6 +311,14 @@ sub comment {
 				next;
 			}
 
+            #
+            # Track distinct RSA moduli
+            #
+            if (/^Modulus=(.*)$/) {
+                $modulus = $1;
+                # print "   modulus: '$modulus'\n";
+                $rsa_modulus{$modulus} = 1;
+            }
 		}
 		close SSL;
 		#print "   text lines: $#lines\n";
@@ -405,6 +413,11 @@ sub comment {
 	}
 	print "\n";
 
+    $distinct_moduli = scalar keys %rsa_modulus;
+    if ($distinct_moduli > 1) {
+        print "Distinct RSA moduli: $distinct_moduli\n";
+    }
+
 	my $first = 1;
 	foreach $fingerprint (sort keys %expiry_whitelist) {
 		if ($expiry_whitelist{$fingerprint} eq 'unused') {