From f0e628c2cfa611ec360638fcdeb1daf7cda45605 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Wed, 24 Mar 2021 16:25:14 -0500
Subject: [PATCH] asn1: Add Heimdal cert ext for ticket max_life

---
 lib/asn1/pkinit.asn1  |  3 +++
 lib/asn1/rfc2459.asn1 | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/lib/asn1/pkinit.asn1 b/lib/asn1/pkinit.asn1
index bc45210b8..9de00596b 100644
--- a/lib/asn1/pkinit.asn1
+++ b/lib/asn1/pkinit.asn1
@@ -17,6 +17,9 @@ id-pkrkeydata  OBJECT IDENTIFIER  ::= { id-pkinit 3 }
 id-pkekuoid    OBJECT IDENTIFIER  ::= { id-pkinit 4 }
 id-pkkdcekuoid OBJECT IDENTIFIER  ::= { id-pkinit 5 }
 
+id-heim-eku-pkinit-certlife-is-max-life OBJECT IDENTIFIER ::=
+    { iso(1) member-body(2) se(752) su(43) heim-pkix(16) 3 }
+
 id-apple-system-id OBJECT IDENTIFIER ::= { 1 2 840 113635 100 4 4 }
 
 id-pkinit-kdf OBJECT IDENTIFIER           ::= { id-pkinit 6 }
diff --git a/lib/asn1/rfc2459.asn1 b/lib/asn1/rfc2459.asn1
index 5260c111a..ecd525bdb 100644
--- a/lib/asn1/rfc2459.asn1
+++ b/lib/asn1/rfc2459.asn1
@@ -495,6 +495,11 @@ id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
 id-x509-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-x509-ce 29 }
 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-x509-ce 54 }
 
+-- Heimdal extension
+id-heim-ce-pkinit-princ-max-life OBJECT IDENTIFIER ::=
+    { iso(1) member-body(2) se(752) su(43) heim-pkix(16) 4 }
+
+
 DistributionPointReasonFlags ::= BIT STRING {
 	unused                  (0),
 	keyCompromise           (1),
@@ -1067,6 +1072,12 @@ ext-SubjectInfoAccessSyntax _EXTENSION ::= {
     &Critical FALSE,
     &ExtnType SubjectInfoAccessSyntax
 }
+HeimPkinitPrincMaxLifeSecs ::= INTEGER (0..4294967295)
+ext-HeimPkinitPrincMaxLife _EXTENSION ::= {
+    &id id-heim-ce-pkinit-princ-max-life,
+    &Critical FALSE,
+    &ExtnType HeimPkinitPrincMaxLifeSecs
+}
 CertExtensions _EXTENSION ::= {
     ext-AuthorityKeyIdentifier
   | ext-SubjectKeyIdentifier
@@ -1086,6 +1097,7 @@ CertExtensions _EXTENSION ::= {
   | ext-FreshestCRL
   | ext-AuthorityInfoAccess
   | ext-SubjectInfoAccessSyntax
+  | ext-HeimPkinitPrincMaxLife
 }
 
 Extension ::= Extension { CertExtensions }