Nathan Youngman

There is an issue to support more than two bags for pkcs12, but I haven't had a chance to work on it yet. https://github.com/golang/go/issues/14015 As to your other question, `x/crypto/pkcs12`...

Maybe should switch to https://github.com/SSLMate/go-pkcs12?

There are several JWT libraries for Go: https://godoc.org/?q=jwt @groob suggests https://github.com/dgrijalva/jwt-go Header: alg (algorithm) ES256 kid (key identifier used to sign the token) Claims: iss (developer key ID) iat (seconds...

The API needs to support both certificate and token based authentication. It won't be necessary to load a certificate or configure the HTTP/2 client with Go 1.6.1 or better, instead...

https://jwt.io/ does some validations against various (Go) libraries.

~~This could remove the dependency on x/net/http2 which would mean NewClient could remain in the push package for users still using client certificates from Apple.~~ ~~https://github.com/golang/go/issues/16581~~

> "At WWDC 2016, we announced token-based authentication, a new and simple way for notification providers to authenticate with the Apple Push Notification services (APNs) without the need for app-specific...

https://go-review.googlesource.com/c/net/+/53250

I've added a self-signed *.p12 cert for testing in #19. Still need a self-signed expired cert as well. Though I tried creating a cert that expires in one day, that...

It would be a good idea to document TopicFromCert in the README.