CreateCA creates a CA certificate with private key for self-signed server certificates Source: https://shaneutt.com/blog/golang-ca-and-signed-cert-go/.

CreateClientCert generates a x509 client certificate with keys, signed by the CA intended for testing, not for production cn is the certificate common name, usually the client ID ou the organization.

CreateServerCert create a server certificate, signed by the given CA, for use in hiveot services.

CreateTestCertBundle creates a bundle of ca, server certificates and keys for testing.

LoadTLSCertFromPEM loads the TLS certificate from PEM formatted file.

LoadX509CertFromPEM loads the x509 certificate from a PEM file format.

PublicKeyFromCert extracts an ECDSA public key from x509 certificate Returns nil if certificate doesn't hold a ECDSA public key.

SaveX509CertToPEM saves the x509 certificate to file in PEM format.

VerifyCert verifies whether the given certificate is a valid client certificate This returns the certificate CN as the clientID.

X509CertFromPEM converts a X509 certificate in PEM format to an X509 instance.

X509CertToPEM converts the x509 certificate to PEM format.

X509CertToTLS combines a x509 certificate and private key into a TLS certificate.

DefaultClientCertValidityDays with validity of generated service certificates.

DefaultServerCertValidityDays with validity of generated service certificates.

OUAdmin lets a client approve things provisioning (postOOB), add and remove users Provision API permissions: GetDirectory, ProvisionRequest, GetStatus, PostOOB.

OUIoTDevice for IoT devices with mutual authentication.

OUNone is the default OU with no API access permissions.

OUService for Hub services with mutual authentication By default, services have access to other services Provision API permissions: Any.

OUUser for consumers with mutual authentication.

TestCertBundle creates a set of CA, server and client certificates intended for testing.