Safe Haskell | None |
---|---|
Language | Haskell98 |
JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JavaScript Object Notation (JSON) based data structures.
- data Alg
- data JWSHeader = JWSHeader {
- headerAlg :: Maybe Alg
- headerJku :: Maybe URI
- headerJwk :: Maybe JWK
- headerKid :: Maybe String
- headerX5u :: Maybe URI
- headerX5c :: Maybe (NonEmpty Base64X509)
- headerX5t :: Maybe Base64SHA1
- headerX5tS256 :: Maybe Base64SHA256
- headerTyp :: Maybe String
- headerCty :: Maybe String
- headerCrit :: Maybe CritParameters
- newJWSHeader :: Alg -> JWSHeader
- data JWS = JWS Base64Octets [Signature]
- newJWS :: ByteString -> JWS
- jwsPayload :: JWS -> ByteString
- signJWS :: MonadRandom m => JWS -> JWSHeader -> JWK -> m (Either Error JWS)
- newtype ValidationAlgorithms = ValidationAlgorithms [Alg]
- data ValidationPolicy
- verifyJWS :: ValidationAlgorithms -> ValidationPolicy -> JWK -> JWS -> Bool
Documentation
JWA §3.1. "alg" (Algorithm) Header Parameters for JWS
JWS Header data type.
JWSHeader | |
|
newJWSHeader :: Alg -> JWSHeader Source #
Construct a minimal header with the given algorithm
JSON Web Signature data type. Consists of a payload and a (possibly empty) list of signatures.
JWS Base64Octets [Signature] |
newJWS :: ByteString -> JWS Source #
Construct a new (unsigned) JWS
jwsPayload :: JWS -> ByteString Source #
Payload of a JWS, as a lazy bytestring.
:: MonadRandom m | |
=> JWS | JWS to sign |
-> JWSHeader | Header for signature |
-> JWK | Key with which to sign |
-> m (Either Error JWS) | JWS with new signature appended |
Create a new signature on a JWS.
newtype ValidationAlgorithms Source #
Algorithms for which validation will be attempted. The default
value includes all algorithms except None
.
data ValidationPolicy Source #
Validation policy. The default policy is AllValidated
.
AnyValidated | One successfully validated signature is sufficient |
AllValidated | All signatures for which validation is attempted must be validated |
verifyJWS :: ValidationAlgorithms -> ValidationPolicy -> JWK -> JWS -> Bool Source #
Verify a JWS.
Verification succeeds if any signature on the JWS is successfully
validated with the given Key
.
If only specific signatures need to be validated, and the
ValidationPolicy
argument is not enough to express this,
the caller is responsible for removing irrelevant signatures
prior to calling verifyJWS
.