Safe Haskell	None
Language	Haskell98

Crypto.JOSE.JWS

Description

JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JavaScript Object Notation (JSON) based data structures.

Synopsis

Documentation

data Alg Source

JWA §3.1. "alg" (Algorithm) Header Parameters for JWS

Constructors

HS256
HS384
HS512
RS256
RS384
RS512
ES256
ES384
ES512
PS256
PS384
PS512
None

Instances

Eq Alg
Show Alg
ToJSON Alg
FromJSON Alg

data JWSHeader Source

JWS Header data type.

Constructors

JWSHeader

Fields

headerAlg :: Maybe Alg
headerJku :: Maybe URI: JWK Set URL
headerJwk :: Maybe JWK
headerKid :: Maybe String: interpretation unspecified
headerX5u :: Maybe URI
headerX5c :: Maybe (NonEmpty Base64X509)
headerX5t :: Maybe Base64SHA1
headerX5tS256 :: Maybe Base64SHA256
headerTyp :: Maybe String: Content Type (of object)
headerCty :: Maybe String: Content Type (of payload)
headerCrit :: Maybe CritParameters

Instances

Eq JWSHeader
Show JWSHeader
ToJSON JWSHeader
FromJSON JWSHeader
Default JWSHeader

data JWS Source

JSON Web Signature data type. Consists of a payload and a (possibly empty) list of signatures.

Constructors

JWS Base64Octets [Signature]

Instances

Eq JWS
Show JWS
ToJSON JWS
FromJSON JWS
ToCompact JWS
FromCompact JWS

jwsPayload :: JWS -> ByteString Source

Payload of a JWS, as a lazy bytestring.

signJWS Source

Arguments

:: CPRG g
=> g	Random number generator
-> JWS	JWS to sign
-> JWSHeader	Header for signature
-> JWK	Key with which to sign
-> (Either Error JWS, g)	JWS with new signature appended

Create a new signature on a JWS.

newtype ValidationAlgorithms Source

Algorithms for which validation will be attempted. The default value includes all algorithms except None.

Constructors

ValidationAlgorithms [Alg]

Instances

Default ValidationAlgorithms

data ValidationPolicy Source

Validation policy. The default policy is AllValidated.

Constructors

AnyValidated	One successfully validated signature is sufficient
AllValidated	All signatures for which validation is attempted must be validated

Instances

Default ValidationPolicy

verifyJWS :: ValidationAlgorithms -> ValidationPolicy -> JWK -> JWS -> Bool Source

Verify a JWS.

Verification succeeds if any signature on the JWS is successfully validated with the given Key.

If only specific signatures need to be validated, and the ValidationPolicy argument is not enough to express this, the caller is responsible for removing irrelevant signatures prior to calling verifyJWS.