Safe Haskell | None |
---|---|
Language | Haskell98 |
JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JavaScript Object Notation (JSON) based data structures.
- data Alg
- data JWSHeader = JWSHeader {
- headerAlg :: Maybe Alg
- headerJku :: Maybe URI
- headerJwk :: Maybe JWK
- headerKid :: Maybe String
- headerX5u :: Maybe URI
- headerX5c :: Maybe (NonEmpty Base64X509)
- headerX5t :: Maybe Base64SHA1
- headerX5tS256 :: Maybe Base64SHA256
- headerTyp :: Maybe String
- headerCty :: Maybe String
- headerCrit :: Maybe CritParameters
- data JWS = JWS Base64Octets [Signature]
- jwsPayload :: JWS -> ByteString
- signJWS :: CPRG g => g -> JWS -> JWSHeader -> JWK -> (Either Error JWS, g)
- newtype ValidationAlgorithms = ValidationAlgorithms [Alg]
- data ValidationPolicy
- verifyJWS :: ValidationAlgorithms -> ValidationPolicy -> JWK -> JWS -> Bool
Documentation
JWA §3.1. "alg" (Algorithm) Header Parameters for JWS
JWS Header data type.
JWSHeader | |
|
JSON Web Signature data type. Consists of a payload and a (possibly empty) list of signatures.
JWS Base64Octets [Signature] |
jwsPayload :: JWS -> ByteString Source
Payload of a JWS, as a lazy bytestring.
:: CPRG g | |
=> g | Random number generator |
-> JWS | JWS to sign |
-> JWSHeader | Header for signature |
-> JWK | Key with which to sign |
-> (Either Error JWS, g) | JWS with new signature appended |
Create a new signature on a JWS.
newtype ValidationAlgorithms Source
Algorithms for which validation will be attempted. The default
value includes all algorithms except None
.
data ValidationPolicy Source
Validation policy. The default policy is AllValidated
.
AnyValidated | One successfully validated signature is sufficient |
AllValidated | All signatures for which validation is attempted must be validated |
verifyJWS :: ValidationAlgorithms -> ValidationPolicy -> JWK -> JWS -> Bool Source
Verify a JWS.
Verification succeeds if any signature on the JWS is successfully
validated with the given Key
.
If only specific signatures need to be validated, and the
ValidationPolicy
argument is not enough to express this,
the caller is responsible for removing irrelevant signatures
prior to calling verifyJWS
.