!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ None79U'Serialising to armoured representation.&Decoding from armoured representation.gA value that can be "armoured", where the armour representation is preserved when the value is parsed.Lens for the unarmoured value.S for the armour encoding. If the armour was remembered, it is returned unchanged.1Decode an armoured value, remembering the armour.  None None aConvert a JSON object into a list of pairs or the empty list if the JSON value is not an object.AProduce a parser of base64 encoded text from a bytestring parser..Convert a bytestring to a base64 encoded JSON Add appropriate base64 '=' padding. Strip base64 '=' padding.DProduce a parser of base64url encoded text from a bytestring parser.1Convert a bytestring to a base64url encoded JSON LConvert an unsigned big endian octet sequence to the integer it represents.SConvert an integer to its unsigned big endian representation as an octet sequence.  None#A base64 encoded X.509 certificate.MA base64url encoded SHA-256 digest. Used for X.509 certificate thumbprints.KA base64url encoded SHA-1 digest. Used for X.509 certificate thumbprints.xA base64url encoded octet sequence. Used for payloads, signatures, symmetric keys, salts, initialisation vectors, etc. 7A base64url encoded string. This is used for the JWE Agreement PartyUInfo and Agreement PartyVInfo fields. A base64url encoded octet sequence interpreted as an integer and where the number of octets carries explicit bit-length information. =A base64url encoded octet sequence interpreted as an integer.        NoneBExpression for an end guard. Arg describes type it was expecting.GBuild a catch-all guard that fails. String describes what is expected.CDerive a JOSE sum type with nullary data constructors, along with  and  instances Type name.List of JSON string values. The corresponding constructor is derived by upper-casing the first letter and converting non-alpha-numeric characters are converted to underscores. None<JWA 4.1. "alg" (Algorithm) Header Parameter Values for JWEpThis section is shuffled off into its own module to avoid circular import via Crypto.JOSE.JWK, which needs Alg.None6JWA 3.1. "alg" (Algorithm) Header Parameters for JWS None All the errors that can occur.(A requested algorithm is not implemented$A requested algorithm cannot be used Wrong type of key was given!Key size is too small",RSA private key with >2 primes not supported#+RSA encryption, decryption or signing error$-Cannot produce compact representation of data%$Cannot decode compact representation&JSON (Aeson) decoding error !"#$%&'()* !"#$%&'()* !"#$%&'()*  !"#$%&'()*None+7Data that can be converted to a compact representation.-6Data that can be parsed from a compact representation./ Decode a compact representation.0(Encode data to a compact representation.+,-./0+,-./0-./+,0+,-./0None>L1KA Key that can sign messages and validate signatures according to a given Alg.Can fail with 8Remove secrets from a key12345678     123456781234567812345678None >FL 9%Elliptic Curve key type (Recommeded+);RSA key type (Required)=2Octet sequence (symmetric key) key type (Required)?Parameters for RSA KeysA"Parameters for Elliptic Curve KeysHRSA private key parametersL(Optional parameters for RSA private keysT#"oth" (Other Primes Info) Parameter"crv" (Curve) ParameterYKeygen parameters.]Key material sum type.aSymmetric key parameters data.Y9:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX !"#$%&'()*+YZ[\]^_`abcdefgh,-./0123456789:;09:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh19:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX !"#$%&'()*+YZ[\]^_`abcdefgh,-./0123456789:;None>L<&JWK 3.3. "alg" (Algorithm) Parameter=/JWK 3.3. "key_ops" (Key Operations) Parameteri"JWK 3. JSON Web Key (JWK) Format>+JWK 3.2. "use" (Public Key Use) Parameterk*JWK 4. JSON Web Key Set (JWK Set) Format-<?@AB=CDEFGHIJKijLMNOPQRST>UVWklmnopqrstuXYZ[=9:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu=ijpqnmourstkl9:;<=>ABCDEFGTUVWXLMNOPQRSHIJK?@efghabcdYZ[\]^_`<?@AB=CDEFGHIJKi jLMNOPQRST>UVWklmnopqrstuXYZ[None\<JWA 4.1. "alg" (Algorithms) Header Parameter Values for JWE]EJWA 4.2. "enc" (Encryption Method) Header Parameters Values for JWE\^_`abcdefg]hijklmn\^_`abcdefg]hijklm\ ^be_`acdfg]hijklmnNone7 v*Validation policy. The default policy is x.w2One successfully validated signature is sufficientxBAll signatures for which validation is attempted must be validatedyfAlgorithms for which validation will be attempted. The default value includes all algorithms except None.{`JSON Web Signature data type. Consists of a payload and a (possibly empty) list of signatures.}JWS Header data type. JWK Set URLinterpretation unspecifiedContent Type (of object)Content Type (of payload)'Payload of a JWS, as a lazy bytestring. Create a new signature on a JWS. Verify a JWS.\Verification succeeds if any signature on the JWS is successfully validated with the given 1.;If only specific signatures need to be validated, and the vy argument is not enough to express this, the caller is responsible for removing irrelevant signatures prior to calling .2vwxyz{|op}~qrstuvwxyRandom number generator JWS to signHeader for signatureKey with which to signJWS with new signature appendedz{|}~#vwxyz{|op}~qrstuvwxyz vwxyz{|op} ~qrstuvwxyz{|}~None%vwxyz{|}~%}~{|yzvwxNone<>LLegacy JSON Web Key data type.None      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~None`The JWT Claims Set represents a JSON object whose members are the claims conveyed by the JWT.The issuer claim identifies the principal that issued the JWT. The processing of this claim is generally application specific.>The subject claim identifies the principal that is the subject of the JWT. The Claims in a JWT are normally statements about the subject. The subject value MAY be scoped to be locally unique in the context of the issuer or MAY be globally unique. The processing of this claim is generally application specific.The audience claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the audB claim when this claim is present, then the JWT MUST be rejected.The expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of exp_ claim requires that the current date/time MUST be before expiration date/time listed in the expx claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.|The not before claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the nbfm claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the nbfy claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.The issued at claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT.The JWT ID claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object. The jtiB claim can be used to prevent the JWT from being replayed. The jti" value is a case-sensitive string.7Claim Names can be defined at will by those using JWTs.)Audience data. In the general case, the audA value is an array of case-sensitive strings, each containing a B value. In the special case when the JWT has one audience, the aud; value MAY be a single case-sensitive string containing a  value.xA JSON numeric value representing the number of seconds from 1970-01-01T0:0:0Z UTC until the specified UTC date/time.A JSON string value, with the additional requirement that while arbitrary string values MAY be used, any value containing a : character MUST be a URI. Construct a  from text Construct a  from a URIGet the Get the uri from a JSON Web Token data.JOSE aspect of the JWT.Claims of the JWT.,Data representing the JOSE aspects of a JWT.Return an empty claims set.-Validate a JWT as a JWS (JSON Web Signature).Create a JWT that is a JWS.5$$#  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGGHHIIJJKKLMNOPQQRSTTUVWXYZ[[\]^_`abcdefgghijklmnnoopqrstuvwxyz{||}}~~                                       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^X_`abcdefghijklmnoppqqrstuvwxyz{|}~jose_Hl1ti3L8gdZ2RiNeRPFVcKCrypto.JOSE.TypesCrypto.JOSE.JWSCrypto.JOSE.ErrorCrypto.JOSE.CompactCrypto.JOSE.ClassesCrypto.JOSE.JWKCrypto.JOSE.Legacy Crypto.JWTCrypto.JOSE.Types.ArmourCrypto.JOSE.Types.OrphansCrypto.JOSE.Types.InternalCrypto.JOSE.THCrypto.JOSE.JWA.JWE.AlgCrypto.JOSE.JWA.JWSCrypto.JOSE.JWA.JWKCrypto.JOSE.JWA.JWECrypto.JOSE.JWS.Internal Crypto.JOSEnetwo_LFMzacKIfjmC6gRt5N3aSz Network.URIURI Base64X509 Base64SHA256 Base64SHA1 Base64OctetsBase64UrlStringSizedBase64Integer Base64IntegerAlgHS256HS384HS512RS256RS384RS512ES256ES384ES512PS256PS384PS512NoneErrorAlgorithmNotImplementedAlgorithmMismatch KeyMismatchKeySizeTooSmallOtherPrimesNotSupportedRSAErrorCompactEncodeErrorCompactDecodeErrorJSONDecodeErrorJWSMissingHeader JWSMissingAlgJWSCritUnprotectedJWSDuplicateHeaderParameter ToCompact toCompact FromCompact fromCompact decodeCompact encodeCompactKey KeyGenParam KeyContentgenfromKeyContentsignverifypublicECRSAOctRSAKeyParametersECKeyParametersecKtyecCrvecXecYecDRSAPrivateKeyParametersrsaDrsaOptionalParametersRSAPrivateKeyOptionalParametersrsaPrsaQrsaDprsaDqrsaQirsaOthRSAPrivateKeyOthElemrOthdOthtOthKeyMaterialGenParam ECGenParam RSAGenParam OctGenParam KeyMaterial ECKeyMaterialRSAKeyMaterialOctKeyMaterialOctKeyParametersoctKtyoctKrsaErsaKtyrsaNrsaPrivateKeyParametersJWKJWKSetjwkAlg jwkKeyOpsjwkKid jwkMaterialjwkUsejwkX5cjwkX5t jwkX5tS256jwkX5uValidationPolicy AnyValidated AllValidatedValidationAlgorithmsJWS JWSHeader headerAlg headerJku headerJwk headerKid headerX5u headerX5c headerX5t headerX5tS256 headerTyp headerCty headerCrit jwsPayloadsignJWS verifyJWSRSKeyParametersJWK'_rsKeyParametersrsaKeyParameterstoJWK ClaimsSet _claimIss _claimSub _claimAud _claimExp _claimNbf _claimIat _claimJti_unregisteredClaimsAudienceGeneralSpecial NumericDate StringOrURI fromStringfromURI getStringgetURIJWT jwtCrypto jwtClaimsSetclaimAudclaimExpclaimIatclaimIssclaimJticlaimNbfclaimSubunregisteredClaimsemptyClaimsSetaddClaimvalidateJWSJWT createJWSJWTToArmour FromArmourArmourvaluearmourlens_9a2djBByzhQCLaegMRr5W5Control.Lens.TypeGetter decodeArmourtoArmour parseArmourArmoured Unarmoured$fFromJSONArmour $fEqArmour $fToJSONURI $fFromJSONURI$fToJSONNonEmpty$fFromJSONNonEmpty objectPairsparseB64 encodeB64baseGHC.BaseStringpadunpad parseB64Url encodeB64Url bsToInteger integerToBS$fToJSONBase64X509$fFromJSONBase64X509$fToJSONBase64SHA256$fFromJSONBase64SHA256$fToJSONBase64SHA1$fFromJSONBase64SHA1$fToJSONBase64Octets$fFromJSONBase64Octets$fByteableBase64Octets$fFromJSONBase64UrlString$fToJSONSizedBase64Integer$fFromJSONSizedBase64Integer$fToJSONBase64Integer$fFromJSONBase64Integer endGuardExpendGuardderiveJOSETypeaeson_44trYaEL9ec0tzpBUZXsoyData.Aeson.Types.ClassToJSONFromJSON capitalizesanitizeconize guardPredguardExpguard endGuardPred guardedBodyparseJSONClauseQ parseJSONFun toJSONClause toJSONFun aesonInstanceRSA1_5RSA_OAEP RSA_OAEP_256A128KWA192KWA256KWDirECDH_ESECDH_ES_A128KWECDH_ES_A192KWECDH_ES_A256KW A128GCMKW A192GCMKW A256GCMKWPBES2_HS256_A128KWPBES2_HS384_A128KWPBES2_HS512_A128KW $fToJSONAlgcrypt_AiAh1TjHAXoKn2uAIMhkBj Crypto.RandomwithRandomBytes SystemRNGCrypto.Random.GeneratorcprgGenerateWithEntropy cprgGeneratecprgForkcprgSetReseedThreshold cprgCreateCPRGCrypto.Random.Entropy grabEntropy grabEntropyIOcreateTestEntropyPoolcreateEntropyPool EntropyPoolCrv $fToJSONEC $fToJSONRSA $fToJSONOct_rsaKty_rsaN_rsaE_rsaPrivateKeyParametersP_256P_384P_521signECverifyECcurvepoint$fKeyECKeyParameters$fToJSONECKeyParameters$fFromJSONECKeyParameters$fToJSONRSAPrivateKeyParameters!$fFromJSONRSAPrivateKeyParameters'$fToJSONRSAPrivateKeyOptionalParameters)$fFromJSONRSAPrivateKeyOptionalParameters$fToJSONRSAPrivateKeyOthElem$fFromJSONRSAPrivateKeyOthElem $fToJSONCrv signPKCS15 verifyPKCS15signPSS verifyPSS rsaPrivateKey rsaPublicKeysignOct$fKeyKeyMaterial$fToJSONKeyMaterial$fFromJSONKeyMaterial$fKeyOctKeyParameters$fToJSONOctKeyParameters$fFromJSONOctKeyParameters$fKeyRSAKeyParameters$fToJSONRSAKeyParameters$fFromJSONRSAKeyParametersKeyOpKeyUseJWSAlgJWEAlg $fFromJSONAlgSignVerifyEncryptDecryptWrapKey UnwrapKey DeriveKey DeriveBits $fToJSONKeyOp _jwkMaterial_jwkUse _jwkKeyOps_jwkAlg_jwkKid_jwkX5u_jwkX5c_jwkX5t _jwkX5tS256SigEnc$fToJSONKeyUse$fFromJSONJWKSet$fKeyJWK $fToJSONJWK $fFromJSONJWKJWEAlgHeaderParametersECDHParametersepkapuapvAESGCMParametersivtagPBES2Parametersp2sp2c A128CBC_HS256 A192CBC_HS384 A256CBC_HS512A128GCMA192GCMA256GCM $fToJSONEnc SignatureCritParameterscritInvalidNamescritObjectParser parseCrit algHeader algorithm checkHeaders signingInput verifySig$fDefaultValidationPolicy$fDefaultValidationAlgorithms$fFromCompactJWS$fToCompactJWS $fToJSONJWS $fFromJSONJWS$fToJSONSignature$fFromJSONSignature$fDefaultJWSHeader$fToJSONJWSHeader$fFromJSONJWSHeader$fToArmourTextJWSHeader$fFromArmourTextErrorJWSHeader$fToJSONCritParameters$fFromJSONCritParametersStringifiedInteger _unStringunStringb64Iso sizedB64Iso$fToJSONStringifiedInteger$fFromJSONStringifiedInteger_rsaKeyParametersRS $fToJSONRS$fKeyRSKeyParameters$fToJSONRSKeyParameters$fFromJSONRSKeyParametersrsKeyParameters $fKeyJWK' $fToJSONJWK'$fFromJSONJWK' JWTCrypto ArbitraryOrURI$fToJSONAudience$fFromJSONAudience$fToJSONNumericDate$fFromJSONNumericDate$fToJSONStringOrURI$fFromJSONStringOrURIJWTJWSfilterUnregistered$fToCompactJWT$fFromCompactJWT$fToCompactJWTCrypto$fFromCompactJWTCrypto$fToJSONClaimsSet$fFromJSONClaimsSet