Safe Haskell	None
Language	Haskell98

Crypto.JOSE.JWS

Description

JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JavaScript Object Notation (JSON) based data structures.

Synopsis

Documentation

data Alg Source #

JWA §3.1. "alg" (Algorithm) Header Parameters for JWS

Constructors

HS256
HS384
HS512
RS256
RS384
RS512
ES256
ES384
ES512
PS256
PS384
PS512
None

Instances

Eq Alg Source #
Methods (==) :: Alg -> Alg -> Bool # (/=) :: Alg -> Alg -> Bool #
Show Alg Source #
Methods showsPrec :: Int -> Alg -> ShowS # show :: Alg -> String # showList :: [Alg] -> ShowS #
ToJSON Alg Source #
Methods toJSON :: Alg -> Value # toEncoding :: Alg -> Encoding # toJSONList :: [Alg] -> Value # toEncodingList :: [Alg] -> Encoding #
FromJSON Alg Source #
Methods parseJSON :: Value -> Parser Alg # parseJSONList :: Value -> Parser [Alg] #

data JWSHeader Source #

JWS Header data type.

Constructors

JWSHeader

Fields

headerAlg :: Maybe Alg
headerJku :: Maybe URI
JWK Set URL
headerJwk :: Maybe JWK
headerKid :: Maybe String
interpretation unspecified
headerX5u :: Maybe URI
headerX5c :: Maybe (NonEmpty Base64X509)
headerX5t :: Maybe Base64SHA1
headerX5tS256 :: Maybe Base64SHA256
headerTyp :: Maybe String
Content Type (of object)
headerCty :: Maybe String
Content Type (of payload)
headerCrit :: Maybe CritParameters

Instances

Eq JWSHeader Source #
Methods (==) :: JWSHeader -> JWSHeader -> Bool # (/=) :: JWSHeader -> JWSHeader -> Bool #
Show JWSHeader Source #
Methods showsPrec :: Int -> JWSHeader -> ShowS # show :: JWSHeader -> String # showList :: [JWSHeader] -> ShowS #
ToJSON JWSHeader Source #
Methods toJSON :: JWSHeader -> Value # toEncoding :: JWSHeader -> Encoding # toJSONList :: [JWSHeader] -> Value # toEncodingList :: [JWSHeader] -> Encoding #
FromJSON JWSHeader Source #
Methods parseJSON :: Value -> Parser JWSHeader # parseJSONList :: Value -> Parser [JWSHeader] #
Default JWSHeader Source #
Methods def :: JWSHeader #

newJWSHeader :: Alg -> JWSHeader Source #

Construct a minimal header with the given algorithm

data JWS Source #

JSON Web Signature data type. Consists of a payload and a (possibly empty) list of signatures.

Constructors

JWS Base64Octets [Signature]

Instances

Eq JWS Source #
Methods (==) :: JWS -> JWS -> Bool # (/=) :: JWS -> JWS -> Bool #
Show JWS Source #
Methods showsPrec :: Int -> JWS -> ShowS # show :: JWS -> String # showList :: [JWS] -> ShowS #
ToJSON JWS Source #
Methods toJSON :: JWS -> Value # toEncoding :: JWS -> Encoding # toJSONList :: [JWS] -> Value # toEncodingList :: [JWS] -> Encoding #
FromJSON JWS Source #
Methods parseJSON :: Value -> Parser JWS # parseJSONList :: Value -> Parser [JWS] #
ToCompact JWS Source #
Methods toCompact :: JWS -> Either Error [ByteString] Source #
FromCompact JWS Source #
Methods fromCompact :: [ByteString] -> Either Error JWS Source #

newJWS :: ByteString -> JWS Source #

Construct a new (unsigned) JWS

jwsPayload :: JWS -> ByteString Source #

Payload of a JWS, as a lazy bytestring.

signJWS Source #

Arguments

:: MonadRandom m
=> JWS	JWS to sign
-> JWSHeader	Header for signature
-> JWK	Key with which to sign
-> m (Either Error JWS)	JWS with new signature appended

Create a new signature on a JWS.

newtype ValidationAlgorithms Source #

Algorithms for which validation will be attempted. The default value includes all algorithms except None.

Constructors

ValidationAlgorithms [Alg]

Instances

Default ValidationAlgorithms Source #
Methods def :: ValidationAlgorithms #

data ValidationPolicy Source #

Validation policy. The default policy is AllValidated.

Constructors

AnyValidated	One successfully validated signature is sufficient
AllValidated	All signatures for which validation is attempted must be validated

Instances

Default ValidationPolicy Source #
Methods def :: ValidationPolicy #

verifyJWS :: ValidationAlgorithms -> ValidationPolicy -> JWK -> JWS -> Bool Source #

Verify a JWS.

Verification succeeds if any signature on the JWS is successfully validated with the given Key.

If only specific signatures need to be validated, and the ValidationPolicy argument is not enough to express this, the caller is responsible for removing irrelevant signatures prior to calling verifyJWS.