D?      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=> None?@?@ None AaConvert a JSON object into a list of pairs or the empty list if the JSON value is not an object.BAProduce a parser of base64 encoded text from a bytestring parser.C.Convert a bytestring to a base64 encoded JSON DEAdd appropriate base64 '=' padding.F Strip base64 '=' padding.GDProduce a parser of base64url encoded text from a bytestring parser.H1Convert a bytestring to a base64url encoded JSON DILConvert an unsigned big endian octet sequence to the integer it represents.JSConvert an integer to its unsigned big endian representation as an octet sequence. ABCEFGHIJK ABCEFGHIJK ABCEFGHIJK None<=?[L'Serialising to armoured representation.M&Decoding from armoured representation.NgA value that can be "armoured", where the armour representation is preserved when the value is parsed.OLens for the unarmoured value.PQS for the armour encoding. If the armour was remembered, it is returned unchanged.R1Decode an armoured value, remembering the armour. LSMTNUVOPRWX LSMTNVOPRLSMTNUVOPRWXNone=A base64url encoded octet sequence interpreted as an integer.#A base64 encoded X.509 certificate.MA base64url encoded SHA-256 digest. Used for X.509 certificate thumbprints. KA base64url encoded SHA-1 digest. Used for X.509 certificate thumbprints. xA base64url encoded octet sequence. Used for payloads, signatures, symmetric keys, salts, initialisation vectors, etc. A base64url encoded octet sequence interpreted as an integer and where the number of octets carries explicit bit-length information. Generate a   of the given number of bytes Parsed a   with an expected number of bytes.# Y !"#$      Y !"#$ NoneZBExpression for an end guard. Arg describes type it was expecting.[GBuild a catch-all guard that fails. String describes what is expected.\CDerive a JOSE sum type with nullary data constructors, along with ] and ^ instances_`abcdeZ[fghijk\ Type name.List of JSON string values. The corresponding constructor is derived by upper-casing the first letter and converting non-alpha-numeric characters are converted to underscores.\_`abcdeZ[fghijk\ None.6JWA 3.1. "alg" (Algorithm) Header Parameters for JWS./0123456789:;l./0123456789:;. /0123456789:;lNonem<JWA 4.1. "alg" (Algorithm) Header Parameter Values for JWEpThis section is shuffled off into its own module to avoid circular import via Crypto.JOSE.JWK, which needs Alg.mnopqrstuvwxyz{|}~mnqrsyz{optuvwx|}~mnopqrstuvwxyz{|}~None <All the errors that can occur.=(A requested algorithm is not implemented>$A requested algorithm cannot be used?Wrong type of key was given@Key size is too smallA,RSA private key with >2 primes not supportedB+RSA encryption, decryption or signing errorC&Various cryptonite library error casesD-Cannot produce compact representation of dataE$Cannot decode compact representationFJSON (Aeson) decoding error<=>?@ABCDEFGHIJ<C=>?@ABDEFGHIJ<=>?@ABCDEFGHIJ<=>?@ABCDEFGHIJNone !"DLRT[ M%Elliptic Curve key type (Recommeded+)ORSA key type (Required)Q2Octet sequence (symmetric key) key type (Required)SParameters for RSA KeysU"Parameters for Elliptic Curve Keys\RSA private key parameters`(Optional parameters for RSA private keysh#"oth" (Other Primes Info) Parameterm"crv" (Curve) ParametersKeygen parameters.wKey material sum type.{Symmetric key parameters data.jMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~LMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~AMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~None !"DR&JWK 3.3. "alg" (Algorithm) Parameter/JWK 3.3. "key_ops" (Key Operations) Parameter"JWK 3. JSON Web Key (JWK) Format+JWK 3.2. "use" (Public Key Use) Parameter*JWK 4. JSON Web Key Set (JWK Set) Format0[MNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~JqrMNOPQRmnopUVWXYZ[hijkl`abcdefg\]^_ST{|}~stuvwxyz None <JWA 4.9.1. Header Parameters Used for PBES2 Key EncryptionPBKDF2 salt input)PBKDF2 iteration count ; POSITIVE integer>JWA 4.8.1. Header Parameters Used for AES GCM Key Encryption)Initialization Vector (must be 96 bits?)&Authentication Tag (must be 128 bits?):JWA 4.7.1. Header Parameters Used for ECDH Key Agreement'Ephemeral Public Key ; a JWK PUBLIC keyAgreement PartyUInfoAgreement PartyVInfoEJWA 4.2. "enc" (Encryption Method) Header Parameters Values for JWE1(NoneBDRLegacy JSON Web Key data type.          None7Data that can be converted to a compact representation.6Data that can be parsed from a compact representation. Decode a compact representation.(Encode data to a compact representation.None<=*Validation policy. The default policy is .2One successfully validated signature is sufficientBAll signatures for which validation is attempted must be validatedfAlgorithms for which validation will be attempted. The default value includes all algorithms except None.`JSON Web Signature data type. Consists of a payload and a (possibly empty) list of signatures.JWS Header data type. JWK Set URLinterpretation unspecifiedContent Type (of object)Content Type (of payload)3Construct a minimal header with the given algorithmConstruct a new (unsigned) JWS'Payload of a JWS, as a lazy bytestring. Create a new signature on a JWS. Verify a JWS.\Verification succeeds if any signature on the JWS is successfully validated with the given Key.;If only specific signatures need to be validated, and the y argument is not enough to express this, the caller is responsible for removing irrelevant signatures prior to calling .3 JWS to signHeader for signatureKey with which to signJWS with new signature appended !"#$%&'()*+,$!  !"#$%&'()*+,None'./0123456789:;'./0123456789:;NoneT-Wrap a secret.iInput size must be a multiple of 8 bytes, and at least 16 bytes. Output size is input size plus 8 bytes..Unwrap a secret.jInput size must be a multiple of 8 bytes, and at least 24 bytes. Output size is input size minus 8 bytes.Returns /d if inherent integrity check fails. Otherwise, the chance that the key data is corrupt is 2 ^ -64.01registerstep (t) and offset (i)-2registerstep (t) and offset (i).-.01-2.None<=LTJWE Initialization VectorJWE AADJWE CiphertextJWE Authentication Tag3$JWE Per-Recipient Unprotected Header4JWE Encrypted KeyContent Type (of object)Content Type (of payload)05634789:;<=message (key to wrap)>plaintext key (to be encrypted) encrypted key?@keymessageAADAkeymessageadditional authenticated dataIV, cipertext and MACBkeymessageadditional authenticated dataIV, tag and ciphertext5634789:;<=>?@ABNone./0123456789:;<C=>?@ABDEFGHIJMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~None`The JWT Claims Set represents a JSON object whose members are the claims conveyed by the JWT.The issuer claim identifies the principal that issued the JWT. The processing of this claim is generally application specific.>The subject claim identifies the principal that is the subject of the JWT. The Claims in a JWT are normally statements about the subject. The subject value MAY be scoped to be locally unique in the context of the issuer or MAY be globally unique. The processing of this claim is generally application specific.The audience claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the audB claim when this claim is present, then the JWT MUST be rejected.The expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of exp_ claim requires that the current date/time MUST be before expiration date/time listed in the expx claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. |The not before claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the nbfm claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the nbfy claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. The issued at claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT. The JWT ID claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object. The jtiB claim can be used to prevent the JWT from being replayed. The jti" value is a case-sensitive string. 7Claim Names can be defined at will by those using JWTs. )Audience data. In the general case, the audA value is an array of case-sensitive strings, each containing a B value. In the special case when the JWT has one audience, the aud; value MAY be a single case-sensitive string containing a  value.xA JSON numeric value representing the number of seconds from 1970-01-01T0:0:0Z UTC until the specified UTC date/time.A JSON string value, with the additional requirement that while arbitrary string values MAY be used, any value containing a : character MUST be a URI. Construct a  from text Construct a  from a URIGet the Get the uri from a %JSON Web Token data.'JOSE aspect of the JWT.(Claims of the JWT.C,Data representing the JOSE aspects of a JWT.1Return an empty claims set.3-Validate a JWT as a JWS (JSON Web Signature).4Create a JWT that is a JWS.5     DE%&'(CF)*+,-./012G3456789:$     %&'()*+,-./01234$%&'()*+,-./0243    1 #      DE%&'(CF)*+,-./012G3456789:H !"#$%&'()*+,-./0123456789:;<= > ? @ A B C D E F G H I J KLMNOPQRSTUVWXYZ[\]]^^__``aabcdefgghijjklmnopqqrstuvwxyz{|}~      !""#$%&'()*+,-./0123456789: ; < = > ?@AB C D E F G H I J K L M NOPQ R S T U V W XY Z [ \]^_]`a b c d e f g h i j k l m n >opqrstuvwxyz{|}~>opqrstuvwxyz{|}~     @A !"#$%&'()*#jose-0.4.0.4-IT9CfPpB51K8aMqVyhrxndCrypto.JOSE.TypesCrypto.JOSE.JWSCrypto.JOSE.ErrorCrypto.JOSE.JWKCrypto.JOSE.LegacyCrypto.JOSE.CompactCrypto.JOSE.JWE Crypto.JWTCrypto.JOSE.Types.OrphansCrypto.JOSE.Types.InternalCrypto.JOSE.Types.ArmourCrypto.JOSE.THCrypto.JOSE.JWA.JWSCrypto.JOSE.JWA.JWE.AlgCrypto.JOSE.JWA.JWKCrypto.JOSE.JWA.JWECrypto.JOSE.JWS.InternalCrypto.JOSE.AESKW Crypto.JOSE*network-uri-2.6.1.0-Aihq3wpSNKN28NNLADc6qL Network.URIURI Base64Integer$fEqBase64Integer$fShowBase64Integer Base64X509 Base64SHA256 Base64SHA1 Base64OctetsSizedBase64Integer_Base64IntegergenSizedBase64IntegerOf checkSize$fToJSONBase64X509$fFromJSONBase64X509$fArbitraryBase64SHA256$fToJSONBase64SHA256$fFromJSONBase64SHA256$fArbitraryBase64SHA1$fToJSONBase64SHA1$fFromJSONBase64SHA1$fArbitraryBase64Octets$fToJSONBase64Octets$fFromJSONBase64Octets$fByteableBase64Octets$fToJSONSizedBase64Integer$fFromJSONSizedBase64Integer$fArbitrarySizedBase64Integer$fEqSizedBase64Integer$fArbitraryBase64Integer$fToJSONBase64Integer$fFromJSONBase64Integer$fShowSizedBase64Integer$fEqBase64Octets$fShowBase64Octets$fEqBase64SHA1$fShowBase64SHA1$fEqBase64SHA256$fShowBase64SHA256$fEqBase64X509$fShowBase64X509AlgHS256HS384HS512RS256RS384RS512ES256ES384ES512PS256PS384PS512NoneErrorAlgorithmNotImplementedAlgorithmMismatch KeyMismatchKeySizeTooSmallOtherPrimesNotSupportedRSAError CryptoErrorCompactEncodeErrorCompactDecodeErrorJSONDecodeErrorJWSMissingHeader JWSMissingAlgJWSCritUnprotectedJWSDuplicateHeaderParameter $fEqError $fShowErrorECRSAOctRSAKeyParametersECKeyParametersecKtyecCrvecXecYecDRSAPrivateKeyParametersrsaDrsaOptionalParametersRSAPrivateKeyOptionalParametersrsaPrsaQrsaDprsaDqrsaQirsaOthRSAPrivateKeyOthElemrOthdOthtOthCrvP_256P_384P_521 AsPublicKey asPublicKeyKeyMaterialGenParam ECGenParam RSAGenParam OctGenParam KeyMaterial ECKeyMaterialRSAKeyMaterialOctKeyMaterialOctKeyParametersoctKtyoctKrsaErsaKtyrsaNrsaPrivateKeyParametersgenRSA rsaPublicKeygenKeyMaterialsignverify $fToJSONAlg $fFromJSONAlg$fEqAlg $fShowAlg $fToJSONKeyOp$fFromJSONKeyOp $fEqKeyOp $fShowKeyOpJWK$fToJSONKeyUse$fFromJSONKeyUse $fEqKeyUse $fShowKeyUse$fEqJWK $fShowJWKJWKSetjwkAlg jwkKeyOpsjwkKid jwkMaterialjwkUsejwkX5cjwkX5t jwkX5tS256jwkX5ugenJWKfromKeyMaterial$fFromJSONJWKSet$fAsPublicKeyJWK$fArbitraryJWK $fToJSONJWK $fFromJSONJWK $fEqJWKSet $fShowJWKSet$fToJSONStringifiedInteger$fFromJSONStringifiedIntegerRSKeyParameters $fToJSONRS $fFromJSONRS$fEqRS$fShowRS$fEqRSKeyParameters$fShowRSKeyParametersJWK'$fToJSONRSKeyParameters$fFromJSONRSKeyParameters$fEqJWK' $fShowJWK'genJWK'toJWK$fAsPublicKeyJWK' $fToJSONJWK'$fFromJSONJWK' ToCompact toCompact FromCompact fromCompact decodeCompact encodeCompactValidationPolicy AnyValidated AllValidatedValidationAlgorithmsJWS JWSHeader headerAlg headerJku headerJwk headerKid headerX5u headerX5c headerX5t headerX5tS256 headerTyp headerCty headerCrit newJWSHeadernewJWS jwsPayloadsignJWS verifyJWSJWE _jweProtected_jweUnprotected_jweIv_jweAad_jweCiphertext_jweTag_jweRecipients JWEHeader_jweAlg_jweEnc_jweZip_jweJku_jweJwk_jweKid_jweX5u_jweX5c_jweX5t _jweX5tS256_jweTyp_jweCty_jweCrit $fFromJSONJWE$fFromJSONJWERecipient$fToArmourTextJWEHeader$fFromArmourTextErrorJWEHeader$fToJSONJWEHeader$fFromJSONJWEHeader$fToJSONCritParameters$fFromJSONCritParameters$fEqCritParameters$fShowCritParameters $fEqJWEHeader$fShowJWEHeader ClaimsSet _claimIss _claimSub _claimAud _claimExp _claimNbf _claimIat _claimJti_unregisteredClaimsAudienceGeneralSpecial NumericDate StringOrURI fromStringfromURI getStringgetURI$fToJSONAudience$fFromJSONAudience$fToJSONNumericDate$fFromJSONNumericDate$fToJSONStringOrURI$fFromJSONStringOrURI$fEqStringOrURI$fShowStringOrURI$fEqNumericDate$fShowNumericDate $fEqAudience$fShowAudience $fEqClaimsSet$fShowClaimsSetJWT jwtCrypto jwtClaimsSetclaimAudclaimExpclaimIatclaimIssclaimJticlaimNbfclaimSubunregisteredClaimsemptyClaimsSetaddClaimvalidateJWSJWT createJWSJWT$fToCompactJWT$fFromCompactJWT$fToCompactJWTCrypto$fFromCompactJWTCrypto$fToJSONClaimsSet$fFromJSONClaimsSet $fEqJWTCrypto$fShowJWTCrypto$fEqJWT $fShowJWT $fToJSONURI $fFromJSONURI objectPairsparseB64 encodeB64baseGHC.BaseStringpadunpad parseB64Url encodeB64Url bsToInteger integerToBSsizedIntegerToBSToArmour FromArmourArmourvaluearmour!lens-4.15.2-KsJTwR0EB4ZkzeUXlFiLTControl.Lens.TypeGetter decodeArmourtoArmour parseArmourArmoured Unarmoured$fFromJSONArmour $fEqArmourgenByteStringOf endGuardExpendGuardderiveJOSEType#aeson-1.2.0.0-oJWuzU7zMb4Zr77YUH7NbData.Aeson.Types.ToJSONToJSONData.Aeson.Types.FromJSONFromJSON capitalizesanitizeconize guardPredguardExpguard endGuardPred guardedBodyparseJSONClauseQ parseJSONFun toJSONClause toJSONFun aesonInstanceRSA1_5RSA_OAEP RSA_OAEP_256A128KWA192KWA256KWDirECDH_ESECDH_ES_A128KWECDH_ES_A192KWECDH_ES_A256KW A128GCMKW A192GCMKW A256GCMKWPBES2_HS256_A128KWPBES2_HS384_A192KWPBES2_HS512_A256KW $fToJSONEC $fToJSONRSA $fToJSONOct_rsaKty_rsaN_rsaE_rsaPrivateKeyParameterssignECverifyECcurvepoint ecCoordBytesecDBytes$fArbitraryECKeyParameters$fToJSONECKeyParameters$fFromJSONECKeyParameters"$fArbitraryRSAPrivateKeyParameters$fToJSONRSAPrivateKeyParameters!$fFromJSONRSAPrivateKeyParameters*$fArbitraryRSAPrivateKeyOptionalParameters'$fToJSONRSAPrivateKeyOptionalParameters)$fFromJSONRSAPrivateKeyOptionalParameters$fArbitraryRSAPrivateKeyOthElem$fToJSONRSAPrivateKeyOthElem$fFromJSONRSAPrivateKeyOthElem$fArbitraryCrv $fToJSONCrv signPKCS15 verifyPKCS15signPSS verifyPSS rsaPrivateKeysignOct showKeyType$fAsPublicKeyKeyMaterial$fAsPublicKeyECKeyParameters$fAsPublicKeyRSAKeyParameters$fAsPublicKeyOctKeyParameters$fArbitraryKeyMaterial$fToJSONKeyMaterial$fFromJSONKeyMaterial$fArbitraryOctKeyParameters$fToJSONOctKeyParameters$fFromJSONOctKeyParameters$fArbitraryRSAKeyParameters$fToJSONRSAKeyParameters$fFromJSONRSAKeyParameters&cryptonite-0.23-89QkSuWllmPFi2eG8N3VJQ Crypto.RandomwithRandomBytes drgNewTest drgNewSeeddrgNewseedFromInteger seedToIntegerseedNewSeedCrypto.Random.ChaChaDRG ChaChaDRGCrypto.Random.SystemDRG getSystemDRG SystemDRGCrypto.Random.TypeswithDRG MonadRandomgetRandomBytesDRGrandomBytesGenerateMonadPseudoRandomKeyOpKeyUseJWSAlgJWEAlgSignVerifyEncryptDecryptWrapKey UnwrapKey DeriveKey DeriveBits _jwkMaterial_jwkUse _jwkKeyOps_jwkAlg_jwkKid_jwkX5u_jwkX5c_jwkX5t _jwkX5tS256SigEncPBES2Parameters_p2s_p2cAESGCMParameters_iv_tagECDHParameters_epk_apu_apv AlgWithParams algObjectalgWithParamsObject$fToJSONPBES2Parameters$fFromJSONPBES2Parameters$fToJSONAESGCMParameters$fFromJSONAESGCMParameters$fToJSONECDHParameters$fFromJSONECDHParameters$fToJSONAlgWithParams$fFromJSONAlgWithParams A128CBC_HS256 A192CBC_HS384 A256CBC_HS512A128GCMA192GCMA256GCM $fToJSONEncStringifiedInteger_StringifiedIntegerb64Iso sizedB64IsoRS_RSKeyParameters_JWK' SignatureCritParameterscritInvalidNamescritObjectParser parseCrit algorithm checkHeaders signingInput verifySig$fDefaultValidationPolicy$fDefaultValidationAlgorithms$fFromCompactJWS$fToCompactJWS $fToJSONJWS $fFromJSONJWS$fToJSONSignature$fFromJSONSignature$fDefaultJWSHeader$fToJSONJWSHeader$fFromJSONJWSHeader$fToArmourTextJWSHeader$fFromArmourTextErrorJWSHeader aesKeyWrap aesKeyUnwrapNothingivaesKeyWrapStepaesKeyUnwrapStep _jweHeader_jweEncryptedKey JWERecipient newJWEHeaderwrap wrapAESKW wrapAESGCMencrypt _cbcHmacEnc_gcmEnc JWTCrypto ArbitraryOrURIJWTJWSfilterUnregistered