C      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDE F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~                                                  None None aConvert a JSON object into a list of pairs or the empty list if the JSON value is not an object.AProduce a parser of base64 encoded text from a bytestring parser..Convert a bytestring to a base64 encoded JSON Add appropriate base64 '=' padding. Strip base64 '=' padding.DProduce a parser of base64url encoded text from a bytestring parser.1Convert a bytestring to a base64url encoded JSON LConvert an unsigned big endian octet sequence to the integer it represents.SConvert an integer to its unsigned big endian representation as an octet sequence.None=A base64url encoded octet sequence interpreted as an integer.#A base64 encoded X.509 certificate.MA base64url encoded SHA-256 digest. Used for X.509 certificate thumbprints. KA base64url encoded SHA-1 digest. Used for X.509 certificate thumbprints. xA base64url encoded octet sequence. Used for payloads, signatures, symmetric keys, salts, initialisation vectors, etc. A base64url encoded octet sequence interpreted as an integer and where the number of octets carries explicit bit-length information. Generate a   of the given number of bytes Parsed a   with an expected number of bytes.#  !"#$       !"#$ NoneBExpression for an end guard. Arg describes type it was expecting.GBuild a catch-all guard that fails. String describes what is expected.CDerive a JOSE sum type with nullary data constructors, along with  and  instances Type name.List of JSON string values. The corresponding constructor is derived by upper-casing the first letter and converting non-alpha-numeric characters are converted to underscores. None.6JWA 3.1. "alg" (Algorithm) Header Parameters for JWS./0123456789:;./0123456789:;. /0123456789:;None<JWA 4.1. "alg" (Algorithm) Header Parameter Values for JWEpThis section is shuffled off into its own module to avoid circular import via Crypto.JOSE.JWK, which needs Alg.NoneTJcParse an optional parameter that may be carried in either the protected or the unprotected header.KWParse an optional parameter that, if present, MUST be carried in the protected header.LbParse a required parameter that may be carried in either the protected or the unprotected header.<=>?@ABCDEObject FGObject HIJKLM<=>?@ABCDEFGHIJKLMABCDEFGM>?@<=HILJK<=>?@ABCDEFGHIJKLMNone9;RAll the errors that can occur.S(A requested algorithm is not implementedT$A requested algorithm cannot be usedUWrong type of key was givenVKey size is too smallW,RSA private key with >2 primes not supportedX+RSA encryption, decryption or signing errorY&Various cryptonite library error casesZ-Cannot produce compact representation of data[$Cannot decode compact representation\JSON (Aeson) decoding error^ AnyValidated2 policy active, and no valid signature encountered_ AllValidated1 policy active, and invalid signature encountered` AllValidated6 policy active, and there were no signatures on object!RSTUVWXYZ[\]^_`cdefghijklmnopqrstRYSTUVWXZ[\]^_`cdefghijklmnopqrRSTUVWXYZ[\]^_`cdefghijklmnopqrRSTUVWXYZ[\]^_`cdefghijklmnopqrstNone !"DLRT[u%Elliptic Curve key type (Recommeded+)wRSA key type (Required)y2Octet sequence (symmetric key) key type (Required){Parameters for RSA Keys}"Parameters for Elliptic Curve KeysRSA private key parameters(Optional parameters for RSA private keys#"oth" (Other Primes Info) Parameter"crv" (Curve) ParameterKeygen parameters.(Generate an EC key with specified curve.+Generate an RSA key with specified size in bytes.0Generate a symmetric key with specified size in bytes.Key material sum type.Symmetric key parameters data.luvwxyz{|}~     M !"#$%&'()*+,-./0uvwxyz{|}~Cuvwxyz{|}~     None !"DR+RFC 7517 4.4. "alg" (Algorithm) ParameterSee also RFC 7518 6.4. which states that for "oct" keys, an "alg" member SHOULD be present to identify the algorithm intended to be used with the key, unless the application uses another means or convention to determine the algorithm used.1/JWK 3.3. "key_ops" (Key Operations) Parameter"JWK 3. JSON Web Key (JWK) Format2+JWK 3.2. "use" (Public Key Use) Parameter*JWK 4. JSON Web Key Set (JWK Set) Format"Convert RSA private key into a JWKuChoose the cryptographically strongest JWS algorithm for a given key. The JWK "alg" algorithm parameter is ignored.213456789:;<=>?@ABC2DEa !"#$%&'()*+,-./0uvwxyz{|}~Puvwxyz}~{|13456789: ;<=>?@ABC2DENone F<JWA 4.9.1. Header Parameters Used for PBES2 Key EncryptionGPBKDF2 salt inputH)PBKDF2 iteration count ; POSITIVE integerI>JWA 4.8.1. Header Parameters Used for AES GCM Key EncryptionJ)Initialization Vector (must be 96 bits?)K&Authentication Tag (must be 128 bits?)L:JWA 4.7.1. Header Parameters Used for ECDH Key AgreementM'Ephemeral Public Key ; a JWK PUBLIC keyNAgreement PartyUInfoOAgreement PartyVInfoPEJWA 4.2. "enc" (Encryption Method) Header Parameters Values for JWE1FQGHIRJKLSMNOTUVWXYZ[\]^_`abcdefghijklmnoPpqrstuv(FQGHIRJKLSMNOTUXYZ`abVW[\]^_cdefgPstupqrFQGHIRJKLSMNOTUVWXYZ[\]^_`abcdefghijklmnoPpqrstuvNoneBDRLegacy JSON Web Key data type.wxyz{|}~wxyz{|}~None7Data that can be converted to a compact representation.6Data that can be parsed from a compact representation. Decode a compact representation.(Encode data to a compact representation.None9;JWS Header data type. JWK Set URLinterpretation unspecifiedContent Type (of object)Content Type (of payload)&Encoded protected header, if availableHeader Signature3Construct a minimal header with the given algorithmValidation policy.2One successfully validated signature is sufficientxAll signatures in all configured algorithms must be validated. No signatures in configured algorithms is also an error.`JSON Web Signature data type. Consists of a payload and a (possibly empty) list of signatures.!Parameterised by the header type.Construct a new (unsigned) JWS'Payload of a JWS, as a lazy bytestring. Create a new signature on a JWS.& Verify a JWS.YSignatures made with an unsupported algorithms are ignored. If the validation policy is Z, a single successfully validated signature is sufficient. If the validation policy is K then all remaining signatures (there must be at least one) must be valid.H      JWS to signHeader for signatureKey with which to signJWS with new signature appended !"#$%&<      !#$"%&!        !"#$%&NoneP./0123456789:;<=>?@ABCDEFGHIJKLM      !#$"%&>./0123456789:;     !"#$ %&NoneTWrap a secret.iInput size must be a multiple of 8 bytes, and at least 16 bytes. Output size is input size plus 8 bytes.Unwrap a secret.jInput size must be a multiple of 8 bytes, and at least 24 bytes. Output size is input size minus 8 bytes.Returns d if inherent integrity check fails. Otherwise, the chance that the key data is corrupt is 2 ^ -64.registerstep (t) and offset (i)registerstep (t) and offset (i)None<=LT)&Encoded protected header, if available*JWE Initialization Vector+JWE AAD,JWE Ciphertext-JWE Authentication TagJWE Encrypted Key;Content Type (of object)<Content Type (of payload))'()*+,-./0123456789:;<=message (key to wrap)plaintext key (to be encrypted) encrypted keykeymessageAADkeymessageadditional authenticated dataIV, cipertext and MACkeymessageadditional authenticated dataIV, tag and ciphertext>?@'()*+,-./0123456789:;<=/0123456789:;<='()*+,-.'()*+,-./0123456789:;<=>?@None !"#$%&'()*+,-./0./0123456789:;<=>?@ABCDEFGHIJKLMRYSTUVWXZ[\]^_`cdefghijklmnopqruvwxyz{|}~      !#$"%& None9;NxA JSON numeric value representing the number of seconds from 1970-01-01T0:0:0Z UTC until the specified UTC date/time.PA JSON string value, with the additional requirement that while arbitrary string values MAY be used, any value containing a : character MUST be a URI.Y Construct a P from textZ Construct a P from a URI[Get the\Get the uri from a Pg)Audience data. In the general case, the audA value is an array of case-sensitive strings, each containing a PB value. In the special case when the JWT has one audience, the aud; value MAY be a single case-sensitive string containing a P value.m`The JWT Claims Set represents a JSON object whose members are the claims conveyed by the JWT.oThe issuer claim identifies the principal that issued the JWT. The processing of this claim is generally application specific.p>The subject claim identifies the principal that is the subject of the JWT. The Claims in a JWT are normally statements about the subject. The subject value MAY be scoped to be locally unique in the context of the issuer or MAY be globally unique. The processing of this claim is generally application specific.qThe audience claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the audB claim when this claim is present, then the JWT MUST be rejected.rThe expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of exp_ claim requires that the current date/time MUST be before expiration date/time listed in the expx claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.s|The not before claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the nbfm claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the nbfy claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.tThe issued at claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT.uThe JWT ID claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object. The jtiB claim can be used to prevent the JWT from being replayed. The jti" value is a case-sensitive string.v7Claim Names can be defined at will by those using JWTs.iThe allowed skew is interpreted in absolute terms; a nonzero value always expands the validity period.Return an empty claims set.JSON Web Token data.JOSE aspect of the JWT.Claims of the JWT.,Data representing the JOSE aspects of a JWT.FValidate the claims made by a ClaimsSet. Currently only inspects the exp and nbf2 claims. N.B. These checks are also performed by r, which also validates any signatures, so you shouldn t need to use this directly in the normal course of things.DValidate a JWT as a JWS (JSON Web Signature), then as a Claims Set.Create a JWT that is a JWS.kEFGHIJKNOPQRSTUVWXYZ[\]^_`aghijmnopqrstuvwx{|}~FEFGHIJKNOPQSTXUWVRYZ[\ghmnopqrstuv{|}~FEFGHIJKQRSTUVWX{mnopqrstuv|}~ghPYZ[\NO=EFGHIJKNOPQRSTUVWXYZ[\]^_`aghijm nopqrstuvwx{|}~ !"#$%&'()*+,-./0123456789:;<= > ? @ A B C D E F G H I J KLLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'(()*+,-.//0123456789:;<=>?@ABC D E F G H I J K L M M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e e f g h i j j k l m n o p q r s t u v w x y z { | } ~                                                                                    >      !"#$%&'()*+*,-.-/-0-1-2-3456789:;<=>?@ABCDEFGHIJKLMNOPQRHILOSTUVWXYZ[\]^_`abcdeefghiijk)lmnopqrstuvwxyz{|}~      w          #jose-0.5.0.2-62iUHoRE9ch8dthMQkuYaJCrypto.JOSE.TypesCrypto.JOSE.JWSCrypto.JOSE.HeaderCrypto.JOSE.ErrorCrypto.JOSE.JWKCrypto.JOSE.LegacyCrypto.JOSE.CompactCrypto.JOSE.JWE Crypto.JWTCrypto.JOSE.Types.OrphansCrypto.JOSE.Types.InternalCrypto.JOSE.THCrypto.JOSE.JWA.JWSCrypto.JOSE.JWA.JWE.AlgCrypto.JOSE.JWA.JWKCrypto.JOSE.JWA.JWECrypto.JOSE.JWS.InternalCrypto.JOSE.AESKW Crypto.JOSE*network-uri-2.6.1.0-6PuDgH21OiwGLI4QZ1g9kt Network.URIURI Base64Integer$fEqBase64Integer$fShowBase64Integer Base64X509 Base64SHA256 Base64SHA1 Base64OctetsSizedBase64Integer_Base64IntegergenSizedBase64IntegerOf checkSize$fToJSONBase64X509$fFromJSONBase64X509$fArbitraryBase64SHA256$fToJSONBase64SHA256$fFromJSONBase64SHA256$fArbitraryBase64SHA1$fToJSONBase64SHA1$fFromJSONBase64SHA1$fArbitraryBase64Octets$fToJSONBase64Octets$fFromJSONBase64Octets$fByteableBase64Octets$fToJSONSizedBase64Integer$fFromJSONSizedBase64Integer$fArbitrarySizedBase64Integer$fEqSizedBase64Integer$fArbitraryBase64Integer$fToJSONBase64Integer$fFromJSONBase64Integer$fShowSizedBase64Integer$fEqBase64Octets$fShowBase64Octets$fEqBase64SHA1$fShowBase64SHA1$fEqBase64SHA256$fShowBase64SHA256$fEqBase64X509$fShowBase64X509AlgHS256HS384HS512RS256RS384RS512ES256ES384ES512PS256PS384PS512None HeaderParam Protection Protected Unprotected HasParamsparams extensionsparseParamsFor parseParamsprotectedParamsEncodedunprotectedParams protectionparamheaderOptionalheaderOptionalProtectedheaderRequired parseCrit$fEqProtection$fShowProtection$fEqHeaderParam$fShowHeaderParamErrorAlgorithmNotImplementedAlgorithmMismatch KeyMismatchKeySizeTooSmallOtherPrimesNotSupportedRSAError CryptoErrorCompactEncodeErrorCompactDecodeErrorJSONDecodeErrorJWSCritUnprotectedJWSNoValidSignaturesJWSInvalidSignatureJWSNoSignatures $fEqError $fShowErrorAsError_Error_AlgorithmNotImplemented_AlgorithmMismatch _KeyMismatch_KeySizeTooSmall_OtherPrimesNotSupported _RSAError _CryptoError_CompactEncodeError_CompactDecodeError_JSONDecodeError_JWSCritUnprotected_JWSNoValidSignatures_JWSInvalidSignature_JWSNoSignatures$fMonadRandomt$fAsErrorErrorECRSAOctRSAKeyParametersECKeyParametersecKtyecCrvecXecYecDRSAPrivateKeyParametersrsaDrsaOptionalParametersRSAPrivateKeyOptionalParametersrsaPrsaQrsaDprsaDqrsaQirsaOthRSAPrivateKeyOthElemrOthdOthtOthCrvP_256P_384P_521 AsPublicKey asPublicKeyKeyMaterialGenParam ECGenParam RSAGenParam OctGenParam KeyMaterial ECKeyMaterialRSAKeyMaterialOctKeyMaterialOctKeyParametersoctKtyoctKrsaErsaKtyrsaNrsaPrivateKeyParametersgenRSAtoRSAKeyParameters rsaPublicKeygenKeyMaterialsignverifyJWKAlgJWSAlgJWEAlg$fToJSONJWKAlg$fFromJSONJWKAlg $fEqJWKAlg $fShowJWKAlg $fToJSONKeyOp$fFromJSONKeyOp $fEqKeyOp $fOrdKeyOp $fShowKeyOpJWK$fToJSONKeyUse$fFromJSONKeyUse $fEqKeyUse $fOrdKeyUse $fShowKeyUse$fEqJWK $fShowJWKJWKSetjwkAlg jwkKeyOpsjwkKid jwkMaterialjwkUsejwkX5cjwkX5t jwkX5tS256jwkX5ugenJWKfromKeyMaterialfromRSA bestJWSAlg$fFromJSONJWKSet$fAsPublicKeyJWK$fArbitraryJWK $fToJSONJWK $fFromJSONJWK $fEqJWKSet $fShowJWKSet$fToJSONStringifiedInteger$fFromJSONStringifiedIntegerRSKeyParameters $fToJSONRS $fFromJSONRS$fEqRS$fOrdRS$fShowRS$fEqRSKeyParameters$fShowRSKeyParametersJWK'$fToJSONRSKeyParameters$fFromJSONRSKeyParameters$fEqJWK' $fShowJWK'genJWK'toJWK$fAsPublicKeyJWK' $fToJSONJWK'$fFromJSONJWK' ToCompact toCompact FromCompact fromCompact decodeCompact encodeCompact JWSHeader _jwsHeaderAlg _jwsHeaderJku _jwsHeaderJwk _jwsHeaderKid _jwsHeaderX5u _jwsHeaderX5c _jwsHeaderX5t_jwsHeaderX5tS256 _jwsHeaderTyp _jwsHeaderCty_jwsHeaderCrit Signature HasJWSHeader jWSHeader jwsHeaderAlg jwsHeaderCrit jwsHeaderCty jwsHeaderJku jwsHeaderJwk jwsHeaderKid jwsHeaderTyp jwsHeaderX5c jwsHeaderX5tjwsHeaderX5tS256 jwsHeaderX5u newJWSHeaderValidationSettingsValidationPolicy AnyValidated AllValidatedJWSheadernewJWS jwsPayloadsignJWSHasValidationPolicyvalidationPolicy HasAlgorithms algorithmsHasValidationSettingsvalidationSettingsvalidationSettingsAlgorithms"validationSettingsValidationPolicydefaultValidationSettings verifyJWSJWE _protectedRaw_jweIv_jweAad_jweCiphertext_jweTag_jweRecipients JWEHeader_jweAlg_jweEnc_jweZip_jweJku_jweJwk_jweKid_jweX5u_jweX5c_jweX5t _jweX5tS256_jweTyp_jweCty_jweCrit $fFromJSONJWE$fFromJSONJWERecipient$fHasParamsJWEHeader$fEqCritParameters$fShowCritParameters $fEqJWEHeader$fShowJWEHeaderJWTErrorJWSError JWTExpiredJWTNotYetValidJWTNotInIssuerJWTNotInAudienceJWTIssuedAtFuture $fEqJWTError$fShowJWTError NumericDate StringOrURI AsJWTError _JWTError _JWSError _JWTExpired_JWTNotYetValid_JWTNotInIssuer_JWTNotInAudience_JWTIssuedAtFuture fromStringfromURI getStringgetURI$fToJSONStringOrURI$fFromJSONStringOrURI$fIsStringStringOrURI$fAsErrorJWTError$fAsJWTErrorJWTError$fEqStringOrURI$fShowStringOrURI$fEqNumericDate$fOrdNumericDate$fShowNumericDateAudience$fToJSONNumericDate$fFromJSONNumericDate $fEqAudience$fShowAudience ClaimsSet _claimIss _claimSub _claimAud _claimExp _claimNbf _claimIat _claimJti_unregisteredClaims$fToJSONAudience$fFromJSONAudience $fEqClaimsSet$fShowClaimsSetJWTValidationSettingsclaimAudclaimExpclaimIatclaimIssclaimJticlaimNbfclaimSubunregisteredClaimsemptyClaimsSetaddClaim$fToJSONClaimsSet$fFromJSONClaimsSetJWT jwtCrypto jwtClaimsSet JWTCryptoJWTJWSHasCheckIssuedAt checkIssuedAtHasIssuerPredicateissuerPredicateHasAudiencePredicateaudiencePredicateHasAllowedSkew allowedSkewHasJWTValidationSettingsjWTValidationSettings jwtValidationSettingsAllowedSkew&jwtValidationSettingsAudiencePredicate"jwtValidationSettingsCheckIssuedAt$jwtValidationSettingsIssuerPredicate'jwtValidationSettingsValidationSettingsdefaultJWTValidationSettingsvalidateClaimsSetvalidateJWSJWT createJWSJWT$fToCompactJWT$fFromCompactJWT$fToCompactJWTCrypto$fFromCompactJWTCrypto$fHasCheckIssuedAta$fHasIssuerPredicatea$fHasAudiencePredicatea$fHasAllowedSkewa,$fHasValidationSettingsJWTValidationSettings/$fHasJWTValidationSettingsJWTValidationSettings $fEqJWTCrypto$fShowJWTCrypto$fEqJWT $fShowJWT $fToJSONURI $fFromJSONURI objectPairsparseB64 encodeB64baseGHC.BaseStringpadunpad parseB64Url encodeB64Url bsToInteger integerToBSIsCharfromCharrpad snocLengthpadBpadLrstripunpadBunpadLsizedIntegerToBS $fIsCharWord8 $fIsCharChargenByteStringOf endGuardExpendGuardderiveJOSEType$aeson-1.0.2.1-JhZNpAmlJ04FJVjHHUBYQAData.Aeson.Types.ToJSONToJSONData.Aeson.Types.FromJSONFromJSON capitalizesanitizeconize guardPredguardExpguard endGuardPred guardedBodyparseJSONClauseQ parseJSONFun toJSONClause toJSONFun aesonInstance $fToJSONAlgRSA1_5RSA_OAEP RSA_OAEP_256A128KWA192KWA256KWDirECDH_ESECDH_ES_A128KWECDH_ES_A192KWECDH_ES_A256KW A128GCMKW A192GCMKW A256GCMKWPBES2_HS256_A128KWPBES2_HS384_A192KWPBES2_HS512_A256KWprotectedParamscritObjectParser $fToJSONEC $fToJSONRSA $fToJSONOct_rsaKty_rsaN_rsaE_rsaPrivateKeyParameterssignECverifyECcurvepoint ecCoordBytesecDBytes$fArbitraryECKeyParameters$fToJSONECKeyParameters$fFromJSONECKeyParameters"$fArbitraryRSAPrivateKeyParameters$fToJSONRSAPrivateKeyParameters!$fFromJSONRSAPrivateKeyParameters*$fArbitraryRSAPrivateKeyOptionalParameters'$fToJSONRSAPrivateKeyOptionalParameters)$fFromJSONRSAPrivateKeyOptionalParameters$fArbitraryRSAPrivateKeyOthElem$fToJSONRSAPrivateKeyOthElem$fFromJSONRSAPrivateKeyOthElem$fArbitraryCrv $fToJSONCrv signPKCS15 verifyPKCS15signPSS verifyPSS rsaPrivateKeysignOct showKeyType$fAsPublicKeyKeyMaterial$fAsPublicKeyECKeyParameters$fAsPublicKeyRSAKeyParameters$fAsPublicKeyOctKeyParameters$fArbitraryKeyMaterial$fArbitraryKeyMaterialGenParam$fToJSONKeyMaterial$fFromJSONKeyMaterial$fArbitraryOctKeyParameters$fToJSONOctKeyParameters$fFromJSONOctKeyParameters$fArbitraryRSAKeyParameters$fToJSONRSAKeyParameters$fFromJSONRSAKeyParameters&cryptonite-0.21-ARqf0ltpjwx2bdn2Fx5x7s Crypto.RandomwithRandomBytes drgNewTest drgNewSeeddrgNewseedFromInteger seedToIntegerseedNewSeedCrypto.Random.ChaChaDRG ChaChaDRGCrypto.Random.SystemDRG getSystemDRG SystemDRGCrypto.Random.TypeswithDRG MonadRandomgetRandomBytesDRGrandomBytesGenerateMonadPseudoRandomKeyOpKeyUseSignVerifyEncryptDecryptWrapKey UnwrapKey DeriveKey DeriveBits _jwkMaterial_jwkUse _jwkKeyOps_jwkAlg_jwkKid_jwkX5u_jwkX5c_jwkX5t _jwkX5tS256SigEncPBES2Parameters_p2s_p2cAESGCMParameters_iv_tagECDHParameters_epk_apu_apv AlgWithParams algObjectalgWithParamsObject$fToJSONPBES2Parameters$fFromJSONPBES2Parameters$fToJSONAESGCMParameters$fFromJSONAESGCMParameters$fToJSONECDHParameters$fFromJSONECDHParameters$fToJSONAlgWithParams$fFromJSONAlgWithParams A128CBC_HS256 A192CBC_HS384 A256CBC_HS512A128GCMA192GCMA256GCM $fToJSONEncStringifiedInteger_StringifiedIntegerb64Iso sizedB64IsoRS_RSKeyParameters_JWK'_header _signaturejwsCritInvalidNames$fHasJWSHeaderJWSHeader_validationSettingsAlgorithms#_validationSettingsValidationPolicy protectedRaw signature signingInput$fFromCompactJWS$fToCompactJWS $fToJSONJWS $fFromJSONJWS$fHasParamsJWSHeader$fToJSONSignature$fFromJSONSignature $fEqSignature verifySig$fHasValidationPolicya$fHasAlgorithmsa)$fHasValidationSettingsValidationSettings aesKeyWrap aesKeyUnwrapNothingivaesKeyWrapStepaesKeyUnwrapStep_jweEncryptedKey JWERecipient _jweHeaderCritParameterscritInvalidNames newJWEHeaderparseRecipientwrap wrapAESKW wrapAESGCMencrypt _cbcHmacEnc_gcmEnc#_jwtValidationSettingsCheckIssuedAt ArbitraryOrURI _NumericDate _Audience(_jwtValidationSettingsValidationSettings!_jwtValidationSettingsAllowedSkew'_jwtValidationSettingsAudiencePredicate%_jwtValidationSettingsIssuerPredicatefilterUnregisteredvalidateExpClaimvalidateIatClaimvalidateNbfClaimvalidateAudClaimvalidateIssClaim