g;*a      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                                                                                                       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`NoneababNone: caConvert a JSON object into a list of pairs or the empty list if the JSON value is not an object.dAProduce a parser of base64 encoded text from a bytestring parser.e.Convert a bytestring to a base64 encoded JSON fgAdd appropriate base64 '=' padding.h Strip base64 '=' padding.(Prism for encoding / decoding base64url. To encode, i base64url. To decode, j base64url.+Works with any combinations of strict/lazy  ByteString.kDProduce a parser of base64url encoded text from a bytestring parser.l1Convert a bytestring to a base64url encoded JSON fmLConvert an unsigned big endian octet sequence to the integer it represents.nSConvert an integer to its unsigned big endian representation as an octet sequence.opcdegqrsthuvwklmnxyz cdeghklmnxopcdegqrsthuvwklmnxyzNone=A base64url encoded octet sequence interpreted as an integer.#A base64 encoded X.509 certificate.MA base64url encoded SHA-256 digest. Used for X.509 certificate thumbprints. KA base64url encoded SHA-1 digest. Used for X.509 certificate thumbprints. xA base64url encoded octet sequence. Used for payloads, signatures, symmetric keys, salts, initialisation vectors, etc.A base64url encoded octet sequence interpreted as an integer and where the number of octets carries explicit bit-length information. Generate a  of the given number of bytes Parsed a  with an expected number of bytes." { !"#$      { !"#$None|BExpression for an end guard. Arg describes type it was expecting.}GBuild a catch-all guard that fails. String describes what is expected.~CDerive a JOSE sum type with nullary data constructors, along with  and  instances|}~ Type name.List of JSON string values. The corresponding constructor is derived by upper-casing the first letter and converting non-alpha-numeric characters are converted to underscores.~|}~None.BRFC 7518 3.1. "alg" (Algorithm) Header Parameters Values for JWS./0123456789:;<=./0123456789:<;./0123456789:;<==./0123456789:;<=NoneBARFC 7518 4.1. "alg" (Algorithm) Header Parameter Values for JWEpThis section is shuffled off into its own module to avoid circular import via Crypto.JOSE.JWK, which needs Alg.BCDEFGHIJKLMNOPQRSTBCFGHNOPDEIJKLMQRSBCDEFGHIJKLMNOPQRSTTBCDEFGHIJKLMNOPQRSTNone9; YAll the errors that can occur.Z(A requested algorithm is not implemented[$A requested algorithm cannot be used\Wrong type of key was given]Key size is too small^,RSA private key with >2 primes not supported_+RSA encryption, decryption or signing error`&Various cryptonite library error casesa$Cannot decode compact representationbJSON (Aeson) decoding errord AnyValidated2 policy active, and no valid signature encounterede AllValidated1 policy active, and invalid signature encounteredf AllValidated] policy active, and there were no signatures on object that matched the allowed algorithmsYZ[\]^_`abcdefijklmnopqrstuvwxyY`Z[\]^_abcdefijklmnopqrstuvwYZ[\]^_`abcdefijklmnopqrstuvwY Z[\]^_`abcdefijklmnopqrstuvwxyNone !"DLRT[zParameters for RSA Keys|"Parameters for Elliptic Curve KeysRSA private key parameters(Optional parameters for RSA private keys#"oth" (Other Primes Info) Parameter"crv" (Curve) Parameter'Keys that may have have public materialGet the public keyKeygen parameters.(Generate an EC key with specified curve.+Generate an RSA key with specified size in bytes.0Generate a symmetric key with specified size in bytes.;Generate an EdDSA or Edwards ECDH key with specified curve.Key material sum type.Symmetric key parameters data.oz{|}~Lz{|}~;|}~z{Fz{|}~None !":DR +RFC 7517 4.4. "alg" (Algorithm) ParameterSee also RFC 7518 6.4. which states that for "oct" keys, an "alg" member SHOULD be present to identify the algorithm intended to be used with the key, unless the application uses another means or convention to determine the algorithm used.4RFC 7517 4.3. "key_ops" (Key Operations) Parameter'RFC 7517 4. JSON Web Key (JWK) Format0RFC 7517 4.2. "use" (Public Key Use) Parameter RFC 7517 5. JWK Set FormatHGenerate a JWK. Apart from key parameters, no other parameters are set."Convert RSA private key into a JWKConvert octet string into a JWKuChoose the cryptographically strongest JWS algorithm for a given key. The JWK "alg" algorithm parameter is ignored.#Compute the JWK Thumbprint of a JWKPrism from ByteString to HashAlgorithm a => Digest a.Use  digest to view the bytes of a digest,JWK canonicalised for thumbprint computation6  !"#      !"#z{|}~ 1    !"#NoneDT<2A header value, along with a protection indicator.?&Get a value for indicating protection.@Get a $* a value for indicating no protection, or %3 if the type does not support unprotected headers.A,Whether a header is protected or unprotectedDA thing with parameters.ENReturn a list of parameters, each paired with whether it is protected or not.FVList of "known extensions", i.e. keys that may appear in the "crit" header parameter.H:Parse a pair of objects (protected and unprotected header)This internally invokes G applied to a proxy for the target type. (This allows the parsing of the "crit" parameter to access "known extensions" understood by the target type.)I'Return the encoded protected parametersJ$Return unprotected params as a JSON & (always an object)K Lens for the A of a <L Lens for a < valueM+Getter for whether a parameter is protectedNcParse an optional parameter that may be carried in either the protected or the unprotected header.OWParse an optional parameter that, if present, MUST be carried in the protected header.PbParse a required parameter that may be carried in either the protected or the unprotected header.QIParse a required parameter that MUST be carried in the protected header.RParse a "crit" header param Fails if:,any reserved header appears in "crit" header1any value in "crit" is not a recognised extensionCany value in "crit" does not have a corresponding key in the object1&'()*+,-./0123456789:;<=>?@ABCDEFGHprotected headerunprotected header'Object IJObject KLMNOPQ(Rreserved header parametersrecognised extensions8full header (union of protected and unprotected headers) crit headerST-&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR-<=>?@ABCKMLDEFGPQNOHRIJ:;8967452301./,-*+()&'&'()*+,-./0123456789:;<=>?@ABCDEFGH'IJKLMNOPQ(RSTNone YARFC 7518 4.8.1. Header Parameters Used for PBES2 Key Encryption[PBKDF2 salt input\)PBKDF2 iteration count ; POSITIVE integer]CRFC 7518 4.7.1. Header Parameters Used for AES GCM Key Encryption_)Initialization Vector (must be 96 bits?)`&Authentication Tag (must be 128 bits?)a?RFC 7518 4.6.1. Header Parameters Used for ECDH Key Agreementc'Ephemeral Public Key ; a JWK PUBLIC keydAgreement PartyUInfoeAgreement PartyVInfof9RFC 7518 4. Cryptographic Algorithms for Key Management<RFC 7518 5 Cryptographic Algorithms for Content Encryption1YZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~(YZ[\]^_`abcdefgjklrsthimnopquvwxy2fghijklmnopqrstuvwxyabcde~]^_`}|YZ[\{zYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ NoneOTEnumerate keysLook up key by JWS/JWE header None7Data that can be converted to a compact representation.6Data that can be parsed from a compact representation. Decode a compact representation.(Encode data to a compact representation. None9:;Validation settings:*The set of acceptable signature algorithmsThe validation policyValidation policy.2One successfully validated signature is sufficientxAll signatures in all configured algorithms must be validated. No signatures in configured algorithms is also an error.OA JWS with one signature which only allows protected parameters. Can use the flattened serialisation or the compact serialisation.*A JWS with one signature, which uses the flattened serialisation. Headers may be B or C.;A JWS that allows multiple signatures, and cannot use the compact serialisation. Headers may be B or C.VJSON Web Signature data type. The payload can only be accessed by verifying the JWS.;Parameterised by the signature container type, the header >" type, and the header record type.Use ) and *4 to convert a JWS to or from JSON. When encoding a  []" with exactly one signature, the  flattened JWS JSON serialisation syntax is used, otherwise the general JWS JSON serialisation is used. When decoding a  []" either serialisation is accepted. +/ uses the flattened JSON serialisation or the JWS compact serialisation (see  and ).Use  to create a signed/MACed JWS.Use ) to verify a JWS and extract the payload.8Signature object containing header, and signature bytes.If it was decoded from a serialised JWS, it "remembers" how the protected header was encoded; the remembered value is used when computing the signing input and when serialising the object.The remembered value is not used in equality checks, i.e. two decoded signatures with differently serialised by otherwise equal protected headers, and equal signature bytes, are equal.JWS Header data type., JWK Set URL-interpretation unspecified.Content Type (of object)/Content Type (of payload)VConstruct a minimal header with the given algorithm and protection indicator for the alg header. Getter for header of a signatureGetter for signature bytesSCreate a signed or MACed JWS with the given payload by traversing a collection of  (header, key) pairs. The default validation settings.,All algorithms except "none" are acceptable.HAll signatures must be valid (and there must be at least one signature.)2Verify a JWS with the default validation settings. See also . Verify a JWS.YSignatures made with an unsupported algorithms are ignored. If the validation policy is Z, a single successfully validated signature is sufficient. If the validation policy is K then all remaining signatures (there must be at least one) must be valid.-Returns the payload if successfully verified.U01234,5-6789./:;<Payload Traversable of header, key pairs=key or key storeJWSvalidation settingskey or key storeJWS>J      !"#./0123456789:<;Y`Z[\]^_abcdefijklmnopqrstuvwz{|}~ &'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR+./0123456789:;<>012 34,5-6789./:;<=> NoneTWrap a secret.iInput size must be a multiple of 8 bytes, and at least 16 bytes. Output size is input size plus 8 bytes.Unwrap a secret.jInput size must be a multiple of 8 bytes, and at least 24 bytes. Output size is input size minus 8 bytes.Returns %d if inherent integrity check fails. Otherwise, the chance that the key data is corrupt is 2 ^ -64.?@registerstep (t) and offset (i)Aregisterstep (t) and offset (i)?@A None<=LT&Encoded protected header, if availableJWE Initialization VectorJWE AADJWE CiphertextJWE Authentication TagBJWE Encrypted KeyContent Type (of object)Content Type (of payload))CDEBFGHIJKmessage (key to wrap)Lplaintext key (to be encrypted) encrypted keyMNkeymessageAADOkeymessageadditional authenticated dataIV, cipertext and MACPkeymessageadditional authenticated dataIV, tag and ciphertextCDEBFGHIJKLMNOPNoneS      !"#./0123456789:<;Y`Z[\]^_abcdefijklmnopqrstuvwz{|}~ &'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRNone9:;.A JOSE error occurred while processing the JWT 'The JWT payload is not a JWT Claims SetxA JSON numeric value representing the number of seconds from 1970-01-01T0:0:0Z UTC until the specified UTC date/time.A JSON string value, with the additional requirement that while arbitrary string values MAY be used, any value containing a : character MUST be a URI.Note: the IsString. instance will fail if the string contains a : but does not parse as a . Use  directly in this situation.*)Audience data. In the general case, the audA value is an array of case-sensitive strings, each containing a B value. In the special case when the JWT has one audience, the aud; value MAY be a single case-sensitive string containing a  value.The  instance formats an *O with one value as a string (some non-compliant implementations require this.)QiThe allowed skew is interpreted in absolute terms; a nonzero value always expands the validity period.1The JWT Claims Set represents a JSON object whose members are the registered claims defined by RFC 7519. Unrecognised claims are gathered into the 9 map.2The issuer claim identifies the principal that issued the JWT. The processing of this claim is generally application specific.3>The subject claim identifies the principal that is the subject of the JWT. The Claims in a JWT are normally statements about the subject. The subject value MAY be scoped to be locally unique in the context of the issuer or MAY be globally unique. The processing of this claim is generally application specific.4The audience claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the audB claim when this claim is present, then the JWT MUST be rejected.5The expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of exp_ claim requires that the current date/time MUST be before expiration date/time listed in the expx claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.6|The not before claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the nbfm claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the nbfy claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.7The issued at claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT.8The JWT ID claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object. The jtiB claim can be used to prevent the JWT from being replayed. The jti" value is a case-sensitive string.97Claim Names can be defined at will by those using JWTs.:Return an empty claims set.BA digitally signed or MACed JWTCJSON Web Token data.DWhether to check that the iat claim is not in the future.FPredicate for checking the iss claim.H%Predicate for checking values in the aud claim.J)Maximum allowed skew when validating the nbf, exp and iat claims.S(Acquire the default validation settings. 1https://tools.ietf.org/html/rfc7519#section-4.1.3RFC 7519 4.1.3.| states that applications MUST identify itself with a value in the audience claim, therefore a predicate must be supplied.The other defaults are: for JWS verification*Zero clock skew tolerance when validating nbf, exp and iat claimsiat claim is checkedissuer claim is not checkedT(Validate the claims made by a ClaimsSet.These checks are performed by U], which also validates any signatures, so you shouldn't need to use this function directly.UYCryptographically verify a JWS JWT, then validate the Claims Set, returning it if valid.This is the only way to get at the claims of a JWS JWT, enforcing that the claims are cryptographically and semantically valid before the application can use them.VCreate a JWS JWTh     RST !"#$*+U,-0VWXQYZ1[\]^_`abcd23456789:;e<=>?BCfDEFGHIJKLMNOPQRSTghijkUVWXYZ[\]^      !"#./0123456789:<;Y`Z[\]^_abcdefijklmnopqrstuvwz{|}~ &'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR     *+0123456789:;BCDEFGHIJKLRNOQPMSTUV:VCBSUJKHIFGDE0LMNOPQR145728639;:T     *+;     RST !"#$*+U,-0VWXQYZ1 [\]^_`abcd23456789:;e<=>?BCfDEFGHIJKLMNOPQRSTghijkUVWXYZ[\]^l !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOP=QRSTUVWXYZ[\]^_`aLMNOPbcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>>?@ABCDEFGHIJKLMNOPQRSTUVWXYZZ[\]]^_``abcdQRSTUVWXYZ[\]^_`aefghijklmnopqrstuvwxyz{|}~                                                                                                                       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUSVWXYZ[\]^_`abcdefghijklmnlopqrstuvwxyz{|}~STNONOl l  l  N                        ! " " # $ $ % & ' ( ) * + , -./0123456789:;<=>?@+ABCDEF"jose-0.6.0.2-FRZejGvbt22VtE1TMaDGECrypto.JOSE.TypesCrypto.JOSE.JWA.JWSCrypto.JOSE.JWA.JWE.AlgCrypto.JOSE.ErrorCrypto.JOSE.JWA.JWKCrypto.JOSE.JWKCrypto.JOSE.HeaderCrypto.JOSE.JWA.JWECrypto.JOSE.JWK.StoreCrypto.JOSE.CompactCrypto.JOSE.JWSCrypto.JOSE.AESKWCrypto.JOSE.JWE Crypto.JWTCrypto.JOSE.Types.OrphansCrypto.JOSE.Types.InternalCrypto.JOSE.TH Crypto.JOSE*network-uri-2.6.1.0-Aihq3wpSNKN28NNLADc6qL Network.URIURI base64url Base64Integer$fEqBase64Integer$fShowBase64Integer Base64X509 Base64SHA256 Base64SHA1 Base64OctetsSizedBase64Integer_Base64IntegergenSizedBase64IntegerOf checkSize$fToJSONBase64X509$fFromJSONBase64X509$fArbitraryBase64SHA256$fToJSONBase64SHA256$fFromJSONBase64SHA256$fArbitraryBase64SHA1$fToJSONBase64SHA1$fFromJSONBase64SHA1$fArbitraryBase64Octets$fToJSONBase64Octets$fFromJSONBase64Octets$fToJSONSizedBase64Integer$fFromJSONSizedBase64Integer$fArbitrarySizedBase64Integer$fEqSizedBase64Integer$fArbitraryBase64Integer$fToJSONBase64Integer$fFromJSONBase64Integer$fShowSizedBase64Integer$fEqBase64Octets$fShowBase64Octets$fEqBase64SHA1$fShowBase64SHA1$fEqBase64SHA256$fShowBase64SHA256$fEqBase64X509$fShowBase64X509AlgHS256HS384HS512RS256RS384RS512ES256ES384ES512PS256PS384PS512NoneEdDSA $fToJSONAlg $fFromJSONAlg$fEqAlg$fOrdAlg $fShowAlgRSA1_5RSA_OAEP RSA_OAEP_256A128KWA192KWA256KWDirECDH_ESECDH_ES_A128KWECDH_ES_A192KWECDH_ES_A256KW A128GCMKW A192GCMKW A256GCMKWPBES2_HS256_A128KWPBES2_HS384_A192KWPBES2_HS512_A256KWErrorAlgorithmNotImplementedAlgorithmMismatch KeyMismatchKeySizeTooSmallOtherPrimesNotSupportedRSAError CryptoErrorCompactDecodeErrorJSONDecodeErrorJWSCritUnprotectedJWSNoValidSignaturesJWSInvalidSignatureJWSNoSignatures $fEqError $fShowErrorAsError_Error_AlgorithmNotImplemented_AlgorithmMismatch _KeyMismatch_KeySizeTooSmall_OtherPrimesNotSupported _RSAError _CryptoError_CompactDecodeError_JSONDecodeError_JWSCritUnprotected_JWSNoValidSignatures_JWSInvalidSignature_JWSNoSignatures$fMonadRandomt$fAsErrorErrorRSAKeyParametersECKeyParametersecCrvecXecYecDRSAPrivateKeyParametersrsaDrsaOptionalParametersRSAPrivateKeyOptionalParametersrsaPrsaQrsaDprsaDqrsaQirsaOthRSAPrivateKeyOthElemrOthdOthtOthCrvP_256P_384P_521$fArbitraryECKeyParameters$fToJSONECKeyParameters$fFromJSONECKeyParameters"$fArbitraryRSAPrivateKeyParameters$fToJSONRSAPrivateKeyParameters!$fFromJSONRSAPrivateKeyParameters*$fArbitraryRSAPrivateKeyOptionalParameters'$fToJSONRSAPrivateKeyOptionalParameters)$fFromJSONRSAPrivateKeyOptionalParameters$fArbitraryRSAPrivateKeyOthElem$fToJSONRSAPrivateKeyOthElem$fFromJSONRSAPrivateKeyOthElem$fArbitraryCrv $fToJSONCrv $fFromJSONCrv$fEqCrv$fOrdCrv $fShowCrv$fEqRSAPrivateKeyOthElem$fShowRSAPrivateKeyOthElem#$fEqRSAPrivateKeyOptionalParameters%$fShowRSAPrivateKeyOptionalParameters$fEqRSAPrivateKeyParameters$fShowRSAPrivateKeyParameters$fEqECKeyParameters$fShowECKeyParameters$fEqRSAKeyParameters$fShowRSAKeyParameters AsPublicKey asPublicKeyKeyMaterialGenParam ECGenParam RSAGenParam OctGenParam OKPGenParam KeyMaterial ECKeyMaterialRSAKeyMaterialOctKeyMaterialOKPKeyMaterialOKPCrvEd25519X25519OKPKeyParameters Ed25519Key X25519KeyOctKeyParametersoctKrsaErsaNrsaPrivateKeyParametersgenRSAtoRSAKeyParameters rsaPublicKeygenKeyMaterialsignverify$fAsPublicKeyKeyMaterial$fAsPublicKeyOKPKeyParameters$fAsPublicKeyECKeyParameters$fAsPublicKeyRSAKeyParameters$fArbitraryKeyMaterial$fArbitraryKeyMaterialGenParam$fToJSONKeyMaterial$fFromJSONKeyMaterial$fArbitraryOKPCrv$fArbitraryOKPKeyParameters$fToJSONOKPKeyParameters$fFromJSONOKPKeyParameters$fShowOKPKeyParameters$fArbitraryOctKeyParameters$fToJSONOctKeyParameters$fFromJSONOctKeyParameters$fArbitraryRSAKeyParameters$fToJSONRSAKeyParameters$fFromJSONRSAKeyParameters$fEqOctKeyParameters$fShowOctKeyParameters$fEqOKPKeyParameters $fEqOKPCrv $fShowOKPCrv$fEqKeyMaterial$fShowKeyMaterial$fEqKeyMaterialGenParam$fShowKeyMaterialGenParamJWKAlgJWSAlgJWEAlg$fToJSONJWKAlg$fFromJSONJWKAlg $fEqJWKAlg $fShowJWKAlgKeyOpSignVerifyEncryptDecryptWrapKey UnwrapKey DeriveKey DeriveBits $fToJSONKeyOp$fFromJSONKeyOp $fEqKeyOp $fOrdKeyOp $fShowKeyOpJWKKeyUseSigEnc$fToJSONKeyUse$fFromJSONKeyUse $fEqKeyUse $fOrdKeyUse $fShowKeyUse$fEqJWK $fShowJWKJWKSetjwkAlg jwkKeyOpsjwkKid jwkMaterialjwkUsejwkX5cjwkX5t jwkX5tS256jwkX5ugenJWKfromKeyMaterialfromRSA fromOctets bestJWSAlg thumbprintdigest$fFromJSONJWKSet$fAsPublicKeyJWK$fArbitraryJWK $fToJSONJWK $fFromJSONJWK $fEqJWKSet $fShowJWKSetHasCritcritHasCtyctyHasTyptyp HasX5tS256x5tS256HasX5tx5tHasX5cx5cHasX5ux5uHasKidkidHasJwkjwkHasJkujkuHasAlgalg HeaderParamProtectionIndicator getProtectedgetUnprotected Protection Protected Unprotected HasParamsparams extensionsparseParamsFor parseParamsprotectedParamsEncodedunprotectedParams protectionparam isProtectedheaderOptionalheaderOptionalProtectedheaderRequiredheaderRequiredProtected parseCrit$fProtectionIndicator()$fProtectionIndicatorProtection$fEqProtection$fShowProtection$fEqHeaderParam$fShowHeaderParamPBES2Parameters_p2s_p2cAESGCMParameters_iv_tagECDHParameters_epk_apu_apv AlgWithParams algObjectalgWithParamsObject$fToJSONPBES2Parameters$fFromJSONPBES2Parameters$fToJSONAESGCMParameters$fFromJSONAESGCMParameters$fToJSONECDHParameters$fFromJSONECDHParameters$fToJSONAlgWithParams$fFromJSONAlgWithParams$fEqECDHParameters$fShowECDHParameters$fEqAESGCMParameters$fShowAESGCMParameters$fEqPBES2Parameters$fShowPBES2Parameters$fEqAlgWithParams$fShowAlgWithParams A128CBC_HS256 A192CBC_HS384 A256CBC_HS512A128GCMA192GCMA256GCM $fToJSONEnc $fFromJSONEnc$fEqEnc$fOrdEnc $fShowEncJWKStorekeyskeysFor$fJWKStoreJWKSet $fJWKStoreJWK ToCompact toCompact FromCompact fromCompact decodeCompact encodeCompactHasValidationPolicyvalidationPolicy HasAlgorithms algorithmsHasValidationSettingsvalidationSettingsvalidationSettingsAlgorithms"validationSettingsValidationPolicyValidationSettingsValidationPolicy AnyValidated AllValidated CompactJWS FlattenedJWS GeneralJWSJWS Signature HasJWSHeader jwsHeader JWSHeader newJWSHeaderheader signature signaturessignJWSdefaultValidationSettings verifyJWS' verifyJWS$fHasValidationPolicya$fHasAlgorithmsa)$fHasValidationSettingsValidationSettings$fFromCompactJWS$fToCompactJWS $fToJSONJWS $fToJSONJWS0 $fFromJSONJWS$fFromJSONJWS0 $fShowJWS$fEqJWS$fHasParamsJWSHeader$fToJSONSignature$fFromJSONSignature $fEqSignature $fHasCrita $fHasCtya $fHasTypa $fHasX5tS256a $fHasX5ta $fHasX5ca $fHasX5ua $fHasKida $fHasJwka $fHasJkua $fHasAlga$fHasJWSHeaderJWSHeader$fHasCritJWSHeader$fHasCtyJWSHeader$fHasTypJWSHeader$fHasX5tS256JWSHeader$fHasX5tJWSHeader$fHasX5cJWSHeader$fHasX5uJWSHeader$fHasKidJWSHeader$fHasJwkJWSHeader$fHasJkuJWSHeader$fHasAlgJWSHeader $fEqJWSHeader$fShowJWSHeader$fShowSignature$fEqValidationPolicy aesKeyWrap aesKeyUnwrapJWE _protectedRaw_jweIv_jweAad_jweCiphertext_jweTag_jweRecipients JWEHeader_jweAlg_jweEnc_jweZip_jweJku_jweJwk_jweKid_jweX5u_jweX5c_jweX5t _jweX5tS256_jweTyp_jweCty_jweCrit $fFromJSONJWE$fFromJSONJWERecipient$fHasParamsJWEHeader$fEqCritParameters$fShowCritParameters $fEqJWEHeader$fShowJWEHeaderJWTErrorJWSErrorJWTClaimsSetDecodeError JWTExpiredJWTNotYetValidJWTNotInIssuerJWTNotInAudienceJWTIssuedAtFuture $fEqJWTError$fShowJWTError NumericDate StringOrURI AsJWTError _JWTError _JWSError_JWTClaimsSetDecodeError _JWTExpired_JWTNotYetValid_JWTNotInIssuer_JWTNotInAudience_JWTIssuedAtFuture stringOrUristringuri$fToJSONStringOrURI$fFromJSONStringOrURI$fIsStringStringOrURI$fAsErrorJWTError$fAsJWTErrorJWTError$fEqStringOrURI$fShowStringOrURI$fEqNumericDate$fOrdNumericDate$fShowNumericDateAudience$fToJSONNumericDate$fFromJSONNumericDate $fEqAudience$fShowAudienceJWTValidationSettings ClaimsSetclaimIssclaimSubclaimAudclaimExpclaimNbfclaimIatclaimJtiunregisteredClaimsemptyClaimsSetaddClaim$fToJSONClaimsSet$fFromJSONClaimsSet$fToJSONAudience$fFromJSONAudience $fEqClaimsSet$fShowClaimsSet SignedJWTJWTHasCheckIssuedAt checkIssuedAtHasIssuerPredicateissuerPredicateHasAudiencePredicateaudiencePredicateHasAllowedSkew allowedSkewHasJWTValidationSettingsjWTValidationSettings jwtValidationSettingsAllowedSkew&jwtValidationSettingsAudiencePredicate"jwtValidationSettingsCheckIssuedAt$jwtValidationSettingsIssuerPredicate'jwtValidationSettingsValidationSettingsdefaultJWTValidationSettingsvalidateClaimsSet verifyClaims signClaims$fToCompactJWT$fFromCompactJWT$fHasCheckIssuedAta$fHasIssuerPredicatea$fHasAudiencePredicatea$fHasAllowedSkewa,$fHasValidationSettingsJWTValidationSettings/$fHasJWTValidationSettingsJWTValidationSettings$fEqJWT $fShowJWT $fToJSONURI $fFromJSONURI objectPairsparseB64 encodeB64baseGHC.BaseStringpadunpad!lens-4.15.2-KsJTwR0EB4ZkzeUXlFiLTControl.Lens.ReviewreviewControl.Lens.Foldpreview parseB64Url encodeB64Url bsToInteger integerToBSIsCharfromCharrpad snocLengthpadBpadLrstripunpadBunpadLsizedIntegerToBS $fIsCharWord8 $fIsCharChargenByteStringOf endGuardExpendGuardderiveJOSEType#aeson-1.2.0.0-oJWuzU7zMb4Zr77YUH7NbData.Aeson.Types.ToJSONToJSONData.Aeson.Types.FromJSONFromJSON capitalizesanitizeconize guardPredguardExpguard endGuardPred guardedBodyparseJSONClauseQ parseJSONFun toJSONClause toJSONFun aesonInstance_rsaN_rsaE_rsaPrivateKeyParameterssignECverifyECcurvepoint ecCoordBytesecDBytes signPKCS15 verifyPKCS15signPSS verifyPSS rsaPrivateKeysignOctgenOKP signEdDSA verifyEdDSA showKeyType&cryptonite-0.23-89QkSuWllmPFi2eG8N3VJQ Crypto.RandomwithRandomBytes drgNewTest drgNewSeeddrgNewseedFromInteger seedToIntegerseedNewSeedCrypto.Random.ChaChaDRG ChaChaDRGCrypto.Random.SystemDRG getSystemDRG SystemDRGCrypto.Random.TypeswithDRG MonadRandomgetRandomBytesDRGrandomBytesGenerateMonadPseudoRandomrethumbprintRepr _jwkMaterial_jwkUse _jwkKeyOps_jwkAlg_jwkKid_jwkX5u_jwkX5c_jwkX5t _jwkX5tS256 Crypto.HashdigestFromByteStringhashWith hashInitWith hashFinalize hashUpdates hashUpdatehashInithashlazyhashCrypto.Hash.Blake2Blake2sBlake2bBlake2spBlake2bpCrypto.Hash.Blake2b Blake2b_160 Blake2b_224 Blake2b_256 Blake2b_384 Blake2b_512Crypto.Hash.Blake2bp Blake2bp_512Crypto.Hash.Blake2s Blake2s_160 Blake2s_224 Blake2s_256Crypto.Hash.Blake2sp Blake2sp_224 Blake2sp_256Crypto.Hash.Keccak Keccak_224 Keccak_256 Keccak_384 Keccak_512Crypto.Hash.MD2MD2Crypto.Hash.MD4MD4Crypto.Hash.MD5MD5Crypto.Hash.RIPEMD160 RIPEMD160Crypto.Hash.SHA1SHA1Crypto.Hash.SHA224SHA224Crypto.Hash.SHA256SHA256Crypto.Hash.SHA3SHA3_224SHA3_256SHA3_384SHA3_512Crypto.Hash.SHA384SHA384Crypto.Hash.SHA512SHA512Crypto.Hash.SHA512t SHA512t_224 SHA512t_256Crypto.Hash.SHAKESHAKE128SHAKE256Crypto.Hash.Skein256 Skein256_224 Skein256_256Crypto.Hash.Skein512 Skein512_224 Skein512_256 Skein512_384 Skein512_512Crypto.Hash.TigerTigerCrypto.Hash.Whirlpool WhirlpoolCrypto.Hash.Types HashAlgorithm hashBlockSizehashDigestSizeContextDigestJustNothingData.Aeson.Types.InternalValueprotectedParamscritObjectParser Data.AesonencodedecodeData.Functor.IdentityIdentity _jwsHeaderJku _jwsHeaderKid _jwsHeaderTyp _jwsHeaderCty _jwsHeaderAlg _jwsHeaderJwk _jwsHeaderX5u _jwsHeaderX5c _jwsHeaderX5t_jwsHeaderX5tS256_jwsHeaderCritjwsCritInvalidNames signingInput mkSignature verifySigivaesKeyWrapStepaesKeyUnwrapStep_jweEncryptedKey JWERecipient _jweHeaderCritParameterscritInvalidNames newJWEHeaderparseRecipientwrap wrapAESKW wrapAESGCMencrypt _cbcHmacEnc_gcmEnc#_jwtValidationSettingsCheckIssuedAt ArbitraryOrURI consString _NumericDate(_jwtValidationSettingsValidationSettings!_jwtValidationSettingsAllowedSkew'_jwtValidationSettingsAudiencePredicate%_jwtValidationSettingsIssuerPredicate _claimIss _claimSub _claimAud _claimExp _claimNbf _claimIat _claimJti_unregisteredClaims _AudiencefilterUnregisteredvalidateExpClaimvalidateIatClaimvalidateNbfClaimvalidateAudClaimvalidateIssClaim