e8f      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./01 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~                                                                                                                                                 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdeNoneV&OWrap a secret.iInput size must be a multiple of 8 bytes, and at least 16 bytes. Output size is input size plus 8 bytes.Unwrap a secret.jInput size must be a multiple of 8 bytes, and at least 24 bytes. Output size is input size minus 8 bytes.Returns fd if inherent integrity check fails. Otherwise, the chance that the key data is corrupt is 2 ^ -64.gregisterstep (t) and offset (i)hregisterstep (t) and offset (i)None;=0 All the errors that can occur.(A requested algorithm is not implemented$A requested algorithm cannot be usedWrong type of key was givenKey size is too small,RSA private key with >2 primes not supported +RSA encryption, decryption or signing error &Various cryptonite library error cases $Cannot decode compact representation JSON (Aeson) decoding error AnyValidated2 policy active, and no valid signature encountered AllValidated1 policy active, and invalid signature encountered AllValidated] policy active, and there were no signatures on object that matched the allowed algorithms   !  !   !None4$7Data that can be converted to a compact representation.&6Data that can be parsed from a compact representation.( Decode a compact representation.)(Encode data to a compact representation.$%&'()&'($%)$%&'None;iBExpression for an end guard. Arg describes type it was expecting.jGBuild a catch-all guard that fails. String describes what is expected.kCDerive a JOSE sum type with nullary data constructors, along with l and m instancesk Type name.List of JSON string values. The corresponding constructor is derived by upper-casing the first letter and converting non-alpha-numeric characters are converted to underscores.kNone=G*BRFC 7518 3.1. "alg" (Algorithm) Header Parameters Values for JWS*786543210/.-,+*+,-./01234567899*+,-./012345678NoneA$>ARFC 7518 4.1. "alg" (Algorithm) Header Parameter Values for JWEpThis section is shuffled off into its own module to avoid circular import via Crypto.JOSE.JWK, which needs Alg.>ONMIHGFEA@LKJDCB?>?@ABCDEFGHIJKLMNOPP>?@ABCDEFGHIJKLMNONone<M naConvert a JSON object into a list of pairs or the empty list if the JSON value is not an object.oAProduce a parser of base64 encoded text from a bytestring parser.p.Convert a bytestring to a base64 encoded JSON qrAdd appropriate base64 '=' padding.s Strip base64 '=' padding.U(Prism for encoding / decoding base64url. To encode, t base64url. To decode, u base64url.+Works with any combinations of strict/lazy  ByteString.vDProduce a parser of base64url encoded text from a bytestring parser.w1Convert a bytestring to a base64url encoded JSON qxLConvert an unsigned big endian octet sequence to the integer it represents.ySConvert an integer to its unsigned big endian representation as an octet sequence. noprsUvwxyz{|}NoneNNone^< V=A base64url encoded octet sequence interpreted as an integer._The value is encoded in the minimum number of octets (no leading zeros) with the exception of 0 which is encoded as AA,. A leading zero when decoding is an error.Z#A base64 encoded X.509 certificate.\MA base64url encoded SHA-256 digest. Used for X.509 certificate thumbprints.^KA base64url encoded SHA-1 digest. Used for X.509 certificate thumbprints.`xA base64url encoded octet sequence. Used for payloads, signatures, symmetric keys, salts, initialisation vectors, etc.bA base64url encoded octet sequence interpreted as an integer and where the number of octets carries explicit bit-length information.~(Parse an octet sequence into an integer.2This function deals with ugly special cases from  -https://tools.ietf.org/html/rfc7518#section-2, specificallyThe empty sequence is invalid9Leading null byte is invalid (unless it is the only byte)e Generate a b of the given number of bytesf Parsed a b with an expected number of bytes.UVWZ[\]^_`abcdefVWdbcef`a^_\]Z[UVWZ[\]^_`abcNone "#FNTV]hParameters for RSA Keys"Parameters for Elliptic Curve KeysRSA private key parameters(Optional parameters for RSA private keys#"oth" (Other Primes Info) Parameter"crv" (Curve) Parameter'Keys that may have have public materialGet the public keyKeygen parameters.(Generate an EC key with specified curve.+Generate an RSA key with specified size in bytes.0Generate a symmetric key with specified size in bytes.;Generate an EdDSA or Edwards ECDH key with specified curve.Key material sum type.Symmetric key parameters data.O= None "#<FTy +RFC 7517 4.4. "alg" (Algorithm) ParameterSee also RFC 7518 6.4. which states that for "oct" keys, an "alg" member SHOULD be present to identify the algorithm intended to be used with the key, unless the application uses another means or convention to determine the algorithm used.4RFC 7517 4.3. "key_ops" (Key Operations) Parameter 'RFC 7517 4. JSON Web Key (JWK) Format 0RFC 7517 4.2. "use" (Public Key Use) ParameterRFC 7517 5. JWK Set Format"HGenerate a JWK. Apart from key parameters, no other parameters are set.$"Convert RSA private key into a JWK%Convert octet string into a JWK&uChoose the cryptographically strongest JWS algorithm for a given key. The JWK "alg" algorithm parameter is ignored.'#Compute the JWK Thumbprint of a JWK(Prism from ByteString to HashAlgorithm a => Digest a.Use  digest to view the bytes of a digest,JWK canonicalised for thumbprint computationU   !"#$%&'(1"  ! #$%'(U&     Noney 1ARFC 7518 4.8.1. Header Parameters Used for PBES2 Key Encryption3PBKDF2 salt input4)PBKDF2 iteration count ; POSITIVE integer5CRFC 7518 4.7.1. Header Parameters Used for AES GCM Key Encryption7)Initialization Vector (must be 96 bits?)8&Authentication Tag (must be 128 bits?)9?RFC 7518 4.6.1. Header Parameters Used for ECDH Key Agreement;'Ephemeral Public Key ; a JWK PUBLIC key<Agreement PartyUInfo=Agreement PartyVInfo>9RFC 7518 4. Cryptographic Algorithms for Key Managementb<RFC 7518 5 Cryptographic Algorithms for Content Encryption(124356879:=<;>ONMIHGFEA@LKJDCB?PQbedchgf2>?@ABCDEFGHIJKLMNOYPQX9:;<=SR5678UT1234WVbcdefghii123456789:;<=>?@ABCDEFGHIJKLMNObcdefgh NoneFV:2A header value, along with a protection indicator.&Get a value for indicating protection.Get a  * a value for indicating no protection, or f3 if the type does not support unprotected headers.,Whether a header is protected or unprotectedA thing with parameters.NReturn a list of parameters, each paired with whether it is protected or not.VList of "known extensions", i.e. keys that may appear in the "crit" header parameter.:Parse a pair of objects (protected and unprotected header)This internally invokes  applied to a proxy for the target type. (This allows the parsing of the "crit" parameter to access "known extensions" understood by the target type.)'Return the encoded protected parameters$Return unprotected params as a JSON   (always an object) Lens for the  of a  Lens for a  value+Getter for whether a parameter is protectedcParse an optional parameter that may be carried in either the protected or the unprotected header.WParse an optional parameter that, if present, MUST be carried in the protected header.bParse a required parameter that may be carried in either the protected or the unprotected header.IParse a required parameter that MUST be carried in the protected header.Parse a "crit" header param Fails if:,any reserved header appears in "crit" header1any value in "crit" is not a recognised extensionCany value in "crit" does not have a corresponding key in the objectprotected headerunprotected header Object Object reserved header parametersrecognised extensions8full header (union of protected and unprotected headers) crit header-nopqrstuvwxyz{|}~-~|}z{xyvwturspqnonopqrstuvwxyz{|}~ NoneQV=Enumerate keysLook up key by JWS/JWE header None;<=ѺValidation settings:*The set of acceptable signature algorithmsThe validation policyValidation policy.2One successfully validated signature is sufficientxAll signatures in all configured algorithms must be validated. No signatures in configured algorithms is also an error.OA JWS with one signature which only allows protected parameters. Can use the flattened serialisation or the compact serialisation.*A JWS with one signature, which uses the flattened serialisation. Headers may be  or .;A JWS that allows multiple signatures, and cannot use the compact serialisation. Headers may be  or .VJSON Web Signature data type. The payload can only be accessed by verifying the JWS.;Parameterised by the signature container type, the header " type, and the header record type.Use  and 4 to convert a JWS to or from JSON. When encoding a  []" with exactly one signature, the  flattened JWS JSON serialisation syntax is used, otherwise the general JWS JSON serialisation is used. When decoding a  []" either serialisation is accepted. / uses the flattened JSON serialisation or the JWS compact serialisation (see ( and )).Use  to create a signed/MACed JWS.Use ) to verify a JWS and extract the payload.8Signature object containing header, and signature bytes.If it was decoded from a serialised JWS, it "remembers" how the protected header was encoded; the remembered value is used when computing the signing input and when serialising the object.The remembered value is not used in equality checks, i.e. two decoded signatures with differently serialised by otherwise equal protected headers, and equal signature bytes, are equal.JWS Header data type. JWK Set URLinterpretation unspecifiedContent Type (of object)Content Type (of payload)VConstruct a minimal header with the given algorithm and protection indicator for the alg header. Getter for header of a signatureGetter for signature bytesSCreate a signed or MACed JWS with the given payload by traversing a collection of  (header, key) pairs. The default validation settings.,All algorithms except "none" are acceptable.HAll signatures must be valid (and there must be at least one signature.)2Verify a JWS with the default validation settings. See also . Verify a JWS.YSignatures made with an unsupported algorithms are ignored. If the validation policy is Z, a single successfully validated signature is sufficient. If the validation policy is K then all remaining signatures (there must be at least one) must be valid.-Returns the payload if successfully verified.Payload Traversable of header, key pairskey or key storeJWSvalidation settingskey or key storeJWSM   !*+,-./012345687U   !"#$%&'(nopqrstuvwxyz{|}~+*+,-./012345678  None_V   !$%&'()*+,-./012345687U   !"#$%&'(nopqrstuvwxyz{|}~ None>?NV&Encoded protected header, if availableJWE Initialization VectorJWE AADJWE CiphertextJWE Authentication Tag JWE Encrypted KeyContent Type (of object)Content Type (of payload)!message (key to wrap)"plaintext key (to be encrypted) encrypted key#keymessageAAD$keymessageadditional authenticated dataIV, cipertext and MAC%keymessageadditional authenticated dataIV, tag and ciphertext&'( )*None;<=/ .A JOSE error occurred while processing the JWT 'The JWT payload is not a JWT Claims SetxA JSON numeric value representing the number of seconds from 1970-01-01T0:0:0Z UTC until the specified UTC date/time.A JSON string value, with the additional requirement that while arbitrary string values MAY be used, any value containing a : character MUST be a URI.Note: the IsString. instance will fail if the string contains a : but does not parse as a . Use   directly in this situation.-)Audience data. In the general case, the audA value is an array of case-sensitive strings, each containing a B value. In the special case when the JWT has one audience, the aud; value MAY be a single case-sensitive string containing a  value.The l instance formats an -O with one value as a string (some non-compliant implementations require this.)+iThe allowed skew is interpreted in absolute terms; a nonzero value always expands the validity period.4The JWT Claims Set represents a JSON object whose members are the registered claims defined by RFC 7519. Unrecognised claims are gathered into the < map.5The issuer claim identifies the principal that issued the JWT. The processing of this claim is generally application specific.6>The subject claim identifies the principal that is the subject of the JWT. The Claims in a JWT are normally statements about the subject. The subject value MAY be scoped to be locally unique in the context of the issuer or MAY be globally unique. The processing of this claim is generally application specific.7The audience claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the audB claim when this claim is present, then the JWT MUST be rejected.8The expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of exp_ claim requires that the current date/time MUST be before expiration date/time listed in the expx claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.9|The not before claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the nbfm claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the nbfy claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.:The issued at claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT.;The JWT ID claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object. The jtiB claim can be used to prevent the JWT from being replayed. The jti" value is a case-sensitive string.<7Claim Names can be defined at will by those using JWTs.=Return an empty claims set.EA digitally signed or MACed JWTFJSON Web Token data.GWhether to check that the iat claim is not in the future.IPredicate for checking the iss claim.K%Predicate for checking values in the aud claim.M)Maximum allowed skew when validating the nbf, exp and iat claims.V(Acquire the default validation settings. 1https://tools.ietf.org/html/rfc7519#section-4.1.3RFC 7519 4.1.3.| states that applications MUST identify itself with a value in the audience claim, therefore a predicate must be supplied.The other defaults are: for JWS verification*Zero clock skew tolerance when validating nbf, exp and iat claimsiat claim is checkedissuer claim is not checkedW(Validate the claims made by a ClaimsSet.These checks are performed by X], which also validates any signatures, so you shouldn't need to use this function directly.XYCryptographically verify a JWS JWT, then validate the Claims Set, returning it if valid.This is the only way to get at the claims of a JWS JWT, enforcing that the claims are cryptographically and semantically valid before the application can use them. See also Y2 which allows you to explicitly specify the time.YYCryptographically verify a JWS JWT, then validate the Claims Set, returning it if valid.This is the same as X except that the time is explicitly provided. If you process many requests per second this will allow you to avoid unnecessary repeat system calls.ZCreate a JWS JWT   !$%&'()*+,-./012345687U   !"#$%&'(nopqrstuvwxyz{|}~     !"-.3456789:;<=>EFGHIJKLMNOUQRTSPVWXYZ;ZFEVXYMNKLIJGH3OPQRSTU478:5;96<>=W    -. !"    ,--.3./0+124 3456789:;<=>F?GHIJKLMNOPQRSTU@ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR?STUVWXYZ[\]^_`abcNOPQRdeefghhiijjkkllmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123 4 4 5 6 7 7 8 9 : : ; < = > S T U V W X Y Z [ \ ] ^ _ ` a b c ? @ A B C D E F G H I J K L M N O P  Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r r s t u v w x y z { | } ~                                                                                                                              !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYWXZ[\]OP^_`abcadefghijklmnopqopropsoptopuopvopwopxopyoz{o|}o|~ooooooabooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooOPW WWO                               /#jose-0.7.0.0-AuYCtnGDR691IXYnAyIcN3Crypto.JOSE.TypesCrypto.JOSE.AESKWCrypto.JOSE.ErrorCrypto.JOSE.CompactCrypto.JOSE.JWA.JWSCrypto.JOSE.JWA.JWE.AlgCrypto.JOSE.JWA.JWKCrypto.JOSE.JWKCrypto.JOSE.JWA.JWECrypto.JOSE.HeaderCrypto.JOSE.JWK.StoreCrypto.JOSE.JWSCrypto.JOSE.JWE Crypto.JWTCrypto.JOSE.THCrypto.JOSE.Types.InternalCrypto.JOSE.Types.Orphans Crypto.JOSE)network-uri-2.6.1.0-RmiO7Es4EVIxdXQfHHaUt Network.URIURI aesKeyWrap aesKeyUnwrapErrorAlgorithmNotImplementedAlgorithmMismatch KeyMismatchKeySizeTooSmallOtherPrimesNotSupportedRSAError CryptoErrorCompactDecodeErrorJSONDecodeErrorJWSCritUnprotectedJWSNoValidSignaturesJWSInvalidSignatureJWSNoSignatures $fEqError $fShowErrorAsError_Error_AlgorithmNotImplemented_AlgorithmMismatch _KeyMismatch_KeySizeTooSmall_OtherPrimesNotSupported _RSAError _CryptoError_CompactDecodeError_JSONDecodeError_JWSCritUnprotected_JWSNoValidSignatures_JWSInvalidSignature_JWSNoSignatures$fMonadRandomt$fAsErrorError ToCompact toCompact FromCompact fromCompact decodeCompact encodeCompactAlgHS256HS384HS512RS256RS384RS512ES256ES384ES512PS256PS384PS512NoneEdDSA $fToJSONAlg $fFromJSONAlg$fEqAlg$fOrdAlg $fShowAlgRSA1_5RSA_OAEP RSA_OAEP_256A128KWA192KWA256KWDirECDH_ESECDH_ES_A128KWECDH_ES_A192KWECDH_ES_A256KW A128GCMKW A192GCMKW A256GCMKWPBES2_HS256_A128KWPBES2_HS384_A192KWPBES2_HS512_A256KW base64url Base64Integer$fEqBase64Integer$fShowBase64Integer Base64X509 Base64SHA256 Base64SHA1 Base64OctetsSizedBase64Integer_Base64IntegergenSizedBase64IntegerOf checkSize$fArbitraryBase64Integer$fToJSONBase64Integer$fFromJSONBase64Integer$fToJSONSizedBase64Integer$fFromJSONSizedBase64Integer$fArbitrarySizedBase64Integer$fEqSizedBase64Integer$fArbitraryBase64Octets$fToJSONBase64Octets$fFromJSONBase64Octets$fArbitraryBase64SHA1$fToJSONBase64SHA1$fFromJSONBase64SHA1$fArbitraryBase64SHA256$fToJSONBase64SHA256$fFromJSONBase64SHA256$fToJSONBase64X509$fFromJSONBase64X509$fShowSizedBase64Integer$fEqBase64Octets$fShowBase64Octets$fEqBase64SHA1$fShowBase64SHA1$fEqBase64SHA256$fShowBase64SHA256$fEqBase64X509$fShowBase64X509RSAKeyParametersECKeyParametersRSAPrivateKeyParametersrsaDrsaOptionalParametersRSAPrivateKeyOptionalParametersrsaPrsaQrsaDprsaDqrsaQirsaOthRSAPrivateKeyOthElemrOthdOthtOthCrvP_256P_384P_521ecCrvecXecYecDcurvepoint ecPrivateKey$fArbitraryCrv $fToJSONCrv $fFromJSONCrv$fArbitraryRSAPrivateKeyOthElem$fToJSONRSAPrivateKeyOthElem$fFromJSONRSAPrivateKeyOthElem*$fArbitraryRSAPrivateKeyOptionalParameters'$fToJSONRSAPrivateKeyOptionalParameters)$fFromJSONRSAPrivateKeyOptionalParameters"$fArbitraryRSAPrivateKeyParameters$fToJSONRSAPrivateKeyParameters!$fFromJSONRSAPrivateKeyParameters$fArbitraryECKeyParameters$fToJSONECKeyParameters$fFromJSONECKeyParameters$fEqCrv$fOrdCrv $fShowCrv$fEqRSAPrivateKeyOthElem$fShowRSAPrivateKeyOthElem#$fEqRSAPrivateKeyOptionalParameters%$fShowRSAPrivateKeyOptionalParameters$fEqRSAPrivateKeyParameters$fShowRSAPrivateKeyParameters$fEqECKeyParameters$fShowECKeyParameters$fEqRSAKeyParameters$fShowRSAKeyParameters AsPublicKey asPublicKeyKeyMaterialGenParam ECGenParam RSAGenParam OctGenParam OKPGenParam KeyMaterial ECKeyMaterialRSAKeyMaterialOctKeyMaterialOKPKeyMaterialOKPCrvEd25519X25519OKPKeyParameters Ed25519Key X25519KeyOctKeyParametersrsaErsaNrsaPrivateKeyParametersgenRSAtoRSAKeyParameters rsaPublicKeyoctKgenKeyMaterialsignverify$fArbitraryRSAKeyParameters$fToJSONRSAKeyParameters$fFromJSONRSAKeyParameters$fArbitraryOctKeyParameters$fToJSONOctKeyParameters$fFromJSONOctKeyParameters$fArbitraryOKPKeyParameters$fToJSONOKPKeyParameters$fFromJSONOKPKeyParameters$fShowOKPKeyParameters$fArbitraryOKPCrv$fArbitraryKeyMaterial$fToJSONKeyMaterial$fFromJSONKeyMaterial$fArbitraryKeyMaterialGenParam$fAsPublicKeyKeyMaterial$fAsPublicKeyOKPKeyParameters$fAsPublicKeyECKeyParameters$fAsPublicKeyRSAKeyParameters$fEqOctKeyParameters$fShowOctKeyParameters$fEqOKPKeyParameters $fEqOKPCrv $fShowOKPCrv$fEqKeyMaterial$fShowKeyMaterial$fEqKeyMaterialGenParam$fShowKeyMaterialGenParamJWKAlgJWSAlgJWEAlg$fToJSONJWKAlg$fFromJSONJWKAlg $fEqJWKAlg $fShowJWKAlgKeyOpSignVerifyEncryptDecryptWrapKey UnwrapKey DeriveKey DeriveBits $fToJSONKeyOp$fFromJSONKeyOp $fEqKeyOp $fOrdKeyOp $fShowKeyOpJWKKeyUseSigEnc$fToJSONKeyUse$fFromJSONKeyUse $fEqKeyUse $fOrdKeyUse $fShowKeyUse$fEqJWK $fShowJWKJWKSetjwkAlg jwkKeyOpsjwkKid jwkMaterialjwkUsejwkX5cjwkX5t jwkX5tS256jwkX5ugenJWKfromKeyMaterialfromRSA fromOctets bestJWSAlg thumbprintdigest$fAsPublicKeyJWK$fArbitraryJWK $fToJSONJWK $fFromJSONJWK$fToJSONJWKSet$fFromJSONJWKSet $fEqJWKSet $fShowJWKSetPBES2Parameters_p2s_p2cAESGCMParameters_iv_tagECDHParameters_epk_apu_apv AlgWithParams algObjectalgWithParamsObject$fToJSONECDHParameters$fFromJSONECDHParameters$fToJSONAESGCMParameters$fFromJSONAESGCMParameters$fToJSONPBES2Parameters$fFromJSONPBES2Parameters$fToJSONAlgWithParams$fFromJSONAlgWithParams$fEqECDHParameters$fShowECDHParameters$fEqAESGCMParameters$fShowAESGCMParameters$fEqPBES2Parameters$fShowPBES2Parameters$fEqAlgWithParams$fShowAlgWithParams A128CBC_HS256 A192CBC_HS384 A256CBC_HS512A128GCMA192GCMA256GCM $fToJSONEnc $fFromJSONEnc$fEqEnc$fOrdEnc $fShowEncHasCritcritHasCtyctyHasTyptyp HasX5tS256x5tS256HasX5tx5tHasX5cx5cHasX5ux5uHasKidkidHasJwkjwkHasJkujkuHasAlgalg HeaderParamProtectionIndicator getProtectedgetUnprotected Protection Protected Unprotected HasParamsparams extensionsparseParamsFor parseParamsprotectedParamsEncodedunprotectedParams protectionparam isProtectedheaderOptionalheaderOptionalProtectedheaderRequiredheaderRequiredProtected parseCrit$fProtectionIndicator()$fProtectionIndicatorProtection$fEqProtection$fShowProtection$fEqHeaderParam$fShowHeaderParamJWKStorekeyskeysFor$fJWKStoreJWKSet $fJWKStoreJWKHasValidationPolicyvalidationPolicy HasAlgorithms algorithmsHasValidationSettingsvalidationSettingsvalidationSettingsAlgorithms"validationSettingsValidationPolicyValidationSettingsValidationPolicy AnyValidated AllValidated CompactJWS FlattenedJWS GeneralJWSJWS Signature HasJWSHeader jwsHeader JWSHeader newJWSHeaderheader signature signaturessignJWSdefaultValidationSettings verifyJWS' verifyJWS$fHasParamsJWSHeader$fHasCritJWSHeader$fHasCtyJWSHeader$fHasTypJWSHeader$fHasX5tS256JWSHeader$fHasX5tJWSHeader$fHasX5cJWSHeader$fHasX5uJWSHeader$fHasKidJWSHeader$fHasJwkJWSHeader$fHasJkuJWSHeader$fHasAlgJWSHeader $fHasCrita $fHasCtya $fHasTypa $fHasX5tS256a $fHasX5ta $fHasX5ca $fHasX5ua $fHasKida $fHasJwka $fHasJkua $fHasAlga$fHasJWSHeaderJWSHeader$fToJSONSignature$fFromJSONSignature $fEqSignature$fFromCompactJWS$fToCompactJWS $fToJSONJWS $fToJSONJWS0 $fFromJSONJWS$fFromJSONJWS0 $fShowJWS$fEqJWS)$fHasValidationSettingsValidationSettings$fHasAlgorithmsa$fHasValidationPolicya $fEqJWSHeader$fShowJWSHeader$fShowSignature$fEqValidationPolicyJWE _protectedRaw_jweIv_jweAad_jweCiphertext_jweTag_jweRecipients JWEHeader_jweAlg_jweEnc_jweZip_jweJku_jweJwk_jweKid_jweX5u_jweX5c_jweX5t _jweX5tS256_jweTyp_jweCty_jweCrit$fHasParamsJWEHeader$fFromJSONJWERecipient $fFromJSONJWE$fEqCritParameters$fShowCritParameters $fEqJWEHeader$fShowJWEHeaderJWTErrorJWSErrorJWTClaimsSetDecodeError JWTExpiredJWTNotYetValidJWTNotInIssuerJWTNotInAudienceJWTIssuedAtFuture $fEqJWTError$fShowJWTError NumericDate StringOrURI AsJWTError _JWTError _JWSError_JWTClaimsSetDecodeError _JWTExpired_JWTNotYetValid_JWTNotInIssuer_JWTNotInAudience_JWTIssuedAtFuture stringOrUristringuri$fAsErrorJWTError$fAsJWTErrorJWTError$fToJSONStringOrURI$fFromJSONStringOrURI$fIsStringStringOrURI$fEqStringOrURI$fShowStringOrURI$fEqNumericDate$fOrdNumericDate$fShowNumericDateAudience$fToJSONNumericDate$fFromJSONNumericDate $fEqAudience$fShowAudienceJWTValidationSettings ClaimsSetclaimIssclaimSubclaimAudclaimExpclaimNbfclaimIatclaimJtiunregisteredClaimsemptyClaimsSetaddClaim$fToJSONAudience$fFromJSONAudience$fToJSONClaimsSet$fFromJSONClaimsSet $fEqClaimsSet$fShowClaimsSet SignedJWTJWTHasCheckIssuedAt checkIssuedAtHasIssuerPredicateissuerPredicateHasAudiencePredicateaudiencePredicateHasAllowedSkew allowedSkewHasJWTValidationSettingsjWTValidationSettings jwtValidationSettingsAllowedSkew&jwtValidationSettingsAudiencePredicate"jwtValidationSettingsCheckIssuedAt$jwtValidationSettingsIssuerPredicate'jwtValidationSettingsValidationSettingsdefaultJWTValidationSettingsvalidateClaimsSet verifyClaimsverifyClaimsAt signClaims,$fHasValidationSettingsJWTValidationSettings/$fHasJWTValidationSettingsJWTValidationSettings$fHasAllowedSkewa$fHasAudiencePredicatea$fHasIssuerPredicatea$fHasCheckIssuedAta$fToCompactJWT$fFromCompactJWT$fMonadTimeReaderT$fEqJWT $fShowJWTbaseGHC.BaseNothingaesKeyWrapStepaesKeyUnwrapStep endGuardExpendGuardderiveJOSEType%aeson-0.11.3.0-GQZXMr10xpK39gT0QRyKn0Data.Aeson.Types.ClassToJSONFromJSON objectPairsparseB64 encodeB64Stringpadunpad!lens-4.16.1-cE5AUiZDRw7ch1hh8OBxCControl.Lens.ReviewreviewControl.Lens.Foldpreview parseB64Url encodeB64Url bsToInteger integerToBSsizedIntegerToBSintBytesIsCharfromChar parseOctets&cryptonite-0.25-9l7w1KyWYq4AA7oRFmNV5d Crypto.RandomwithRandomBytes drgNewTest drgNewSeeddrgNewseedFromBinaryseedFromInteger seedToIntegerseedNewSeedCrypto.Random.ChaChaDRG ChaChaDRGCrypto.Random.SystemDRG getSystemDRG SystemDRGCrypto.Random.TypeswithDRG MonadRandomgetRandomBytesDRGrandomBytesGenerateMonadPseudoRandom_rsaN_rsaE_rsaPrivateKeyParameters_ecCrv_ecX_ecY_ecDrethumbprintRepr Crypto.HashdigestFromByteStringhashWith hashInitWith hashFinalize hashUpdates hashUpdatehashInithashlazyhashCrypto.Hash.Blake2Blake2sBlake2bBlake2spBlake2bpCrypto.Hash.SHAKESHAKE128SHAKE256Crypto.Hash.Blake2b Blake2b_160 Blake2b_224 Blake2b_256 Blake2b_384 Blake2b_512Crypto.Hash.Blake2bp Blake2bp_512Crypto.Hash.Blake2s Blake2s_160 Blake2s_224 Blake2s_256Crypto.Hash.Blake2sp Blake2sp_224 Blake2sp_256Crypto.Hash.Keccak Keccak_224 Keccak_256 Keccak_384 Keccak_512Crypto.Hash.MD2MD2Crypto.Hash.MD4MD4Crypto.Hash.MD5MD5Crypto.Hash.RIPEMD160 RIPEMD160Crypto.Hash.SHA1SHA1Crypto.Hash.SHA224SHA224Crypto.Hash.SHA256SHA256Crypto.Hash.SHA3SHA3_224SHA3_256SHA3_384SHA3_512Crypto.Hash.SHA384SHA384Crypto.Hash.SHA512SHA512Crypto.Hash.SHA512t SHA512t_224 SHA512t_256Crypto.Hash.Skein256 Skein256_224 Skein256_256Crypto.Hash.Skein512 Skein512_224 Skein512_256 Skein512_384 Skein512_512Crypto.Hash.TigerTigerCrypto.Hash.Whirlpool WhirlpoolCrypto.Hash.Types HashAlgorithm hashBlockSizehashDigestSizeContextDigest _jwkMaterial_jwkUse _jwkKeyOps_jwkAlg_jwkKid_jwkX5u_jwkX5c_jwkX5t _jwkX5tS256JustData.Aeson.Types.InternalValueprotectedParamsData.Aeson.Encode.Functionsencode Data.AesondecodeData.Functor.IdentityIdentity _jwsHeaderJku _jwsHeaderKid _jwsHeaderTyp _jwsHeaderCty _jwsHeaderAlg _jwsHeaderJwk _jwsHeaderX5u _jwsHeaderX5c _jwsHeaderX5t_jwsHeaderX5tS256_jwsHeaderCrit_jweEncryptedKeywrap wrapAESKWencrypt _cbcHmacEnc_gcmEnc JWERecipient _jweHeaderCritParameters#_jwtValidationSettingsCheckIssuedAt ArbitraryOrURI(_jwtValidationSettingsValidationSettings!_jwtValidationSettingsAllowedSkew'_jwtValidationSettingsAudiencePredicate%_jwtValidationSettingsIssuerPredicate _claimIss _claimSub _claimAud _claimExp _claimNbf _claimIat _claimJti_unregisteredClaimsWrappedUTCTime getUTCTime