!\e.r      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJ K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~                                                                                                                                                              !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqNoneX'WjoseWrap a secret.iInput size must be a multiple of 8 bytes, and at least 16 bytes. Output size is input size plus 8 bytes.joseUnwrap a secret.jInput size must be a multiple of 8 bytes, and at least 24 bytes. Output size is input size minus 8 bytes.Returns rd if inherent integrity check fails. Otherwise, the chance that the key data is corrupt is 2 ^ -64.sjoseregisterjosestep (t) and offset (i)tjoseregisterjosestep (t) and offset (i)None=?9BjosewAn error when decoding a JOSE compact object. JSON decoding errors that occur during compact object processing throw .jose:Bad UTF-8 data in a compact object, at the specified index joseJThe wrong number of parts were found when decoding a compact JOSE object. joseexpected vs actual parts jose+Get the expected or actual number of parts. jose+Get the expected or actual number of parts.joseAll the errors that can occur.jose(A requested algorithm is not implementedjose$A requested algorithm cannot be usedjoseWrong type of key was givenjoseKey size is too smalljose,RSA private key with >2 primes not supportedjose+RSA encryption, decryption or signing errorjose&Various cryptonite library error casesjose.Wrong number of parts in compact serialisationjoseJSON (Aeson) decoding errorjose*No usable keys were found in the key storejose AnyValidated2 policy active, and no valid signature encounteredjose AllValidated1 policy active, and invalid signature encountered jose AllValidated] policy active, and there were no signatures on object that matched the allowed algorithms*  !"&'()*+,-./012345* &'()*+,-./012345 !"None> 8jose7Data that can be converted to a compact representation.:jose6Data that can be parsed from a compact representation.<jose Decode a compact representation.=jose(Encode data to a compact representation.89:;<=:;<89=NoneEujoseBExpression for an end guard. Arg describes type it was expecting.vjoseGBuild a catch-all guard that fails. String describes what is expected.wjoseCDerive a JOSE sum type with nullary data constructors, along with x and y instanceswjose Type name.joseList of JSON string values. The corresponding constructor is derived by upper-casing the first letter and converting non-alpha-numeric characters are converted to underscores.wNoneF>joseBRFC 7518 3.1. "alg" (Algorithm) Header Parameters Values for JWS>KLJIHGFEDCBA@?>KLJIHGFEDCBA@?NoneJRjoseARFC 7518 4.1. "alg" (Algorithm) Header Parameter Values for JWEpThis section is shuffled off into its own module to avoid circular import via Crypto.JOSE.JWK, which needs Alg.Rcba]\[ZYUT`_^XWVSRcba]\[ZYUT`_^XWVSNone>V?zjoseaConvert a JSON object into a list of pairs or the empty list if the JSON value is not an object.{joseAProduce a parser of base64 encoded text from a bytestring parser.|jose.Convert a bytestring to a base64 encoded JSON }ijose(Prism for encoding / decoding base64url. To encode, ~ base64url. To decode,  base64url.+Works with any combinations of strict/lazy  ByteString.joseDProduce a parser of base64url encoded text from a bytestring parser.jose1Convert a bytestring to a base64url encoded JSON }joseLConvert an unsigned big endian octet sequence to the integer it represents.joseSConvert an integer to its unsigned big endian representation as an octet sequence. z{|iNoneVNoneh< jjose=A base64url encoded octet sequence interpreted as an integer._The value is encoded in the minimum number of octets (no leading zeros) with the exception of 0 which is encoded as AA,. A leading zero when decoding is an error.njose#A base64 encoded X.509 certificate.pjoseMA base64url encoded SHA-256 digest. Used for X.509 certificate thumbprints.rjoseKA base64url encoded SHA-1 digest. Used for X.509 certificate thumbprints.tjosexA base64url encoded octet sequence. Used for payloads, signatures, symmetric keys, salts, initialisation vectors, etc.vjoseA base64url encoded octet sequence interpreted as an integer and where the number of octets carries explicit bit-length information.jose(Parse an octet sequence into an integer.2This function deals with ugly special cases from  -https://tools.ietf.org/html/rfc7518#section-2, specificallyThe empty sequence is invalid9Leading null byte is invalid (unless it is the only byte)yjose Generate a v of the given number of byteszjose Create a SizedBase64Integer' from an .{jose Parsed a v with an expected number of bytes.ijknopqrstuvwxyz{jkxvwzy{turspqnoiNone "#HPVX_sjoseParameters for RSA Keysjose"Parameters for Elliptic Curve KeysjoseRSA private key parametersjose(Optional parameters for RSA private keysjose#"oth" (Other Primes Info) Parameterjose"crv" (Curve) Parameterjose,Conversion from known curves and back again.jose'Keys that may have have public materialjoseGet the public keyjoseKeygen parameters.jose(Generate an EC key with specified curve.jose+Generate an RSA key with specified size in bytes.jose0Generate a symmetric key with specified size in bytes.jose;Generate an EdDSA or Edwards ECDH key with specified curve.joseKey material sum type.joseSymmetric key parameters data.Q?None "#>HV;jose+RFC 7517 4.4. "alg" (Algorithm) ParameterSee also RFC 7518 6.4. which states that for "oct" keys, an "alg" member SHOULD be present to identify the algorithm intended to be used with the key, unless the application uses another means or convention to determine the algorithm used.jose4RFC 7517 4.3. "key_ops" (Key Operations) Parameter#jose'RFC 7517 4. JSON Web Key (JWK) Format$jose0RFC 7517 4.2. "use" (Public Key Use) Parameter.joseRFC 7517 5. JWK Set Format8joseGet the certificate chain. Not a lens, because the key of the first certificate in the chain must correspond be the public key of the JWK. To set the certificate chain use 9.9joseSet the "x5c"| Certificate Chain parameter. If setting the list, checks that the key in the first certificate matches the JWK; returns Nothing if it does not.:joseHGenerate a JWK. Apart from key parameters, no other parameters are set.<jose"Convert RSA private key into a JWKjose$Convert an RSA public key into a JWKjose#Convert an EC public key into a JWK=joseConvert octet string into a JWK>jose(Convert an X.509 certificate into a JWK.:Only RSA keys are supported. Other key types will throw .The "x5c"5 field of the resulting JWK contains the certificate.?joseuChoose the cryptographically strongest JWS algorithm for a given key. The JWK "alg" algorithm parameter is ignored.@jose#Compute the JWK Thumbprint of a JWKAjosePrism from ByteString to HashAlgorithm a => Digest a.Use  digest to view the bytes of a digestjose,JWK canonicalised for thumbprint computationi#$%&./0123456789:;<=>?@A3:#34$%&10278956;<=>@Ai./? None=?@AJjose.Verification keys. Lookup operates in effect m( with access to the JWS header of type h and a payload of type s.BThe returned keys are not guaranteed to be used, e.g. if the JWK "use" or  "key_ops"+ field does not allow use for verification.Kjose4Look up verification keys by JWS header and payload.LjoseUse a . as a J. Can be used with any payload type. Returns all keys in the set; header and payload are ignored. No filtering is performed.MjoseUse a # as a Jd. Can be used with any payload type. Header and payload are ignored. No filtering is performed.Kjose JWS headerjosePayloadJKJK None_ NjoseARFC 7518 4.8.1. Header Parameters Used for PBES2 Key EncryptionPjosePBKDF2 salt inputQjose)PBKDF2 iteration count ; POSITIVE integerRjoseCRFC 7518 4.7.1. Header Parameters Used for AES GCM Key EncryptionTjose)Initialization Vector (must be 96 bits?)Ujose&Authentication Tag (must be 128 bits?)Vjose?RFC 7518 4.6.1. Header Parameters Used for ECDH Key AgreementXjose'Ephemeral Public Key ; a JWK PUBLIC keyYjoseAgreement PartyUInfoZjoseAgreement PartyVInfo[jose9RFC 7518 4. Cryptographic Algorithms for Key Managementjose<RFC 7518 5 Cryptographic Algorithms for Content Encryption(NOQPRSUTVWZYX[lkjfedcb^]ihga`_\mn([lkjfedcb^]ihga`_\mnVWZYXRSUTNOQP NoneHXUjose2A header value, along with a protection indicator.jose&Get a value for indicating protection.joseGet a * a value for indicating no protection, or r3 if the type does not support unprotected headers.jose,Whether a header is protected or unprotectedjoseA thing with parameters.joseNReturn a list of parameters, each paired with whether it is protected or not.joseVList of "known extensions", i.e. keys that may appear in the "crit" header parameter.jose:Parse a pair of objects (protected and unprotected header)This internally invokes  applied to a proxy for the target type. (This allows the parsing of the "crit" parameter to access "known extensions" understood by the target type.)jose1Return the base64url-encoded protected parametersjose$Return unprotected params as a JSON } (always an object)jose Lens for the  of a jose Lens for a  valuejose+Getter for whether a parameter is protectedjosecParse an optional parameter that may be carried in either the protected or the unprotected header.joseWParse an optional parameter that, if present, MUST be carried in the protected header.josebParse a required parameter that may be carried in either the protected or the unprotected header.joseIParse a required parameter that MUST be carried in the protected header.joseParse a "crit" header param Fails if:,any reserved header appears in "crit" header1any value in "crit" is not a recognised extensionCany value in "crit" does not have a corresponding key in the objectjoseprotected headerjoseunprotected headerjoseObject joseObject josereserved header parametersjoserecognised extensionsjose8full header (union of protected and unprotected headers)jose crit header-- None=>?XjoseValidation settings:*The set of acceptable signature algorithmsThe validation policyjoseValidation policy.jose2One successfully validated signature is sufficientjosexAll signatures in all configured algorithms must be validated. No signatures in configured algorithms is also an error.joseOA JWS with one signature which only allows protected parameters. Can use the flattened serialisation or the compact serialisation.jose*A JWS with one signature, which uses the flattened serialisation. Headers may be  or .jose;A JWS that allows multiple signatures, and cannot use the compact serialisation. Headers may be  or .joseVJSON Web Signature data type. The payload can only be accessed by verifying the JWS.;Parameterised by the signature container type, the header " type, and the header record type.Use  and 4 to convert a JWS to or from JSON. When encoding a  []" with exactly one signature, the  flattened JWS JSON serialisation syntax is used, otherwise the general JWS JSON serialisation is used. When decoding a  []" either serialisation is accepted.  / uses the flattened JSON serialisation or the JWS compact serialisation (see < and =).Use  to create a signed/MACed JWS.Use ) to verify a JWS and extract the payload.jose8Signature object containing header, and signature bytes.If it was decoded from a serialised JWS, it "remembers" how the protected header was encoded; the remembered value is used when computing the signing input and when serialising the object.The remembered value is not used in equality checks, i.e. two decoded signatures with differently serialised by otherwise equal protected headers, and equal signature bytes, are equal.joseJWS Header data type. jose JWK Set URL joseinterpretation unspecified joseContent Type (of object) joseContent Type (of payload)joseVConstruct a minimal header with the given algorithm and protection indicator for the alg header.jose,Make a JWS header for the given signing key.Uses ?- to choose the algorithm. If set, the JWK's "kid", "x5u", "x5c", "x5t" and  "x5t#S256"D parameters are copied to the JWS header (as protected parameters). May return  or .jose Getter for header of a signaturejoseGetter for signature bytesjoseReturn the raw base64url-encoded protected header value. If the Signature was decoded from JSON, this returns the original string value as-is.UApplication code should never need to use this. It is exposed for testing purposes.joseSCreate a signed or MACed JWS with the given payload by traversing a collection of  (header, key) pairs.jose The default validation settings.,All algorithms except "none" are acceptable.HAll signatures must be valid (and there must be at least one signature.)jose2Verify a JWS with the default validation settings. See also .jose Verify a JWS.YSignatures made with an unsupported algorithms are ignored. If the validation policy is Z, a single successfully validated signature is sufficient. If the validation policy is K then all remaining signatures (there must be at least one) must be valid.-Returns the payload if successfully verified.josePayloadjose Traversable of header, key pairsjosekey or key storejoseJWSjosevalidation settingsjosekey or key storejoseJWSjosepayload decoderjosevalidation settingsjosekey or key storejoseJWSa  !"&'()*+,-./012345>?@ABCDEFGHIJLKi#$%&./0123456789:;<=>?@A.>?@ABCDEFGHIJLKNoneli  !"&'()*+,-./01234589:;<=>?@ABCDEFGHIJLKi#$%&./0123456789:;<=>?@AJK None@APXjose&Encoded protected header, if availablejoseJWE Initialization VectorjoseJWE AADjoseJWE CiphertextjoseJWE Authentication TagjoseJWE Encrypted KeyjoseContent Type (of object)joseContent Type (of payload)josemessage (key to wrap)joseplaintext key (to be encrypted)jose encrypted keyjosekeyjosemessagejoseAADjosekeyjosemessagejoseadditional authenticated datajoseIV, cipertext and MACjosekeyjosemessagejoseadditional authenticated datajoseIV, tag and ciphertext          None =>?]jose.A JOSE error occurred while processing the JWTjose'The JWT payload is not a JWT Claims Set%josexA JSON numeric value representing the number of seconds from 1970-01-01T0:0:0Z UTC until the specified UTC date/time.'joseA JSON string value, with the additional requirement that while arbitrary string values MAY be used, any value containing a : character MUST be a URI.Note: the IsString. instance will fail if the string contains a : but does not parse as a . Use 1 directly in this situation.8joseNon-total. A string with a : in it MUST parse as a URI>jose)Audience data. In the general case, the audA value is an array of case-sensitive strings, each containing a 'B value. In the special case when the JWT has one audience, the aud; value MAY be a single case-sensitive string containing a ' value.The x instance formats an >O with one value as a string (some non-compliant implementations require this.)joseiThe allowed skew is interpreted in absolute terms; a nonzero value always expands the validity period.EjoseThe JWT Claims Set represents a JSON object whose members are the registered claims defined by RFC 7519. Unrecognised claims are gathered into the M map.FjoseThe issuer claim identifies the principal that issued the JWT. The processing of this claim is generally application specific.Gjose>The subject claim identifies the principal that is the subject of the JWT. The Claims in a JWT are normally statements about the subject. The subject value MAY be scoped to be locally unique in the context of the issuer or MAY be globally unique. The processing of this claim is generally application specific.HjoseThe audience claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the audB claim when this claim is present, then the JWT MUST be rejected.IjoseThe expiration time claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. The processing of exp_ claim requires that the current date/time MUST be before expiration date/time listed in the expx claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.Jjose|The not before claim identifies the time before which the JWT MUST NOT be accepted for processing. The processing of the nbfm claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the nbfy claim. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew.KjoseThe issued at claim identifies the time at which the JWT was issued. This claim can be used to determine the age of the JWT.LjoseThe JWT ID claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object. The jtiB claim can be used to prevent the JWT from being replayed. The jti" value is a case-sensitive string.Mjose7Claim Names can be defined at will by those using JWTs.NjoseReturn an empty claims set.VjoseA digitally signed or MACed JWTWjoseWhether to check that the iat claim is not in the future.YjosePredicate for checking the iss claim.[jose%Predicate for checking values in the aud claim.]jose)Maximum allowed skew when validating the nbf, exp and iat claims.fjose(Acquire the default validation settings. 1https://tools.ietf.org/html/rfc7519#section-4.1.3RFC 7519 4.1.3.| states that applications MUST identify itself with a value in the audience claim, therefore a predicate must be supplied.The other defaults are: for JWS verification*Zero clock skew tolerance when validating nbf, exp and iat claimsiat claim is checkedissuer claim is not checkedgjose(Validate the claims made by a ClaimsSet.These checks are performed by h], which also validates any signatures, so you shouldn't need to use this function directly.hjoseYCryptographically verify a JWS JWT, then validate the Claims Set, returning it if valid.This is the only way to get at the claims of a JWS JWT, enforcing that the claims are cryptographically and semantically valid before the application can use them. See also i2 which allows you to explicitly specify the time.ijoseYCryptographically verify a JWS JWT, then validate the Claims Set, returning it if valid.This is the same as h except that the time is explicitly provided. If you process many requests per second this will allow you to avoid unnecessary repeat system calls.jjoseCreate a JWS JWT  !"&'()*+,-./01234589:;<=>?@ABCDEFGHIJLKi#$%&./0123456789:;<=>?@AJK !"%&'(*,0-/.+)123>?DEFGHIJKLMNOVWXYZ[\]^_eabdc`fghij:jVfhi]^[\YZWXD_eabdc`EHIKFLJGMONg !"(*,0-/.+)>?'123%& !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdeRfghijklmnopqrstuvabcdewxxyz{{||}}~~      !"#$%&'()*+,-./01123456789:;<=>?@ABCDEFGHIJK L M N O P P Q R S S T U V V W X Y Z f g h i j k l m n o p q r s t u v [ \ ] ^ _ ` a b c d e f g h i j k l ) m n o p q r s t u v w x y z { | } ~                                                                                                                                               !"#$%&''()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdbefghibjklmnlopqrstuvwxyz{|}~|}|}|}|}|}|}|}|}|||||||||lm||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||Z[ bbZ          !jose-0.8.4-KrG9si2SlOPHCvnlHvIuAICrypto.JOSE.TypesCrypto.JOSE.AESKWCrypto.JOSE.ErrorCrypto.JOSE.CompactCrypto.JOSE.JWA.JWSCrypto.JOSE.JWA.JWE.AlgCrypto.JOSE.JWA.JWKCrypto.JOSE.JWKCrypto.JOSE.JWK.StoreCrypto.JOSE.JWA.JWECrypto.JOSE.HeaderCrypto.JOSE.JWSCrypto.JOSE.JWE Crypto.JWTCrypto.JOSE.THCrypto.JOSE.Types.InternalCrypto.JOSE.Types.Orphans Crypto.JOSE*network-uri-2.6.3.0-7wWtlPtRMwKC5NlLG0iH6F Network.URIURI!x509-1.7.5-9KzLHTLgA57EtqexvoiHeI Data.X509SignedCertificate aesKeyWrap aesKeyUnwrapCompactDecodeErrorCompactInvalidNumberOfPartsCompactInvalidTextCompactTextErrorInvalidNumberOfParts expectedParts actualParts$fShowInvalidNumberOfParts$fShowCompactTextError$fEqInvalidNumberOfParts$fEqCompactTextError$fEqCompactDecodeErrorErrorAlgorithmNotImplementedAlgorithmMismatch KeyMismatchKeySizeTooSmallOtherPrimesNotSupportedRSAError CryptoErrorJSONDecodeError NoUsableKeysJWSCritUnprotectedJWSNoValidSignaturesJWSInvalidSignatureJWSNoSignatures_CompactInvalidNumberOfParts_CompactInvalidText$fShowCompactDecodeError $fEqError $fShowErrorAsError_Error_AlgorithmNotImplemented_AlgorithmMismatch _KeyMismatch_KeySizeTooSmall_OtherPrimesNotSupported _RSAError _CryptoError_CompactDecodeError_JSONDecodeError _NoUsableKeys_JWSCritUnprotected_JWSNoValidSignatures_JWSInvalidSignature_JWSNoSignatures$fMonadRandomt$fAsErrorError ToCompact toCompact FromCompact fromCompact decodeCompact encodeCompactAlgHS256HS384HS512RS256RS384RS512ES256ES384ES512PS256PS384PS512NoneEdDSA $fToJSONAlg $fFromJSONAlg$fEqAlg$fOrdAlg $fShowAlgRSA1_5RSA_OAEP RSA_OAEP_256A128KWA192KWA256KWDirECDH_ESECDH_ES_A128KWECDH_ES_A192KWECDH_ES_A256KW A128GCMKW A192GCMKW A256GCMKWPBES2_HS256_A128KWPBES2_HS384_A192KWPBES2_HS512_A256KW base64url Base64Integer$fEqBase64Integer$fShowBase64Integer Base64X509 Base64SHA256 Base64SHA1 Base64OctetsSizedBase64Integer_Base64IntegergenSizedBase64IntegerOfmakeSizedBase64Integer checkSize$fArbitraryBase64Integer$fToJSONBase64Integer$fFromJSONBase64Integer$fToJSONSizedBase64Integer$fFromJSONSizedBase64Integer$fArbitrarySizedBase64Integer$fEqSizedBase64Integer$fArbitraryBase64Octets$fToJSONBase64Octets$fFromJSONBase64Octets$fArbitraryBase64SHA1$fToJSONBase64SHA1$fFromJSONBase64SHA1$fArbitraryBase64SHA256$fToJSONBase64SHA256$fFromJSONBase64SHA256$fToJSONBase64X509$fFromJSONBase64X509$fShowSizedBase64Integer$fEqBase64Octets$fShowBase64Octets$fEqBase64SHA1$fShowBase64SHA1$fEqBase64SHA256$fShowBase64SHA256$fEqBase64X509$fShowBase64X509RSAKeyParametersECKeyParametersRSAPrivateKeyParametersrsaDrsaOptionalParametersRSAPrivateKeyOptionalParametersrsaPrsaQrsaDprsaDqrsaQirsaOthRSAPrivateKeyOthElemrOthdOthtOthCrvP_256P_384P_521ecCrvecXecYecDcurvepoint ecPrivateKeyecParametersFromX509$fArbitraryCrv $fToJSONCrv $fFromJSONCrv$fArbitraryRSAPrivateKeyOthElem$fToJSONRSAPrivateKeyOthElem$fFromJSONRSAPrivateKeyOthElem*$fArbitraryRSAPrivateKeyOptionalParameters'$fToJSONRSAPrivateKeyOptionalParameters)$fFromJSONRSAPrivateKeyOptionalParameters"$fArbitraryRSAPrivateKeyParameters$fToJSONRSAPrivateKeyParameters!$fFromJSONRSAPrivateKeyParameters$fArbitraryECKeyParameters$fToJSONECKeyParameters$fFromJSONECKeyParameters$fEqCrv$fOrdCrv $fShowCrv$fEqRSAPrivateKeyOthElem$fShowRSAPrivateKeyOthElem#$fEqRSAPrivateKeyOptionalParameters%$fShowRSAPrivateKeyOptionalParameters$fEqRSAPrivateKeyParameters$fShowRSAPrivateKeyParameters$fEqECKeyParameters$fShowECKeyParameters$fEqRSAKeyParameters$fShowRSAKeyParameters AsPublicKey asPublicKeyKeyMaterialGenParam ECGenParam RSAGenParam OctGenParam OKPGenParam KeyMaterial ECKeyMaterialRSAKeyMaterialOctKeyMaterialOKPKeyMaterialOKPCrvEd25519X25519OKPKeyParameters Ed25519Key X25519KeyOctKeyParametersrsaErsaNrsaPrivateKeyParametersgenRSAtoRSAKeyParameterstoRSAPublicKeyParameters rsaPublicKeyoctKgenKeyMaterialsignverify$fArbitraryRSAKeyParameters$fToJSONRSAKeyParameters$fFromJSONRSAKeyParameters$fArbitraryOctKeyParameters$fToJSONOctKeyParameters$fFromJSONOctKeyParameters$fArbitraryOKPKeyParameters$fToJSONOKPKeyParameters$fFromJSONOKPKeyParameters$fShowOKPKeyParameters$fArbitraryOKPCrv$fArbitraryKeyMaterial$fToJSONKeyMaterial$fFromJSONKeyMaterial$fArbitraryKeyMaterialGenParam$fAsPublicKeyKeyMaterial$fAsPublicKeyOKPKeyParameters$fAsPublicKeyECKeyParameters$fAsPublicKeyRSAKeyParameters$fEqOctKeyParameters$fShowOctKeyParameters$fEqOKPKeyParameters $fEqOKPCrv $fShowOKPCrv$fEqKeyMaterial$fShowKeyMaterial$fEqKeyMaterialGenParam$fShowKeyMaterialGenParamJWKAlgJWSAlgJWEAlg$fToJSONJWKAlg$fFromJSONJWKAlg $fEqJWKAlg $fShowJWKAlgKeyOpSignVerifyEncryptDecryptWrapKey UnwrapKey DeriveKey DeriveBits $fToJSONKeyOp$fFromJSONKeyOp $fEqKeyOp $fOrdKeyOp $fShowKeyOpJWKKeyUseSigEnc$fToJSONKeyUse$fFromJSONKeyUse $fEqKeyUse $fOrdKeyUse $fShowKeyUse$fEqJWK $fShowJWKJWKSetjwkAlg jwkKeyOpsjwkKid jwkMaterialjwkUsejwkX5t jwkX5tS256jwkX5ujwkX5c setJWKX5cgenJWKfromKeyMaterialfromRSA fromOctetsfromX509Certificate bestJWSAlg thumbprintdigest$fAsPublicKeyJWK$fArbitraryJWK $fToJSONJWK $fFromJSONJWK$fToJSONJWKSet$fFromJSONJWKSet $fEqJWKSet $fShowJWKSetVerificationKeyStoregetVerificationKeys$fVerificationKeyStoremhsJWKSet$fVerificationKeyStoremhsJWKPBES2Parameters_p2s_p2cAESGCMParameters_iv_tagECDHParameters_epk_apu_apv AlgWithParams algObjectalgWithParamsObject$fToJSONECDHParameters$fFromJSONECDHParameters$fToJSONAESGCMParameters$fFromJSONAESGCMParameters$fToJSONPBES2Parameters$fFromJSONPBES2Parameters$fToJSONAlgWithParams$fFromJSONAlgWithParams$fEqECDHParameters$fShowECDHParameters$fEqAESGCMParameters$fShowAESGCMParameters$fEqPBES2Parameters$fShowPBES2Parameters$fEqAlgWithParams$fShowAlgWithParams A128CBC_HS256 A192CBC_HS384 A256CBC_HS512A128GCMA192GCMA256GCM $fToJSONEnc $fFromJSONEnc$fEqEnc$fOrdEnc $fShowEncHasCritcritHasCtyctyHasTyptyp HasX5tS256x5tS256HasX5tx5tHasX5cx5cHasX5ux5uHasKidkidHasJwkjwkHasJkujkuHasAlgalg HeaderParamProtectionIndicator getProtectedgetUnprotected Protection Protected Unprotected HasParamsparams extensionsparseParamsFor parseParamsprotectedParamsEncodedunprotectedParams protectionparam isProtectedheaderOptionalheaderOptionalProtectedheaderRequiredheaderRequiredProtected parseCrit$fProtectionIndicator()$fProtectionIndicatorProtection$fFunctorHeaderParam$fEqProtection$fShowProtection$fEqHeaderParam$fShowHeaderParamHasValidationPolicyvalidationPolicy HasAlgorithms algorithmsHasValidationSettingsvalidationSettingsvalidationSettingsAlgorithms"validationSettingsValidationPolicyValidationSettingsValidationPolicy AnyValidated AllValidated CompactJWS FlattenedJWS GeneralJWSJWS Signature HasJWSHeader jwsHeader JWSHeader newJWSHeader makeJWSHeaderheader signature signaturesrawProtectedHeadersignJWSdefaultValidationSettings verifyJWS' verifyJWSverifyJWSWithPayload$fHasParamsJWSHeader $fHasCrita $fHasCtya $fHasTypa $fHasX5tS256a $fHasX5ta $fHasX5ca $fHasX5ua $fHasKida $fHasJwka $fHasJkua $fHasAlga$fHasJWSHeaderJWSHeader$fToJSONSignature$fFromJSONSignature $fEqSignature$fFromCompactJWS$fToCompactJWS $fToJSONJWS $fToJSONJWS0 $fFromJSONJWS$fFromJSONJWS0 $fShowJWS$fEqJWS)$fHasValidationSettingsValidationSettings$fHasAlgorithmsa$fHasValidationPolicya $fEqJWSHeader$fShowJWSHeader$fShowSignature$fEqValidationPolicyJWE _protectedRaw_jweIv_jweAad_jweCiphertext_jweTag_jweRecipients JWEHeader_jweAlg_jweEnc_jweZip_jweJku_jweJwk_jweKid_jweX5u_jweX5c_jweX5t _jweX5tS256_jweTyp_jweCty_jweCrit$fHasParamsJWEHeader$fFromJSONJWERecipient $fFromJSONJWE$fEqCritParameters$fShowCritParameters $fEqJWEHeader$fShowJWEHeaderJWTErrorJWSErrorJWTClaimsSetDecodeError JWTExpiredJWTNotYetValidJWTNotInIssuerJWTNotInAudienceJWTIssuedAtFuture $fEqJWTError$fShowJWTError NumericDate StringOrURI AsJWTError _JWTError _JWSError_JWTClaimsSetDecodeError _JWTExpired_JWTNotYetValid_JWTNotInIssuer_JWTNotInAudience_JWTIssuedAtFuture stringOrUristringuri$fAsErrorJWTError$fAsJWTErrorJWTError$fToJSONStringOrURI$fFromJSONStringOrURI$fIsStringStringOrURI$fEqStringOrURI$fShowStringOrURI$fEqNumericDate$fOrdNumericDate$fShowNumericDateAudience$fToJSONNumericDate$fFromJSONNumericDate $fEqAudience$fShowAudienceJWTValidationSettings ClaimsSetclaimIssclaimSubclaimAudclaimExpclaimNbfclaimIatclaimJtiunregisteredClaimsemptyClaimsSetaddClaim$fToJSONAudience$fFromJSONAudience$fToJSONClaimsSet$fFromJSONClaimsSet $fEqClaimsSet$fShowClaimsSet SignedJWTHasCheckIssuedAt checkIssuedAtHasIssuerPredicateissuerPredicateHasAudiencePredicateaudiencePredicateHasAllowedSkew allowedSkewHasJWTValidationSettingsjWTValidationSettings jwtValidationSettingsAllowedSkew&jwtValidationSettingsAudiencePredicate"jwtValidationSettingsCheckIssuedAt$jwtValidationSettingsIssuerPredicate'jwtValidationSettingsValidationSettingsdefaultJWTValidationSettingsvalidateClaimsSet verifyClaimsverifyClaimsAt signClaims$fHasValidationSettingsa/$fHasJWTValidationSettingsJWTValidationSettings$fHasAllowedSkewa$fHasAudiencePredicatea$fHasIssuerPredicatea$fHasCheckIssuedAta$fMonadTimeReaderTbase GHC.MaybeNothingaesKeyWrapStepaesKeyUnwrapStep endGuardExpendGuardderiveJOSEType$aeson-1.5.4.0-G0TmHbZVsdpCqiHJx3XHHoData.Aeson.Types.ToJSONToJSONData.Aeson.Types.FromJSONFromJSON objectPairsparseB64 encodeB64Data.Aeson.Types.InternalValue"lens-4.19.2-KXfjtCwCOd3KUikLJUQm86Control.Lens.ReviewreviewControl.Lens.Foldpreview parseB64Url encodeB64Url bsToInteger integerToBSsizedIntegerToBSintBytes parseOctets integer-gmpGHC.Integer.TypeInteger fromCurveName&cryptonite-0.27-1OR6zYa0VCy6lkihzS4RoV Crypto.RandomwithRandomBytes drgNewTest drgNewSeeddrgNewseedFromBinaryseedFromInteger seedToIntegerseedNewSeedCrypto.Random.ChaChaDRG ChaChaDRGCrypto.Random.SystemDRG getSystemDRG SystemDRGCrypto.Random.TypeswithDRG MonadRandomgetRandomBytesDRGrandomBytesGenerateMonadPseudoRandom fromRSAPublic fromECPublicrethumbprintRepr Crypto.HashdigestFromByteStringhashWith hashInitWith hashFinalize hashUpdates hashUpdatehashInithashlazyhashCrypto.Hash.Blake2Blake2sBlake2bBlake2spBlake2bpCrypto.Hash.SHAKESHAKE128SHAKE256Crypto.Hash.Blake2b Blake2b_160 Blake2b_224 Blake2b_256 Blake2b_384 Blake2b_512Crypto.Hash.Blake2bp Blake2bp_512Crypto.Hash.Blake2s Blake2s_160 Blake2s_224 Blake2s_256Crypto.Hash.Blake2sp Blake2sp_224 Blake2sp_256Crypto.Hash.Keccak Keccak_224 Keccak_256 Keccak_384 Keccak_512Crypto.Hash.MD2MD2Crypto.Hash.MD4MD4Crypto.Hash.MD5MD5Crypto.Hash.RIPEMD160 RIPEMD160Crypto.Hash.SHA1SHA1Crypto.Hash.SHA224SHA224Crypto.Hash.SHA256SHA256Crypto.Hash.SHA3SHA3_224SHA3_256SHA3_384SHA3_512Crypto.Hash.SHA384SHA384Crypto.Hash.SHA512SHA512Crypto.Hash.SHA512t SHA512t_224 SHA512t_256Crypto.Hash.Skein256 Skein256_224 Skein256_256Crypto.Hash.Skein512 Skein512_224 Skein512_256 Skein512_384 Skein512_512Crypto.Hash.TigerTigerCrypto.Hash.Whirlpool WhirlpoolCrypto.Hash.Types HashAlgorithm hashBlockSizehashDigestSizeContextDigestJustprotectedParams Data.AesonencodedecodeData.Functor.IdentityIdentity _jwsHeaderJku _jwsHeaderKid _jwsHeaderTyp _jwsHeaderCty_jweEncryptedKeywrap wrapAESKWencrypt _cbcHmacEnc_gcmEnc#_jwtValidationSettingsCheckIssuedAt