!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef g h i j k l m n o p q r s t u v w x y z { | } ~  (c) Trevor Elliott, 2008BSD3'Trevor Elliott <trevor@geekgateway.com> Portability :None 9:;<=CI 6Check to see if an XRDS service description is usable.AGenerate a tag name predicate, that ignores prefix and namespace.5Filter the attributes of an element by some predicate Read, maybeGet the text of an element (Generate a predicate over Service Types.    (c) Trevor Elliott, 2008BSD3'Trevor Elliott <trevor@geekgateway.com>Portability : None 9:;<=CI ErrorsA valid OpenID identifier.An OpenID provider. A way to resolve an HTTP request5A realm of uris for a provider to inform a user aboutA return to path1Parameter lists for communication with the serverAn association with a provider.+Session types for association establishment#Supported association types'Parse a provider(Show a provider)Modify the URI in a provider !"#$%&'()*+ !"#$%&'()#$% !"'()& !"#$%&'()*+(c) Trevor Elliott, 2008BSD3 Stability :None 9:;<=CI 6 Read, maybe.7!Break up a string by a predicate.8VSpit a list into a pair, removing the element that caused the predicate to succeed.93Build an Integer out of a big-endian list of bytes.:/Turn an Integer into a big-endian list of bytes;JPad out a list of bytes to represent a positive, big-endian list of bytes.<The OpenID-2.0 namespace.=0Default modulus for Diffie-Hellman key exchange.>!Read inside of an Exception monad?4Lookup parameters inside an exception handling monad@ Read a fieldACMake an HTTP request, and run a function with a successful response 6789:;<=>?@A 6789:;<=>?@A 6789:;=<>?@A 6789:;<=>?@A(c) Trevor Elliott, 2008BSD3'Trevor Elliott <trevor@geekgateway.com> Portability :None 9:;<=CIBCDBCBCBCD(c) Trevor Elliott, 2008BSD3'Trevor Elliott <trevor@geekgateway.com>Portability : None 9:;<=CIE)Normalize an identifier, discarding XRIs.FWNormalize the user supplied identifier, using a supplied function to normalize an XRI.EFEFEFEF(c) Trevor Elliott, 2008BSD3'Trevor Elliott <trevor@geekgateway.com> Portability :None 9:;<=CI GpPerform an http request. If the Bool parameter is set to True, redirects from the server will be followed.Follow a redirect9Get the port and hostname associated with an http requestJ/Turn a response body into a list of parameters.K*Format OpenID parameters as a query stringL-Format OpenID parameters as a direct responseM$Escape for the query string of a URINAdd Parameters to a URIO+Parse OpenID parameters out of a url string GHIJKLMNO GHIJKLMNO GHIJKLMNO GHIJKLMNO(c) Trevor Elliott, 2008BSD3'Trevor Elliott <trevor@geekgateway.com> Portability :None 9:;<=CIP;Attempt to resolve an OpenID endpoint, and user identifier.Attempt a YADIS based discovery, given a valid identifier. The result is an OpenID endpoint, and the actual identifier for the user.OParse out an OpenID endpoint, and actual identifier from a YADIS xml document.Attempt to discover an OpenID endpoint, from an HTML document. The result will be an endpoint on success, and the actual identifier of the user.MParse out an OpenID endpoint and an actual identifier from an HTML document..Filter out link tags from a list of html tags.)Split a string into strings of html tags.aSplit out values from a key="value" like string, in a way that is suitable for use with unfoldr. PPP PNone 9:;<=CIQUsed to store responses.R-Some common, useful Attribute Exchange specs.^wThe simplest use case is to request the user's email. This would be used to replace traditional verification emails.__Use these functions to roll your own list of fields to request when you send an auth request`9specify the alias as well as the list of requested fieldsaRetrieve the requested fields from the HTTP request params. Keep | in mind the spec does not require that the OpenID Provider return | any of our requested fields, even on a successful verification.QRSTUVWXYZ[\]^_>params we want them to send in the "id_res" mode verification`Jalias. it doesn't really matter what this is as long as we're consistent4params we require in the "id_res" mode verificationaQRSTUVWXYZ[\]^_`aRSTUVWXYZQ[\]^_`aQRSTUVWXYZ[\]^_`a (c) Trevor Elliott, 2008AllRightsReserved'Trevor Elliott <trevor@geekgateway.com> Portability :None 9:;<=CIf+Manage pairs of Providers and Associations.gFind an association.haAdd a new association, and set its expiration to be relative to the "now" parameter passed in.iWExpire associations in the manager that are older than the supplied "now" parameter.j.Export all associations, and their expirationsfghijfghijfghijfghij (c) Trevor Elliott, 2008BSD3'Trevor Elliott <trevor@geekgateway.com> Portability :None 9:;<=CIk.A simple association manager based on Data.MapmAn empty association map.klmnklmklmklmn (c) Trevor Elliott, 2008BSD3 Stability :None 9:;<=CIq Sha1 hashingrSha256 hashing4General purpose digest function wrapper for OpenSSL. qrqrqr qr None 9:;<=CIt/Name of the SHA digest, used by getDigestByNameu0Name of the SHA1 digest, used by getDigestByNamev2Name of the SHA224 digest, used by getDigestByNamew2Name of the SHA256 digest, used by getDigestByNamex2Name of the SHA384 digest, used by getDigestByNamey2Name of the SHA384 digest, used by getDigestByNamez,Get the hex-string representation of an HMAC{#Wrapper/rendering function for hmac stuvwxyzthe HMACthe hex-string representation{the name of the digest the HMAC keythe data to be signed,the hex-representation of the resulting HMAC| stuvwxyz{| |{zstuvwxy stuvwxyz{| None 9:;<=CI.Figure out how many bytes are used by a BIGNUM&}~}~}~}~ (c) 2006-2008Stability : unstableGHCNone 9:;<=CI"'formatOutput n mbLT str' formats str%, splitting it into lines of length no. The optional value lets you control what line terminator sequence to use; the default is CRLF (as per MIME.)(c) Trevor Elliott, 2008BSD3Stability : None 9:;<=CIAssociation monadAssociation environment>Check to see if an AssocType and SessionType pairing is valid.ZGenerate parameters for Diffie-Hellman key exchange, based on the provided SessionType.OTurn DHParams into a list of key/value pairs that can be sent to a Provider.*Give the hash algorithm for a session type]Get the mac key from a set of Diffie-Hellman parameters, and the public key of the server.Associate with a provider. By default, this tries to use DH-SHA256 and HMAC-SHA256, and falls back to whatever the server recommends, if the Bool parameter is True.Associate with a provider, attempting to use the provided association methods. The Bool specifies whether or not recovery should be attempted upon a failed request..Running a computation in the association monad6Use the underlying monad to retrieve the current time.;Generate Diffie-Hellman parameters in the underlying monad.{A "pure" version of association. It will run in whatever base monad is provided, layering exception handling over that..Attempt to recover from an association failure,Handle the response to an associate request.fghijklm (c) Trevor Elliott, 2008BSD3'Trevor Elliott <trevor@geekgateway.com> Portability :None 9:;<=CIGet the mac hash type(Parse a provider within the Result monad.Get the signed fields from a set of parametersyGenerate an authentication URL. The params field allows you to | specify any extensions, for example, AttributeExchange.&Verify a signature on a set of params.Verify an assertion directlyVerify with an association  Your pre-established assocationsUse this if you want to try to use OpenID's Immediate mode. Some providers won't ever let this mode succeed, whereas some won't even prompt the user in Setup mode and go straight for the redirect. It is safe to use the Setup mode only.7The OpenID provider's (e.g Google or Yahoo) OpenID URIThe identity URI you are trying to verify. Please note that a number of providers no longer encode their services' usernames into the URI.zAfter the user verifies that they are indeed "them" with the OpenID provider, where should said provider redirect them?qAdditional params for OpenID extensions. You can use this to verify a user's email using Attribute Extensions. (c) Trevor Elliott, 2008BSD3'Trevor Elliott <trevor@geekgateway.com> Portability :None 9:;<=CI[ !"#$%&'()6789:;<=>?@AEFGHIJKLMNOPQRSTUVWXYZ[\]^_`afghijklm  !"#$%&'(()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs t u v w x y z { | } ~             D"P     G H %openid-0.2.1.0-ESeZg554vz36C3r8pof5fY Text.XRDSNetwork.OpenID.TypesNetwork.OpenID.UtilsNetwork.OpenID.SSLNetwork.OpenID.NormalizationNetwork.OpenID.HTTPNetwork.OpenID.Discovery Network.OpenID.AttributeExchange"Network.OpenID.Association.ManagerNetwork.OpenID.Association.MapData.Digest.OpenSSL.SHA#Data.Digest.OpenSSL.AlternativeHMACCodec.Encryption.DHCodec.Binary.Base64Network.OpenID.AssociationNetwork.OpenID.AuthenticationNetwork.OpenIDService serviceTypesserviceMediaTypes serviceURIsserviceLocalIDsservicePriority serviceExtraXRDXRDSisUsablehasType parseXRDS $fShowServiceError Identifier getIdentifierProvider providerURIResolverRealmReturnToParams AssociationassocExpiresIn assocHandle assocMacKey assocType SessionType NoEncryptionDhSha1DhSha256 AssocTypeHmacSha1 HmacSha256 assocString parseProvider showProvidermodifyProvider$fReadSessionType$fShowSessionType$fReadAssocType$fShowAssocType$fShowAssociation$fReadAssociation $fEqProvider$fShowProvider$fEqIdentifier$fShowIdentifier$fReadIdentifier $fShowError readMaybebreakssplitrollunrollbtwocopenidNSdefaultModulusreadM lookupParam readParam withResponse SSLHandle sslConnect$fStreamSSLHandlenormalizeIdentifiernormalizeIdentifier' makeRequest getRequest postRequestparseDirectResponse formatParamsformatDirectParams escapeParam addParams parseParamsdiscover AXFieldVal AXFieldTy AXBirthdateAXEmail AXFirstName AXFullNameAXGender AXLanguage AXLastName AXNicknameaxNameaxSpec axTyFromNameaxEmailRequired axExtParams axExtParams' getAxFields $fEqAXFieldTy$fShowAXFieldTy$fOrdAXFieldTy$fReadAXFieldTyAssociationManagerfindAssociationaddAssociationexpireexportAssociationsAssociationMapAMemptyAssociationMap"$fAssociationManagerAssociationMap$fShowAssociationMap$fReadAssociationMapsha1sha256CryptoHashFunctionshasha224sha384sha512showHMAC unsafeHMAChmac DHParamError PNotPrime PNotSafePrimeUnableToCheckGeneratorNotSuitableGeneratorDHParams dhPrivateKey dhPublicKey dhGenerator dhModulusModulus Generator newDHParams generateKey checkDHParams computeKey$fShowDHParams$fShowDHParamErrorencodeRawString formatOutput encodeRaw encodeRawPrimdecodeToStringdecode decodePrimAssocAssocEnv currentTime createParams associate associate'runAssoc associate_$fReaderMAssocAssocEnv$fExceptionMAssocError $fMonadTAssoc$fFunctorAssoc$fApplicativeAssoc $fMonadAssoc CheckIdMode ImmediateSetupauthenticationURIverifyAuthentication$fReadCheckIdMode$fShowCheckIdModetag findAttr'getTextparseXRD parseServicewrapwrapRead sslReadWhilehandleRedirect getAuthority discoverYADIS parseYADIS discoverHTML parseHTMLlinkTagshtmlTags splitAttrM defaultAlias extNamespaceextNamespacePrefixextMode_fetchRequestformatRequestFieldformatRequiredVal getAxFields' getAxAliashashWith EVP_MD_CTXEVP_MD c_EVP_sha256 c_EVP_sha1c_EVP_DigestFinal_exc_EVP_DigestUpdatec_EVP_DigestInit_exc_EVP_MD_CTX_destroyc_EVP_MD_CTX_createnumBytesBIGNUM c_BN_num_bits c_BN_free c_BN_bn2bin c_BN_bin2bn c_DH_free c_DH_size c_DH_checkc_DH_compute_keyc_DH_generate_keyc_DH_generate_parametersc_DH_newwithDH dhToDHParams codesToErrors withBIGNUMbin2bnbn2binencode3decoderdecode4toB64fromB64low6lowByte validPairingnewSessionTypeParamsdhPairshash decodeMacKeygetTime newParamsrecoverAssociationhandleAssociationmacHashparseProvider'getSignedFields verifyDirectverifyWithAssociation