aliquot 0.15.0 → 2.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 54635adaeefcc42d7fb42a854825fb7f88472ab34be2992813d899581f278969
-  data.tar.gz: 3f66d3b5d5cc20d3a58e0c0e64958906beee8e80f07af26a4868ad27efa68e2d
+  metadata.gz: 340c8e93be8733d7b403356c5d7b85f0f1b69466e8492f6750875f7d1b4b0332
+  data.tar.gz: 27bb764e594448851ddceaaf0e65afd0a8c7916b82cf65514f077ad67d65ac56
 SHA512:
-  metadata.gz: 23548bcc9c7e7a5ad77353bae8eab0283bd7593b3a9cf536298961d501a0b1b3181b722bf3e75ae0805d9c9dfa336d71a037ed5553eb57d0082b69a7e62aa60b
-  data.tar.gz: a14a66a56577b6de570fa4164f30d2ca96c3a23b5b6b915d136dfd7d825242c0ae6a403cc138ff97e26f76dcad1450ba67d8a733f7b45611141ba46241fafdb8
+  metadata.gz: 70e3dfd919b5b2dde76eb7025a6627b46f2462096a7a9ce747764315c8b612104be97a38c7c4e8f7b2d5927e807adf992dc4bd7c145d5e091c6a699c5fae4830
+  data.tar.gz: 58c0275b221f378289d417131eb3e84039be05183b09e0e00cdb0b5ad8450d59c28d859ec5242544ce6eedbd0b0a933b6ad82e4e3bd0fb3ae0d62041e9e44a8d

data/lib/aliquot/error.rb

@@ -29,5 +29,6 @@ module Aliquot
   # When shared_secret is invalid
   class InvalidSharedSecretError < Error; end
 
-  class InvalidMerchantIDError < Error; end
+  # When recipient_id is invalid
+  class InvalidRecipientIDError < Error; end
 end

data/lib/aliquot/payment.rb

@@ -10,29 +10,29 @@ module Aliquot
   ##
   # A Payment represents a single payment using Google Pay.
   # It is used to verify/decrypt the supplied token by using the shared secret,
-  # thus avoiding having knowledge of merchant primary keys.
+  # thus avoiding having knowledge of any private keys involved.
   class Payment
     SUPPORTED_PROTOCOL_VERSIONS = %w[ECv1 ECv2].freeze
     ##
     # Parameters:
     # token_string::  Google Pay token (JSON string)
     # shared_secret:: Base64 encoded shared secret
-    # merchant_id::   Google Pay merchant ID
+    # recipient_id::   Google Pay recipient ID
     # signing_keys::  Signing keys fetched from Google
-    def initialize(token_string, shared_secret, merchant_id,
+    def initialize(token_string, shared_secret, recipient_id,
                    signing_keys: ENV['GOOGLE_SIGNING_KEYS'])
 
       begin
         validation = Aliquot::Validator::Token.new(JSON.parse(token_string))
         validation.validate
       rescue JSON::JSONError => e
-        raise InputError, "invalid token JSON, #{e.message}"
+        raise InputError, "token JSON is invalid, #{e.message}"
       end
 
       @token = validation.output
 
       @shared_secret = shared_secret
-      @merchant_id   = merchant_id
+      @recipient_id   = recipient_id
       @signing_keys  = signing_keys
     end
 
@@ -43,13 +43,13 @@ module Aliquot
         raise Error, "supported protocol versions are #{SUPPORTED_PROTOCOL_VERSIONS.join(', ')}"
       end
 
-      @recipient_id = validate_merchant_id
+      @recipient_id = validate_recipient_id
 
       check_shared_secret
 
       if protocol_version == 'ECv2'
         @intermediate_key = validate_intermediate_key
-        raise InvalidSignatureError, 'intermediate certificate has expired' if intermediate_key_expired?
+        raise InvalidSignatureError, 'intermediate certificate is expired' if intermediate_key_expired?
       end
 
       check_signature
@@ -59,22 +59,22 @@ module Aliquot
       begin
         aes_key, mac_key = derive_keys(@signed_message[:ephemeralPublicKey], @shared_secret, 'Google')
       rescue => e
-        raise KeyDerivationError, "unable to derive keys, #{e.message}"
+        raise KeyDerivationError, "cannot derive keys, #{e.message}"
       end
 
-      raise InvalidMacError, 'MAC did not match' unless valid_mac?(mac_key)
+      raise InvalidMacError, 'MAC does not match' unless valid_mac?(mac_key)
 
       begin
         @message = JSON.parse(decrypt(aes_key, @signed_message[:encryptedMessage]))
       rescue JSON::JSONError => e
-        raise InputError, "invalid encryptedMessage JSON, #{e.message}"
+        raise InputError, "encryptedMessage JSON is invalid, #{e.message}"
       rescue => e
         raise DecryptionError, "decryption failed, #{e.message}"
       end
 
       @message = validate_message
 
-      raise TokenExpiredError, 'token has expired' if expired?
+      raise TokenExpiredError, 'token is expired' if expired?
 
       @message
     end
@@ -102,9 +102,10 @@ module Aliquot
       @intermediate_key[:keyExpiration].to_i < cur_millis
     end
 
-    def validate_merchant_id
-      raise InvalidMerchantIDError unless /\A[[:graph:]]+\z/ =~ @merchant_id
-      "merchant:#{@merchant_id}"
+    def validate_recipient_id
+      raise InvalidRecipientIDError, 'recipient_id must be alphanumeric and punctuation' unless /\A[[:graph:]]+\z/ =~ @recipient_id
+
+      @recipient_id
     end
 
     def check_shared_secret
@@ -133,7 +134,7 @@ module Aliquot
             key.verify(new_digest, message_signature, signed_string_message)
           end.any?
 
-        raise InvalidSignatureError, 'signature of signedMessage did not match' unless success
+        raise InvalidSignatureError, 'signature of signedMessage does not match' unless success
       when 'ECv2'
         signed_key_signature = ['Google', 'ECv2', @token[:intermediateSigningKey][:signedKey]].map do |str|
           [str.length].pack('V') + str
@@ -141,7 +142,7 @@ module Aliquot
 
         # Check that the intermediate key signed the message
         pkey = OpenSSL::PKey::EC.new(Base64.strict_decode64(@intermediate_key[:keyValue]))
-        raise InvalidSignatureError, 'signature of signedMessage did not match' unless pkey.verify(new_digest, message_signature, signed_string_message)
+        raise InvalidSignatureError, 'signature of signedMessage does not match' unless pkey.verify(new_digest, message_signature, signed_string_message)
 
         intermediate_signatures = @token[:intermediateSigningKey][:signatures]
 
@@ -152,7 +153,7 @@ module Aliquot
           signed_key_signature
         )
 
-        raise InvalidSignatureError, 'no valid signature of intermediate key found' unless success
+        raise InvalidSignatureError, 'no valid signature of intermediate key' unless success
       end
     rescue OpenSSL::PKey::PKeyError => e
       # Catches problems with verifying signature. Can be caused by signature

data/lib/aliquot/validator.rb

@@ -9,143 +9,221 @@ module Aliquot
   module Validator
     # Verified according to:
     # https://developers.google.com/pay/api/web/guides/resources/payment-data-cryptography#payment-method-token-structure
-    module Predicates
-      include Dry::Logic::Predicates
-
-      CUSTOM_PREDICATE_ERRORS = {
-        base64?:          'must be Base64',
-        pan?:             'must be a pan',
-        ec_public_key?:   'must be an EC public key',
-        eci?:             'must be an ECI',
-        json_string?:     'must be valid JSON',
-        integer_string?:  'must be string encoded integer',
-        month?:           'must be a month (1..12)',
-        year?:            'must be a year (2000..3000)',
-        base64_asn1?:     'must be base64 encoded asn1 value',
-
-        authMethodCryptogram3DS: 'authMethod CRYPTOGRAM_3DS requires eciIndicator',
-        authMethodCard:          'eciIndicator/cryptogram must be omitted when PAN_ONLY',
-      }.freeze
-
-      # Support Ruby 2.3, but use the faster #match? when available.
-      match_b = ''.respond_to?(:match?) ? ->(s, re) { s.match?(re) } : ->(s, re) { !!(s =~ re) }
-
-      def self.to_bool(lbd)
-        lbd.call
-        true
-      rescue
-        false
-      end
 
-      predicate(:base64?) do |x|
-        str?(x) &&
-          match_b.call(x, /\A[=A-Za-z0-9+\/]*\z/) && # allowable chars
-          x.length.remainder(4).zero? && # multiple of 4
-          !match_b.call(x, /=[^$=]/) && # may only end with ='s
-          !match_b.call(x, /===/) # at most 2 ='s
+    CUSTOM_ERRORS = {
+      base64?:         'must be Base64',
+      pan?:            'must be a PAN',
+      ec_public_key?:  'must be an EC public key',
+      eci?:            'must be an ECI',
+      integer_string?: 'must be string encoded integer',
+      month?:          'must be a month (1..12)',
+      year?:           'must be a year (2000..3000)',
+      base64_asn1?:    'must be base64-encoded ANS.1 value',
+      json?:           'must be valid JSON',
+
+      is_authMethodCryptogram3DS: 'authMethod CRYPTOGRAM_3DS requires eciIndicator',
+      is_authMethodCard:          'eciIndicator/cryptogram must be omitted when PAN_ONLY',
+    }.freeze
+
+    def self.base64_check(value)
+      /\A[=A-Za-z0-9+\/]*\z/.match?(value) && # allowable chars
+        value.length.remainder(4).zero? && # multiple of 4
+        !/=[^$=]/.match?(value) && # may only end with ='s
+        !/===/.match?(value) # at most 2 ='s
+    end
+
+    Dry::Validation.register_macro(:base64?) do
+      if key?
+        unless Aliquot::Validator.base64_check(value)
+          key.failure(CUSTOM_ERRORS[:base64?])
+        end
       end
+    end
 
-      # We should figure out how strict we should be. Hopefully we can discard
-      # the above Base64? predicate and use the following simpler one:
-      #predicate(:strict_base64?) { |x| !!Base64.strict_decode64(x) rescue false }
+    def self.ans1_check(value)
+      OpenSSL::ASN1.decode(Base64.strict_decode64(value)) rescue false
+    end
 
-      predicate(:pan?) { |x| match_b.call(x, /\A[1-9][0-9]{11,18}\z/) }
+    Dry::Validation.register_macro(:base64_asn1?) do
+      if key?
+        unless Aliquot::Validator.ans1_check(value)
+          key.failure(CUSTOM_ERRORS[:base64_asn1?])
+        end
+      end
+    end
 
-      predicate(:eci?) { |x| str?(x) && match_b.call(x, /\A\d{1,2}\z/) }
+    Dry::Validation.register_macro(:pan?) do
+      if key?
+        unless /\A[1-9][0-9]{11,18}\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:pan?])
+        end
+      end
+    end
 
-      predicate(:ec_public_key?) { |x| base64?(x) && OpenSSL::PKey::EC.new(Base64.decode64(x)).check_key rescue false }
+    Dry::Validation.register_macro(:ec_public_key?) do
+      if key?
+        begin
+          OpenSSL::PKey::EC.new(Base64.decode64(value)).check_key
+        rescue
+          key.failure(CUSTOM_ERRORS[:ec_public_key?])
+        end
+      end
+    end
 
-      predicate(:json_string?) { |x| !!JSON.parse(x) rescue false }
+    Dry::Validation.register_macro(:eci?) do
+      if key?
+        unless /\A\d{1,2}\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:eci?])
+        end
+      end
+    end
 
-      predicate(:integer_string?) { |x| str?(x) && match_b.call(x, /\A\d+\z/) }
+    Dry::Validation.register_macro(:integer_string?) do
+      if key?
+        unless /\A\d+\z/.match?(value)
+          key.failure(CUSTOM_ERRORS[:integer_string?])
+        end
+      end
+    end
 
-      predicate(:month?) { |x| x.between?(1, 12) }
+    Dry::Validation.register_macro(:json?) do
+      if key?
+        json = JSON.parse(value) rescue false
+        key.failure(CUSTOM_ERRORS[:json?]) unless json
+      end
+    end
 
-      predicate(:year?) { |x| x.between?(2000, 3000) }
+    Dry::Validation.register_macro(:month?) do
+      if key?
+        unless value.between?(1, 12)
+          key.failure(CUSTOM_ERRORS[:month?])
+        end
+      end
+    end
 
-      predicate(:base64_asn1?) { |x| OpenSSL::ASN1.decode(Base64.strict_decode64(x)) rescue false }
+    Dry::Validation.register_macro(:year?) do
+      if key?
+        unless value.between?(2000, 3000)
+          key.failure(CUSTOM_ERRORS[:year?])
+        end
+      end
     end
 
-    # Base for DRY-Validation schemas used in Aliquot.
-    class BaseSchema < Dry::Validation::Schema::JSON
-      predicates(Predicates)
-      def self.messages
-        super.merge(en: { errors: Predicates::CUSTOM_PREDICATE_ERRORS })
+    class SignedKeyContract < Dry::Validation::Contract
+      json do
+        required(:keyExpiration).filled(:str?)
+        required(:keyValue).filled(:str?)
       end
+      rule(:keyExpiration).validate(:integer_string?)
+      rule(:keyValue).validate(:ec_public_key?)
     end
 
-    # Schema used for the 'intermediateSigningKey' hash included in ECv2.
-    IntermediateSigningKeySchema = Dry::Validation.Schema(BaseSchema) do
-      required(:signedKey).filled(:str?, :json_string?)
+    SignedKeySchema = SignedKeyContract.new
 
-      # TODO: Check if elements of array are valid signatures
-      required(:signatures).filled(:array?) { each { base64? & base64_asn1? } }
+    # Schema used for the 'intermediateSigningKey' hash included in ECv2.
+    class IntermediateSigningKeyContract < Dry::Validation::Contract
+      json do
+        required(:signedKey).filled(:str?)
+        required(:signatures).array(:str?)
+      end
+      rule(:signedKey).validate(:json?)
+      rule(:signatures).each do
+        key.failure('must be Base64') unless Aliquot::Validator.base64_check(value) &&
+          Aliquot::Validator.ans1_check(value)
+      end
     end
 
-    SignedKeySchema = Dry::Validation.Schema(BaseSchema) do
-      required(:keyExpiration).filled(:integer_string?)
-      required(:keyValue).filled(:ec_public_key?)
-    end
+    IntermediateSigningKeySchema = IntermediateSigningKeyContract.new
 
     # DRY-Validation schema for Google Pay token
-    TokenSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:signature).filled(:str?, :base64?, :base64_asn1?)
-
-      # Currently supposed to be ECv1, but may evolve.
-      required(:protocolVersion).filled(:str?)
-      required(:signedMessage).filled(:str?, :json_string?)
-
-      optional(:intermediateSigningKey).schema(IntermediateSigningKeySchema)
+    class TokenContract < Dry::Validation::Contract
+      json do
+        required(:signature).filled(:str?)
+        required(:signedMessage).filled(:str?)
+        required(:protocolVersion).filled(:str?)
+        optional(:intermediateSigningKey).hash(IntermediateSigningKeyContract.new.schema)
+      end
+      rule(:signature).validate(:base64?, :base64_asn1?)
+      rule(:signedMessage).validate(:json?)
 
-      rule('ECv2 implies intermediateSigningKey': %i[protocolVersion intermediateSigningKey]) do |version, intermediatekey|
-        version.eql?('ECv2') > intermediatekey.filled?
+      rule(:intermediateSigningKey) do
+        key.failure('is missing') if 'ECv2'.eql?(values[:protocolVersion]) &&
+          values[:intermediateSigningKey].nil?
       end
     end
 
+    TokenSchema = TokenContract.new
+
     # DRY-Validation schema for signedMessage component Google Pay token
-    SignedMessageSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:encryptedMessage).filled(:str?, :base64?)
-      required(:ephemeralPublicKey).filled(:str?, :base64?).value(size?: 44)
-      required(:tag).filled(:str?, :base64?)
+    class SignedMessageContract < Dry::Validation::Contract
+      json do
+        required(:encryptedMessage).filled(:str?)
+        required(:ephemeralPublicKey).filled(:str?)
+        required(:tag).filled(:str?)
+      end
+      rule(:encryptedMessage).validate(:base64?)
+      rule(:ephemeralPublicKey).validate(:base64?)
+      rule(:tag).validate(:base64?)
     end
 
-    # DRY-Validation schema for paymentMethodDetails component Google Pay token
-    PaymentMethodDetailsSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:pan).filled(:integer_string?, :pan?)
-      required(:expirationMonth).filled(:int?, :month?)
-      required(:expirationYear).filled(:int?, :year?)
-      required(:authMethod).filled(:str?, included_in?: %w[PAN_ONLY CRYPTOGRAM_3DS])
-
-      optional(:cryptogram).filled(:str?)
-      optional(:eciIndicator).filled(:str?, :eci?)
+    SignedMessageSchema = SignedMessageContract.new
 
-      rule('when authMethod is CRYPTOGRAM_3DS, cryptogram': %i[authMethod cryptogram]) do |method, cryptogram|
-        method.eql?('CRYPTOGRAM_3DS') > cryptogram.filled?
+    # DRY-Validation schema for paymentMethodDetails component Google Pay token
+    class PaymentMethodDetailsContract < Dry::Validation::Contract
+      json do
+        required(:pan).filled(:str?)
+        required(:expirationMonth).filled(:int?)
+        required(:expirationYear).filled(:int?)
+        required(:authMethod).filled(:str?, included_in?: %w[PAN_ONLY CRYPTOGRAM_3DS])
+
+        optional(:cryptogram).filled(:str?)
+        optional(:eciIndicator).filled(:str?)
+      end
+      rule(:pan).validate(:integer_string?, :pan?)
+      rule(:expirationMonth).validate(:month?)
+      rule(:expirationYear).validate(:year?)
+      rule(:eciIndicator).validate(:eci?)
+
+      rule(:cryptogram) do
+        key.failure('is missing') if 'CRYPTOGRAM_3DS'.eql?(values[:authMethod]) &&
+          values[:cryptogram].nil?
       end
 
-      rule('when authMethod is PAN_ONLY, eciIndicator': %i[authMethod eciIndicator]) do |method, eci|
-        method.eql?('PAN_ONLY').then(eci.none?)
+      rule(:cryptogram) do
+        key.failure('cannot be defined') if 'PAN_ONLY'.eql?(values[:authMethod]) &&
+          !values[:cryptogram].nil?
       end
 
-      rule('when authMethod is PAN_ONLY, cryptogram': %i[authMethod cryptogram]) do |method, cryptogram|
-        method.eql?('PAN_ONLY').then(cryptogram.none?)
+      rule(:eciIndicator) do
+        key.failure('cannot be defined') if 'PAN_ONLY'.eql?(values[:authMethod]) &&
+          !values[:eciIndicator].nil?
       end
     end
 
+    PaymentMethodDetailsSchema = PaymentMethodDetailsContract.new
+
     # DRY-Validation schema for encryptedMessage component Google Pay token
-    EncryptedMessageSchema = Dry::Validation.Schema(BaseSchema) do
-      required(:messageExpiration).filled(:str?, :integer_string?)
-      required(:messageId).filled(:str?)
-      required(:paymentMethod).filled(:str?, eql?: 'CARD')
-      required(:paymentMethodDetails).schema(PaymentMethodDetailsSchema)
+    class EncryptedMessageContract < Dry::Validation::Contract
+      json do
+        required(:messageExpiration).filled(:str?)
+        required(:messageId).filled(:str?)
+        required(:paymentMethod).filled(:str?)
+        required(:paymentMethodDetails).filled(:hash).schema(PaymentMethodDetailsContract.schema)
+      end
+      rule(:messageExpiration).validate(:integer_string?)
+      rule(:paymentMethod) do
+        key.failure('must be equal to CARD') unless 'CARD'.eql?(value)
+      end
     end
 
+    EncryptedMessageSchema = EncryptedMessageContract.new
+
     module InstanceMethods
       attr_reader :output
 
       def validate
         @validation ||= @schema.call(@input)
-        @output = @validation.output
+        @output = @validation.to_h
         return true if @validation.success?
         raise Aliquot::ValidationError, "validation error(s), #{errors_formatted}"
       end
@@ -176,7 +254,9 @@ module Aliquot
     # Class for validating a Google Pay token
     class Token
       include InstanceMethods
+
       class Error < ::Aliquot::Error; end
+
       def initialize(input)
         @input = input
         @schema = TokenSchema
@@ -186,7 +266,9 @@ module Aliquot
     # Class for validating the SignedMessage component of a Google Pay token
     class SignedMessage
       include InstanceMethods
+
       class Error < ::Aliquot::Error; end
+
       def initialize(input)
         @input = input
         @schema = SignedMessageSchema
@@ -196,7 +278,9 @@ module Aliquot
     # Class for validating the encryptedMessage component of a Google Pay token
     class EncryptedMessageValidator
       include InstanceMethods
+
       class Error < ::Aliquot::Error; end
+
       def initialize(input)
         @input = input
         @schema = EncryptedMessageSchema
@@ -205,7 +289,9 @@ module Aliquot
 
     class SignedKeyValidator
       include InstanceMethods
+
       class Error < ::Aliquot::Error; end
+
       def initialize(input)
         @input = input
         @schema = SignedKeySchema

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aliquot
 version: !ruby/object:Gem::Version
-  version: 0.15.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Clearhaus
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-17 00:00:00.000000000 Z
+date: 2022-09-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-validation
@@ -16,56 +16,84 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: excon
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.71.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.71.0
 - !ruby/object:Gem::Dependency
   name: hkdf
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.3'
 - !ruby/object:Gem::Dependency
   name: aliquot-pay
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.12.0
+        version: 2.1.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.12.0
+        version: 2.1.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -80,6 +108,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email: hello@clearhaus.com
 executables: []
@@ -100,16 +142,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - "~>"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.2
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Validates Google Pay tokens