firebase_id_token 2.3.1 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 536ac169a34db614f7501d80d974dbd9048a917bb3c0887b6e16f90381772b61
-  data.tar.gz: 83e7a5258af798b479f1a9eea253e4d0dfae6cac5aa0f003787973abb87dc28d
+  metadata.gz: d323f3f19f0e2cfa9f511adac526f38261ee28386d4abc210a22e26358008143
+  data.tar.gz: 82095062bbd88ebfe9ddbee3f769f2bc9e4fb0b9289fa673f4bf81d6a24132d0
 SHA512:
-  metadata.gz: 1e721876bcfa5f946236d42461bae05365adbfe61c37fd744029fc1e2b27b3c1fe22bc20bf850a6a23fbd18d4e45f2a2572190a76fc86ef5ad022f689ace8d6a
-  data.tar.gz: d06b0c0f60dc2dfe15762ba19fc9ef9549f3efcd46bc124ab0572ba992993fdd06cfd59a3aea8c0708d56916eba3551dade16026ee57fa7ddd1fe103fbf48d5c
+  metadata.gz: 5d056894ee1051fb9ccb0984624282805f153aca7e9bb41b5d3b39a93b749150311e45e11f7e182fdb4ee1814bea722a5fc49ddb975394f319edb3bbea7424d6
+  data.tar.gz: 998d1b74cdf9b036892e12ab9e7c271417ead8d18c6bbb8dcea04ea555c4fe6a856b79840872676c4aa530726132826f795c686ba5096502004a22ab7df82751

data/.travis.yml

@@ -1,7 +1,7 @@
 sudo: false
 language: ruby
 rvm:
-  - 2.4.0
-before_install: gem install bundler -v 1.14.6
+  - 2.6.3
+before_install: gem install bundler -v 1.17.2
 services:
   - redis-server

data/CHANGELOG.md

@@ -0,0 +1,121 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [2.5.0] - 2022-04-13
+
+### Fixed
+- Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile [CVE-2021-43809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43809).
+- Dependency Confusion in Bundler [CVE-2020-36327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36327).
+- Insecure path handling in Bundler [CVE-2019-3881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3881).
+
+### Changed
+- Using Bundler 2.3.11.
+- Using `Time.current` instead of `Time.now` to work with timezones [PR 34](https://github.com/fschuindt/firebase_id_token/pull/34).
+- Caching certificates on memory using `Thread` to avoid unnecessary calls into Redis [PR 33](https://github.com/fschuindt/firebase_id_token/pull/33).
+
+## [2.4.0] - 2020-05-02
+
+### Fixed
+- Rake development dependency vulnerability [CVE-2020-8130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8130).
+
+### Changed
+- Using Bundler 1.17.2.
+
+### Added
+- Ability to raise errors when verifying tokens.
+- `FirebaseIdToken::Certificates.find!` method.
+- `FirebaseIdToken::Signatures.verify!` method.
+- `FirebaseIdToken::Exceptions::CertificateNotFound` exception.
+- `:raise_error` option to `FirebaseIdToken::Signature.verify`.
+- `CHANGELOG.md` file.
+
+## [2.3.2] - 2020-02-15
+
+### Fixed
+- Certificate fixture not accessible when packing Gem into Rails application.
+
+### Changed
+- Bumped Bundler version to 1.14.
+
+## [2.3.1] - 2019-08-13
+
+### Fixed
+- Certificate fixture reading issue.
+
+### Added
+- Test mode.
+- Test mode documentation.
+
+## [2.3.0] - 2018-06-18
+
+### Changed
+- Started to use [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+- Runtime dependencies versions upgraded.
+- Use Redis `>= 3.3.3`.
+
+## [2.2.0] - 2018-05-21
+*Nothing tracked, release skipped.*
+
+## [2.1.0] - 2018-04-09
+
+### Fixed
+- `FirebaseIdToken::Signature.verify` now returns `nil` for newly issued tokens.
+
+## [2.0.0] - 2017-12-09
+
+### Fixed
+- Typo on Rake task `force_request` name.
+
+## [1.3.0] - 2017-09-15
+
+### Changed
+- Renamed `Certificates.request_anyway` to `Certificates.request!` (`Certificates.request_anyway` was kept for backwards compatibility.
+
+### Fixed
+- Documentaiton typos.
+- Initializer typos.
+
+## [1.2.2] - 2017-04-29
+
+### Changed
+- Recommended people to use cron tasks instead of background jobs.
+- Set certificates TTL based on cache-control's max-age.
+- Documentation now warns about request during application start in Rails.
+
+### Fixed
+- Documentation typos.
+
+## [1.2.1] - 2017-04-27
+
+### Changed
+- Small improvements on documentation.
+
+## [1.2.0] - 2017-04-26
+
+### Changed
+- The Gem was marked as "ready to use".
+
+## [1.1.0] - 2017-04-26
+*Nothing tracked.*
+
+## [1.0.0] - 2017-04-26
+*Version removed.*
+
+## [0.1.0] - 2017-04-23
+*Version removed.*
+
+[2.5.0]: https://github.com/fschuindt/firebase_id_token/compare/2.4.0...2.5.0
+[2.4.0]: https://github.com/fschuindt/firebase_id_token/compare/2.3.2...2.4.0
+[2.3.2]: https://github.com/fschuindt/firebase_id_token/compare/2.3.1...2.3.2
+[2.3.1]: https://github.com/fschuindt/firebase_id_token/compare/2.3.0...2.3.1
+[2.3.0]: https://github.com/fschuindt/firebase_id_token/compare/2.0.0...2.3.0
+[2.1.0]: https://github.com/fschuindt/firebase_id_token/compare/2.0.0...2.1.0
+[2.0.0]: https://github.com/fschuindt/firebase_id_token/compare/1.3.0...2.0.0
+[1.3.0]: https://github.com/fschuindt/firebase_id_token/compare/1.2.2...1.3.0
+[1.2.2]: https://github.com/fschuindt/firebase_id_token/compare/1.2.1...1.2.2
+[1.2.1]: https://github.com/fschuindt/firebase_id_token/compare/1.2.0...1.2.1

data/README.md

@@ -29,7 +29,7 @@ gem install firebase_id_token
 
 or in your Gemfile
 ```
-gem 'firebase_id_token', '~> 2.3.1'
+gem 'firebase_id_token', '~> 2.5.0'
 ```
 then
 ```

data/docker-compose.yml

@@ -0,0 +1,9 @@
+version: '3'
+
+services:
+  redis:
+    image: redis:5-alpine
+    ports:
+      - "6379:6379"
+    expose:
+      - 6379

data/firebase_id_token.gemspec

@@ -17,15 +17,13 @@ Gem::Specification.new do |spec|
   spec.homepage      = 'https://github.com/fschuindt/firebase_id_token'
   spec.license       = 'MIT'
 
-  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
-  end
+  spec.files         = `git ls-files -z`.split("\x0")
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 1.14'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'bundler', '~> 2.3', '>= 2.3.11'
+  spec.add_development_dependency 'rake', '~> 12.3', '>= 12.3.3'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'redcarpet', '~> 3.4', '>= 3.4.0'
   spec.add_development_dependency 'simplecov', '~> 0.14.1'

data/lib/firebase_id_token/certificates.rb

@@ -111,13 +111,34 @@ module FirebaseIdToken
     #   FirebaseIdToken::Certificates.request
     #   cert = FirebaseIdToken::Certificates.find "1d6d01f4w7d54c7[...]"
     #   #=> <OpenSSL::X509::Certificate: subject=#<OpenSSL [...]
-    def self.find(kid)
+    def self.find(kid, raise_error: false)
       certs = new.local_certs
       raise Exceptions::NoCertificatesError if certs.empty?
 
-      if certs[kid]
-        OpenSSL::X509::Certificate.new certs[kid]
-      end
+      return OpenSSL::X509::Certificate.new certs[kid] if certs[kid]
+
+      return unless raise_error
+
+      raise Exceptions::CertificateNotFound,
+        "Unable to find a certificate with `#{kid}`."
+    end
+
+    # Returns a `OpenSSL::X509::Certificate` object of the requested Key ID
+    # (KID) if there's one.
+    #
+    # @raise {Exceptions::CertificateNotFound} if it cannot be found.
+    #
+    # @raise {Exceptions::NoCertificatesError} if the Redis certificates
+    # database is empty.
+    #
+    # @param [String] kid Key ID
+    # @return [OpenSSL::X509::Certificate]
+    # @example
+    #   FirebaseIdToken::Certificates.request
+    #   cert = FirebaseIdToken::Certificates.find! "1d6d01f4w7d54c7[...]"
+    #   #=> <OpenSSL::X509::Certificate: subject=#<OpenSSL [...]
+    def self.find!(kid)
+      find(kid, raise_error: true)
     end
 
     # Returns the current certificates TTL (Time-To-Live) in seconds. *Zero

data/lib/firebase_id_token/exceptions/certificate_not_found.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module FirebaseIdToken
+  module Exceptions
+    # @see FirebaseIdToken::Certificates.find!
+    class CertificateNotFound < StandardError; end
+  end
+end

data/lib/firebase_id_token/signature.rb

@@ -42,9 +42,25 @@ module FirebaseIdToken
     # Note that it will raise a {Exceptions::NoCertificatesError} if the Redis
     # certificates database is empty. Ensure to call {Certificates.request}
     # before, ideally in a background job if you are using Rails.
+    #
+    # If you would like this to raise and error, rather than silently failing,
+    # you can with the `raise_error` parameter. Example:
+    #
+    #   FirebaseIdToken::Signature
+    #     .verify(token, raise_error: Rails.env.development?)
+    #
+    # @param raise_error [Boolean] default: false
     # @return [nil, Hash]
-    def self.verify(jwt_token)
-      new(jwt_token).verify
+    def self.verify(jwt_token, raise_error: false)
+      new(jwt_token, raise_error: raise_error).verify
+    end
+
+    # Equivalent to `.verify(jwt_token, raise_error: true)`.
+    #
+    # @see {Signature.verify}
+    # @return [Hash]
+    def self.verify!(jwt_token)
+      new(jwt_token, raise_error: true).verify
     end
 
     attr_accessor :firebase_id_token_certificates
@@ -52,21 +68,34 @@ module FirebaseIdToken
     # Loads attributes: `:project_ids` from {FirebaseIdToken::Configuration},
     # and `:kid`, `:jwt_token` from the related `jwt_token`.
     # @param [String] jwt_token Firebase ID Token
-    def initialize(jwt_token)
+    def initialize(jwt_token, raise_error: false)
+      @raise_error = raise_error
       @project_ids = FirebaseIdToken.configuration.project_ids
       @kid = extract_kid(jwt_token)
       @jwt_token = jwt_token
       @firebase_id_token_certificates = FirebaseIdToken.configuration.certificates
-
     end
 
     # @see Signature.verify
     def verify
-      certificate = firebase_id_token_certificates.find(@kid)
-      if certificate
-        payload = decode_jwt_payload(@jwt_token, certificate.public_key)
-        authorize payload
+      var_name = :_firebase_id_token_cert
+      Thread.current[var_name] ||= {
+        cert: nil,
+        expires_at: Time.now.utc - 1
+      }
+
+      if Thread.current[var_name][:expires_at] <= Time.now.utc
+        Thread.current[var_name] = {
+          cert: firebase_id_token_certificates.find(@kid, raise_error: @raise_error),
+          expires_at: Time.now.utc + firebase_id_token_certificates.ttl
+        }
       end
+
+      certificate = Thread.current[var_name][:cert]
+      return unless certificate
+
+      payload = decode_jwt_payload(@jwt_token, certificate.public_key)
+      authorize payload
     end
 
     private
@@ -74,13 +103,17 @@ module FirebaseIdToken
     def extract_kid(jwt_token)
       JWT.decode(jwt_token, nil, false).last['kid']
     rescue StandardError
-      'none'
+      return 'none' unless @raise_error
+
+      raise
     end
 
     def decode_jwt_payload(token, cert_key)
       JWT.decode(token, cert_key, true, JWT_DEFAULTS).first
     rescue StandardError
-      nil
+      return nil unless @raise_error
+
+      raise
     end
 
     def authorize(payload)
@@ -97,8 +130,8 @@ module FirebaseIdToken
     end
 
     def still_valid?(payload)
-      payload['exp'].to_i > Time.now.to_i &&
-      payload['iat'].to_i <= Time.now.to_i
+      payload['exp'].to_i > Time.current.to_i &&
+      payload['iat'].to_i <= Time.current.to_i
     end
 
     def issuer_authorized?(payload)

data/lib/firebase_id_token/testing/certificates.rb

@@ -12,10 +12,10 @@ module FirebaseIdToken
     # + {Certificates.private_key}
     # + {Certificates.certificate}
     class Certificates
-      # `.find` is stabbed to always return the same certificate.
+      # `.find` is stubbed to always return the same certificate.
       # @param [String] kid Key ID
       # @return [nil, OpenSSL::X509::Certificate]
-      def self.find(kid)
+      def self.find(kid, raise_error: false)
         cert = certificate
         OpenSSL::X509::Certificate.new cert
       end
@@ -80,6 +80,10 @@ module FirebaseIdToken
           )
         )
       end
+
+      def self.ttl
+        10
+      end
     end
   end
 end

data/lib/firebase_id_token/version.rb

@@ -1,3 +1,3 @@
 module FirebaseIdToken
-  VERSION = '2.3.1'
+  VERSION = '2.5.0'
 end

data/lib/firebase_id_token.rb

@@ -7,6 +7,7 @@ require 'firebase_id_token/version'
 require 'firebase_id_token/exceptions/no_certificates_error'
 require 'firebase_id_token/exceptions/certificates_request_error'
 require 'firebase_id_token/exceptions/certificates_ttl_error'
+require 'firebase_id_token/exceptions/certificate_not_found'
 require 'firebase_id_token/configuration'
 require 'firebase_id_token/certificates'
 require 'firebase_id_token/signature'
@@ -49,7 +50,7 @@ module FirebaseIdToken
 
   def self.configuration
     @configuration ||= Configuration.new
-  end 
+  end
 
   # Resets Configuration to defaults.
   def self.reset

data/spec/firebase_id_token/certificates_spec.rb

@@ -0,0 +1,164 @@
+require 'spec_helper'
+
+module FirebaseIdToken
+  describe Certificates do
+    let (:redis) { Redis::Namespace.new 'firebase_id_token', redis: Redis.new }
+    let (:certs) { File.read('spec/fixtures/files/certificates.json') }
+    let (:cache) { 'public, max-age=19302, must-revalidate, no-transform' }
+    let (:low_cache) { 'public, max-age=2160, must-revalidate, no-transform' }
+    let (:kid) { JSON.parse(certs).first[0] }
+    let (:expires_in) { (DateTime.now + (5/24r)).to_s }
+    let (:response) { double }
+
+    let (:mock_response) {
+      allow(response).to receive(:code) { 200 }
+      allow(response).to receive(:headers) { { 'cache-control' => cache } }
+      allow(response).to receive(:body) { certs }
+    }
+
+    let(:mock_request) {
+      mock_response
+      allow(HTTParty).to receive(:get).
+        with(an_instance_of(String)) { response }
+    }
+
+    before :each do
+      redis.del 'certificates'
+      mock_request
+    end
+
+    describe '#request' do
+      it 'requests certificates when Redis database is empty' do
+        expect(HTTParty).to receive(:get).
+          with(FirebaseIdToken::Certificates::URL)
+        described_class.request
+      end
+
+      it 'does not requests certificates when Redis database is written' do
+        expect(HTTParty).to receive(:get).
+          with(FirebaseIdToken::Certificates::URL).once
+        2.times { described_class.request }
+      end
+    end
+
+    describe '#request!' do
+      it 'always requests certificates' do
+        expect(HTTParty).to receive(:get).
+          with(FirebaseIdToken::Certificates::URL).twice
+        2.times { described_class.request! }
+      end
+
+      it 'sets the certificate expiration time as Redis TTL' do
+        described_class.request!
+        expect(redis.ttl('certificates')).to be > 3600
+      end
+
+      it 'raises a error when certificates expires in less than 1 hour' do
+        allow(response).to receive(:headers) {{'cache-control' => low_cache}}
+        expect{ described_class.request! }.
+          to raise_error(Exceptions::CertificatesTtlError)
+      end
+
+      it 'raises a error when HTTP response code is other than 200' do
+        allow(response).to receive(:code) { 401 }
+        expect{ described_class.request! }.
+          to raise_error(Exceptions::CertificatesRequestError)
+      end
+    end
+
+    describe '#request_anyway' do
+      it 'also requests certificates' do
+        expect(HTTParty).to receive(:get).
+          with(FirebaseIdToken::Certificates::URL)
+
+        described_class.request_anyway
+      end
+    end
+
+    describe '.present?' do
+      it 'returns false when Redis database is empty' do
+        expect(described_class.present?).to be(false)
+      end
+
+      it 'returns true when Redis database is written' do
+        described_class.request
+        expect(described_class.present?).to be(true)
+      end
+    end
+
+    describe '.all' do
+      context 'before requesting certificates' do
+        it 'returns a empty Array' do
+          expect(described_class.all).to eq([])
+        end
+      end
+
+      context 'after requesting certificates' do
+        it 'returns a array of hashes: String keys' do
+          described_class.request
+          expect(described_class.all.first.keys[0]).to be_a(String)
+        end
+
+        it 'returns a array of hashes: OpenSSL::X509::Certificate values' do
+          described_class.request
+          expect(described_class.all.first.values[0]).
+            to be_a(OpenSSL::X509::Certificate)
+        end
+      end
+    end
+
+    describe '.find' do
+      context 'without certificates in Redis database' do
+        it 'raises a exception' do
+          expect{ described_class.find(kid)}.
+            to raise_error(Exceptions::NoCertificatesError)
+        end
+      end
+
+      context 'with certificates in Redis database' do
+        it 'returns a OpenSSL::X509::Certificate when it finds the kid' do
+          described_class.request
+          expect(described_class.find(kid)).to be_a(OpenSSL::X509::Certificate)
+        end
+
+        it 'returns nil when it can not find the kid' do
+          described_class.request
+          expect(described_class.find('')).to be(nil)
+        end
+      end
+    end
+
+    describe '.find!' do
+      context 'without certificates in Redis database' do
+        it 'raises a exception' do
+          expect{ described_class.find!(kid)}.
+            to raise_error(Exceptions::NoCertificatesError)
+        end
+      end
+      context 'with certificates in Redis database' do
+        it 'returns a OpenSSL::X509::Certificate when it finds the kid' do
+          described_class.request
+          expect(described_class.find!(kid)).to be_a(OpenSSL::X509::Certificate)
+        end
+
+        it 'raises a CertificateNotFound error when it can not find the kid' do
+          described_class.request
+          expect { described_class.find!('') }
+            .to raise_error(Exceptions::CertificateNotFound, /Unable to find/)
+        end
+      end
+
+    end
+
+    describe '.ttl' do
+      it 'returns a positive number when has certificates in Redis' do
+        described_class.request
+        expect(described_class.ttl).to be > 0
+      end
+
+      it 'returns zero when has no certificates in Redis' do
+        expect(described_class.ttl).to eq(0)
+      end
+    end
+  end
+end

data/spec/firebase_id_token/configuration_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+module FirebaseIdToken
+  describe Configuration do
+    describe '.project_ids' do
+      it 'sets [] as default' do
+        expect(Configuration.new.project_ids).to eq([])
+      end
+    end
+
+    describe '.project_ids=' do
+      it 'changes default values' do
+        config = Configuration.new
+        config.project_ids = String.new
+        expect(config.project_ids).to be_a(String)
+      end
+    end
+
+    describe '.redis' do
+      it 'sets a Redis instance as default' do
+        expect(Configuration.new.redis).to be_a(Redis)
+      end
+    end
+
+    describe '.redis=' do
+      it 'changes default values' do
+        config = Configuration.new
+        config.redis = String.new
+        expect(config.redis).to be_a(String)
+      end
+    end
+  end
+end

data/spec/firebase_id_token/signature_spec.rb

@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+module FirebaseIdToken
+  describe Signature do
+    let(:jwt) { JSON.parse File.read('spec/fixtures/files/jwt.json') }
+    let(:raise_certificates_error) { false }
+
+    let(:mock_certificates) do
+      allow(Certificates)
+        .to(receive(:find))
+        .with(an_instance_of(String), raise_error: raise_certificates_error)
+        .and_return(OpenSSL::X509::Certificate.new(jwt['certificate']))
+    end
+
+    before :each do
+      mock_certificates
+      FirebaseIdToken.configure do |config|
+        config.project_ids = ['firebase-id-token']
+      end
+    end
+
+    describe '#verify' do
+      it 'returns a Hash when the signature is valid' do
+        expect(described_class.verify(jwt['jwt_token'])).to be_a(Hash)
+      end
+
+      it 'returns nil when the signature is invalid' do
+        expect(described_class.verify(jwt['bad_jwt_token'])).to be(nil)
+      end
+
+      it 'returns nil with a invalid key format' do
+        expect(described_class.verify('aaa')).to be(nil)
+      end
+    end
+
+    describe '#verify!' do
+      let(:raise_certificates_error) { true }
+      it 'returns a Hash when the signature is valid' do
+        expect(described_class.verify!(jwt['jwt_token'])).to be_a(Hash)
+      end
+
+      it 'raises an error when the signature is invalid' do
+        expect { described_class.verify!(jwt['bad_jwt_token']) }
+          .to raise_error(JWT::VerificationError)
+      end
+
+      it 'raises an error with a invalid key format' do
+        expect { described_class.verify!('aaa') }
+          .to raise_error(JWT::DecodeError, /too many/)
+      end
+    end
+  end
+end

data/spec/firebase_id_token/signature_test_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+
+module FirebaseIdToken
+  describe Signature do
+    let(:jwt) { JSON.parse File.read('spec/fixtures/files/jwt.json') }
+    let(:payload) { JSON.parse File.read('spec/fixtures/files/payload.json') }
+    let(:rsa_private) { OpenSSL::PKey::RSA.new(FirebaseIdToken::Testing::Certificates.private_key) }
+
+    before :each do
+      FirebaseIdToken.configure do |config|
+        config.project_ids = ['firebase-id-token']
+      end
+      FirebaseIdToken.test!
+    end
+
+    describe '#verify' do
+
+      it 'test mode is valid' do
+        expect(described_class.verify(jwt['jwt_token'])).to be_a(Hash)
+      end
+
+      it 'test mode encode is valid' do
+        JWT.encode payload, rsa_private, 'RS256'
+        expect(described_class.verify(jwt['jwt_token'])).to be_a(Hash)
+      end
+    end
+  end
+end

data/spec/firebase_id_token_spec.rb

@@ -0,0 +1,46 @@
+require 'spec_helper'
+
+RSpec.describe FirebaseIdToken do
+  let(:jwt) { JSON.parse File.read('spec/fixtures/files/jwt.json') }
+
+  let (:mock_certificates) {
+    allow(FirebaseIdToken::Certificates).to receive(:find).
+      with(an_instance_of(String)) {
+        OpenSSL::X509::Certificate.new(jwt['certificate']) }
+  }
+
+  it 'has a version number' do
+    expect(FirebaseIdToken::VERSION).not_to be nil
+  end
+
+  describe '#configure' do
+    before :each do
+      mock_certificates
+      FirebaseIdToken.configure do |config|
+        config.project_ids = ['firebase-id-token']
+      end
+    end
+
+    it 'sets global project_ids' do
+      expect(FirebaseIdToken::Signature.verify(jwt['jwt_token'])).to be_a(Hash)
+    end
+
+    after :each do
+      FirebaseIdToken.reset
+    end
+  end
+
+  describe '#reset' do
+    before :each do
+      FirebaseIdToken.configure do |config|
+        config.project_ids = 1
+      end
+    end
+
+    it 'resets the configuration' do
+      FirebaseIdToken.reset
+      config = FirebaseIdToken.configuration
+      expect(config.project_ids).to eq([])
+    end
+  end
+end

data/spec/fixtures/files/.about_payload_file

@@ -0,0 +1,3 @@
+About the payload.json
+
+Keep it for didactic and debugging reasons.

data/spec/fixtures/files/certificates.json

@@ -0,0 +1,5 @@
+{
+   "1d6d911c0c01c7871befbedab6fe4aa932cb14b1":"-----BEGIN CERTIFICATE-----\nMIIDHDCCAgSgAwIBAgIIcM5ipUjH60gwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE\nAxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMTcw\nNDIwMDA0NTI2WhcNMTcwNDIzMDExNTI2WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl\nbi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAL1PdoFtJ6YI+TLRPZcNNElRlOHmGGvBvilmgZEa3Pn5P6BH\n7NIi1PuLlRKoAOh+m+NBxEP+o6X6SVyLxhmLqoUmNxJP1UzdP4iUV4taSe5Ar6LG\nuPFwzzFTygHVZmiED+0/YhaigcPWakU29rDKBBzi3mbHOrftCENc4MjSj+VgN0f7\namTXEHvs/mnCaKs9llIKLFNkxZMCLYYUI8z/fAswkvF+16jr1hWMQhJ0EtsrS7+s\nAaDainDxRHQdL/C3invOp/+MdtV9JD76uTcwRaJnevtMAwReGsuVuQ9ytueFMjDR\ndwAcXEj7DFum7UlG4YUJNyrwfFMP7STdXMDIcU0CAwEAAaM4MDYwDAYDVR0TAQH/\nBAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ\nKoZIhvcNAQEFBQADggEBACUU6SbF+W/PIQLu4JKc2AuyqFG3+HMHTggq6lFDoe4h\nrdOFf1GwGBir5QLRp4VteYMpHuluZ30l+83XfPW82Bi3Xg+oXCs/ZdlwOSYB60R1\nJHLh2fnjquydwTDnHvfiGKPbE+/BgIbW7CfKRjdZxOTx/kbyymhriT2vBSf9nePF\nH9qEtcs/Y95PEdt28Jrjcn4r9tqnNb9w3J6bN0VGndegvwtrPzacyXXsawOny0Ij\n/1I7CJ19bYFQ9dPjvQzUUssUbSmCfl0p+s+6FzzWbaZxcOga2NoqESU522s1VVyx\niKFq8KyT6RD1RKr3vQwULR7h5HU0pkPJz3UCLpy6udw=\n-----END CERTIFICATE-----\n",
+   "1dd4bb29a77e0d8f3ddcb6af82444bee2e1f8f41":"-----BEGIN CERTIFICATE-----\nMIIDHDCCAgSgAwIBAgIIff9h3dvZ7S0wDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE\nAxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMTcw\nNDIxMDA0NTI2WhcNMTcwNDI0MDExNTI2WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl\nbi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAOkr+xUfSLz88cuxUEodF9YPLQDjIU/6EOIpkOmI8hLbEgPL\nXtWdudzWlZ231Owy6bhywc+WZLgDnAdAU0RCoy0kZkiAShU5qGWMLp59gC9VCS/Y\nPsw6N8VJM6G4Qekjdy/X/0QRSi26RdIbdlKuN+NF4gN0feRk8gXxfeCYzF2FxN8q\nyH8uIwpchHd0rix0sKjXxE3K/4Sw+NxNIcdVyYuu6qvCs0L+vRT7AYBWPOveTPSj\nnbf8hTAx/Le2hDJZ/aARe7lZNGGqgrJweXT9XB6SEG0mzh/9ShaA22Tlsrhb/1K/\n1xMDdCdS/6cCcHhEVw1tsZHN9GpyfQQAdYjXvncCAwEAAaM4MDYwDAYDVR0TAQH/\nBAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ\nKoZIhvcNAQEFBQADggEBAHpCWcikPhudhZ4ZfO+Y52CD6N50w+dse0X5lNKK9D7g\nC/6At8KY74NAD4wiCv6l3f6Eyq0kIlOwjHykzmTgrwcY3GI9FauCPkzl1pzfw5Cr\n6kuePTjMd67vi3XanQ2ZhM0g/CUQHR8VYELwMhh8dPaI/enmq7Yw7UAUKxDmI4zD\nz8VTb/A2LA+HgIk+X9lRW5fSHCm2ujN8VzYUr/BKx6U58x/qVp1Y1J0mXJdrmyK6\ngPb4Ro0/zPscMbeKNqNbTeCT5YXTNtU9+Zzs3OJ+e283EyR3h0VfdqD266kr0yuy\njq/v/Rplwrf8fHGEkdVTApWUb1nSbK0obLzkqb3ut9Q=\n-----END CERTIFICATE-----\n",
+   "e2e353f4bd0fd6189e532c2377771439d903c346":"-----BEGIN CERTIFICATE-----\nMIIDHDCCAgSgAwIBAgIIFqTX4DUSi0gwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE\nAxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMTcw\nNDE5MDA0NTI2WhcNMTcwNDIyMDExNTI2WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl\nbi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAKxLXZ0dYY5SRXyG2FiiEUXUb2qEX5u6svjiexIEuvO/9eP2\n4B/dkICJLI7RfQcogtkn5SCi7Cd/szuLT5z1AeGQdqgU7OBVgMGyzG4bf03DNqfh\noRghroG+mIrvE/4Qx2x2reokc0ShlrBBpZUh/EU89NAvJkudp0MqtoGNhzH6CQ5X\nmUXThpu7RVb7ciHrW1HRlMZjCNcLDkUEm4FPGtBT1T2zvCOLjrOG9BmhX97PtV2l\nFrbzIG0Z0nYa3y+hIyNfVwC+CjqNRHYdmDDt3fEM7B9IlS9wpd6waphxY6j09VNy\nCQtKuRhenReiY2uM8sRfZvqNH+guOkb2NZ77hW8CAwEAAaM4MDYwDAYDVR0TAQH/\nBAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ\nKoZIhvcNAQEFBQADggEBADUioofGGbdCcSZdgVruwmpMl3FYWu+c5OknBiLyQmtj\nH7okp0DXXq0k+JXe3Q5b8AoOQnDbS0drETGB9Bi145/cv3KfF9cHw+OLF1/sOLDD\n23FvvZWYjWngOIG7tNeMUprb981lc4xUrW8ViqtbPUqJNO5dEPU1MHPm7oxTavH9\nm7nPT7xzI5TuaQnQ0Dql8nlirJOCu2DO47ug4+J5C6fsHPW3c4Ui2VdLtNGDHm2L\nQCAOfti8SukoHF9z1NnHX4ODkEHtALoDN/XygMabgLBuuZneCJShEYsNNtN3Tl0G\nyKRpTYkiDzegpVgehCjQK3EYM2io0uxDgVb+9fT2WpA=\n-----END CERTIFICATE-----\n"
+}

data/spec/fixtures/files/jwt.json

@@ -0,0 +1,6 @@
+{
+  "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQCrvJRW05yKQxx3+PdiysRKR/N+VqYv9+b/76C3zC/vk9ACkWTN\n/dcPMzIXVIdDMU+r1o8HF3mOXNhCFWGSfZ7r1dMe961BQtxu1DagC7Ff+XZZL0Mu\n0W0Y/GmP7yTrsie7wCq4QiHj2HBtUtze/uC6DT8Qcthg46LUJBqeh9FiIwIDAQAB\nAoGAEGK80I/+Np7yn2vMxstL8T5uOBayYo9HphHKBt9fj39N8IDI2nKmy1d6Jwm0\noi+ZR28AVI/j1DZ9l8iMd7qup+/D5CdTt89u8fTUlQkCjAQQsRBneq5MJRKI+5eA\nJDJmx7p7CUUqjnIcFfbBz0NLTDZso11Vp+BDfbDpKv37nskCQQDZimWuxa7rK6UZ\nXGDl8LxEiM27US67kDu8iS3VdQWEKIhhQoea/zNKPMkQsc2+CPggQTcG/2WuPEYJ\nO1bPz7HPAkEAyhknhziWREEBQRLp4qsakozMIn4iuuaC00zpLwcnyOqFPaHS5CTL\nI7GxpwN6Ld1N/nqvYGyk/dRb5Ul7v27DbQJAUMsJwMNCl6z6AFVC16N1CK8WWX9p\nL9f9l6QLFcAEcHTtUdH3syUc03GH619d3jpOjQwrd7na9b8E8+DJ+RxWGQJAI8cE\nOmoIIBkp8a05fokv8RW/5bNSzqeULXgGJ+8qWeU6pUiKnxzsYWtJuflhndD5x71M\nYtOY+d6oThUONTuUmQJBAMGl/eaFU0AfA+xS/3Kt5JFKBbBVAByhL+Hd/27/rYZ5\n8YXDUQAgcykCS21JMrn41p4gwJnpG35PoV8qBIW9a94=\n-----END RSA PRIVATE KEY-----",
+  "certificate": "-----BEGIN CERTIFICATE-----\nMIIChDCCAe2gAwIBAgIBADANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJCRTEN\nMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDAgFw0x\nNzA0MjQwMjE5MzRaGA8zMDE2MDgyNTAyMTkzNFowOjELMAkGA1UEBhMCQkUxDTAL\nBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3QxDTALBgNVBAMMBFRlc3QwgZ8wDQYJ\nKoZIhvcNAQEBBQADgY0AMIGJAoGBAKu8lFbTnIpDHHf492LKxEpH835Wpi/35v/v\noLfML++T0AKRZM391w8zMhdUh0MxT6vWjwcXeY5c2EIVYZJ9nuvV0x73rUFC3G7U\nNqALsV/5dlkvQy7RbRj8aY/vJOuyJ7vAKrhCIePYcG1S3N7+4LoNPxBy2GDjotQk\nGp6H0WIjAgMBAAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUFKl2\nnZaaeNZM/7dno9IbaEIvaXQwYgYDVR0jBFswWYAUFKl2nZaaeNZM/7dno9IbaEIv\naXShPqQ8MDoxCzAJBgNVBAYTAkJFMQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARU\nZXN0MQ0wCwYDVQQDDARUZXN0ggEAMA0GCSqGSIb3DQEBBQUAA4GBAKkBvhUIRENB\nap0r9F7sKkRr8tJCCjBPIA+8e8XIKS3A3w6EI5ErRpv795rO80TBR4WZR9GhH8M1\nPXJ7FuaayCcPAl0febjl4z6ZciCSDpBdhbMpmq1d/kYU1H1qUokE2BxhNdcs/Q4w\n+5NnFGSkYm09tPzLWFPLoES9ynBF0N7l\n-----END CERTIFICATE-----",
+  "jwt_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjEyM3F3ZSJ9.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vZmlyZWJhc2UtaWQtdG9rZW4iLCJuYW1lIjoiVWdseSBCb2IiLCJwaWN0dXJlIjoiaHR0cHM6Ly9zb21ldXJsLmNvbS9waG90by5qcGciLCJhdWQiOiJmaXJlYmFzZS1pZC10b2tlbiIsImF1dGhfdGltZSI6MTQ5Mjk4MTE5MiwidXNlcl9pZCI6InRoZVVzZXJJRCIsInN1YiI6InRoZVVzZXJJRCIsImlhdCI6MTQ5Mjk4MTIwMCwiZXhwIjozMzAyOTAwMDAxNywiZW1haWwiOiJ1Z2x5Ym9iQGVtYWlsdXJsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJmaXJlYmFzZSI6eyJpZGVudGl0aWVzIjp7Imdvb2dsZS5jb20iOlsiMTAxMDEwMTAxMDEwMTAxMDEwMSJdLCJlbWFpbCI6WyJ1Z2x5Ym9iQGVtYWlsdXJsLmNvbSJdfSwic2lnbl9pbl9wcm92aWRlciI6Imdvb2dsZS5jb20ifX0.PjTLVli92r41PfptLsmfeKG-ThEj7SNM02yx8YSVf_b-DiYBqgDJrrFgUP29oy86K8v6bRzirgyq3fmxzBj9YIlhnOar_8QlEwr8U-m-85wcP3kDQmXE2QQRF8MQPMOVyPjn2skKNS3Wu1zZYoMT0dqygh2qxqvbouCGjum0REg",
+  "bad_jwt_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjEyM3F3ZSJ9.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vZmlyZWJhc2UtaWQtdG9rZW4iLCJuYW1lIjoiVWdseSBCb2IiLCJwaWN0dXJlIjoiaHR0cHM6Ly9zb21ldXJsLmNvbS9waG90by5qcGciLCJhdWQiOiJmaXJlYmFzZS1pZC10b2tlbiIsImF1dGhfdGltZSI6MTQ5Mjk4MTE5MiwidXNlcl9pZCI6InRoZVVzZXJJRCIsInN1YiI6InRoZVVzZXJJRCIsImlhdCI6MTQ5Mjk4MTIwMCwiZXhwIjozMzAyOTAwMDAxNywiZW1haWwiOiJ1Z2x5Ym9iQGVtYWlsdXJsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJmaXJlYmFzZSI6eyJpZGVudGl0aWVzIjp7Imdvb2dsZS5jb20iOlsiMTAxMDEwMTAxMDEwMTAxMDEwMSJdLCJlbWFpbCI6WyJ1Z2x5Ym9iQGVtYWlsdXJsLmNvbSJdfSwic2lnbl9pbl9wcm92aWRlciI6Imdvb2dsZS5jb20ifX0.rR9237-LJAgdt6ICqR7qoB5625tsat8uGTszB55rSEBEop8WFvXQo0maEfwtl_3JTxUfefDkLWUaBnFqArEMPoT9TIRuBOdJtVRDSxfNjio87DumsXPb97ALX2bTUU49fwDHGBiZqkBq9m0V49O-50MfyQqS0otC2p4_pRisS4o"
+}

data/spec/fixtures/files/payload.json

@@ -0,0 +1,24 @@
+{  
+   "iss":"https://securetoken.google.com/firebase-id-token",
+   "name":"Ugly Bob",
+   "picture":"https://someurl.com/photo.jpg",
+   "aud":"firebase-id-token",
+   "auth_time":1492981192,
+   "user_id":"theUserID",
+   "sub":"theUserID",
+   "iat":1492981200,
+   "exp":33029000017,
+   "email":"uglybob@emailurl.com",
+   "email_verified":true,
+   "firebase":{  
+      "identities":{  
+         "google.com":[  
+            "1010101010101010101"
+         ],
+         "email":[  
+            "uglybob@emailurl.com"
+         ]
+      },
+      "sign_in_provider":"google.com"
+   }
+}

data/spec/spec_helper.rb

@@ -0,0 +1,19 @@
+require 'simplecov'
+SimpleCov.start
+
+require 'bundler/setup'
+require 'redis'
+require 'redis-namespace'
+require 'httparty'
+require 'jwt'
+require 'firebase_id_token'
+require 'pry'
+
+RSpec.configure do |config|
+  # Enable flags like --only-failures and --next-failure
+  config.example_status_persistence_file_path = '.rspec_status'
+
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: firebase_id_token
 version: !ruby/object:Gem::Version
-  version: 2.3.1
+  version: 2.5.0
 platform: ruby
 authors:
 - Fernando Schuindt
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-08-13 00:00:00.000000000 Z
+date: 2022-04-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,28 +16,40 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.11
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '2.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.11
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -56,22 +68,22 @@ dependencies:
   name: redcarpet
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.4.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.4.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.4.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.4.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -90,22 +102,22 @@ dependencies:
   name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.0.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.0.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -144,22 +156,22 @@ dependencies:
   name: redis-namespace
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.6.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.6.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.6.0
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
@@ -184,22 +196,22 @@ dependencies:
   name: jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.1.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.1.0
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
 description: A Ruby gem to verify the signature of Firebase ID Tokens. It uses Redis
   to store Google's x509 certificates and manage their expiration time, so you don't
   need to request Google's API in every execution and can access it as fast as reading
@@ -214,6 +226,7 @@ files:
 - ".rspec"
 - ".travis.yml"
 - ".yardopts"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt
@@ -221,21 +234,33 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- docker-compose.yml
 - firebase_id_token.gemspec
 - lib/firebase_id_token.rb
 - lib/firebase_id_token/certificates.rb
 - lib/firebase_id_token/configuration.rb
+- lib/firebase_id_token/exceptions/certificate_not_found.rb
 - lib/firebase_id_token/exceptions/certificates_request_error.rb
 - lib/firebase_id_token/exceptions/certificates_ttl_error.rb
 - lib/firebase_id_token/exceptions/no_certificates_error.rb
 - lib/firebase_id_token/signature.rb
 - lib/firebase_id_token/testing/certificates.rb
 - lib/firebase_id_token/version.rb
+- spec/firebase_id_token/certificates_spec.rb
+- spec/firebase_id_token/configuration_spec.rb
+- spec/firebase_id_token/signature_spec.rb
+- spec/firebase_id_token/signature_test_spec.rb
+- spec/firebase_id_token_spec.rb
+- spec/fixtures/files/.about_payload_file
+- spec/fixtures/files/certificates.json
+- spec/fixtures/files/jwt.json
+- spec/fixtures/files/payload.json
+- spec/spec_helper.rb
 homepage: https://github.com/fschuindt/firebase_id_token
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -250,8 +275,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: A Firebase ID Token verifier.
 test_files: []