10 files changed, 144 insertions, 22 deletions

diff --git a/activesupport/lib/active_support/core_ext/class/subclasses.rb b/activesupport/lib/active_support/core_ext/class/subclasses.rb
index 4c910feb44..75e65337b7 100644
--- a/activesupport/lib/active_support/core_ext/class/subclasses.rb
+++ b/activesupport/lib/active_support/core_ext/class/subclasses.rb
@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
-require_relative "../module/anonymous"
-require_relative "../module/reachable"
-
 class Class
   begin
     # Test if this Ruby supports each_object against singleton_class
diff --git a/activesupport/lib/active_support/core_ext/module/reachable.rb b/activesupport/lib/active_support/core_ext/module/reachable.rb
index 91b230b46c..790a3cc561 100644
--- a/activesupport/lib/active_support/core_ext/module/reachable.rb
+++ b/activesupport/lib/active_support/core_ext/module/reachable.rb
@@ -7,4 +7,5 @@ class Module
   def reachable? #:nodoc:
     !anonymous? && name.safe_constantize.equal?(self)
   end
+  deprecate :reachable?
 end
diff --git a/activesupport/lib/active_support/hash_with_indifferent_access.rb b/activesupport/lib/active_support/hash_with_indifferent_access.rb
index 12291af443..fcc13feb8c 100644
--- a/activesupport/lib/active_support/hash_with_indifferent_access.rb
+++ b/activesupport/lib/active_support/hash_with_indifferent_access.rb
@@ -306,6 +306,11 @@ module ActiveSupport
       dup.tap { |hash| hash.transform_values!(*args, &block) }
     end
 
+    def transform_keys(*args, &block)
+      return to_enum(:transform_keys) unless block_given?
+      dup.tap { |hash| hash.transform_keys!(*args, &block) }
+    end
+
     def compact
       dup.tap(&:compact!)
     end
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb
index 27620f56be..8a1918039c 100644
--- a/activesupport/lib/active_support/message_encryptor.rb
+++ b/activesupport/lib/active_support/message_encryptor.rb
@@ -54,7 +54,33 @@ module ActiveSupport
   #
   # Then the messages can be verified and returned upto the expire time.
   # Thereafter, verifying returns +nil+.
+  #
+  # === Rotating keys
+  #
+  # MessageEncryptor also supports rotating out old configurations by falling
+  # back to a stack of encryptors. Call `rotate` to build and add an encryptor
+  # so `decrypt_and_verify` will also try the fallback.
+  #
+  # By default any rotated encryptors use the values of the primary
+  # encryptor unless specified otherwise.
+  #
+  # You'd give your encryptor the new defaults:
+  #
+  #   crypt = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
+  #
+  # Then gradually rotate the old values out by adding them as fallbacks. Any message
+  # generated with the old values will then work until the rotation is removed.
+  #
+  #   crypt.rotate old_secret            # Fallback to an old secret instead of @secret.
+  #   crypt.rotate cipher: "aes-256-cbc" # Fallback to an old cipher instead of aes-256-gcm.
+  #
+  # Though if both the secret and the cipher was changed at the same time,
+  # the above should be combined into:
+  #
+  #   verifier.rotate old_secret, cipher: "aes-256-cbc"
   class MessageEncryptor
+    prepend Messages::Rotator::Encryptor
+
     class << self
       attr_accessor :use_authenticated_message_encryption #:nodoc:
 
@@ -126,7 +152,7 @@ module ActiveSupport
 
     # Decrypt and verify a message. We need to verify the message in order to
     # avoid padding attacks. Reference: https://www.limited-entropy.com/padding-oracle-attacks/.
-    def decrypt_and_verify(data, purpose: nil)
+    def decrypt_and_verify(data, purpose: nil, **)
       _decrypt(verifier.verify(data), purpose)
     end
 
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index 7110d6d2c9..f0b6503b96 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -4,6 +4,7 @@ require "base64"
 require_relative "core_ext/object/blank"
 require_relative "security_utils"
 require_relative "messages/metadata"
+require_relative "messages/rotator"
 
 module ActiveSupport
   # +MessageVerifier+ makes it easy to generate and verify messages which are
@@ -73,7 +74,33 @@ module ActiveSupport
   # Then the messages can be verified and returned upto the expire time.
   # Thereafter, the +verified+ method returns +nil+ while +verify+ raises
   # <tt>ActiveSupport::MessageVerifier::InvalidSignature</tt>.
+  #
+  # === Rotating keys
+  #
+  # MessageVerifier also supports rotating out old configurations by falling
+  # back to a stack of verifiers. Call `rotate` to build and add a verifier to
+  # so either `verified` or `verify` will also try verifying with the fallback.
+  #
+  # By default any rotated verifiers use the values of the primary
+  # verifier unless specified otherwise.
+  #
+  # You'd give your verifier the new defaults:
+  #
+  #   verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA512", serializer: JSON)
+  #
+  # Then gradually rotate the old values out by adding them as fallbacks. Any message
+  # generated with the old values will then work until the rotation is removed.
+  #
+  #   verifier.rotate old_secret          # Fallback to an old secret instead of @secret.
+  #   verifier.rotate digest: "SHA256"    # Fallback to an old digest instead of SHA512.
+  #   verifier.rotate serializer: Marshal # Fallback to an old serializer instead of JSON.
+  #
+  # Though the above would most likely be combined into one rotation:
+  #
+  #   verifier.rotate old_secret, digest: "SHA256", serializer: Marshal
   class MessageVerifier
+    prepend Messages::Rotator::Verifier
+
     class InvalidSignature < StandardError; end
 
     def initialize(secret, options = {})
@@ -120,7 +147,7 @@ module ActiveSupport
     #
     #   incompatible_message = "test--dad7b06c94abba8d46a15fafaef56c327665d5ff"
     #   verifier.verified(incompatible_message) # => TypeError: incompatible marshal file format
-    def verified(signed_message, purpose: nil)
+    def verified(signed_message, purpose: nil, **)
       if valid_message?(signed_message)
         begin
           data = signed_message.split("--".freeze)[0]
@@ -145,8 +172,8 @@ module ActiveSupport
     #
     #   other_verifier = ActiveSupport::MessageVerifier.new 'd1ff3r3nt-s3Krit'
     #   other_verifier.verify(signed_message) # => ActiveSupport::MessageVerifier::InvalidSignature
-    def verify(signed_message, purpose: nil)
-      verified(signed_message, purpose: purpose) || raise(InvalidSignature)
+    def verify(*args)
+      verified(*args) || raise(InvalidSignature)
     end
 
     # Generates a signed message for the provided value.
diff --git a/activesupport/lib/active_support/messages/rotation_configuration.rb b/activesupport/lib/active_support/messages/rotation_configuration.rb
new file mode 100644
index 0000000000..bd50d6d348
--- /dev/null
+++ b/activesupport/lib/active_support/messages/rotation_configuration.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module ActiveSupport
+  module Messages
+    class RotationConfiguration # :nodoc:
+      attr_reader :signed, :encrypted
+
+      def initialize
+        @signed, @encrypted = [], []
+      end
+
+      def rotate(kind, *args)
+        case kind
+        when :signed
+          @signed << args
+        when :encrypted
+          @encrypted << args
+        end
+      end
+    end
+  end
+end
diff --git a/activesupport/lib/active_support/messages/rotator.rb b/activesupport/lib/active_support/messages/rotator.rb
new file mode 100644
index 0000000000..823a399d67
--- /dev/null
+++ b/activesupport/lib/active_support/messages/rotator.rb
@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module ActiveSupport
+  module Messages
+    module Rotator # :nodoc:
+      def initialize(*, **options)
+        super
+
+        @options   = options
+        @rotations = []
+      end
+
+      def rotate(*secrets, **options)
+        @rotations << build_rotation(*secrets, @options.merge(options))
+      end
+
+      module Encryptor
+        include Rotator
+
+        def decrypt_and_verify(*args, on_rotation: nil, **options)
+          super
+        rescue MessageEncryptor::InvalidMessage, MessageVerifier::InvalidSignature
+          run_rotations(on_rotation) { |encryptor| encryptor.decrypt_and_verify(*args, options) } || raise
+        end
+
+        private
+          def build_rotation(secret = @secret, sign_secret = @sign_secret, options)
+            self.class.new(secret, sign_secret, options)
+          end
+      end
+
+      module Verifier
+        include Rotator
+
+        def verified(*args, on_rotation: nil, **options)
+          super || run_rotations(on_rotation) { |verifier| verifier.verified(*args, options) }
+        end
+
+        private
+          def build_rotation(secret = @secret, options)
+            self.class.new(secret, options)
+          end
+      end
+
+      private
+        def run_rotations(on_rotation)
+          @rotations.find do |rotation|
+            if message = yield(rotation) rescue next
+              on_rotation.call if on_rotation
+              return message
+            end
+          end
+        end
+    end
+  end
+end
diff --git a/activesupport/lib/active_support/number_helper/number_to_rounded_converter.rb b/activesupport/lib/active_support/number_helper/number_to_rounded_converter.rb
index 3b62fe6819..b7ad76bb62 100644
--- a/activesupport/lib/active_support/number_helper/number_to_rounded_converter.rb
+++ b/activesupport/lib/active_support/number_helper/number_to_rounded_converter.rb
@@ -37,18 +37,6 @@ module ActiveSupport
 
       private
 
-        def digits_and_rounded_number(precision)
-          if zero?
-            [1, 0]
-          else
-            digits = digit_count(number)
-            multiplier = 10**(digits - precision)
-            rounded_number = calculate_rounded_number(multiplier)
-            digits = digit_count(rounded_number) # After rounding, the number of digits may have changed
-            [digits, rounded_number]
-          end
-        end
-
         def calculate_rounded_number(multiplier)
           (number / BigDecimal.new(multiplier.to_f.to_s)).round * multiplier
         end
diff --git a/activesupport/lib/active_support/ordered_options.rb b/activesupport/lib/active_support/ordered_options.rb
index fa7825b3ba..b74510fdb2 100644
--- a/activesupport/lib/active_support/ordered_options.rb
+++ b/activesupport/lib/active_support/ordered_options.rb
@@ -24,7 +24,7 @@ module ActiveSupport
   # To raise an exception when the value is blank, append a
   # bang to the key name, like:
   #
-  #   h.dog! # => raises KeyError: key not found: :dog
+  #   h.dog! # => raises KeyError: :dog is blank
   #
   class OrderedOptions < Hash
     alias_method :_get, :[] # preserve the original #[] method
@@ -46,7 +46,7 @@ module ActiveSupport
         bangs = name_string.chomp!("!")
 
         if bangs
-          fetch(name_string.to_sym).presence || raise(KeyError.new("#{name_string} is blank."))
+          self[name_string].presence || raise(KeyError.new(":#{name_string} is blank"))
         else
           self[name_string]
         end
diff --git a/activesupport/lib/active_support/security_utils.rb b/activesupport/lib/active_support/security_utils.rb
index 51870559ec..b6b31ef140 100644
--- a/activesupport/lib/active_support/security_utils.rb
+++ b/activesupport/lib/active_support/security_utils.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "digest"
+require "digest/sha2"
 
 module ActiveSupport
   module SecurityUtils