Add a flag to indicate whether outgoing keys are active.

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java

@@ -14,9 +14,10 @@ public interface TransportCrypto {
 	 * rotation period from the given master secret.
 	 *
 	 * @param alice whether the keys are for use by Alice or Bob.
+	 * @param active whether the keys are usable for outgoing streams.
 	 */
 	TransportKeys deriveTransportKeys(TransportId t, SecretKey master,
-			long rotationPeriod, boolean alice);
+			long rotationPeriod, boolean alice, boolean active);
 
 	/**
 	 * Rotates the given transport keys to the given rotation period. If the

bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java

@@ -528,6 +528,12 @@ public interface DatabaseComponent {
 	void setReorderingWindow(Transaction txn, KeySetId k, TransportId t,
 			long rotationPeriod, long base, byte[] bitmap) throws DbException;
 
+	/**
+	 * Marks the given transport keys as usable for outgoing streams.
+	 */
+	void setTransportKeysActive(Transaction txn, TransportId t, KeySetId k)
+		throws DbException;
+
 	/**
 	 * Stores the given transport keys, deleting any keys they have replaced.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/transport/KeyManager.java

@@ -30,6 +30,9 @@ public interface KeyManager {
 	/**
 	 * Derives and stores a set of unbound transport keys for each transport
 	 * and returns the key set IDs.
+	 * <p/>
+	 * The keys must be bound before they can be used for incoming streams,
+	 * and also activated before they can be used for outgoing streams.
 	 */
 	Map<TransportId, KeySetId> addUnboundKeys(Transaction txn, SecretKey master,
 			long timestamp, boolean alice) throws DbException;
@@ -40,6 +43,13 @@ public interface KeyManager {
 	void bindKeys(Transaction txn, ContactId c, Map<TransportId, KeySetId> keys)
 			throws DbException;
 
+	/**
+	 * Marks the given transport keys as usable for outgoing streams. Keys must
+	 * be bound before they are activated.
+	 */
+	void activateKeys(Transaction txn, Map<TransportId, KeySetId> keys)
+			throws DbException;
+
 	/**
 	 * Removes the given transport keys, which must not have been bound, from
 	 * the manager and the database.

bramble-api/src/main/java/org/briarproject/bramble/api/transport/OutgoingKeys.java

@@ -10,18 +10,20 @@ public class OutgoingKeys {
 
 	private final SecretKey tagKey, headerKey;
 	private final long rotationPeriod, streamCounter;
+	private final boolean active;
 
 	public OutgoingKeys(SecretKey tagKey, SecretKey headerKey,
-			long rotationPeriod) {
-		this(tagKey, headerKey, rotationPeriod, 0);
+			long rotationPeriod, boolean active) {
+		this(tagKey, headerKey, rotationPeriod, 0, active);
 	}
 
 	public OutgoingKeys(SecretKey tagKey, SecretKey headerKey,
-			long rotationPeriod, long streamCounter) {
+			long rotationPeriod, long streamCounter, boolean active) {
 		this.tagKey = tagKey;
 		this.headerKey = headerKey;
 		this.rotationPeriod = rotationPeriod;
 		this.streamCounter = streamCounter;
+		this.active = active;
 	}
 
 	public SecretKey getTagKey() {
@@ -39,4 +41,8 @@ public class OutgoingKeys {
 	public long getStreamCounter() {
 		return streamCounter;
 	}
+
+	public boolean isActive() {
+		return active;
+	}
 }