send attachments one after the other with delay

DO NOT MERGE: Delay sending of attachments.
2026-02-12 02:39:05 +01:00 · 2019-06-20 12:18:43 -03:00 · 2019-06-19 12:55:01 +01:00
836 changed files with 7663 additions and 19869 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -17,7 +17,7 @@ test:

  script:
    - ./gradlew --no-daemon -Djava.security.egd=file:/dev/urandom animalSnifferMain animalSnifferTest
-    - ./gradlew --no-daemon -Djava.security.egd=file:/dev/urandom check compileOfficialDebugAndroidTestSources compileScreenshotDebugAndroidTestSources
+    - ./gradlew --no-daemon -Djava.security.egd=file:/dev/urandom test

  after_script:
    # these file change every time but should not be cached
--- a/.idea/codeStyles/Project.xml
+++ b/.idea/codeStyles/Project.xml
@@ -1,10 +1,16 @@
 <component name="ProjectCodeStyleConfiguration">
  <code_scheme name="Project" version="173">
+    <option name="RIGHT_MARGIN" value="100" />
    <AndroidXmlCodeStyleSettings>
-      <option name="ARRANGEMENT_SETTINGS_MIGRATED_TO_191" value="true" />
+      <option name="USE_CUSTOM_SETTINGS" value="true" />
    </AndroidXmlCodeStyleSettings>
    <JavaCodeStyleSettings>
      <option name="ANNOTATION_PARAMETER_WRAP" value="1" />
+      <option name="CLASS_COUNT_TO_USE_IMPORT_ON_DEMAND" value="99" />
+      <option name="NAMES_COUNT_TO_USE_IMPORT_ON_DEMAND" value="99" />
+      <option name="PACKAGES_TO_USE_IMPORT_ON_DEMAND">
+        <value />
+      </option>
      <option name="IMPORT_LAYOUT_TABLE">
        <value>
          <package name="android" withSubpackages="true" static="false" />
@@ -71,6 +77,7 @@
      </indentOptions>
    </codeStyleSettings>
    <codeStyleSettings language="XML">
+      <option name="FORCE_REARRANGE_MODE" value="1" />
      <indentOptions>
        <option name="CONTINUATION_INDENT_SIZE" value="4" />
        <option name="USE_TAB_CHARACTER" value="true" />
@@ -83,8 +90,7 @@
              <match>
                <AND>
                  <NAME>xmlns:android</NAME>
-                  <XML_ATTRIBUTE />
-                  <XML_NAMESPACE>^$</XML_NAMESPACE>
+                  <XML_NAMESPACE>Namespace:</XML_NAMESPACE>
                </AND>
              </match>
            </rule>
@@ -94,8 +100,7 @@
              <match>
                <AND>
                  <NAME>xmlns:.*</NAME>
-                  <XML_ATTRIBUTE />
-                  <XML_NAMESPACE>^$</XML_NAMESPACE>
+                  <XML_NAMESPACE>Namespace:</XML_NAMESPACE>
                </AND>
              </match>
              <order>BY_NAME</order>
@@ -106,7 +111,6 @@
              <match>
                <AND>
                  <NAME>.*:id</NAME>
-                  <XML_ATTRIBUTE />
                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
                </AND>
              </match>
@@ -117,7 +121,6 @@
              <match>
                <AND>
                  <NAME>.*:name</NAME>
-                  <XML_ATTRIBUTE />
                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
                </AND>
              </match>
@@ -128,7 +131,6 @@
              <match>
                <AND>
                  <NAME>name</NAME>
-                  <XML_ATTRIBUTE />
                  <XML_NAMESPACE>^$</XML_NAMESPACE>
                </AND>
              </match>
@@ -139,7 +141,6 @@
              <match>
                <AND>
                  <NAME>style</NAME>
-                  <XML_ATTRIBUTE />
                  <XML_NAMESPACE>^$</XML_NAMESPACE>
                </AND>
              </match>
@@ -150,7 +151,6 @@
              <match>
                <AND>
                  <NAME>.*</NAME>
-                  <XML_ATTRIBUTE />
                  <XML_NAMESPACE>^$</XML_NAMESPACE>
                </AND>
              </match>
@@ -161,12 +161,64 @@
            <rule>
              <match>
                <AND>
-                  <NAME>.*</NAME>
-                  <XML_ATTRIBUTE />
+                  <NAME>.*:layout_width</NAME>
                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
                </AND>
              </match>
-              <order>ANDROID_ATTRIBUTE_ORDER</order>
+            </rule>
+          </section>
+          <section>
+            <rule>
+              <match>
+                <AND>
+                  <NAME>.*:layout_height</NAME>
+                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
+                </AND>
+              </match>
+            </rule>
+          </section>
+          <section>
+            <rule>
+              <match>
+                <AND>
+                  <NAME>.*:layout_.*</NAME>
+                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
+                </AND>
+              </match>
+              <order>BY_NAME</order>
+            </rule>
+          </section>
+          <section>
+            <rule>
+              <match>
+                <AND>
+                  <NAME>.*:width</NAME>
+                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
+                </AND>
+              </match>
+              <order>BY_NAME</order>
+            </rule>
+          </section>
+          <section>
+            <rule>
+              <match>
+                <AND>
+                  <NAME>.*:height</NAME>
+                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
+                </AND>
+              </match>
+              <order>BY_NAME</order>
+            </rule>
+          </section>
+          <section>
+            <rule>
+              <match>
+                <AND>
+                  <NAME>.*</NAME>
+                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
+                </AND>
+              </match>
+              <order>BY_NAME</order>
            </rule>
          </section>
          <section>
@@ -174,7 +226,6 @@
              <match>
                <AND>
                  <NAME>.*</NAME>
-                  <XML_ATTRIBUTE />
                  <XML_NAMESPACE>.*</XML_NAMESPACE>
                </AND>
              </match>
--- a/bramble-android/build.gradle
+++ b/bramble-android/build.gradle
@@ -5,31 +5,23 @@ apply plugin: 'witness'
 apply from: 'witness.gradle'

 android {
-	compileSdkVersion 29
-	buildToolsVersion '29.0.2'
+	compileSdkVersion 28
+	buildToolsVersion '28.0.3'

 	defaultConfig {
-		minSdkVersion 16
-		targetSdkVersion 28
-		versionCode 10207
-		versionName "1.2.7"
+		minSdkVersion 14
+		targetSdkVersion 26
+		versionCode 10107
+		versionName "1.1.7"
 		consumerProguardFiles 'proguard-rules.txt'

-		testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
+		testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
 	}

 	compileOptions {
 		sourceCompatibility JavaVersion.VERSION_1_8
 		targetCompatibility JavaVersion.VERSION_1_8
 	}
-
-	lintOptions {
-		// FIXME
-		warning "LintError"
-		warning "InvalidPackage"
-		warning "MissingPermission"
-		warning "InlinedApi", "ObsoleteSdkInt", "Override", "NewApi", "UnusedAttribute"
-	}
 }

 configurations {
@@ -38,10 +30,10 @@ configurations {

 dependencies {
 	implementation project(path: ':bramble-core', configuration: 'default')
-	tor 'org.briarproject:tor-android:0.3.5.10@zip'
-	tor 'org.briarproject:obfs4proxy-android:0.0.11-2@zip'
+	tor 'org.briarproject:tor-android:0.3.5.8@zip'
+	tor 'org.briarproject:obfs4proxy-android:0.0.9@zip'

-	annotationProcessor 'com.google.dagger:dagger-compiler:2.24'
+	annotationProcessor 'com.google.dagger:dagger-compiler:2.22.1'

 	compileOnly 'javax.annotation:jsr250-api:1.0'

@@ -67,8 +59,6 @@ task unpackTorBinaries {
 		copy {
 			from configurations.tor.collect { zipTree(it) }
 			into torBinariesDir
-			// TODO: Remove after next Tor upgrade, which won't include non-PIE binaries
-			include 'geoip.zip', '*_pie.zip'
 		}
 	}
 	dependsOn cleanTorBinaries
--- a/bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidEagerSingletons.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidEagerSingletons.java
@@ -11,14 +11,4 @@ public interface BrambleAndroidEagerSingletons {
 	void inject(AndroidNetworkModule.EagerSingletons init);

 	void inject(ReportingModule.EagerSingletons init);
-
-	class Helper {
-
-		public static void injectEagerSingletons(
-				BrambleAndroidEagerSingletons c) {
-			c.inject(new AndroidBatteryModule.EagerSingletons());
-			c.inject(new AndroidNetworkModule.EagerSingletons());
-			c.inject(new ReportingModule.EagerSingletons());
-		}
-	}
 }
--- a/bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidModule.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidModule.java
@@ -18,4 +18,10 @@ import dagger.Module;
 		SocksModule.class
 })
 public class BrambleAndroidModule {
+
+	public static void initEagerSingletons(BrambleAndroidEagerSingletons c) {
+		c.inject(new AndroidBatteryModule.EagerSingletons());
+		c.inject(new AndroidNetworkModule.EagerSingletons());
+		c.inject(new ReportingModule.EagerSingletons());
+	}
 }
--- a/bramble-android/src/main/java/org/briarproject/bramble/account/AndroidAccountManager.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/account/AndroidAccountManager.java
@@ -12,16 +12,13 @@ import org.briarproject.bramble.api.identity.IdentityManager;

 import java.io.File;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Set;
 import java.util.logging.Logger;

 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;

 import static android.os.Build.VERSION.SDK_INT;
-import static java.util.Arrays.asList;
 import static java.util.logging.Level.INFO;
 import static org.briarproject.bramble.util.IoUtils.deleteFileOrDir;
 import static org.briarproject.bramble.util.LogUtils.logFileOrDir;
@@ -32,11 +29,7 @@ class AndroidAccountManager extends AccountManagerImpl
 	private static final Logger LOG =
 			Logger.getLogger(AndroidAccountManager.class.getName());

-	/**
-	 * Directories that shouldn't be deleted when deleting the user's account.
-	 */
-	private static final List<String> PROTECTED_DIR_NAMES =
-			asList("cache", "code_cache", "lib", "shared_prefs");
+	private static final String PREF_DB_KEY = "key";

 	protected final Context appContext;
 	private final SharedPreferences prefs;
@@ -60,6 +53,36 @@ class AndroidAccountManager extends AccountManagerImpl
 		return exists;
 	}

+	// Locking: stateChangeLock
+	@Override
+	@Nullable
+	protected String loadEncryptedDatabaseKey() {
+		String key = getDatabaseKeyFromPreferences();
+		if (key == null) key = super.loadEncryptedDatabaseKey();
+		else migrateDatabaseKeyToFile(key);
+		return key;
+	}
+
+	// Locking: stateChangeLock
+	@Nullable
+	private String getDatabaseKeyFromPreferences() {
+		String key = prefs.getString(PREF_DB_KEY, null);
+		if (key == null) LOG.info("No database key in preferences");
+		else LOG.info("Found database key in preferences");
+		return key;
+	}
+
+	// Locking: stateChangeLock
+	private void migrateDatabaseKeyToFile(String key) {
+		if (storeEncryptedDatabaseKey(key)) {
+			if (prefs.edit().remove(PREF_DB_KEY).commit())
+				LOG.info("Database key migrated to file");
+			else LOG.warning("Database key not removed from preferences");
+		} else {
+			LOG.warning("Database key not migrated to file");
+		}
+	}
+
 	@Override
 	public void deleteAccount() {
 		synchronized (stateChangeLock) {
@@ -82,14 +105,14 @@ class AndroidAccountManager extends AccountManagerImpl
 		return PreferenceManager.getDefaultSharedPreferences(appContext);
 	}

-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	private void deleteAppData(SharedPreferences... clear) {
 		// Clear and commit shared preferences
 		for (SharedPreferences prefs : clear) {
 			if (!prefs.edit().clear().commit())
 				LOG.warning("Could not clear shared preferences");
 		}
-		// Delete files, except protected directories
+		// Delete files, except lib and shared_prefs directories
 		Set<File> files = new HashSet<>();
 		File dataDir = getDataDir();
 		@Nullable
@@ -98,12 +121,14 @@ class AndroidAccountManager extends AccountManagerImpl
 			LOG.warning("Could not list files in app data dir");
 		} else {
 			for (File file : fileArray) {
-				if (!PROTECTED_DIR_NAMES.contains(file.getName())) {
+				String name = file.getName();
+				if (!name.equals("lib") && !name.equals("shared_prefs")) {
 					files.add(file);
 				}
 			}
 		}
 		files.add(appContext.getFilesDir());
+		files.add(appContext.getCacheDir());
 		addIfNotNull(files, appContext.getExternalCacheDir());
 		if (SDK_INT >= 19) {
 			for (File file : appContext.getExternalCacheDirs()) {
@@ -115,16 +140,12 @@ class AndroidAccountManager extends AccountManagerImpl
 				addIfNotNull(files, file);
 			}
 		}
-		// Clear the cache directory but don't delete it
-		File cacheDir = appContext.getCacheDir();
-		File[] children = cacheDir.listFiles();
-		if (children != null) files.addAll(asList(children));
 		for (File file : files) {
-			if (LOG.isLoggable(INFO)) {
-				LOG.info("Deleting " + file.getAbsolutePath());
-			}
 			deleteFileOrDir(file);
 		}
+		// Recreate the cache dir as some OpenGL drivers expect it to exist
+		if (!new File(dataDir, "cache").mkdirs())
+			LOG.warning("Could not recreate cache dir");
 	}

 	private File getDataDir() {
--- a/bramble-android/src/main/java/org/briarproject/bramble/network/AndroidNetworkManager.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/network/AndroidNetworkManager.java
@@ -6,8 +6,6 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
 import android.net.ConnectivityManager;
-import android.net.Network;
-import android.net.NetworkCapabilities;
 import android.net.NetworkInfo;

 import org.briarproject.bramble.api.event.EventBus;
@@ -34,15 +32,11 @@ import static android.content.Intent.ACTION_SCREEN_OFF;
 import static android.content.Intent.ACTION_SCREEN_ON;
 import static android.net.ConnectivityManager.CONNECTIVITY_ACTION;
 import static android.net.ConnectivityManager.TYPE_WIFI;
-import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;
-import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
-import static android.net.wifi.p2p.WifiP2pManager.WIFI_P2P_THIS_DEVICE_CHANGED_ACTION;
 import static android.os.Build.VERSION.SDK_INT;
 import static android.os.PowerManager.ACTION_DEVICE_IDLE_MODE_CHANGED;
 import static java.util.concurrent.TimeUnit.MINUTES;
 import static java.util.concurrent.TimeUnit.SECONDS;
 import static java.util.logging.Level.INFO;
-import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;

@MethodsNotNullByDefault
@ParametersNotNullByDefault
@@ -57,8 +51,7 @@ class AndroidNetworkManager implements NetworkManager, Service {

 	private final ScheduledExecutorService scheduler;
 	private final EventBus eventBus;
-	private final Application app;
-	private final ConnectivityManager connectivityManager;
+	private final Context appContext;
 	private final AtomicReference<Future<?>> connectivityCheck =
 			new AtomicReference<>();
 	private final AtomicBoolean used = new AtomicBoolean(false);
@@ -70,9 +63,7 @@ class AndroidNetworkManager implements NetworkManager, Service {
 			EventBus eventBus, Application app) {
 		this.scheduler = scheduler;
 		this.eventBus = eventBus;
-		this.app = app;
-		connectivityManager = (ConnectivityManager)
-				requireNonNull(app.getSystemService(CONNECTIVITY_SERVICE));
+		this.appContext = app.getApplicationContext();
 	}

 	@Override
@@ -85,35 +76,26 @@ class AndroidNetworkManager implements NetworkManager, Service {
 		filter.addAction(ACTION_SCREEN_ON);
 		filter.addAction(ACTION_SCREEN_OFF);
 		filter.addAction(WIFI_AP_STATE_CHANGED_ACTION);
-		filter.addAction(WIFI_P2P_THIS_DEVICE_CHANGED_ACTION);
 		if (SDK_INT >= 23) filter.addAction(ACTION_DEVICE_IDLE_MODE_CHANGED);
-		app.registerReceiver(networkStateReceiver, filter);
+		appContext.registerReceiver(networkStateReceiver, filter);
+
 	}

 	@Override
 	public void stopService() {
-		if (networkStateReceiver != null) {
-			app.unregisterReceiver(networkStateReceiver);
-		}
+		if (networkStateReceiver != null)
+			appContext.unregisterReceiver(networkStateReceiver);
 	}

 	@Override
 	public NetworkStatus getNetworkStatus() {
-		if (SDK_INT >= 23) {
-			Network net = connectivityManager.getActiveNetwork();
-			if (net == null) return new NetworkStatus(false, false);
-			NetworkCapabilities caps =
-					connectivityManager.getNetworkCapabilities(net);
-			if (caps == null) return new NetworkStatus(false, false);
-			boolean connected = caps.hasCapability(NET_CAPABILITY_INTERNET);
-			boolean wifi = caps.hasTransport(TRANSPORT_WIFI);
-			return new NetworkStatus(connected, wifi);
-		} else {
-			NetworkInfo net = connectivityManager.getActiveNetworkInfo();
-			boolean connected = net != null && net.isConnected();
-			boolean wifi = connected && net.getType() == TYPE_WIFI;
-			return new NetworkStatus(connected, wifi);
-		}
+		ConnectivityManager cm = (ConnectivityManager)
+				appContext.getSystemService(CONNECTIVITY_SERVICE);
+		if (cm == null) throw new AssertionError();
+		NetworkInfo net = cm.getActiveNetworkInfo();
+		boolean connected = net != null && net.isConnected();
+		boolean wifi = connected && net.getType() == TYPE_WIFI;
+		return new NetworkStatus(connected, wifi);
 	}

 	private void updateConnectionStatus() {
@@ -154,8 +136,7 @@ class AndroidNetworkManager implements NetworkManager, Service {
 		}

 		private boolean isApEvent(@Nullable String action) {
-			return WIFI_AP_STATE_CHANGED_ACTION.equals(action) ||
-					WIFI_P2P_THIS_DEVICE_CHANGED_ACTION.equals(action);
+			return WIFI_AP_STATE_CHANGED_ACTION.equals(action);
 		}
 	}
 }
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPlugin.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPlugin.java
@@ -9,7 +9,6 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;

-import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
@@ -25,13 +24,13 @@ import java.io.IOException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.UUID;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executor;
 import java.util.concurrent.LinkedBlockingQueue;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.logging.Logger;

 import javax.annotation.Nullable;
@@ -48,10 +47,7 @@ import static android.bluetooth.BluetoothAdapter.SCAN_MODE_NONE;
 import static android.bluetooth.BluetoothAdapter.STATE_OFF;
 import static android.bluetooth.BluetoothAdapter.STATE_ON;
 import static android.bluetooth.BluetoothDevice.ACTION_FOUND;
-import static android.bluetooth.BluetoothDevice.DEVICE_TYPE_LE;
 import static android.bluetooth.BluetoothDevice.EXTRA_DEVICE;
-import static android.os.Build.VERSION.SDK_INT;
-import static java.util.Collections.shuffle;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
@@ -67,7 +63,6 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {

 	private static final int MAX_DISCOVERY_MS = 10_000;

-	private final ScheduledExecutorService scheduler;
 	private final AndroidExecutor androidExecutor;
 	private final Context appContext;
 	private final Clock clock;
@@ -79,14 +74,11 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 	private volatile BluetoothAdapter adapter = null;

 	AndroidBluetoothPlugin(BluetoothConnectionLimiter connectionLimiter,
-			TimeoutMonitor timeoutMonitor, Executor ioExecutor,
-			SecureRandom secureRandom, ScheduledExecutorService scheduler,
-			AndroidExecutor androidExecutor, Context appContext, Clock clock,
-			Backoff backoff, PluginCallback callback, int maxLatency,
-			int maxIdleTime) {
-		super(connectionLimiter, timeoutMonitor, ioExecutor, secureRandom,
-				backoff, callback, maxLatency, maxIdleTime);
-		this.scheduler = scheduler;
+			Executor ioExecutor, AndroidExecutor androidExecutor,
+			Context appContext, SecureRandom secureRandom, Clock clock,
+			Backoff backoff, PluginCallback callback, int maxLatency) {
+		super(connectionLimiter, ioExecutor, secureRandom, backoff, callback,
+				maxLatency);
 		this.androidExecutor = androidExecutor;
 		this.appContext = appContext;
 		this.clock = clock;
@@ -154,12 +146,6 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 		wasEnabledByUs = true;
 	}

-	@Override
-	void onAdapterDisabled() {
-		super.onAdapterDisabled();
-		wasEnabledByUs = false;
-	}
-
 	@Override
 	@Nullable
 	String getBluetoothAddress() {
@@ -184,10 +170,9 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 		return wrapSocket(ss.accept());
 	}

-	private DuplexTransportConnection wrapSocket(BluetoothSocket s)
-			throws IOException {
-		return new AndroidBluetoothTransportConnection(this, connectionLimiter,
-				timeoutMonitor, appContext, scheduler, s);
+	private DuplexTransportConnection wrapSocket(BluetoothSocket s) {
+		return new AndroidBluetoothTransportConnection(this,
+				connectionLimiter, s);
 	}

 	@Override
@@ -255,15 +240,11 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 						break;
 					} else if (ACTION_FOUND.equals(action)) {
 						BluetoothDevice d = i.getParcelableExtra(EXTRA_DEVICE);
-						// Ignore Bluetooth LE devices
-						if (SDK_INT < 18 || d.getType() != DEVICE_TYPE_LE) {
-							String address = d.getAddress();
-							if (LOG.isLoggable(INFO))
-								LOG.info("Discovered " +
-										scrubMacAddress(address));
-							if (!addresses.contains(address))
-								addresses.add(address);
-						}
+						String address = d.getAddress();
+						if (LOG.isLoggable(INFO))
+							LOG.info("Discovered " + scrubMacAddress(address));
+						if (!addresses.contains(address))
+							addresses.add(address);
 					}
 					now = clock.currentTimeMillis();
 				}
@@ -279,7 +260,7 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 			appContext.unregisterReceiver(receiver);
 		}
 		// Shuffle the addresses so we don't always try the same one first
-		shuffle(addresses);
+		Collections.shuffle(addresses);
 		return addresses;
 	}

--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPluginFactory.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPluginFactory.java
@@ -3,7 +3,6 @@ package org.briarproject.bramble.plugin.bluetooth;
 import android.content.Context;

 import org.briarproject.bramble.api.event.EventBus;
-import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
@@ -16,7 +15,6 @@ import org.briarproject.bramble.api.system.Clock;

 import java.security.SecureRandom;
 import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;

 import javax.annotation.concurrent.Immutable;

@@ -27,34 +25,28 @@ import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
 public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {

 	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
-	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
 	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
 	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;

 	private final Executor ioExecutor;
-	private final ScheduledExecutorService scheduler;
 	private final AndroidExecutor androidExecutor;
 	private final Context appContext;
 	private final SecureRandom secureRandom;
 	private final EventBus eventBus;
 	private final Clock clock;
-	private final TimeoutMonitor timeoutMonitor;
 	private final BackoffFactory backoffFactory;

 	public AndroidBluetoothPluginFactory(Executor ioExecutor,
-			ScheduledExecutorService scheduler,
 			AndroidExecutor androidExecutor, Context appContext,
 			SecureRandom secureRandom, EventBus eventBus, Clock clock,
-			TimeoutMonitor timeoutMonitor, BackoffFactory backoffFactory) {
+			BackoffFactory backoffFactory) {
 		this.ioExecutor = ioExecutor;
-		this.scheduler = scheduler;
 		this.androidExecutor = androidExecutor;
 		this.appContext = appContext;
 		this.secureRandom = secureRandom;
 		this.eventBus = eventBus;
 		this.clock = clock;
-		this.timeoutMonitor = timeoutMonitor;
 		this.backoffFactory = backoffFactory;
 	}

@@ -71,13 +63,12 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 	@Override
 	public DuplexPlugin createPlugin(PluginCallback callback) {
 		BluetoothConnectionLimiter connectionLimiter =
-				new BluetoothConnectionLimiterImpl(eventBus);
+				new BluetoothConnectionLimiterImpl();
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		AndroidBluetoothPlugin plugin = new AndroidBluetoothPlugin(
-				connectionLimiter, timeoutMonitor, ioExecutor, secureRandom,
-				scheduler, androidExecutor, appContext, clock, backoff,
-				callback, MAX_LATENCY, MAX_IDLE_TIME);
+				connectionLimiter, ioExecutor, androidExecutor, appContext,
+				secureRandom, clock, backoff, callback, MAX_LATENCY);
 		eventBus.addListener(plugin);
 		return plugin;
 	}
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothTransportConnection.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothTransportConnection.java
@@ -1,60 +1,33 @@
 package org.briarproject.bramble.plugin.bluetooth;

 import android.bluetooth.BluetoothSocket;
-import android.content.Context;
-import android.os.PowerManager;

-import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.duplex.AbstractDuplexTransportConnection;
-import org.briarproject.bramble.util.RenewableWakeLock;

 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.util.concurrent.ScheduledExecutorService;
-
-import static android.content.Context.POWER_SERVICE;
-import static android.os.PowerManager.PARTIAL_WAKE_LOCK;
-import static java.util.concurrent.TimeUnit.MINUTES;
-import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
-import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
-import static org.briarproject.bramble.util.AndroidUtils.getWakeLockTag;
-import static org.briarproject.bramble.util.AndroidUtils.isValidBluetoothAddress;

@NotNullByDefault
 class AndroidBluetoothTransportConnection
 		extends AbstractDuplexTransportConnection {

-	private final BluetoothConnectionLimiter connectionLimiter;
-	private final RenewableWakeLock wakeLock;
+	private final BluetoothConnectionLimiter connectionManager;
 	private final BluetoothSocket socket;
-	private final InputStream in;

 	AndroidBluetoothTransportConnection(Plugin plugin,
-			BluetoothConnectionLimiter connectionLimiter,
-			TimeoutMonitor timeoutMonitor, Context appContext,
-			ScheduledExecutorService scheduler, BluetoothSocket socket)
-			throws IOException {
+			BluetoothConnectionLimiter connectionManager,
+			BluetoothSocket socket) {
 		super(plugin);
-		this.connectionLimiter = connectionLimiter;
+		this.connectionManager = connectionManager;
 		this.socket = socket;
-		in = timeoutMonitor.createTimeoutInputStream(
-				socket.getInputStream(), plugin.getMaxIdleTime() * 2);
-		PowerManager powerManager = (PowerManager)
-				requireNonNull(appContext.getSystemService(POWER_SERVICE));
-		String tag = getWakeLockTag(appContext);
-		wakeLock = new RenewableWakeLock(powerManager, scheduler,
-				PARTIAL_WAKE_LOCK, tag, 1, MINUTES);
-		wakeLock.acquire();
-		String address = socket.getRemoteDevice().getAddress();
-		if (isValidBluetoothAddress(address)) remote.put(PROP_ADDRESS, address);
 	}

 	@Override
-	protected InputStream getInputStream() {
-		return in;
+	protected InputStream getInputStream() throws IOException {
+		return socket.getInputStream();
 	}

 	@Override
@@ -67,8 +40,7 @@ class AndroidBluetoothTransportConnection
 		try {
 			socket.close();
 		} finally {
-			wakeLock.release();
-			connectionLimiter.connectionClosed(this);
+			connectionManager.connectionClosed(this);
 		}
 	}
 }
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPlugin.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPlugin.java
@@ -1,32 +1,25 @@
 package org.briarproject.bramble.plugin.tcp;

-import android.annotation.TargetApi;
 import android.content.Context;
 import android.net.ConnectivityManager;
-import android.net.LinkAddress;
-import android.net.LinkProperties;
 import android.net.Network;
-import android.net.NetworkCapabilities;
+import android.net.NetworkInfo;
 import android.net.wifi.WifiInfo;
 import android.net.wifi.WifiManager;

 import org.briarproject.bramble.PoliteExecutor;
-import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.network.event.NetworkStatusEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.PluginCallback;
-import org.briarproject.bramble.api.settings.Settings;

 import java.io.IOException;
 import java.net.InetAddress;
-import java.net.InterfaceAddress;
-import java.net.NetworkInterface;
 import java.net.Socket;
-import java.net.SocketException;
 import java.net.UnknownHostException;
-import java.util.List;
+import java.util.Collection;
 import java.util.concurrent.Executor;
 import java.util.logging.Logger;

@@ -35,24 +28,31 @@ import javax.net.SocketFactory;

 import static android.content.Context.CONNECTIVITY_SERVICE;
 import static android.content.Context.WIFI_SERVICE;
-import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
+import static android.net.ConnectivityManager.TYPE_WIFI;
 import static android.os.Build.VERSION.SDK_INT;
 import static java.util.Collections.emptyList;
-import static java.util.Collections.list;
 import static java.util.Collections.singletonList;
-import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
-import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
-import static org.briarproject.bramble.api.plugin.Plugin.State.INACTIVE;
-import static org.briarproject.bramble.util.IoUtils.tryToClose;
-import static org.briarproject.bramble.util.LogUtils.logException;

@NotNullByDefault
-class AndroidLanTcpPlugin extends LanTcpPlugin {
+class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {

 	private static final Logger LOG =
 			getLogger(AndroidLanTcpPlugin.class.getName());

+	private static final byte[] WIFI_AP_ADDRESS_BYTES =
+			{(byte) 192, (byte) 168, 43, 1};
+	private static final InetAddress WIFI_AP_ADDRESS;
+
+	static {
+		try {
+			WIFI_AP_ADDRESS = InetAddress.getByAddress(WIFI_AP_ADDRESS_BYTES);
+		} catch (UnknownHostException e) {
+			// Should only be thrown if the address has an illegal length
+			throw new AssertionError(e);
+		}
+	}
+
 	private final Executor connectionStatusExecutor;
 	private final ConnectivityManager connectivityManager;
 	@Nullable
@@ -62,9 +62,8 @@ class AndroidLanTcpPlugin extends LanTcpPlugin {

 	AndroidLanTcpPlugin(Executor ioExecutor, Context appContext,
 			Backoff backoff, PluginCallback callback, int maxLatency,
-			int maxIdleTime, int connectionTimeout) {
-		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime,
-				connectionTimeout);
+			int maxIdleTime) {
+		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime);
 		// Don't execute more than one connection status check at a time
 		connectionStatusExecutor =
 				new PoliteExecutor("AndroidLanTcpPlugin", ioExecutor, 1);
@@ -80,137 +79,34 @@ class AndroidLanTcpPlugin extends LanTcpPlugin {
 	@Override
 	public void start() {
 		if (used.getAndSet(true)) throw new IllegalStateException();
-		initialisePortProperty();
-		Settings settings = callback.getSettings();
-		state.setStarted(settings.getBoolean(PREF_PLUGIN_ENABLE, false));
+		running = true;
 		updateConnectionStatus();
 	}

+	@Override
+	public void stop() {
+		running = false;
+		tryToClose(socket);
+	}
+
 	@Override
 	protected Socket createSocket() throws IOException {
 		return socketFactory.createSocket();
 	}

 	@Override
-	protected List<InetAddress> getUsableLocalInetAddresses(boolean ipv4) {
-		InetAddress addr = getWifiAddress(ipv4);
-		return addr == null ? emptyList() : singletonList(addr);
-	}
-
-	@Nullable
-	private InetAddress getWifiAddress(boolean ipv4) {
-		Pair<InetAddress, Boolean> wifi = getWifiIpv4Address();
-		if (ipv4) return wifi == null ? null : wifi.getFirst();
-		// If there's no wifi IPv4 address, we might be a client on an
-		// IPv6-only wifi network. We can only detect this on API 21+
-		if (wifi == null) {
-			return SDK_INT >= 21 ? getWifiClientIpv6Address() : null;
-		}
-		// Use the wifi IPv4 address to determine which interface's IPv6
-		// address we should return (if the interface has a suitable address)
-		return getIpv6AddressForInterface(wifi.getFirst());
-	}
-
-	/**
-	 * Returns a {@link Pair} where the first element is the IPv4 address of
-	 * the wifi interface and the second element is true if this device is
-	 * providing an access point, or false if this device is a client. Returns
-	 * null if this device isn't connected to wifi as an access point or client.
-	 */
-	@Nullable
-	private Pair<InetAddress, Boolean> getWifiIpv4Address() {
-		if (wifiManager == null) return null;
-		// If we're connected to a wifi network, return its address
+	protected Collection<InetAddress> getLocalIpAddresses() {
+		// If the device doesn't have wifi, don't open any sockets
+		if (wifiManager == null) return emptyList();
+		// If we're connected to a wifi network, use that network
 		WifiInfo info = wifiManager.getConnectionInfo();
-		if (info != null && info.getIpAddress() != 0) {
-			return new Pair<>(intToInetAddress(info.getIpAddress()), false);
-		}
-		List<InterfaceAddress> ifAddrs = getLocalInterfaceAddresses();
-		// If we're providing a normal access point, return its address
-		for (InterfaceAddress ifAddr : ifAddrs) {
-			if (isAndroidWifiApAddress(ifAddr)) {
-				return new Pair<>(ifAddr.getAddress(), true);
-			}
-		}
-		// If we're providing a wifi direct access point, return its address
-		for (InterfaceAddress ifAddr : ifAddrs) {
-			if (isAndroidWifiDirectApAddress(ifAddr)) {
-				return new Pair<>(ifAddr.getAddress(), true);
-			}
-		}
-		// Not connected to wifi
-		return null;
-	}
-
-	/**
-	 * Returns true if the given address belongs to a network provided by an
-	 * Android access point (including the access point's own address).
-	 * <p>
-	 * The access point's address is usually 192.168.43.1, but at least one
-	 * device (Honor 8A) may use other addresses in the range 192.168.43.0/24.
-	 */
-	private boolean isAndroidWifiApAddress(InterfaceAddress ifAddr) {
-		if (ifAddr.getNetworkPrefixLength() != 24) return false;
-		byte[] ip = ifAddr.getAddress().getAddress();
-		return ip.length == 4
-				&& ip[0] == (byte) 192
-				&& ip[1] == (byte) 168
-				&& ip[2] == (byte) 43;
-	}
-
-	/**
-	 * Returns true if the given address belongs to a network provided by an
-	 * Android wifi direct legacy mode access point (including the access
-	 * point's own address).
-	 */
-	private boolean isAndroidWifiDirectApAddress(InterfaceAddress ifAddr) {
-		if (ifAddr.getNetworkPrefixLength() != 24) return false;
-		byte[] ip = ifAddr.getAddress().getAddress();
-		return ip.length == 4
-				&& ip[0] == (byte) 192
-				&& ip[1] == (byte) 168
-				&& ip[2] == (byte) 49;
-	}
-
-	/**
-	 * Returns a link-local IPv6 address for the wifi client interface, or null
-	 * if there's no such interface or it doesn't have a suitable address.
-	 */
-	@TargetApi(21)
-	@Nullable
-	private InetAddress getWifiClientIpv6Address() {
-		for (Network net : connectivityManager.getAllNetworks()) {
-			NetworkCapabilities caps =
-					connectivityManager.getNetworkCapabilities(net);
-			if (caps == null || !caps.hasTransport(TRANSPORT_WIFI)) continue;
-			LinkProperties props = connectivityManager.getLinkProperties(net);
-			if (props == null) continue;
-			for (LinkAddress linkAddress : props.getLinkAddresses()) {
-				InetAddress addr = linkAddress.getAddress();
-				if (isIpv6LinkLocalAddress(addr)) return addr;
-			}
-		}
-		return null;
-	}
-
-	/**
-	 * Returns a link-local IPv6 address for the interface with the given IPv4
-	 * address, or null if the interface doesn't have a suitable address.
-	 */
-	@Nullable
-	private InetAddress getIpv6AddressForInterface(InetAddress ipv4) {
-		try {
-			NetworkInterface iface = NetworkInterface.getByInetAddress(ipv4);
-			if (iface == null) return null;
-			for (InetAddress addr : list(iface.getInetAddresses())) {
-				if (isIpv6LinkLocalAddress(addr)) return addr;
-			}
-			// No suitable address
-			return null;
-		} catch (SocketException e) {
-			logException(LOG, WARNING, e);
-			return null;
-		}
+		if (info != null && info.getIpAddress() != 0)
+			return singletonList(intToInetAddress(info.getIpAddress()));
+		// If we're running an access point, return its address
+		if (super.getLocalIpAddresses().contains(WIFI_AP_ADDRESS))
+			return singletonList(WIFI_AP_ADDRESS);
+		// No suitable addresses
+		return emptyList();
 	}

 	private InetAddress intToInetAddress(int ip) {
@@ -232,11 +128,9 @@ class AndroidLanTcpPlugin extends LanTcpPlugin {
 	private SocketFactory getSocketFactory() {
 		if (SDK_INT < 21) return SocketFactory.getDefault();
 		for (Network net : connectivityManager.getAllNetworks()) {
-			NetworkCapabilities caps =
-					connectivityManager.getNetworkCapabilities(net);
-			if (caps != null && caps.hasTransport(TRANSPORT_WIFI)) {
+			NetworkInfo info = connectivityManager.getNetworkInfo(net);
+			if (info != null && info.getType() == TYPE_WIFI)
 				return net.getSocketFactory();
-			}
 		}
 		LOG.warning("Could not find suitable socket factory");
 		return SocketFactory.getDefault();
@@ -244,59 +138,30 @@ class AndroidLanTcpPlugin extends LanTcpPlugin {

 	@Override
 	public void eventOccurred(Event e) {
-		super.eventOccurred(e);
 		if (e instanceof NetworkStatusEvent) updateConnectionStatus();
 	}

 	private void updateConnectionStatus() {
 		connectionStatusExecutor.execute(() -> {
-			State s = getState();
-			if (s != ACTIVE && s != INACTIVE) return;
-			Pair<InetAddress, Boolean> wifi = getPreferredWifiAddress();
-			if (wifi == null) {
-				LOG.info("Not connected to wifi");
-				socketFactory = SocketFactory.getDefault();
-				// Server sockets may not have been closed automatically when
-				// interface was taken down. If any sockets are open, closing
-				// them here will cause the sockets to be cleared and the state
-				// to be updated in acceptContactConnections()
-				if (s == ACTIVE) {
-					LOG.info("Closing server sockets");
-					tryToClose(state.getServerSocket(true), LOG, WARNING);
-					tryToClose(state.getServerSocket(false), LOG, WARNING);
-				}
-			} else if (wifi.getSecond()) {
+			if (!running) return;
+			Collection<InetAddress> addrs = getLocalIpAddresses();
+			if (addrs.contains(WIFI_AP_ADDRESS)) {
 				LOG.info("Providing wifi hotspot");
 				// There's no corresponding Network object and thus no way
 				// to get a suitable socket factory, so we won't be able to
 				// make outgoing connections on API 21+ if another network
 				// has internet access
 				socketFactory = SocketFactory.getDefault();
-				if (s == INACTIVE) bind();
+				if (socket == null || socket.isClosed()) bind();
+			} else if (addrs.isEmpty()) {
+				LOG.info("Not connected to wifi");
+				socketFactory = SocketFactory.getDefault();
+				tryToClose(socket);
 			} else {
 				LOG.info("Connected to wifi");
 				socketFactory = getSocketFactory();
-				if (s == INACTIVE) bind();
+				if (socket == null || socket.isClosed()) bind();
 			}
 		});
 	}
-
-	/**
-	 * Returns a {@link Pair} where the first element is an IP address (IPv4 if
-	 * available, otherwise IPv6) of the wifi interface and the second element
-	 * is true if this device is providing an access point, or false if this
-	 * device is a client. Returns null if this device isn't connected to wifi
-	 * as an access point or client.
-	 */
-	@Nullable
-	private Pair<InetAddress, Boolean> getPreferredWifiAddress() {
-		Pair<InetAddress, Boolean> wifi = getWifiIpv4Address();
-		// If there's no wifi IPv4 address, we might be a client on an
-		// IPv6-only wifi network. We can only detect this on API 21+
-		if (wifi == null && SDK_INT >= 21) {
-			InetAddress ipv6 = getWifiClientIpv6Address();
-			if (ipv6 != null) return new Pair<>(ipv6, false);
-		}
-		return wifi;
-	}
 }
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPluginFactory.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPluginFactory.java
@@ -21,11 +21,10 @@ import static org.briarproject.bramble.api.plugin.LanTcpConstants.ID;
@NotNullByDefault
 public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {

-	private static final int MAX_LATENCY = 30_000; // 30 seconds
-	private static final int MAX_IDLE_TIME = 30_000; // 30 seconds
-	private static final int CONNECTION_TIMEOUT = 3_000; // 3 seconds
-	private static final int MIN_POLLING_INTERVAL = 60_000; // 1 minute
-	private static final int MAX_POLLING_INTERVAL = 600_000; // 10 mins
+	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
+	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
+	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
+	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;

 	private final Executor ioExecutor;
@@ -56,8 +55,7 @@ public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		AndroidLanTcpPlugin plugin = new AndroidLanTcpPlugin(ioExecutor,
-				appContext, backoff, callback, MAX_LATENCY, MAX_IDLE_TIME,
-				CONNECTION_TIMEOUT);
+				appContext, backoff, callback, MAX_LATENCY, MAX_IDLE_TIME);
 		eventBus.addListener(plugin);
 		return plugin;
 	}
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPlugin.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPlugin.java
@@ -27,7 +27,6 @@ import static android.content.Context.MODE_PRIVATE;
 import static android.content.Context.POWER_SERVICE;
 import static android.os.PowerManager.PARTIAL_WAKE_LOCK;
 import static java.util.concurrent.TimeUnit.MINUTES;
-import static org.briarproject.bramble.util.AndroidUtils.getWakeLockTag;

@MethodsNotNullByDefault
@ParametersNotNullByDefault
@@ -54,7 +53,7 @@ class AndroidTorPlugin extends TorPlugin {
 				appContext.getSystemService(POWER_SERVICE);
 		if (pm == null) throw new AssertionError();
 		wakeLock = new RenewableWakeLock(pm, scheduler, PARTIAL_WAKE_LOCK,
-				getWakeLockTag(appContext), 1, MINUTES);
+				getWakeLockTag(), 1, MINUTES);
 	}

 	@Override
@@ -75,6 +74,7 @@ class AndroidTorPlugin extends TorPlugin {

 	@Override
 	protected void enableNetwork(boolean enable) throws IOException {
+		if (!running) return;
 		if (enable) wakeLock.acquire();
 		super.enableNetwork(enable);
 		if (!enable) wakeLock.release();
@@ -85,4 +85,17 @@ class AndroidTorPlugin extends TorPlugin {
 		super.stop();
 		wakeLock.release();
 	}
+
+	private String getWakeLockTag() {
+		PackageManager pm = appContext.getPackageManager();
+		for (PackageInfo info : pm.getInstalledPackages(0)) {
+			String name = info.packageName.toLowerCase();
+			if (name.startsWith("com.huawei.powergenie")) {
+				return "LocationManagerService";
+			} else if (name.startsWith("com.evenwell.powermonitor")) {
+				return "AudioIn";
+			}
+		}
+		return getClass().getSimpleName();
+	}
 }
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPluginFactory.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPluginFactory.java
@@ -1,6 +1,7 @@
 package org.briarproject.bramble.plugin.tor;

 import android.content.Context;
+import android.os.Build;

 import org.briarproject.bramble.api.battery.BatteryManager;
 import org.briarproject.bramble.api.event.EventBus;
@@ -88,15 +89,9 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 		// Check that we have a Tor binary for this architecture
 		String architecture = null;
 		for (String abi : AndroidUtils.getSupportedArchitectures()) {
-			if (abi.startsWith("x86_64")) {
-				architecture = "x86_64";
-				break;
-			} else if (abi.startsWith("x86")) {
+			if (abi.startsWith("x86")) {
 				architecture = "x86";
 				break;
-			} else if (abi.startsWith("arm64")) {
-				architecture = "arm64";
-				break;
 			} else if (abi.startsWith("armeabi")) {
 				architecture = "arm";
 				break;
@@ -106,8 +101,8 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 			LOG.info("Tor is not supported on this architecture");
 			return null;
 		}
-		// Use position-independent executable
-		architecture += "_pie";
+		// Use position-independent executable for SDK >= 16
+		if (Build.VERSION.SDK_INT >= 16) architecture += "_pie";

 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
--- a/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidLocationUtils.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidLocationUtils.java
@@ -61,12 +61,12 @@ class AndroidLocationUtils implements LocationUtils {
 	private String getCountryFromPhoneNetwork() {
 		Object o = appContext.getSystemService(TELEPHONY_SERVICE);
 		TelephonyManager tm = (TelephonyManager) o;
-		return tm == null ? "" : tm.getNetworkCountryIso();
+		return tm.getNetworkCountryIso();
 	}

 	private String getCountryFromSimCard() {
 		Object o = appContext.getSystemService(TELEPHONY_SERVICE);
 		TelephonyManager tm = (TelephonyManager) o;
-		return tm == null ? "" : tm.getSimCountryIso();
+		return tm.getSimCountryIso();
 	}
 }
--- a/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSecureRandomProvider.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSecureRandomProvider.java
@@ -23,7 +23,6 @@ import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;

 import static android.content.Context.WIFI_SERVICE;
-import static android.os.Build.VERSION.SDK_INT;
 import static android.provider.Settings.Secure.ANDROID_ID;

@Immutable
@@ -75,7 +74,8 @@ class AndroidSecureRandomProvider extends UnixSecureRandomProvider {
 		// Silence strict mode
 		StrictMode.ThreadPolicy tp = StrictMode.allowThreadDiskWrites();
 		super.writeSeed();
-		if (SDK_INT <= 18) applyOpenSslFix();
+		if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT <= 18)
+			applyOpenSslFix();
 		StrictMode.setThreadPolicy(tp);
 	}

--- a/bramble-android/src/main/java/org/briarproject/bramble/util/AndroidUtils.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/util/AndroidUtils.java
@@ -3,30 +3,18 @@ package org.briarproject.bramble.util;
 import android.annotation.SuppressLint;
 import android.bluetooth.BluetoothAdapter;
 import android.content.Context;
-import android.content.pm.PackageInfo;
-import android.content.pm.PackageManager;
 import android.os.Build;
 import android.provider.Settings;

-import org.briarproject.bramble.api.Pair;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
 import java.io.File;
-import java.lang.reflect.Field;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;

-import javax.annotation.Nullable;
-
 import static android.content.Context.MODE_PRIVATE;
 import static android.os.Build.VERSION.SDK_INT;
-import static java.util.Arrays.asList;
-import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;

-@NotNullByDefault
 public class AndroidUtils {

 	// Fake Bluetooth address returned by BluetoothAdapter on API 23 and later
@@ -34,10 +22,11 @@ public class AndroidUtils {

 	private static final String STORED_REPORTS = "dev-reports";

+	@SuppressWarnings("deprecation")
 	public static Collection<String> getSupportedArchitectures() {
 		List<String> abis = new ArrayList<>();
 		if (SDK_INT >= 21) {
-			abis.addAll(asList(Build.SUPPORTED_ABIS));
+			abis.addAll(Arrays.asList(Build.SUPPORTED_ABIS));
 		} else {
 			abis.add(Build.CPU_ABI);
 			if (Build.CPU_ABI2 != null) abis.add(Build.CPU_ABI2);
@@ -47,89 +36,25 @@ public class AndroidUtils {

 	public static String getBluetoothAddress(Context ctx,
 			BluetoothAdapter adapter) {
-		return getBluetoothAddressAndMethod(ctx, adapter).getFirst();
-	}
-
-	public static Pair<String, String> getBluetoothAddressAndMethod(Context ctx,
-			BluetoothAdapter adapter) {
 		// Return the adapter's address if it's valid and not fake
 		@SuppressLint("HardwareIds")
 		String address = adapter.getAddress();
-		if (isValidBluetoothAddress(address)) {
-			return new Pair<>(address, "adapter");
-		}
+		if (isValidBluetoothAddress(address)) return address;
 		// Return the address from settings if it's valid and not fake
 		address = Settings.Secure.getString(ctx.getContentResolver(),
 				"bluetooth_address");
-		if (isValidBluetoothAddress(address)) {
-			return new Pair<>(address, "settings");
-		}
-		// Try to get the address via reflection
-		address = getBluetoothAddressByReflection(adapter);
-		if (isValidBluetoothAddress(address)) {
-			return new Pair<>(requireNonNull(address), "reflection");
-		}
+		if (isValidBluetoothAddress(address)) return address;
 		// Let the caller know we can't find the address
-		return new Pair<>("", "");
+		return "";
 	}

-	public static boolean isValidBluetoothAddress(@Nullable String address) {
+	private static boolean isValidBluetoothAddress(String address) {
 		return !StringUtils.isNullOrEmpty(address)
 				&& BluetoothAdapter.checkBluetoothAddress(address)
 				&& !address.equals(FAKE_BLUETOOTH_ADDRESS);
 	}

-	@Nullable
-	private static String getBluetoothAddressByReflection(
-			BluetoothAdapter adapter) {
-		try {
-			Field mServiceField =
-					adapter.getClass().getDeclaredField("mService");
-			mServiceField.setAccessible(true);
-			Object mService = mServiceField.get(adapter);
-			// mService may be null when Bluetooth is disabled
-			if (mService == null) throw new NoSuchFieldException();
-			Method getAddressMethod =
-					mService.getClass().getMethod("getAddress");
-			return (String) getAddressMethod.invoke(mService);
-		} catch (NoSuchFieldException e) {
-			return null;
-		} catch (IllegalAccessException e) {
-			return null;
-		} catch (NoSuchMethodException e) {
-			return null;
-		} catch (InvocationTargetException e) {
-			return null;
-		} catch (SecurityException e) {
-			return null;
-		}
-	}
-
 	public static File getReportDir(Context ctx) {
 		return ctx.getDir(STORED_REPORTS, MODE_PRIVATE);
 	}
-
-	/**
-	 * Returns an array of supported content types for image attachments.
-	 * GIFs can't be compressed on API < 24 so they're not supported.
-	 * <p>
-	 * TODO: Remove this restriction when large message support is added
-	 */
-	public static String[] getSupportedImageContentTypes() {
-		if (SDK_INT < 24) return new String[] {"image/jpeg", "image/png"};
-		else return new String[] {"image/jpeg", "image/png", "image/gif"};
-	}
-
-	public static String getWakeLockTag(Context ctx) {
-		PackageManager pm = ctx.getPackageManager();
-		for (PackageInfo info : pm.getInstalledPackages(0)) {
-			String name = info.packageName.toLowerCase();
-			if (name.startsWith("com.huawei.powergenie")) {
-				return "LocationManagerService";
-			} else if (name.startsWith("com.evenwell.powermonitor")) {
-				return "AudioIn";
-			}
-		}
-		return ctx.getPackageName();
-	}
 }
--- a/bramble-android/src/test/java/org/briarproject/bramble/account/AndroidAccountManagerTest.java
+++ b/bramble-android/src/test/java/org/briarproject/bramble/account/AndroidAccountManagerTest.java
@@ -16,10 +16,13 @@ import org.junit.Test;

 import java.io.File;

+import static junit.framework.Assert.assertEquals;
 import static junit.framework.Assert.assertFalse;
 import static junit.framework.Assert.assertTrue;
 import static org.briarproject.bramble.test.TestUtils.deleteTestDirectory;
+import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
 import static org.briarproject.bramble.test.TestUtils.getTestDirectory;
+import static org.briarproject.bramble.util.StringUtils.toHexString;

 public class AndroidAccountManagerTest extends BrambleMockTestCase {

@@ -37,8 +40,11 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 	private final Application app;
 	private final ApplicationInfo applicationInfo;

+	private final String encryptedKeyHex = toHexString(getRandomBytes(123));
 	private final File testDir = getTestDirectory();
 	private final File keyDir = new File(testDir, "key");
+	private final File keyFile = new File(keyDir, "db.key");
+	private final File keyBackupFile = new File(keyDir, "db.key.bak");
 	private final File dbDir = new File(testDir, "db");

 	private AndroidAccountManager accountManager;
@@ -69,12 +75,33 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 		};
 	}

+	@Test
+	public void testDbKeyIsMigratedFromPreferencesToFile() {
+		context.checking(new Expectations() {{
+			oneOf(prefs).getString("key", null);
+			will(returnValue(encryptedKeyHex));
+			oneOf(prefs).edit();
+			will(returnValue(editor));
+			oneOf(editor).remove("key");
+			will(returnValue(editor));
+			oneOf(editor).commit();
+			will(returnValue(true));
+		}});
+
+		assertFalse(keyFile.exists());
+		assertFalse(keyBackupFile.exists());
+
+		assertEquals(encryptedKeyHex,
+				accountManager.loadEncryptedDatabaseKey());
+
+		assertTrue(keyFile.exists());
+		assertTrue(keyBackupFile.exists());
+	}
+
 	@Test
 	public void testDeleteAccountClearsSharedPrefsAndDeletesFiles()
 			throws Exception {
-		// Directories 'code_cache', 'lib' and 'shared_prefs' should be spared
-		File codeCacheDir = new File(testDir, "code_cache");
-		File codeCacheFile = new File(codeCacheDir, "file");
+		// Directories 'lib' and 'shared_prefs' should be spared
 		File libDir = new File(testDir, "lib");
 		File libFile = new File(libDir, "file");
 		File sharedPrefsDir = new File(testDir, "shared_prefs");
@@ -113,8 +140,6 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {

 		assertTrue(dbDir.mkdirs());
 		assertTrue(keyDir.mkdirs());
-		assertTrue(codeCacheDir.mkdirs());
-		assertTrue(codeCacheFile.createNewFile());
 		assertTrue(libDir.mkdirs());
 		assertTrue(libFile.createNewFile());
 		assertTrue(sharedPrefsDir.mkdirs());
@@ -130,8 +155,6 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {

 		assertFalse(dbDir.exists());
 		assertFalse(keyDir.exists());
-		assertTrue(codeCacheDir.exists());
-		assertTrue(codeCacheFile.exists());
 		assertTrue(libDir.exists());
 		assertTrue(libFile.exists());
 		assertTrue(sharedPrefsDir.exists());
--- a/bramble-android/witness.gradle
+++ b/bramble-android/witness.gradle
@@ -1,46 +1,44 @@
 dependencyVerification {
    verify = [
        'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
-        'com.android.tools.analytics-library:protos:26.5.1:protos-26.5.1.jar:8dde1130725461fe827f2a343d353f2b51e8870661fc860d7d5ebddb097ead4e',
-        'com.android.tools.analytics-library:shared:26.5.1:shared-26.5.1.jar:ccc2f3b00ec17b11401610ba68553544fc8fc517120e84439ac6eb86b875e18d',
-        'com.android.tools.analytics-library:tracker:26.5.1:tracker-26.5.1.jar:3a76984c0fe2e847ca7a8b35b4780ef0447a9d1666946cb8e60466318e0ab5ae',
-        'com.android.tools.build:aapt2-proto:0.4.0:aapt2-proto-0.4.0.jar:fac0435e08898f89eeeb9ca236bea707155ff816c12205ced285ad53604133ca',
-        'com.android.tools.build:apksig:3.5.1:apksig-3.5.1.jar:1fd33e7f009a2a0da766cfeec4211a09f548034b015c289a66d75dd8a9302f4a',
-        'com.android.tools.build:apkzlib:3.5.1:apkzlib-3.5.1.jar:9f330167cbe973b7db407692f74f4f6453b7ffa5f2048934b06280c2ceee60fa',
-        'com.android.tools.build:builder-model:3.5.1:builder-model-3.5.1.jar:39ea3c82b76b6e0c9f9fa88d93e0edc1dd4a0f1dfae0ef6fbf2d451da47e5450',
-        'com.android.tools.build:builder-test-api:3.5.1:builder-test-api-3.5.1.jar:a1b59305584cbcaa078fdc9cfb80871012755b822dd32e8da19add6f7bbcb762',
-        'com.android.tools.build:builder:3.5.1:builder-3.5.1.jar:e3a8d382434c5f60990730c4719fc814e85a898a33a1e96c1df8d627d3c6eea6',
-        'com.android.tools.build:gradle-api:3.5.1:gradle-api-3.5.1.jar:be9b41859bace11998f66b04ed944f87e413f3ad6da3c4665587699da125addc',
-        'com.android.tools.build:manifest-merger:26.5.1:manifest-merger-26.5.1.jar:dcad9ecb967251f4d750f55a4204a2b400e8fbfe5cb930a1d0d5dbe10ae8bdfc',
-        'com.android.tools.ddms:ddmlib:26.5.1:ddmlib-26.5.1.jar:b081aef2a4ed3f4d47cae4cdb128469735f25a114e026d37123bf9ffdec742a8',
-        'com.android.tools.external.com-intellij:intellij-core:26.5.1:intellij-core-26.5.1.jar:20eced30adc124805bd93488d9cd9d3e33e6bf7b48e9fe5a703d4983f894d450',
-        'com.android.tools.external.com-intellij:kotlin-compiler:26.5.1:kotlin-compiler-26.5.1.jar:5aed762dd54875b77ae7018d97c05756ff0c5b9fd02ec595dd396ccd14cc22cb',
-        'com.android.tools.external.org-jetbrains:uast:26.5.1:uast-26.5.1.jar:4bc8653d6c0943f40fee963a149e36c6baa45683d2530968a13f5007e3c40740',
-        'com.android.tools.layoutlib:layoutlib-api:26.5.1:layoutlib-api-26.5.1.jar:88732f11396c427273e515d23042e35633f4fe4295528a99b866aa2adf0efd9c',
-        'com.android.tools.lint:lint-api:26.5.1:lint-api-26.5.1.jar:ec33fcd72bfaf70dd841e03fbfd93f109c2e575aec146067c606689c3972f0de',
-        'com.android.tools.lint:lint-checks:26.5.1:lint-checks-26.5.1.jar:a1b9607d484aaae7a71dcecdc76f8003d8239af226c776894a2cf63f9e6c60d7',
-        'com.android.tools.lint:lint-gradle-api:26.5.1:lint-gradle-api-26.5.1.jar:82453fd98a8394cc84ed995c04d2cd744abd1d6589403427ba7eef53115406f3',
-        'com.android.tools.lint:lint-gradle:26.5.1:lint-gradle-26.5.1.jar:59465b56cf7db77c656d5f8195d721c3d48b6bdd0502d774de335bfe4baff00b',
-        'com.android.tools.lint:lint:26.5.1:lint-26.5.1.jar:336e4b04ec6f8b0f25879131b7a7862d77df83a1879ee5b71be26128755f8e2e',
-        'com.android.tools:annotations:26.5.1:annotations-26.5.1.jar:2c43c82f8c59d8f7a61e3239e1a2dc9f69dc342ec09af9b7c9f69b25337c0b6e',
-        'com.android.tools:common:26.5.1:common-26.5.1.jar:eccfa54486ed54c4e3123cc42195d023bd0dd21bcd2f0e4868e8c6fc70f8ef6b',
-        'com.android.tools:dvlib:26.5.1:dvlib-26.5.1.jar:46f93ad498b4756e7d867d2fe38c38890a80e7407a4ae459e4a8c8d5c5aeacfe',
-        'com.android.tools:repository:26.5.1:repository-26.5.1.jar:2b3ee791aa4c3e8ce60498c161a27ca7228816fc630eed4d9f25f2f36a106dce',
-        'com.android.tools:sdk-common:26.5.1:sdk-common-26.5.1.jar:365f749676c3574676fd465177c8a492f340816db2b520d6ed114d3b6e77bea7',
-        'com.android.tools:sdklib:26.5.1:sdklib-26.5.1.jar:007da104afb27c8c682a1628023fe9ec438249c8d15ef0fd6624c5bb8e23b696',
+        'com.android.tools.analytics-library:protos:26.4.0:protos-26.4.0.jar:ad760915586797d39319f402837b378bff3bb4ed583e3e0c48c965631fb2135f',
+        'com.android.tools.analytics-library:shared:26.4.0:shared-26.4.0.jar:1332106a905d48909c81268c9e414946de3e83487db394c6073b0a9b5c3d0ed2',
+        'com.android.tools.analytics-library:tracker:26.4.0:tracker-26.4.0.jar:d0020cfbfd4cd75935f2972d6a24089840d4a10df6f3ef2a796093217dd37796',
+        'com.android.tools.build:apksig:3.4.0:apksig-3.4.0.jar:91d5a1866139c69756280355a6f61b4d619d0516841580114f45a10f2177327e',
+        'com.android.tools.build:apkzlib:3.4.0:apkzlib-3.4.0.jar:8653c85f5fdf1dde840e8b8af7396aeb79c34b66e541b5860059616006535592',
+        'com.android.tools.build:builder-model:3.4.0:builder-model-3.4.0.jar:a88f138124a9f016a70bcb4760359a502f65c7deed56507ee4014f4dd9ea853b',
+        'com.android.tools.build:builder-test-api:3.4.0:builder-test-api-3.4.0.jar:31089ab1ec19ca7687a010867d2f3807513c805b8226979706f4247b5d4df26f',
+        'com.android.tools.build:builder:3.4.0:builder-3.4.0.jar:476221b5203a7f50089bf185ed95000a34b6f5020ef0a17815afd58606922679',
+        'com.android.tools.build:gradle-api:3.4.0:gradle-api-3.4.0.jar:215eca38f6719213c2f492b4d622cdd11676c66c9871f8a2aed0c66d00175628',
+        'com.android.tools.build:manifest-merger:26.4.0:manifest-merger-26.4.0.jar:29e45e690dedd165035e97c21c2ca94d0bd4ec16b6b210daa26669a582b6f220',
+        'com.android.tools.ddms:ddmlib:26.4.0:ddmlib-26.4.0.jar:93f56fe4630c3166adbd6c51d7bb602d96abb91b07ba5b1165fdcd071e88c940',
+        'com.android.tools.external.com-intellij:intellij-core:26.4.0:intellij-core-26.4.0.jar:30cb0e879d4424de9677a50b537fb628636b4a50f5470af5e52437980c41421f',
+        'com.android.tools.external.com-intellij:kotlin-compiler:26.4.0:kotlin-compiler-26.4.0.jar:dd1fe225c31a0e012dc025336363a5b783e2c5c20ffb69e77f8f57e89420d998',
+        'com.android.tools.external.org-jetbrains:uast:26.4.0:uast-26.4.0.jar:f25f3285b775a983327583ff6584dea54e447813ef69e0ce08b05a45b5f4aab0',
+        'com.android.tools.layoutlib:layoutlib-api:26.4.0:layoutlib-api-26.4.0.jar:52128f5cf293b224072be361919bfd416e59480ab7264ddcdbbf046b0d7a12e3',
+        'com.android.tools.lint:lint-api:26.4.0:lint-api-26.4.0.jar:fdb8fca8ae4c254f438338d03d72605e00ed106f2d5550405af41ca1c8509401',
+        'com.android.tools.lint:lint-checks:26.4.0:lint-checks-26.4.0.jar:4ff52d40488cd3e22b9c6b2eb67784e0c3269d0b42ef9d17689cd75a7b2bceb4',
+        'com.android.tools.lint:lint-gradle-api:26.4.0:lint-gradle-api-26.4.0.jar:714b7a85c7d2aa10daeab16e969fe7530c659d0728a7f24021da456870418d0f',
+        'com.android.tools.lint:lint-gradle:26.4.0:lint-gradle-26.4.0.jar:b8c130d273f522388734457e1b96790f41528fcec6fda9e8eaa4e4d95a07cfbb',
+        'com.android.tools.lint:lint:26.4.0:lint-26.4.0.jar:83aa062fb0405b60ed358d858c8c2955e1bae44a455b498068c6a60988755f00',
+        'com.android.tools:annotations:26.4.0:annotations-26.4.0.jar:a7955b8e19c3a2a861d6faa43a58b7c0d46ea9112188ee3e235c6f9f439ecc1a',
+        'com.android.tools:common:26.4.0:common-26.4.0.jar:ea40b94b3c1284ea7700f011388e2906a8363a66abd902891722b3c557984852',
+        'com.android.tools:dvlib:26.4.0:dvlib-26.4.0.jar:23af89c535b01ba36ceed1b6b309b672814eba624e643cd7dedf0519edad50cc',
+        'com.android.tools:repository:26.4.0:repository-26.4.0.jar:3d1763ab46199374dc6d94129bba11c70f1d5857e2c81a3ac4898abca40b176b',
+        'com.android.tools:sdk-common:26.4.0:sdk-common-26.4.0.jar:78a522525b30ffc6b7bf1299c831d24ce385f68a9f4878f8f752e9baefa31b0f',
+        'com.android.tools:sdklib:26.4.0:sdklib-26.4.0.jar:b854c23892013a326d761cf071c72cf3e038ed0469d10f4a356829fa56e4c132',
+        'com.google.code.findbugs:jsr305:1.3.9:jsr305-1.3.9.jar:905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed',
        'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
-        'com.google.code.gson:gson:2.8.5:gson-2.8.5.jar:233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81',
-        'com.google.dagger:dagger-compiler:2.24:dagger-compiler-2.24.jar:3c5afb955fb188da485cb2c048eff37dce0e1530b9780a0f2f7187d16d1ccc1f',
-        'com.google.dagger:dagger-producers:2.24:dagger-producers-2.24.jar:f10f45b95191954d5d6b043fca9e62fb621d21bf70634b8f8476c7988b504c3a',
-        'com.google.dagger:dagger-spi:2.24:dagger-spi-2.24.jar:c038445d14dbcb4054e61bf49e05009edf26fce4fdc7ec1a9db544784f68e718',
-        'com.google.dagger:dagger:2.24:dagger-2.24.jar:550a6e46a6dfcdf1d764887b6090cea94f783327e50e5c73754f18facfc70b64',
-        'com.google.errorprone:error_prone_annotations:2.2.0:error_prone_annotations-2.2.0.jar:6ebd22ca1b9d8ec06d41de8d64e0596981d9607b42035f9ed374f9de271a481a',
+        'com.google.code.gson:gson:2.8.0:gson-2.8.0.jar:c6221763bd79c4f1c3dc7f750b5f29a0bb38b367b81314c4f71896e340c40825',
+        'com.google.dagger:dagger-compiler:2.22.1:dagger-compiler-2.22.1.jar:e5f28302cbe70a79d3620cddebfb8ec0736814f3980ffe1e673bfe3342f507d3',
+        'com.google.dagger:dagger-producers:2.22.1:dagger-producers-2.22.1.jar:f834a0082014213a68ff06a0f048d750178d02196c58b0b15beb367d32b97e35',
+        'com.google.dagger:dagger-spi:2.22.1:dagger-spi-2.22.1.jar:4b0b922793b3bcb91b99fabb75dba77c68afd7ae4c5f0c4fd6ba681f0a291c7d',
+        'com.google.dagger:dagger:2.22.1:dagger-2.22.1.jar:329d4340f24c4f5717af016c097e90668bfea2a5376e6aa9964b01cef3fd241a',
+        'com.google.errorprone:error_prone_annotations:2.1.3:error_prone_annotations-2.1.3.jar:03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8',
        'com.google.errorprone:javac-shaded:9-dev-r4023-3:javac-shaded-9-dev-r4023-3.jar:65bfccf60986c47fbc17c9ebab0be626afc41741e0a6ec7109e0768817a36f30',
        'com.google.googlejavaformat:google-java-format:1.5:google-java-format-1.5.jar:aa19ad7850fb85178aa22f2fddb163b84d6ce4d0035872f30d4408195ca1144e',
-        'com.google.guava:failureaccess:1.0.1:failureaccess-1.0.1.jar:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26',
-        'com.google.guava:guava:27.0.1-jre:guava-27.0.1-jre.jar:e1c814fd04492a27c38e0317eabeaa1b3e950ec8010239e400fe90ad6c9107b4',
-        'com.google.guava:guava:27.1-jre:guava-27.1-jre.jar:4a5aa70cc968a4d137e599ad37553e5cfeed2265e8c193476d7119036c536fe7',
-        'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava:listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99',
+        'com.google.guava:guava:25.0-jre:guava-25.0-jre.jar:3fd4341776428c7e0e5c18a7c10de129475b69ab9d30aeafbb5c277bb6074fa9',
+        'com.google.guava:guava:26.0-jre:guava-26.0-jre.jar:a0e9cabad665bc20bcd2b01f108e5fc03f756e13aea80abaadb9f407033bea2c',
        'com.google.j2objc:j2objc-annotations:1.1:j2objc-annotations-1.1.jar:2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6',
        'com.google.jimfs:jimfs:1.1:jimfs-1.1.jar:c4828e28d7c0a930af9387510b3bada7daa5c04d7c25a75c7b8b081f1c257ddd',
        'com.google.protobuf:protobuf-java:3.4.0:protobuf-java-3.4.0.jar:dce7e66b32456a1b1198da0caff3a8acb71548658391e798c79369241e6490a4',
@@ -57,7 +55,6 @@ dependencyVerification {
        'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
        'javax.xml.bind:jaxb-api:2.2.12-b140109.1041:jaxb-api-2.2.12-b140109.1041.jar:b5e60cd8b7b5ff01ce4a74c5dd008f4fbd14ced3495d0b47b85cfedc182211f2',
        'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
-        'net.ltgt.gradle.incap:incap:0.2:incap-0.2.jar:b625b9806b0f1e4bc7a2e3457119488de3cd57ea20feedd513db070a573a4ffd',
        'net.sf.jopt-simple:jopt-simple:4.9:jopt-simple-4.9.jar:26c5856e954b5f864db76f13b86919b59c6eecf9fd930b96baa8884626baf2f5',
        'net.sf.kxml:kxml2:2.3.0:kxml2-2.3.0.jar:f264dd9f79a1fde10ce5ecc53221eff24be4c9331c830b7d52f2f08a7b633de2',
        'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',
@@ -69,22 +66,22 @@ dependencyVerification {
        'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8',
        'org.bouncycastle:bcpkix-jdk15on:1.56:bcpkix-jdk15on-1.56.jar:7043dee4e9e7175e93e0b36f45b1ec1ecb893c5f755667e8b916eb8dd201c6ca',
        'org.bouncycastle:bcprov-jdk15on:1.56:bcprov-jdk15on-1.56.jar:963e1ee14f808ffb99897d848ddcdb28fa91ddda867eb18d303e82728f878349',
-        'org.briarproject:obfs4proxy-android:0.0.11-2:obfs4proxy-android-0.0.11-2.zip:57e55cbe87aa2aac210fdbb6cd8cdeafe15f825406a08ebf77a8b787aa2c6a8a',
-        'org.briarproject:tor-android:0.3.5.10:tor-android-0.3.5.10.zip:edd83bf557fcff2105eaa0bdb3f607a6852ebe7360920929ae3039dd5f4774c5',
+        'org.briarproject:obfs4proxy-android:0.0.9:obfs4proxy-android-0.0.9.zip:9b7e9181535ea8d8bbe8ae6338e08cf4c5fc1e357a779393e0ce49586d459ae0',
+        'org.briarproject:tor-android:0.3.5.8:tor-android-0.3.5.8.zip:42a13a6f185be1a62f42e3f30ce66a3c099ac5ec890a65e7593111b65b44a54a',
        'org.checkerframework:checker-compat-qual:2.5.3:checker-compat-qual-2.5.3.jar:d76b9afea61c7c082908023f0cbc1427fab9abd2df915c8b8a3e7a509bccbc6d',
        'org.checkerframework:checker-qual:2.5.2:checker-qual-2.5.2.jar:64b02691c8b9d4e7700f8ee2e742dce7ea2c6e81e662b7522c9ee3bf568c040a',
        'org.codehaus.groovy:groovy-all:2.4.15:groovy-all-2.4.15.jar:51d6c4e71782e85674239189499854359d380fb75e1a703756e3aaa5b98a5af0',
-        'org.codehaus.mojo:animal-sniffer-annotations:1.17:animal-sniffer-annotations-1.17.jar:92654f493ecfec52082e76354f0ebf87648dc3d5cec2e3c3cdb947c016747a53',
+        'org.codehaus.mojo:animal-sniffer-annotations:1.14:animal-sniffer-annotations-1.14.jar:2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d',
        'org.glassfish.jaxb:jaxb-core:2.2.11:jaxb-core-2.2.11.jar:37bcaee8ebb04362c8352a5bf6221b86967ecdab5164c696b10b9a2bb587b2aa',
        'org.glassfish.jaxb:jaxb-runtime:2.2.11:jaxb-runtime-2.2.11.jar:a874f2351cfba8e2946be3002d10c18a6da8f21b52ba2acf52f2b85d5520ed70',
        'org.glassfish.jaxb:txw2:2.2.11:txw2-2.2.11.jar:272a3ccad45a4511351920cd2a8633c53cab8d5220c7a92954da5526bb5eafea',
        'org.hamcrest:hamcrest-core:1.3:hamcrest-core-1.3.jar:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9',
        'org.hamcrest:hamcrest-library:1.3:hamcrest-library-1.3.jar:711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c',
-        'org.jetbrains.kotlin:kotlin-reflect:1.3.50:kotlin-reflect-1.3.50.jar:64583199ea5a54aefd1bd1595288925f784226ee562d1dd279011c6075b3d7a4',
-        'org.jetbrains.kotlin:kotlin-stdlib-common:1.3.50:kotlin-stdlib-common-1.3.50.jar:8ce678e88e4ba018b66dacecf952471e4d7dfee156a8a819760a5a5ff29d323c',
-        'org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.50:kotlin-stdlib-jdk7-1.3.50.jar:9a026639e76212f8d57b86d55b075394c2e009f1979110751d34c05c5f75d57b',
-        'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.3.50:kotlin-stdlib-jdk8-1.3.50.jar:1b351fb6e09c14b55525c74c1f4cf48942eae43c348b7bc764a5e6e423d4da0c',
-        'org.jetbrains.kotlin:kotlin-stdlib:1.3.50:kotlin-stdlib-1.3.50.jar:e6f05746ee0366d0b52825a090fac474dcf44082c9083bbb205bd16976488d6c',
+        'org.jetbrains.kotlin:kotlin-reflect:1.3.21:kotlin-reflect-1.3.21.jar:a3065c822633191e0a3e3ee12a29bec234fc4b2864a6bb87ef48cce3e9e0c26a',
+        'org.jetbrains.kotlin:kotlin-stdlib-common:1.3.21:kotlin-stdlib-common-1.3.21.jar:cea61f7b611895e64f58569a9757fc0ab0d582f107211e1930e0ce2a0add52a7',
+        'org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.21:kotlin-stdlib-jdk7-1.3.21.jar:a87875604fd42140da6938ae4d35ee61081f4482536efc6d2615b8b626a198af',
+        'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.3.21:kotlin-stdlib-jdk8-1.3.21.jar:5823ed66ac122a1c55442ebca5a209a843ccd87f562edc31a787f3d2e47f74d4',
+        'org.jetbrains.kotlin:kotlin-stdlib:1.3.21:kotlin-stdlib-1.3.21.jar:38ba2370d9f06f50433e06b2ca775b94473c2e2785f410926079ab793c72b034',
        'org.jetbrains.trove4j:trove4j:20160824:trove4j-20160824.jar:1917871c8deb468307a584680c87a44572f5a8b0b98c6d397fc0f5f86596dbe7',
        'org.jetbrains:annotations:13.0:annotations-13.0.jar:ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478',
        'org.jmock:jmock-junit4:2.8.2:jmock-junit4-2.8.2.jar:f7ee4df4f7bd7b7f1cafad3b99eb74d579f109d5992ff625347352edb55e674c',
--- a/bramble-api/build.gradle
+++ b/bramble-api/build.gradle
@@ -7,7 +7,7 @@ apply plugin: 'witness'
 apply from: 'witness.gradle'

 dependencies {
-	implementation "com.google.dagger:dagger:2.24"
+	implementation "com.google.dagger:dagger:2.22.1"
 	implementation 'com.google.code.findbugs:jsr305:3.0.2'

 	testImplementation 'junit:junit:4.12'
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/FeatureFlags.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/FeatureFlags.java
@@ -6,4 +6,6 @@ package org.briarproject.bramble.api;
 public interface FeatureFlags {

 	boolean shouldEnableImageAttachments();
+
+	boolean shouldEnableRemoteContacts();
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/account/AccountManager.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/account/AccountManager.java
@@ -1,6 +1,5 @@
 package org.briarproject.bramble.api.account;

-import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.identity.IdentityManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@@ -14,8 +13,7 @@ public interface AccountManager {
 	 * Returns true if the manager has the database key. This will be false
 	 * before {@link #createAccount(String, String)} or {@link #signIn(String)}
 	 * has been called, and true after {@link #createAccount(String, String)}
-	 * or {@link #signIn(String)} has returned true, until
-	 * {@link #deleteAccount()} is called or the process exits.
+	 * or {@link #signIn(String)} has returned true, until the process exits.
 	 */
 	boolean hasDatabaseKey();

@@ -24,22 +22,25 @@ public interface AccountManager {
 	 * before {@link #createAccount(String, String)} or {@link #signIn(String)}
 	 * has been called, and non-null after
 	 * {@link #createAccount(String, String)} or {@link #signIn(String)} has
-	 * returned true, until {@link #deleteAccount()} is called or the process
-	 * exits.
+	 * returned true, until the process exits.
 	 */
 	@Nullable
 	SecretKey getDatabaseKey();

 	/**
-	 * Returns true if the encrypted database key can be loaded from disk.
+	 * Returns true if the encrypted database key can be loaded from disk, and
+	 * the database directory exists and is a directory.
 	 */
 	boolean accountExists();

 	/**
 	 * Creates an identity with the given name and registers it with the
 	 * {@link IdentityManager}. Creates a database key, encrypts it with the
-	 * given password and stores it on disk. {@link #accountExists()} will
-	 * return true after this method returns true.
+	 * given password and stores it on disk.
+	 * <p/>
+	 * This method does not create the database directory, so
+	 * {@link #accountExists()} will continue to return false until the
+	 * database directory is created.
 	 */
 	boolean createAccount(String name, String password);

@@ -53,19 +54,17 @@ public interface AccountManager {
 	 * Loads the encrypted database key from disk and decrypts it with the
 	 * given password.
 	 *
-	 * @throws DecryptionException If the database key could not be loaded and
-	 * decrypted.
+	 * @return true if the database key was successfully loaded and decrypted.
 	 */
-	void signIn(String password) throws DecryptionException;
+	boolean signIn(String password);

 	/**
 	 * Loads the encrypted database key from disk, decrypts it with the old
 	 * password, encrypts it with the new password, and stores it on disk,
 	 * replacing the old key.
 	 *
-	 * @throws DecryptionException If the database key could not be loaded and
-	 * decrypted.
+	 * @return true if the database key was successfully loaded, re-encrypted
+	 * and stored.
 	 */
-	void changePassword(String oldPassword, String newPassword)
-			throws DecryptionException;
+	boolean changePassword(String oldPassword, String newPassword);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/connection/ConnectionRegistry.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/connection/ConnectionRegistry.java
@@ -1,130 +0,0 @@
-package org.briarproject.bramble.api.connection;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.PluginConfig;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
-import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
-import org.briarproject.bramble.api.sync.Priority;
-
-import java.util.Collection;
-
-/**
- * Keeps track of which contacts are currently connected by which transports.
- */
-@NotNullByDefault
-public interface ConnectionRegistry {
-
-	/**
-	 * Registers an incoming connection from the given contact over the given
-	 * transport. The connection's {@link Priority priority} can be set later
-	 * via {@link #setPriority(ContactId, TransportId, InterruptibleConnection,
-	 * Priority)} if a priority record is received from the contact.
-	 * <p>
-	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
-	 * {@link ContactConnectedEvent} if this is the only connection with the
-	 * contact.
-	 */
-	void registerIncomingConnection(ContactId c, TransportId t,
-			InterruptibleConnection conn);
-
-	/**
-	 * Registers an outgoing connection to the given contact over the given
-	 * transport.
-	 * <p>
-	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
-	 * {@link ContactConnectedEvent} if this is the only connection with the
-	 * contact.
-	 * <p>
-	 * If the registry has any "better" connections with the given contact, the
-	 * given connection will be interrupted. If the registry has any "worse"
-	 * connections with the given contact, those connections will be
-	 * interrupted.
-	 * <p>
-	 * Connection A is considered "better" than connection B if both
-	 * connections have had their priorities set, and either A's transport is
-	 * {@link PluginConfig#getTransportPreferences() preferred} to B's, or
-	 * they use the same transport and A has higher {@link Priority priority}
-	 * than B.
-	 * <p>
-	 * For backward compatibility, connections without priorities are not
-	 * considered better or worse than other connections.
-	 */
-	void registerOutgoingConnection(ContactId c, TransportId t,
-			InterruptibleConnection conn, Priority priority);
-
-	/**
-	 * Unregisters a connection with the given contact over the given transport.
-	 * <p>
-	 * Broadcasts {@link ConnectionClosedEvent}. Also broadcasts
-	 * {@link ContactDisconnectedEvent} if this is the only connection with
-	 * the contact.
-	 */
-	void unregisterConnection(ContactId c, TransportId t,
-			InterruptibleConnection conn, boolean incoming, boolean exception);
-
-	/**
-	 * Sets the {@link Priority priority} of a connection that was previously
-	 * registered via {@link #registerIncomingConnection(ContactId, TransportId,
-	 * InterruptibleConnection)}.
-	 * <p>
-	 * If the registry has any "better" connections with the given contact, the
-	 * given connection will be interrupted. If the registry has any "worse"
-	 * connections with the given contact, those connections will be
-	 * interrupted.
-	 * <p>
-	 * Connection A is considered "better" than connection B if both
-	 * connections have had their priorities set, and either A's transport is
-	 * {@link PluginConfig#getTransportPreferences() preferred} to B's, or
-	 * they use the same transport and A has higher {@link Priority priority}
-	 * than B.
-	 * <p>
-	 * For backward compatibility, connections without priorities are not
-	 * considered better or worse than other connections.
-	 */
-	void setPriority(ContactId c, TransportId t, InterruptibleConnection conn,
-			Priority priority);
-
-	/**
-	 * Returns any contacts that are connected via the given transport.
-	 */
-	Collection<ContactId> getConnectedContacts(TransportId t);
-
-	/**
-	 * Returns any contacts that are connected via the given transport or any
-	 * {@link PluginConfig#getTransportPreferences() better} transport.
-	 */
-	Collection<ContactId> getConnectedOrBetterContacts(TransportId t);
-
-	/**
-	 * Returns true if the given contact is connected via the given transport.
-	 */
-	boolean isConnected(ContactId c, TransportId t);
-
-	/**
-	 * Returns true if the given contact is connected via any transport.
-	 */
-	boolean isConnected(ContactId c);
-
-	/**
-	 * Registers a connection with the given pending contact. Broadcasts
-	 * {@link RendezvousConnectionOpenedEvent} if this is the only connection
-	 * with the pending contact.
-	 *
-	 * @return True if this is the only connection with the pending contact,
-	 * false if it is redundant and should be closed
-	 */
-	boolean registerConnection(PendingContactId p);
-
-	/**
-	 * Unregisters a connection with the given pending contact. Broadcasts
-	 * {@link RendezvousConnectionClosedEvent}.
-	 */
-	void unregisterConnection(PendingContactId p, boolean success);
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/connection/InterruptibleConnection.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/connection/InterruptibleConnection.java
@@ -1,19 +0,0 @@
-package org.briarproject.bramble.api.connection;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-/**
- * A duplex sync connection that can be closed by interrupting its outgoing
- * sync session.
- */
-@NotNullByDefault
-public interface InterruptibleConnection {
-
-	/**
-	 * Interrupts the connection's outgoing sync session. If the underlying
-	 * transport connection is alive and the remote peer is cooperative, this
-	 * should result in both sync sessions ending and the connection being
-	 * cleanly closed.
-	 */
-	void interruptOutgoingSession();
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactManager.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactManager.java
@@ -4,10 +4,8 @@ import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.UnsupportedVersionException;
 import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.db.ContactExistsException;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.NoSuchContactException;
-import org.briarproject.bramble.api.db.PendingContactExistsException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
@@ -119,14 +117,9 @@ public interface ContactManager {
 	 * @throws FormatException If the link is invalid
 	 * @throws GeneralSecurityException If the pending contact's handshake
 	 * public key is invalid
-	 * @throws ContactExistsException If a contact with the same handshake
-	 * public key already exists
-	 * @throws PendingContactExistsException If a pending contact with the same
-	 * handshake public key already exists
 	 */
 	PendingContact addPendingContact(String link, String alias)
-			throws DbException, FormatException, GeneralSecurityException,
-			ContactExistsException, PendingContactExistsException;
+			throws DbException, FormatException, GeneralSecurityException;

 	/**
 	 * Returns the pending contact with the given ID.
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java
@@ -132,33 +132,17 @@ public interface CryptoComponent {
 	 * storage. The encryption and authentication keys are derived from the
 	 * given password. The ciphertext will be decryptable using the same
 	 * password after the app restarts.
-	 *
-	 * @param keyStrengthener Used to strengthen the password-based key. If
-	 * null, the password-based key will not be strengthened
 	 */
-	byte[] encryptWithPassword(byte[] plaintext, String password,
-			@Nullable KeyStrengthener keyStrengthener);
+	byte[] encryptWithPassword(byte[] plaintext, String password);

 	/**
 	 * Decrypts and authenticates the given ciphertext that has been read from
 	 * storage. The encryption and authentication keys are derived from the
-	 * given password.
-	 *
-	 * @param keyStrengthener Used to strengthen the password-based key. If
-	 * null, or if strengthening was not used when encrypting the ciphertext,
-	 * the password-based key will not be strengthened
-	 * @throws DecryptionException If the ciphertext cannot be decrypted and
+	 * given password. Returns null if the ciphertext cannot be decrypted and
 	 * authenticated (for example, if the password is wrong).
 	 */
-	byte[] decryptWithPassword(byte[] ciphertext, String password,
-			@Nullable KeyStrengthener keyStrengthener)
-			throws DecryptionException;
-
-	/**
-	 * Returns true if the given ciphertext was encrypted using a strengthened
-	 * key. The validity of the ciphertext is not checked.
-	 */
-	boolean isEncryptedWithStrengthenedKey(byte[] ciphertext);
+	@Nullable
+	byte[] decryptWithPassword(byte[] ciphertext, String password);

 	/**
 	 * Encrypts the given plaintext to the given public key.
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/DecryptionException.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/DecryptionException.java
@@ -1,17 +0,0 @@
-package org.briarproject.bramble.api.crypto;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-@NotNullByDefault
-public class DecryptionException extends Exception {
-
-	private final DecryptionResult result;
-
-	public DecryptionException(DecryptionResult result) {
-		this.result = result;
-	}
-
-	public DecryptionResult getDecryptionResult() {
-		return result;
-	}
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/DecryptionResult.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/DecryptionResult.java
@@ -1,29 +0,0 @@
-package org.briarproject.bramble.api.crypto;
-
-/**
- * The result of a password-based decryption operation.
- */
-public enum DecryptionResult {
-
-	/**
-	 * Decryption succeeded.
-	 */
-	SUCCESS,
-
-	/**
-	 * Decryption failed because the format of the ciphertext was invalid.
-	 */
-	INVALID_CIPHERTEXT,
-
-	/**
-	 * Decryption failed because the {@link KeyStrengthener} used for
-	 * encryption was not available for decryption.
-	 */
-	KEY_STRENGTHENER_ERROR,
-
-	/**
-	 * Decryption failed because the password used for decryption did not match
-	 * the password used for encryption.
-	 */
-	INVALID_PASSWORD
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyStrengthener.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyStrengthener.java
@@ -1,23 +0,0 @@
-package org.briarproject.bramble.api.crypto;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-/**
- * Interface for strengthening a password-based key, for example by using a
- * key stored in a key management service or hardware security module.
- */
-@NotNullByDefault
-public interface KeyStrengthener {
-
-	/**
-	 * Returns true if the strengthener has been initialised.
-	 */
-	@SuppressWarnings("BooleanMethodIsAlwaysInverted")
-	boolean isInitialised();
-
-	/**
-	 * Initialises the strengthener if necessary and returns a strong key
-	 * derived from the given key.
-	 */
-	SecretKey strengthenKey(SecretKey k);
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java
@@ -83,7 +83,7 @@ public interface DatabaseComponent extends TransactionManager {
 	/**
 	 * Stores a pending contact.
 	 */
-	void addPendingContact(Transaction txn, PendingContact p, AuthorId local)
+	void addPendingContact(Transaction txn, PendingContact p)
 			throws DbException;

 	/**
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseConfig.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseConfig.java
@@ -1,29 +1,13 @@
 package org.briarproject.bramble.api.db;

-import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;

 import java.io.File;

-import javax.annotation.Nullable;
-
@NotNullByDefault
 public interface DatabaseConfig {

-	/**
-	 * Returns the directory where the database stores its data.
-	 */
 	File getDatabaseDirectory();

-	/**
-	 * Returns the directory where the encrypted database key is stored.
-	 */
 	File getDatabaseKeyDirectory();
-
-	/**
-	 * Returns a {@link KeyStrengthener} for strengthening the encryption of
-	 * the database key, or null if no strengthener should be used.
-	 */
-	@Nullable
-	KeyStrengthener getKeyStrengthener();
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/db/PendingContactExistsException.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/db/PendingContactExistsException.java
@@ -1,21 +1,9 @@
 package org.briarproject.bramble.api.db;

-import org.briarproject.bramble.api.contact.PendingContact;
-
 /**
 * Thrown when a duplicate pending contact is added to the database. This
 * exception may occur due to concurrent updates and does not indicate a
 * database error.
 */
 public class PendingContactExistsException extends DbException {
-
-	private final PendingContact pendingContact;
-
-	public PendingContactExistsException(PendingContact pendingContact) {
-		this.pendingContact = pendingContact;
-	}
-
-	public PendingContact getPendingContact() {
-		return pendingContact;
-	}
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/event/EventBus.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/event/EventBus.java
@@ -18,8 +18,6 @@ public interface EventBus {
 	/**
 	 * Asynchronously notifies all listeners of an event. Listeners are
 	 * notified on the {@link EventExecutor}.
-	 * <p>
-	 * This method can safely be called while holding a lock.
 	 */
 	void broadcast(Event e);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/io/TimeoutMonitor.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/io/TimeoutMonitor.java
@@ -1,15 +0,0 @@
-package org.briarproject.bramble.api.io;
-
-import java.io.InputStream;
-
-public interface TimeoutMonitor {
-
-	/**
-	 * Returns an {@link InputStream} that wraps the given stream and allows
-	 * read timeouts to be detected.
-	 *
-	 * @param timeoutMs The read timeout in milliseconds. Timeouts will be
-	 * detected eventually but are not guaranteed to be detected immediately.
-	 */
-	InputStream createTimeoutInputStream(InputStream in, long timeoutMs);
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/BluetoothConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/BluetoothConstants.java
@@ -8,4 +8,6 @@ public interface BluetoothConstants {

 	String PROP_ADDRESS = "address";
 	String PROP_UUID = "uuid";
+
+	String PREF_BT_ENABLE = "enable";
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/connection/ConnectionManager.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/connection/ConnectionManager.java
@@ -1,11 +1,8 @@
-package org.briarproject.bramble.api.connection;
+package org.briarproject.bramble.api.plugin;

 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;

@NotNullByDefault
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/ConnectionRegistry.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/ConnectionRegistry.java
@@ -0,0 +1,67 @@
+package org.briarproject.bramble.api.plugin;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
+import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
+
+import java.util.Collection;
+
+/**
+ * Keeps track of which contacts are currently connected by which transports.
+ */
+@NotNullByDefault
+public interface ConnectionRegistry {
+
+	/**
+	 * Registers a connection with the given contact over the given transport.
+	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
+	 * {@link ContactConnectedEvent} if this is the only connection with the
+	 * contact.
+	 */
+	void registerConnection(ContactId c, TransportId t, boolean incoming);
+
+	/**
+	 * Unregisters a connection with the given contact over the given transport.
+	 * Broadcasts {@link ConnectionClosedEvent}. Also broadcasts
+	 * {@link ContactDisconnectedEvent} if this is the only connection with
+	 * the contact.
+	 */
+	void unregisterConnection(ContactId c, TransportId t, boolean incoming);
+
+	/**
+	 * Returns any contacts that are connected via the given transport.
+	 */
+	Collection<ContactId> getConnectedContacts(TransportId t);
+
+	/**
+	 * Returns true if the given contact is connected via the given transport.
+	 */
+	boolean isConnected(ContactId c, TransportId t);
+
+	/**
+	 * Returns true if the given contact is connected via any transport.
+	 */
+	boolean isConnected(ContactId c);
+
+	/**
+	 * Registers a connection with the given pending contact. Broadcasts
+	 * {@link RendezvousConnectionOpenedEvent} if this is the only connection
+	 * with the pending contact.
+	 *
+	 * @return True if this is the only connection with the pending contact,
+	 * false if it is redundant and should be closed
+	 */
+	boolean registerConnection(PendingContactId p);
+
+	/**
+	 * Unregisters a connection with the given pending contact. Broadcasts
+	 * {@link RendezvousConnectionClosedEvent}.
+	 */
+	void unregisterConnection(PendingContactId p, boolean success);
+}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/LanTcpConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/LanTcpConstants.java
@@ -4,12 +4,10 @@ public interface LanTcpConstants {

 	TransportId ID = new TransportId("org.briarproject.bramble.lan");

-	// Transport properties (shared with contacts)
+	// a transport property (shared with contacts)
 	String PROP_IP_PORTS = "ipPorts";
-	String PROP_PORT = "port";
-	String PROP_IPV6 = "ipv6";

-	// Local settings (not shared with contacts)
+	// a local setting
 	String PREF_LAN_IP_PORTS = "ipPorts";
-	String PREF_IPV6 = "ipv6";
+
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/Plugin.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/Plugin.java
@@ -3,55 +3,12 @@ package org.briarproject.bramble.api.plugin;
 import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.properties.TransportProperties;
-import org.briarproject.bramble.api.settings.SettingsManager;

 import java.util.Collection;

@NotNullByDefault
 public interface Plugin {

-	enum State {
-
-		/**
-		 * The plugin has not finished starting or has been stopped.
-		 */
-		STARTING_STOPPING,
-
-		/**
-		 * The plugin is disabled by settings. Use {@link #getReasonsDisabled()}
-		 * to find out which settings are responsible.
-		 */
-		DISABLED,
-
-		/**
-		 * The plugin is being enabled and can't yet make or receive
-		 * connections.
-		 */
-		ENABLING,
-
-		/**
-		 * The plugin is enabled and can make or receive connections.
-		 */
-		ACTIVE,
-
-		/**
-		 * The plugin is enabled but can't make or receive connections
-		 */
-		INACTIVE
-	}
-
-	/**
-	 * The string for the boolean preference
-	 * to use with the {@link SettingsManager} to enable or disable the plugin.
-	 */
-	String PREF_PLUGIN_ENABLE = "enable";
-
-	/**
-	 * Reason flag returned by {@link #getReasonsDisabled()} to indicate that
-	 * the plugin has been disabled by the user.
-	 */
-	int REASON_USER = 1;
-
 	/**
 	 * Returns the plugin's transport identifier.
 	 */
@@ -78,18 +35,9 @@ public interface Plugin {
 	void stop() throws PluginException;

 	/**
-	 * Returns the current state of the plugin.
+	 * Returns true if the plugin is running.
 	 */
-	State getState();
-
-	/**
-	 * Returns a set of flags indicating why the plugin is
-	 * {@link State#DISABLED disabled}, or 0 if the plugin is not disabled.
-	 * <p>
-	 * The flags used are plugin-specific, except the generic flag
-	 * {@link #REASON_USER}, which may be used by any plugin.
-	 */
-	int getReasonsDisabled();
+	boolean isRunning();

 	/**
 	 * Returns true if the plugin should be polled periodically to attempt to
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginCallback.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginCallback.java
@@ -1,10 +1,6 @@
 package org.briarproject.bramble.api.plugin;

 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.Plugin.State;
-import org.briarproject.bramble.api.plugin.event.TransportActiveEvent;
-import org.briarproject.bramble.api.plugin.event.TransportInactiveEvent;
-import org.briarproject.bramble.api.plugin.event.TransportStateEvent;
 import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.settings.Settings;

@@ -36,17 +32,12 @@ public interface PluginCallback extends ConnectionHandler {
 	void mergeLocalProperties(TransportProperties p);

 	/**
-	 * Informs the callback of the plugin's current state.
-	 * <p>
-	 * If the current state is different from the previous state, the callback
-	 * will broadcast a {@link TransportStateEvent}. If the current state is
-	 * {@link State#ACTIVE} and the previous state was not
-	 * {@link State#ACTIVE}, the callback will broadcast a
-	 * {@link TransportActiveEvent}. If the current state is not
-	 * {@link State#ACTIVE} and the previous state was {@link State#ACTIVE},
-	 * the callback will broadcast a {@link TransportInactiveEvent}.
-	 * <p>
-	 * This method can safely be called while holding a lock.
+	 * Signals that the transport is enabled.
 	 */
-	void pluginStateChanged(State state);
+	void transportEnabled();
+
+	/**
+	 * Signals that the transport is disabled.
+	 */
+	void transportDisabled();
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginConfig.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginConfig.java
@@ -5,8 +5,6 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;

 import java.util.Collection;
-import java.util.List;
-import java.util.Map;

@NotNullByDefault
 public interface PluginConfig {
@@ -16,11 +14,4 @@ public interface PluginConfig {
 	Collection<SimplexPluginFactory> getSimplexFactories();

 	boolean shouldPoll();
-
-	/**
-	 * Returns a map representing transport preferences. For each entry in the
-	 * map, connections via the transports identified by the value are
-	 * preferred to connections via the transport identified by the key.
-	 */
-	Map<TransportId, List<TransportId>> getTransportPreferences();
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginManager.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginManager.java
@@ -41,17 +41,4 @@ public interface PluginManager {
 	 * Returns any duplex plugins that support rendezvous.
 	 */
 	Collection<DuplexPlugin> getRendezvousPlugins();
-
-	/**
-	 * Enables or disables the plugin
-	 * identified by the given {@link TransportId}.
-	 * <p>
-	 * Note that this applies the change asynchronously
-	 * and there are no order guarantees.
-	 * <p>
-	 * If no plugin with the given {@link TransportId} is registered,
-	 * this is a no-op.
-	 */
-	void setPluginEnabled(TransportId t, boolean enabled);
-
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java
@@ -21,21 +21,6 @@ public interface TorConstants {
 	int PREF_TOR_NETWORK_AUTOMATIC = 0;
 	int PREF_TOR_NETWORK_WITHOUT_BRIDGES = 1;
 	int PREF_TOR_NETWORK_WITH_BRIDGES = 2;
-	// TODO: Remove when settings migration code is removed
 	int PREF_TOR_NETWORK_NEVER = 3;

-	/**
-	 * Reason flag returned by {@link Plugin#getReasonsDisabled()}.
-	 */
-	int REASON_BATTERY = 2;
-
-	/**
-	 * Reason flag returned by {@link Plugin#getReasonsDisabled()}.
-	 */
-	int REASON_MOBILE_DATA = 4;
-
-	/**
-	 * Reason flag returned by {@link Plugin#getReasonsDisabled()}.
-	 */
-	int REASON_COUNTRY_BLOCKED = 8;
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/AbstractDuplexTransportConnection.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/AbstractDuplexTransportConnection.java
@@ -4,7 +4,6 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-import org.briarproject.bramble.api.properties.TransportProperties;

 import java.io.IOException;
 import java.io.InputStream;
@@ -15,8 +14,6 @@ import java.util.concurrent.atomic.AtomicBoolean;
 public abstract class AbstractDuplexTransportConnection
 		implements DuplexTransportConnection {

-	protected final TransportProperties remote = new TransportProperties();
-
 	private final Plugin plugin;
 	private final Reader reader;
 	private final Writer writer;
@@ -47,11 +44,6 @@ public abstract class AbstractDuplexTransportConnection
 		return writer;
 	}

-	@Override
-	public TransportProperties getRemoteProperties() {
-		return remote;
-	}
-
 	private class Reader implements TransportConnectionReader {

 		@Override
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexTransportConnection.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexTransportConnection.java
@@ -3,7 +3,6 @@ package org.briarproject.bramble.api.plugin.duplex;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-import org.briarproject.bramble.api.properties.TransportProperties;

 /**
 * An interface for reading and writing data over a duplex transport. The
@@ -24,10 +23,4 @@ public interface DuplexTransportConnection {
 	 * for writing to the connection.
 	 */
 	TransportConnectionWriter getWriter();
-
-	/**
-	 * Returns a possibly empty set of {@link TransportProperties} describing
-	 * the remote peer.
-	 */
-	TransportProperties getRemoteProperties();
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/ConnectionClosedEvent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/ConnectionClosedEvent.java
@@ -13,14 +13,13 @@ public class ConnectionClosedEvent extends Event {

 	private final ContactId contactId;
 	private final TransportId transportId;
-	private final boolean incoming, exception;
+	private final boolean incoming;

 	public ConnectionClosedEvent(ContactId contactId, TransportId transportId,
-			boolean incoming, boolean exception) {
+			boolean incoming) {
 		this.contactId = contactId;
 		this.transportId = transportId;
 		this.incoming = incoming;
-		this.exception = exception;
 	}

 	public ContactId getContactId() {
@@ -34,8 +33,4 @@ public class ConnectionClosedEvent extends Event {
 	public boolean isIncoming() {
 		return incoming;
 	}
-
-	public boolean isException() {
-		return exception;
-	}
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportDisabledEvent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportDisabledEvent.java
@@ -2,22 +2,20 @@ package org.briarproject.bramble.api.plugin.event;

 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.Plugin.State;
 import org.briarproject.bramble.api.plugin.TransportId;

 import javax.annotation.concurrent.Immutable;

 /**
- * An event that is broadcast when a plugin enters the {@link State#ACTIVE}
- * state.
+ * An event that is broadcast when a transport is disabled.
 */
@Immutable
@NotNullByDefault
-public class TransportActiveEvent extends Event {
+public class TransportDisabledEvent extends Event {

 	private final TransportId transportId;

-	public TransportActiveEvent(TransportId transportId) {
+	public TransportDisabledEvent(TransportId transportId) {
 		this.transportId = transportId;
 	}

--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportInactiveEvent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportInactiveEvent.java
@@ -2,22 +2,20 @@ package org.briarproject.bramble.api.plugin.event;

 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.Plugin.State;
 import org.briarproject.bramble.api.plugin.TransportId;

 import javax.annotation.concurrent.Immutable;

 /**
- * An event that is broadcast when a plugin leaves the {@link State#ACTIVE}
- * state.
+ * An event that is broadcast when a transport is enabled.
 */
@Immutable
@NotNullByDefault
-public class TransportInactiveEvent extends Event {
+public class TransportEnabledEvent extends Event {

 	private final TransportId transportId;

-	public TransportInactiveEvent(TransportId transportId) {
+	public TransportEnabledEvent(TransportId transportId) {
 		this.transportId = transportId;
 	}

--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportStateEvent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/TransportStateEvent.java
@@ -1,32 +0,0 @@
-package org.briarproject.bramble.api.plugin.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.Plugin.State;
-import org.briarproject.bramble.api.plugin.TransportId;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that is broadcast when the {@link State state} of a plugin changes.
- */
-@Immutable
-@NotNullByDefault
-public class TransportStateEvent extends Event {
-
-	private final TransportId transportId;
-	private final State state;
-
-	public TransportStateEvent(TransportId transportId, State state) {
-		this.transportId = transportId;
-		this.state = state;
-	}
-
-	public TransportId getTransportId() {
-		return transportId;
-	}
-
-	public State getState() {
-		return state;
-	}
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyConstants.java
@@ -11,28 +11,4 @@ public interface TransportPropertyConstants {
 	 * The maximum length of a property's key or value in UTF-8 bytes.
 	 */
 	int MAX_PROPERTY_LENGTH = 100;
-
-	/**
-	 * Message metadata key for the transport ID of a local or remote update,
-	 * as a BDF string.
-	 */
-	String MSG_KEY_TRANSPORT_ID = "transportId";
-
-	/**
-	 * Message metadata key for the version number of a local or remote update,
-	 * as a BDF long.
-	 */
-	String MSG_KEY_VERSION = "version";
-
-	/**
-	 * Message metadata key for whether an update is local or remote, as a BDF
-	 * boolean.
-	 */
-	String MSG_KEY_LOCAL = "local";
-
-	/**
-	 * Group metadata key for any discovered transport properties of the
-	 * contact, as a BDF dictionary.
-	 */
-	String GROUP_KEY_DISCOVERED = "discovered";
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyManager.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyManager.java
@@ -34,14 +34,6 @@ public interface TransportPropertyManager {
 	void addRemoteProperties(Transaction txn, ContactId c,
 			Map<TransportId, TransportProperties> props) throws DbException;

-	/**
-	 * Stores the given properties discovered from an incoming transport
-	 * connection. They will be overridden by any properties received while
-	 * adding the contact or synced from the contact.
-	 */
-	void addRemotePropertiesFromConnection(ContactId c, TransportId t,
-			TransportProperties props) throws DbException;
-
 	/**
 	 * Returns the local transport properties for all transports.
 	 */
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/Priority.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/Priority.java
@@ -1,23 +0,0 @@
-package org.briarproject.bramble.api.sync;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * A record containing a nonce for choosing between redundant sessions.
- */
-@Immutable
-@NotNullByDefault
-public class Priority {
-
-	private final byte[] nonce;
-
-	public Priority(byte[] nonce) {
-		this.nonce = nonce;
-	}
-
-	public byte[] getNonce() {
-		return nonce;
-	}
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/PriorityHandler.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/PriorityHandler.java
@@ -1,13 +0,0 @@
-package org.briarproject.bramble.api.sync;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-/**
- * An interface for handling a {@link Priority} record received by an
- * incoming {@link SyncSession}.
- */
-@NotNullByDefault
-public interface PriorityHandler {
-
-	void handle(Priority p);
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordTypes.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordTypes.java
@@ -10,5 +10,4 @@ public interface RecordTypes {
 	byte OFFER = 2;
 	byte REQUEST = 3;
 	byte VERSIONS = 4;
-	byte PRIORITY = 5;
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncConstants.java
@@ -49,10 +49,4 @@ public interface SyncConstants {
 	 * simultaneously.
 	 */
 	int MAX_SUPPORTED_VERSIONS = 10;
-
-	/**
-	 * The length of the priority nonce used for choosing between redundant
-	 * connections.
-	 */
-	int PRIORITY_NONCE_BYTES = 16;
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordReader.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordReader.java
@@ -28,8 +28,4 @@ public interface SyncRecordReader {
 	boolean hasVersions() throws IOException;

 	Versions readVersions() throws IOException;
-
-	boolean hasPriority() throws IOException;
-
-	Priority readPriority() throws IOException;
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordWriter.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordWriter.java
@@ -17,7 +17,5 @@ public interface SyncRecordWriter {

 	void writeVersions(Versions v) throws IOException;

-	void writePriority(Priority p) throws IOException;
-
 	void flush() throws IOException;
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncSessionFactory.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncSessionFactory.java
@@ -2,23 +2,18 @@ package org.briarproject.bramble.api.sync;

 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.transport.StreamWriter;

 import java.io.InputStream;

-import javax.annotation.Nullable;
-
@NotNullByDefault
 public interface SyncSessionFactory {

-	SyncSession createIncomingSession(ContactId c, InputStream in,
-			PriorityHandler handler);
+	SyncSession createIncomingSession(ContactId c, InputStream in);

-	SyncSession createSimplexOutgoingSession(ContactId c, TransportId t,
-			int maxLatency, StreamWriter streamWriter);
+	SyncSession createSimplexOutgoingSession(ContactId c, int maxLatency,
+			StreamWriter streamWriter);

-	SyncSession createDuplexOutgoingSession(ContactId c, TransportId t,
-			int maxLatency, int maxIdleTime, StreamWriter streamWriter,
-			@Nullable Priority priority);
+	SyncSession createDuplexOutgoingSession(ContactId c, int maxLatency,
+			int maxIdleTime, StreamWriter streamWriter);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/event/CloseSyncConnectionsEvent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/event/CloseSyncConnectionsEvent.java
@@ -1,26 +0,0 @@
-package org.briarproject.bramble.api.sync.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportId;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that is broadcast when all sync connections using a given
- * transport should be closed.
- */
-@Immutable
-@NotNullByDefault
-public class CloseSyncConnectionsEvent extends Event {
-
-	private final TransportId transportId;
-
-	public CloseSyncConnectionsEvent(TransportId transportId) {
-		this.transportId = transportId;
-	}
-
-	public TransportId getTransportId() {
-		return transportId;
-	}
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/versioning/ClientVersion.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/versioning/ClientVersion.java
@@ -1,63 +0,0 @@
-package org.briarproject.bramble.api.versioning;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.sync.ClientId;
-
-import javax.annotation.concurrent.Immutable;
-
-@Immutable
-@NotNullByDefault
-public class ClientVersion implements Comparable<ClientVersion> {
-
-	private final ClientMajorVersion majorVersion;
-	private final int minorVersion;
-
-	public ClientVersion(ClientMajorVersion majorVersion,
-			int minorVersion) {
-		this.majorVersion = majorVersion;
-		this.minorVersion = minorVersion;
-	}
-
-	public ClientVersion(ClientId clientId, int majorVersion,
-			int minorVersion) {
-		this(new ClientMajorVersion(clientId, majorVersion), minorVersion);
-	}
-
-	public ClientMajorVersion getClientMajorVersion() {
-		return majorVersion;
-	}
-
-	public ClientId getClientId() {
-		return majorVersion.getClientId();
-	}
-
-	public int getMajorVersion() {
-		return majorVersion.getMajorVersion();
-	}
-
-	public int getMinorVersion() {
-		return minorVersion;
-	}
-
-	@Override
-	public boolean equals(Object o) {
-		if (o instanceof ClientVersion) {
-			ClientVersion cv = (ClientVersion) o;
-			return majorVersion.equals(cv.majorVersion)
-					&& minorVersion == cv.minorVersion;
-		}
-		return false;
-	}
-
-	@Override
-	public int hashCode() {
-		return majorVersion.hashCode();
-	}
-
-	@Override
-	public int compareTo(ClientVersion cv) {
-		int compare = majorVersion.compareTo(cv.majorVersion);
-		if (compare != 0) return compare;
-		return minorVersion - cv.minorVersion;
-	}
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/versioning/event/ClientVersionUpdatedEvent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/versioning/event/ClientVersionUpdatedEvent.java
@@ -1,34 +0,0 @@
-package org.briarproject.bramble.api.versioning.event;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.versioning.ClientVersion;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that is broadcast when we receive a client versioning update from
- * a contact.
- */
-@Immutable
-@NotNullByDefault
-public class ClientVersionUpdatedEvent extends Event {
-
-	private final ContactId contactId;
-	private final ClientVersion clientVersion;
-
-	public ClientVersionUpdatedEvent(ContactId contactId,
-			ClientVersion clientVersion) {
-		this.contactId = contactId;
-		this.clientVersion = clientVersion;
-	}
-
-	public ContactId getContactId() {
-		return contactId;
-	}
-
-	public ClientVersion getClientVersion() {
-		return clientVersion;
-	}
-}
--- a/bramble-api/src/main/java/org/briarproject/bramble/util/IoUtils.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/util/IoUtils.java
@@ -117,10 +117,4 @@ public class IoUtils {
 			throw new IOException(e);
 		}
 	}
-
-	public static boolean isNonEmptyDirectory(File f) {
-		if (!f.isDirectory()) return false;
-		File[] children = f.listFiles();
-		return children != null && children.length > 0;
-	}
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java
@@ -2,17 +2,13 @@ package org.briarproject.bramble.util;

 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;

-import java.net.Inet4Address;
+import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;

 import javax.annotation.Nullable;

-import static org.briarproject.bramble.util.StringUtils.isNullOrEmpty;
-import static org.briarproject.bramble.util.StringUtils.isValidMac;
-import static org.briarproject.bramble.util.StringUtils.toHexString;
-
@NotNullByDefault
 public class PrivacyUtils {

@@ -23,7 +19,7 @@ public class PrivacyUtils {

 	@Nullable
 	public static String scrubMacAddress(@Nullable String address) {
-		if (isNullOrEmpty(address) || !isValidMac(address)) return address;
+		if (address == null || address.length() == 0) return null;
 		// this is a fake address we need to know about
 		if (address.equals("02:00:00:00:00:00")) return address;
 		// keep first and last octet of MAC address
@@ -31,37 +27,39 @@ public class PrivacyUtils {
 				+ address.substring(14, 17);
 	}

+	@Nullable
 	public static String scrubInetAddress(InetAddress address) {
-		if (address instanceof Inet4Address) {
-			// Don't scrub local IPv4 addresses
-			if (address.isLoopbackAddress() || address.isLinkLocalAddress() ||
-					address.isSiteLocalAddress()) {
-				return address.getHostAddress();
-			}
-			// Keep first and last octet of non-local IPv4 addresses
-			return scrubIpv4Address(address.getAddress());
-		} else {
-			// Keep first and last octet of IPv6 addresses
-			return scrubIpv6Address(address.getAddress());
-		}
+		// don't scrub link and site local addresses
+		if (address.isLinkLocalAddress() || address.isSiteLocalAddress())
+			return address.toString();
+		// completely scrub IPv6 addresses
+		if (address instanceof Inet6Address) return "[scrubbed]";
+		// keep first and last octet of IPv4 addresses
+		return scrubInetAddress(address.toString());
 	}

-	private static String scrubIpv4Address(byte[] ipv4) {
-		return (ipv4[0] & 0xFF) + ".[scrubbed]." + (ipv4[3] & 0xFF);
-	}
-
-	private static String scrubIpv6Address(byte[] ipv6) {
-		String hex = toHexString(ipv6).toLowerCase();
-		return hex.substring(0, 2) + "[scrubbed]" + hex.substring(30);
+	@Nullable
+	public static String scrubInetAddress(@Nullable String address) {
+		if (address == null) return null;
+
+		int firstDot = address.indexOf(".");
+		if (firstDot == -1) return "[scrubbed]";
+		String prefix = address.substring(0, firstDot + 1);
+		int lastDot = address.lastIndexOf(".");
+		String suffix = address.substring(lastDot, address.length());
+		return prefix + "[scrubbed]" + suffix;
 	}

+	@Nullable
 	public static String scrubSocketAddress(InetSocketAddress address) {
-		return scrubInetAddress(address.getAddress());
+		InetAddress inetAddress = address.getAddress();
+		return scrubInetAddress(inetAddress);
 	}

+	@Nullable
 	public static String scrubSocketAddress(SocketAddress address) {
 		if (address instanceof InetSocketAddress)
 			return scrubSocketAddress((InetSocketAddress) address);
-		return "[scrubbed]";
+		return scrubInetAddress(address.toString());
 	}
 }
--- a/bramble-api/witness.gradle
+++ b/bramble-api/witness.gradle
@@ -2,7 +2,7 @@ dependencyVerification {
    verify = [
        'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
        'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
-        'com.google.dagger:dagger:2.24:dagger-2.24.jar:550a6e46a6dfcdf1d764887b6090cea94f783327e50e5c73754f18facfc70b64',
+        'com.google.dagger:dagger:2.22.1:dagger-2.22.1.jar:329d4340f24c4f5717af016c097e90668bfea2a5376e6aa9964b01cef3fd241a',
        'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
        'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
        'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',
--- a/bramble-core/build.gradle
+++ b/bramble-core/build.gradle
@@ -17,7 +17,7 @@ dependencies {
 	implementation 'org.whispersystems:curve25519-java:0.5.0'
 	implementation 'org.briarproject:jtorctl:0.3'

-	annotationProcessor 'com.google.dagger:dagger-compiler:2.24'
+	annotationProcessor 'com.google.dagger:dagger-compiler:2.22.1'

 	testImplementation project(path: ':bramble-api', configuration: 'testOutput')
 	testImplementation 'org.hsqldb:hsqldb:2.3.5' // The last version that supports Java 1.6
@@ -26,7 +26,7 @@ dependencies {
 	testImplementation "org.jmock:jmock-junit4:2.8.2"
 	testImplementation "org.jmock:jmock-legacy:2.8.2"

-	testAnnotationProcessor 'com.google.dagger:dagger-compiler:2.24'
+	testAnnotationProcessor 'com.google.dagger:dagger-compiler:2.22.1'

 	signature 'org.codehaus.mojo.signature:java16:1.1@signature'
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreEagerSingletons.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreEagerSingletons.java
@@ -39,21 +39,18 @@ public interface BrambleCoreEagerSingletons {

 	void inject(VersioningModule.EagerSingletons init);

-	class Helper {
-
-		public static void injectEagerSingletons(BrambleCoreEagerSingletons c) {
-			c.inject(new ContactModule.EagerSingletons());
-			c.inject(new CryptoExecutorModule.EagerSingletons());
-			c.inject(new DatabaseExecutorModule.EagerSingletons());
-			c.inject(new IdentityModule.EagerSingletons());
-			c.inject(new LifecycleModule.EagerSingletons());
-			c.inject(new RendezvousModule.EagerSingletons());
-			c.inject(new PluginModule.EagerSingletons());
-			c.inject(new PropertiesModule.EagerSingletons());
-			c.inject(new SystemModule.EagerSingletons());
-			c.inject(new TransportModule.EagerSingletons());
-			c.inject(new ValidationModule.EagerSingletons());
-			c.inject(new VersioningModule.EagerSingletons());
-		}
+	default void injectBrambleCoreEagerSingletons() {
+		inject(new ContactModule.EagerSingletons());
+		inject(new CryptoExecutorModule.EagerSingletons());
+		inject(new DatabaseExecutorModule.EagerSingletons());
+		inject(new IdentityModule.EagerSingletons());
+		inject(new LifecycleModule.EagerSingletons());
+		inject(new RendezvousModule.EagerSingletons());
+		inject(new PluginModule.EagerSingletons());
+		inject(new PropertiesModule.EagerSingletons());
+		inject(new SystemModule.EagerSingletons());
+		inject(new TransportModule.EagerSingletons());
+		inject(new ValidationModule.EagerSingletons());
+		inject(new VersioningModule.EagerSingletons());
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreModule.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreModule.java
@@ -1,7 +1,6 @@
 package org.briarproject.bramble;

 import org.briarproject.bramble.client.ClientModule;
-import org.briarproject.bramble.connection.ConnectionModule;
 import org.briarproject.bramble.contact.ContactModule;
 import org.briarproject.bramble.crypto.CryptoExecutorModule;
 import org.briarproject.bramble.crypto.CryptoModule;
@@ -10,7 +9,6 @@ import org.briarproject.bramble.db.DatabaseExecutorModule;
 import org.briarproject.bramble.db.DatabaseModule;
 import org.briarproject.bramble.event.EventModule;
 import org.briarproject.bramble.identity.IdentityModule;
-import org.briarproject.bramble.io.IoModule;
 import org.briarproject.bramble.keyagreement.KeyAgreementModule;
 import org.briarproject.bramble.lifecycle.LifecycleModule;
 import org.briarproject.bramble.plugin.PluginModule;
@@ -29,7 +27,6 @@ import dagger.Module;

@Module(includes = {
 		ClientModule.class,
-		ConnectionModule.class,
 		ContactModule.class,
 		CryptoModule.class,
 		CryptoExecutorModule.class,
@@ -38,7 +35,6 @@ import dagger.Module;
 		DatabaseExecutorModule.class,
 		EventModule.class,
 		IdentityModule.class,
-		IoModule.class,
 		KeyAgreementModule.class,
 		LifecycleModule.class,
 		PluginModule.class,
@@ -54,4 +50,8 @@ import dagger.Module;
 		VersioningModule.class
 })
 public class BrambleCoreModule {
+
+	public static void initEagerSingletons(BrambleCoreEagerSingletons c) {
+		c.injectBrambleCoreEagerSingletons();
+	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/account/AccountManagerImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/account/AccountManagerImpl.java
@@ -2,8 +2,6 @@ package org.briarproject.bramble.account;

 import org.briarproject.bramble.api.account.AccountManager;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
-import org.briarproject.bramble.api.crypto.DecryptionException;
-import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.identity.Identity;
@@ -18,15 +16,12 @@ import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
-import java.nio.charset.Charset;
 import java.util.logging.Logger;

 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;

 import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_CIPHERTEXT;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.StringUtils.fromHexString;
 import static org.briarproject.bramble.util.StringUtils.toHexString;
@@ -73,10 +68,9 @@ class AccountManagerImpl implements AccountManager {
 		return databaseKey;
 	}

-	// Package access for testing
-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	@Nullable
-	String loadEncryptedDatabaseKey() {
+	protected String loadEncryptedDatabaseKey() {
 		String key = readDbKeyFromFile(dbKeyFile);
 		if (key == null) {
 			LOG.info("No database key in primary file");
@@ -89,7 +83,7 @@ class AccountManagerImpl implements AccountManager {
 		return key;
 	}

-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	@Nullable
 	private String readDbKeyFromFile(File f) {
 		if (!f.exists()) {
@@ -98,7 +92,7 @@ class AccountManagerImpl implements AccountManager {
 		}
 		try {
 			BufferedReader reader = new BufferedReader(new InputStreamReader(
-					new FileInputStream(f), Charset.forName("UTF-8")));
+					new FileInputStream(f), "UTF-8"));
 			String key = reader.readLine();
 			reader.close();
 			return key;
@@ -108,9 +102,8 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}

-	// Package access for testing
-	@GuardedBy("stateChangeLock")
-	boolean storeEncryptedDatabaseKey(String hex) {
+	// Locking: stateChangeLock
+	protected boolean storeEncryptedDatabaseKey(String hex) {
 		LOG.info("Storing database key in file");
 		// Create the directory if necessary
 		if (databaseConfig.getDatabaseKeyDirectory().mkdirs())
@@ -147,10 +140,10 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}

-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	private void writeDbKeyToFile(String key, File f) throws IOException {
 		FileOutputStream out = new FileOutputStream(f);
-		out.write(key.getBytes(Charset.forName("UTF-8")));
+		out.write(key.getBytes("UTF-8"));
 		out.flush();
 		out.close();
 	}
@@ -158,7 +151,8 @@ class AccountManagerImpl implements AccountManager {
 	@Override
 	public boolean accountExists() {
 		synchronized (stateChangeLock) {
-			return loadEncryptedDatabaseKey() != null;
+			return loadEncryptedDatabaseKey() != null
+					&& databaseConfig.getDatabaseDirectory().isDirectory();
 		}
 	}

@@ -176,11 +170,10 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}

-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	private boolean encryptAndStoreDatabaseKey(SecretKey key, String password) {
 		byte[] plaintext = key.getBytes();
-		byte[] ciphertext = crypto.encryptWithPassword(plaintext, password,
-				databaseConfig.getKeyStrengthener());
+		byte[] ciphertext = crypto.encryptWithPassword(plaintext, password);
 		return storeEncryptedDatabaseKey(toHexString(ciphertext));
 	}

@@ -195,41 +188,37 @@ class AccountManagerImpl implements AccountManager {
 	}

 	@Override
-	public void signIn(String password) throws DecryptionException {
+	public boolean signIn(String password) {
 		synchronized (stateChangeLock) {
-			databaseKey = loadAndDecryptDatabaseKey(password);
+			SecretKey key = loadAndDecryptDatabaseKey(password);
+			if (key == null) return false;
+			databaseKey = key;
+			return true;
 		}
 	}

-	@GuardedBy("stateChangeLock")
-	private SecretKey loadAndDecryptDatabaseKey(String password)
-			throws DecryptionException {
+	// Locking: stateChangeLock
+	@Nullable
+	private SecretKey loadAndDecryptDatabaseKey(String password) {
 		String hex = loadEncryptedDatabaseKey();
 		if (hex == null) {
 			LOG.warning("Failed to load encrypted database key");
-			throw new DecryptionException(INVALID_CIPHERTEXT);
+			return null;
 		}
 		byte[] ciphertext = fromHexString(hex);
-		KeyStrengthener keyStrengthener = databaseConfig.getKeyStrengthener();
-		byte[] plaintext = crypto.decryptWithPassword(ciphertext, password,
-				keyStrengthener);
-		SecretKey key = new SecretKey(plaintext);
-		// If the DB key was encrypted with a weak key and a key strengthener
-		// is now available, re-encrypt the DB key with a strengthened key
-		if (keyStrengthener != null &&
-				!crypto.isEncryptedWithStrengthenedKey(ciphertext)) {
-			LOG.info("Re-encrypting database key with strengthened key");
-			encryptAndStoreDatabaseKey(key, password);
+		byte[] plaintext = crypto.decryptWithPassword(ciphertext, password);
+		if (plaintext == null) {
+			LOG.info("Failed to decrypt database key");
+			return null;
 		}
-		return key;
+		return new SecretKey(plaintext);
 	}

 	@Override
-	public void changePassword(String oldPassword, String newPassword)
-			throws DecryptionException {
+	public boolean changePassword(String oldPassword, String newPassword) {
 		synchronized (stateChangeLock) {
 			SecretKey key = loadAndDecryptDatabaseKey(oldPassword);
-			encryptAndStoreDatabaseKey(key, newPassword);
+			return key != null && encryptAndStoreDatabaseKey(key, newPassword);
 		}
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/Connection.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/Connection.java
@@ -1,79 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.logging.Logger;
-
-import javax.annotation.Nullable;
-
-import static java.util.logging.Level.WARNING;
-import static java.util.logging.Logger.getLogger;
-import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
-import static org.briarproject.bramble.util.IoUtils.read;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-abstract class Connection {
-
-	protected static final Logger LOG = getLogger(Connection.class.getName());
-
-	final KeyManager keyManager;
-	final ConnectionRegistry connectionRegistry;
-	final StreamReaderFactory streamReaderFactory;
-	final StreamWriterFactory streamWriterFactory;
-
-	Connection(KeyManager keyManager, ConnectionRegistry connectionRegistry,
-			StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory) {
-		this.keyManager = keyManager;
-		this.connectionRegistry = connectionRegistry;
-		this.streamReaderFactory = streamReaderFactory;
-		this.streamWriterFactory = streamWriterFactory;
-	}
-
-	@Nullable
-	StreamContext recogniseTag(TransportConnectionReader reader,
-			TransportId transportId) {
-		StreamContext ctx;
-		try {
-			byte[] tag = readTag(reader.getInputStream());
-			return keyManager.getStreamContext(transportId, tag);
-		} catch (IOException | DbException e) {
-			logException(LOG, WARNING, e);
-			return null;
-		}
-	}
-
-	private byte[] readTag(InputStream in) throws IOException {
-		byte[] tag = new byte[TAG_LENGTH];
-		read(in, tag);
-		return tag;
-	}
-
-	void disposeOnError(TransportConnectionReader reader, boolean recognised) {
-		try {
-			reader.dispose(true, recognised);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-		}
-	}
-
-	void disposeOnError(TransportConnectionWriter writer) {
-		try {
-			writer.dispose(true);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-		}
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionManagerImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionManagerImpl.java
@@ -1,114 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionManager;
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.contact.ContactExchangeManager;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.HandshakeManager;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.properties.TransportPropertyManager;
-import org.briarproject.bramble.api.sync.SyncSessionFactory;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.security.SecureRandom;
-import java.util.concurrent.Executor;
-
-import javax.annotation.concurrent.Immutable;
-import javax.inject.Inject;
-
-@Immutable
-@NotNullByDefault
-class ConnectionManagerImpl implements ConnectionManager {
-
-	private final Executor ioExecutor;
-	private final KeyManager keyManager;
-	private final StreamReaderFactory streamReaderFactory;
-	private final StreamWriterFactory streamWriterFactory;
-	private final SyncSessionFactory syncSessionFactory;
-	private final HandshakeManager handshakeManager;
-	private final ContactExchangeManager contactExchangeManager;
-	private final ConnectionRegistry connectionRegistry;
-	private final TransportPropertyManager transportPropertyManager;
-	private final SecureRandom secureRandom;
-
-	@Inject
-	ConnectionManagerImpl(@IoExecutor Executor ioExecutor,
-			KeyManager keyManager, StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			SyncSessionFactory syncSessionFactory,
-			HandshakeManager handshakeManager,
-			ContactExchangeManager contactExchangeManager,
-			ConnectionRegistry connectionRegistry,
-			TransportPropertyManager transportPropertyManager,
-			SecureRandom secureRandom) {
-		this.ioExecutor = ioExecutor;
-		this.keyManager = keyManager;
-		this.streamReaderFactory = streamReaderFactory;
-		this.streamWriterFactory = streamWriterFactory;
-		this.syncSessionFactory = syncSessionFactory;
-		this.handshakeManager = handshakeManager;
-		this.contactExchangeManager = contactExchangeManager;
-		this.connectionRegistry = connectionRegistry;
-		this.transportPropertyManager = transportPropertyManager;
-		this.secureRandom = secureRandom;
-	}
-
-
-	@Override
-	public void manageIncomingConnection(TransportId t,
-			TransportConnectionReader r) {
-		ioExecutor.execute(new IncomingSimplexSyncConnection(keyManager,
-				connectionRegistry, streamReaderFactory, streamWriterFactory,
-				syncSessionFactory, transportPropertyManager, t, r));
-	}
-
-	@Override
-	public void manageIncomingConnection(TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new IncomingDuplexSyncConnection(keyManager,
-				connectionRegistry, streamReaderFactory, streamWriterFactory,
-				syncSessionFactory, transportPropertyManager, ioExecutor,
-				t, d));
-	}
-
-	@Override
-	public void manageIncomingConnection(PendingContactId p, TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new IncomingHandshakeConnection(keyManager,
-				connectionRegistry, streamReaderFactory, streamWriterFactory,
-				handshakeManager, contactExchangeManager, this, p, t, d));
-	}
-
-	@Override
-	public void manageOutgoingConnection(ContactId c, TransportId t,
-			TransportConnectionWriter w) {
-		ioExecutor.execute(new OutgoingSimplexSyncConnection(keyManager,
-				connectionRegistry, streamReaderFactory, streamWriterFactory,
-				syncSessionFactory, transportPropertyManager, c, t, w));
-	}
-
-	@Override
-	public void manageOutgoingConnection(ContactId c, TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new OutgoingDuplexSyncConnection(keyManager,
-				connectionRegistry, streamReaderFactory, streamWriterFactory,
-				syncSessionFactory, transportPropertyManager, ioExecutor,
-				secureRandom, c, t, d));
-	}
-
-	@Override
-	public void manageOutgoingConnection(PendingContactId p, TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new OutgoingHandshakeConnection(keyManager,
-				connectionRegistry, streamReaderFactory, streamWriterFactory,
-				handshakeManager, contactExchangeManager, this, p, t, d));
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionModule.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionModule.java
@@ -1,26 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionManager;
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-
-import javax.inject.Singleton;
-
-import dagger.Module;
-import dagger.Provides;
-
-@Module
-public class ConnectionModule {
-
-	@Provides
-	ConnectionManager provideConnectionManager(
-			ConnectionManagerImpl connectionManager) {
-		return connectionManager;
-	}
-
-	@Provides
-	@Singleton
-	ConnectionRegistry provideConnectionRegistry(
-			ConnectionRegistryImpl connectionRegistry) {
-		return connectionRegistry;
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionRegistryImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionRegistryImpl.java
@@ -1,283 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.Bytes;
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.connection.InterruptibleConnection;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.event.EventBus;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.PluginConfig;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
-import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
-import org.briarproject.bramble.api.sync.Priority;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.logging.Logger;
-
-import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
-import javax.annotation.concurrent.ThreadSafe;
-import javax.inject.Inject;
-
-import static java.util.Collections.emptyList;
-import static java.util.logging.Level.INFO;
-import static java.util.logging.Logger.getLogger;
-
-@ThreadSafe
-@NotNullByDefault
-class ConnectionRegistryImpl implements ConnectionRegistry {
-
-	private static final Logger LOG =
-			getLogger(ConnectionRegistryImpl.class.getName());
-
-	private final EventBus eventBus;
-	private final Map<TransportId, List<TransportId>> transportPrefs;
-
-	private final Object lock = new Object();
-	@GuardedBy("lock")
-	private final Map<ContactId, List<ConnectionRecord>> contactConnections;
-	@GuardedBy("lock")
-	private final Set<PendingContactId> connectedPendingContacts;
-
-	@Inject
-	ConnectionRegistryImpl(EventBus eventBus, PluginConfig pluginConfig) {
-		this.eventBus = eventBus;
-		transportPrefs = pluginConfig.getTransportPreferences();
-		contactConnections = new HashMap<>();
-		connectedPendingContacts = new HashSet<>();
-	}
-
-	@Override
-	public void registerIncomingConnection(ContactId c, TransportId t,
-			InterruptibleConnection conn) {
-		registerConnection(c, t, conn, true);
-	}
-
-	@Override
-	public void registerOutgoingConnection(ContactId c, TransportId t,
-			InterruptibleConnection conn, Priority priority) {
-		registerConnection(c, t, conn, false);
-		setPriority(c, t, conn, priority);
-	}
-
-	private void registerConnection(ContactId c, TransportId t,
-			InterruptibleConnection conn, boolean incoming) {
-		if (LOG.isLoggable(INFO)) {
-			if (incoming) LOG.info("Incoming connection registered: " + t);
-			else LOG.info("Outgoing connection registered: " + t);
-		}
-		boolean firstConnection;
-		synchronized (lock) {
-			List<ConnectionRecord> recs = contactConnections.get(c);
-			if (recs == null) {
-				recs = new ArrayList<>();
-				contactConnections.put(c, recs);
-			}
-			firstConnection = recs.isEmpty();
-			recs.add(new ConnectionRecord(t, conn));
-		}
-		eventBus.broadcast(new ConnectionOpenedEvent(c, t, incoming));
-		if (firstConnection) {
-			LOG.info("Contact connected");
-			eventBus.broadcast(new ContactConnectedEvent(c));
-		}
-	}
-
-	@Override
-	public void setPriority(ContactId c, TransportId t,
-			InterruptibleConnection conn, Priority priority) {
-		if (LOG.isLoggable(INFO)) LOG.info("Setting connection priority: " + t);
-		List<InterruptibleConnection> toInterrupt;
-		boolean interruptNewConnection = false;
-		synchronized (lock) {
-			List<ConnectionRecord> recs = contactConnections.get(c);
-			if (recs == null) throw new IllegalArgumentException();
-			toInterrupt = new ArrayList<>(recs.size());
-			for (ConnectionRecord rec : recs) {
-				if (rec.conn == conn) {
-					// Store the priority of this connection
-					rec.priority = priority;
-				} else if (rec.priority != null) {
-					int compare = compareConnections(t, priority,
-							rec.transportId, rec.priority);
-					if (compare == -1) {
-						// The old connection is better than the new one
-						interruptNewConnection = true;
-					} else if (compare == 1 && !rec.interrupted) {
-						// The new connection is better than the old one
-						toInterrupt.add(rec.conn);
-						rec.interrupted = true;
-					}
-				}
-			}
-		}
-		if (interruptNewConnection) {
-			LOG.info("Interrupting new connection");
-			conn.interruptOutgoingSession();
-		}
-		for (InterruptibleConnection old : toInterrupt) {
-			LOG.info("Interrupting old connection");
-			old.interruptOutgoingSession();
-		}
-	}
-
-	private int compareConnections(TransportId tA, Priority pA, TransportId tB,
-			Priority pB) {
-		if (getBetterTransports(tA).contains(tB)) return -1;
-		if (getBetterTransports(tB).contains(tA)) return 1;
-		return tA.equals(tB) ? Bytes.compare(pA.getNonce(), pB.getNonce()) : 0;
-	}
-
-	private List<TransportId> getBetterTransports(TransportId t) {
-		List<TransportId> better = transportPrefs.get(t);
-		return better == null ? emptyList() : better;
-	}
-
-	@Override
-	public void unregisterConnection(ContactId c, TransportId t,
-			InterruptibleConnection conn, boolean incoming, boolean exception) {
-		if (LOG.isLoggable(INFO)) {
-			if (incoming) LOG.info("Incoming connection unregistered: " + t);
-			else LOG.info("Outgoing connection unregistered: " + t);
-		}
-		boolean lastConnection;
-		synchronized (lock) {
-			List<ConnectionRecord> recs = contactConnections.get(c);
-			if (recs == null || !recs.remove(new ConnectionRecord(t, conn)))
-				throw new IllegalArgumentException();
-			lastConnection = recs.isEmpty();
-		}
-		eventBus.broadcast(
-				new ConnectionClosedEvent(c, t, incoming, exception));
-		if (lastConnection) {
-			LOG.info("Contact disconnected");
-			eventBus.broadcast(new ContactDisconnectedEvent(c));
-		}
-	}
-
-	@Override
-	public Collection<ContactId> getConnectedContacts(TransportId t) {
-		synchronized (lock) {
-			List<ContactId> contactIds = new ArrayList<>();
-			for (Entry<ContactId, List<ConnectionRecord>> e :
-					contactConnections.entrySet()) {
-				for (ConnectionRecord rec : e.getValue()) {
-					if (rec.transportId.equals(t)) {
-						contactIds.add(e.getKey());
-						break;
-					}
-				}
-			}
-			if (LOG.isLoggable(INFO)) {
-				LOG.info(contactIds.size() + " contacts connected: " + t);
-			}
-			return contactIds;
-		}
-	}
-
-	@Override
-	public Collection<ContactId> getConnectedOrBetterContacts(TransportId t) {
-		synchronized (lock) {
-			List<TransportId> better = getBetterTransports(t);
-			List<ContactId> contactIds = new ArrayList<>();
-			for (Entry<ContactId, List<ConnectionRecord>> e :
-					contactConnections.entrySet()) {
-				for (ConnectionRecord rec : e.getValue()) {
-					if (rec.transportId.equals(t) ||
-							better.contains(rec.transportId)) {
-						contactIds.add(e.getKey());
-						break;
-					}
-				}
-			}
-			if (LOG.isLoggable(INFO)) {
-				LOG.info(contactIds.size()
-						+ " contacts connected or better: " + t);
-			}
-			return contactIds;
-		}
-	}
-
-	@Override
-	public boolean isConnected(ContactId c, TransportId t) {
-		synchronized (lock) {
-			List<ConnectionRecord> recs = contactConnections.get(c);
-			if (recs == null) return false;
-			for (ConnectionRecord rec : recs) {
-				if (rec.transportId.equals(t)) return true;
-			}
-			return false;
-		}
-	}
-
-	@Override
-	public boolean isConnected(ContactId c) {
-		synchronized (lock) {
-			List<ConnectionRecord> recs = contactConnections.get(c);
-			return recs != null && !recs.isEmpty();
-		}
-	}
-
-	@Override
-	public boolean registerConnection(PendingContactId p) {
-		boolean added;
-		synchronized (lock) {
-			added = connectedPendingContacts.add(p);
-		}
-		if (added) eventBus.broadcast(new RendezvousConnectionOpenedEvent(p));
-		return added;
-	}
-
-	@Override
-	public void unregisterConnection(PendingContactId p, boolean success) {
-		synchronized (lock) {
-			if (!connectedPendingContacts.remove(p))
-				throw new IllegalArgumentException();
-		}
-		eventBus.broadcast(new RendezvousConnectionClosedEvent(p, success));
-	}
-
-	private static class ConnectionRecord {
-
-		private final TransportId transportId;
-		private final InterruptibleConnection conn;
-		@GuardedBy("lock")
-		@Nullable
-		private Priority priority = null;
-		@GuardedBy("lock")
-		private boolean interrupted = false;
-
-		private ConnectionRecord(TransportId transportId,
-				InterruptibleConnection conn) {
-			this.transportId = transportId;
-			this.conn = conn;
-		}
-
-		@Override
-		public boolean equals(Object o) {
-			if (o instanceof ConnectionRecord) {
-				return conn == ((ConnectionRecord) o).conn;
-			} else {
-				return false;
-			}
-		}
-
-		@Override
-		public int hashCode() {
-			return conn.hashCode();
-		}
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/DuplexSyncConnection.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/DuplexSyncConnection.java
@@ -1,109 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.connection.InterruptibleConnection;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.properties.TransportProperties;
-import org.briarproject.bramble.api.properties.TransportPropertyManager;
-import org.briarproject.bramble.api.sync.Priority;
-import org.briarproject.bramble.api.sync.SyncSession;
-import org.briarproject.bramble.api.sync.SyncSessionFactory;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriter;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-import java.util.concurrent.Executor;
-
-import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
-
-import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
-
-@NotNullByDefault
-abstract class DuplexSyncConnection extends SyncConnection
-		implements InterruptibleConnection {
-
-	final Executor ioExecutor;
-	final TransportId transportId;
-	final TransportConnectionReader reader;
-	final TransportConnectionWriter writer;
-	final TransportProperties remote;
-
-	private final Object interruptLock = new Object();
-
-	@GuardedBy("interruptLock")
-	@Nullable
-	private SyncSession outgoingSession = null;
-	@GuardedBy("interruptLock")
-	private boolean interruptWaiting = false;
-
-	@Override
-	public void interruptOutgoingSession() {
-		SyncSession out = null;
-		synchronized (interruptLock) {
-			if (outgoingSession == null) interruptWaiting = true;
-			else out = outgoingSession;
-		}
-		if (out != null) out.interrupt();
-	}
-
-	void setOutgoingSession(SyncSession outgoingSession) {
-		boolean interruptWasWaiting = false;
-		synchronized (interruptLock) {
-			this.outgoingSession = outgoingSession;
-			if (interruptWaiting) {
-				interruptWasWaiting = true;
-				interruptWaiting = false;
-			}
-		}
-		if (interruptWasWaiting) outgoingSession.interrupt();
-	}
-
-	DuplexSyncConnection(KeyManager keyManager,
-			ConnectionRegistry connectionRegistry,
-			StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			SyncSessionFactory syncSessionFactory,
-			TransportPropertyManager transportPropertyManager,
-			Executor ioExecutor, TransportId transportId,
-			DuplexTransportConnection connection) {
-		super(keyManager, connectionRegistry, streamReaderFactory,
-				streamWriterFactory, syncSessionFactory,
-				transportPropertyManager);
-		this.ioExecutor = ioExecutor;
-		this.transportId = transportId;
-		reader = connection.getReader();
-		writer = connection.getWriter();
-		remote = connection.getRemoteProperties();
-	}
-
-	void onReadError(boolean recognised) {
-		disposeOnError(reader, recognised);
-		disposeOnError(writer);
-		interruptOutgoingSession();
-	}
-
-	void onWriteError() {
-		disposeOnError(reader, true);
-		disposeOnError(writer);
-	}
-
-	SyncSession createDuplexOutgoingSession(StreamContext ctx,
-			TransportConnectionWriter w, @Nullable Priority priority)
-			throws IOException {
-		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
-				w.getOutputStream(), ctx);
-		ContactId c = requireNonNull(ctx.getContactId());
-		return syncSessionFactory.createDuplexOutgoingSession(c,
-				ctx.getTransportId(), w.getMaxLatency(), w.getMaxIdleTime(),
-				streamWriter, priority);
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/HandshakeConnection.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/HandshakeConnection.java
@@ -1,72 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionManager;
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.contact.ContactExchangeManager;
-import org.briarproject.bramble.api.contact.HandshakeManager;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import javax.annotation.Nullable;
-
-import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-abstract class HandshakeConnection extends Connection {
-
-	final HandshakeManager handshakeManager;
-	final ContactExchangeManager contactExchangeManager;
-	final ConnectionManager connectionManager;
-	final PendingContactId pendingContactId;
-	final TransportId transportId;
-	final DuplexTransportConnection connection;
-	final TransportConnectionReader reader;
-	final TransportConnectionWriter writer;
-
-	HandshakeConnection(KeyManager keyManager,
-			ConnectionRegistry connectionRegistry,
-			StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			HandshakeManager handshakeManager,
-			ContactExchangeManager contactExchangeManager,
-			ConnectionManager connectionManager,
-			PendingContactId pendingContactId,
-			TransportId transportId, DuplexTransportConnection connection) {
-		super(keyManager, connectionRegistry, streamReaderFactory,
-				streamWriterFactory);
-		this.handshakeManager = handshakeManager;
-		this.contactExchangeManager = contactExchangeManager;
-		this.connectionManager = connectionManager;
-		this.pendingContactId = pendingContactId;
-		this.transportId = transportId;
-		this.connection = connection;
-		reader = connection.getReader();
-		writer = connection.getWriter();
-	}
-
-	@Nullable
-	StreamContext allocateStreamContext(PendingContactId pendingContactId,
-			TransportId transportId) {
-		try {
-			return keyManager.getStreamContext(pendingContactId, transportId);
-		} catch (DbException e) {
-			logException(LOG, WARNING, e);
-			return null;
-		}
-	}
-
-	void onError(boolean recognised) {
-		disposeOnError(reader, recognised);
-		disposeOnError(writer);
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingDuplexSyncConnection.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingDuplexSyncConnection.java
@@ -1,107 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.properties.TransportPropertyManager;
-import org.briarproject.bramble.api.sync.PriorityHandler;
-import org.briarproject.bramble.api.sync.SyncSession;
-import org.briarproject.bramble.api.sync.SyncSessionFactory;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-import java.util.concurrent.Executor;
-
-import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-class IncomingDuplexSyncConnection extends DuplexSyncConnection
-		implements Runnable {
-
-	IncomingDuplexSyncConnection(KeyManager keyManager,
-			ConnectionRegistry connectionRegistry,
-			StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			SyncSessionFactory syncSessionFactory,
-			TransportPropertyManager transportPropertyManager,
-			Executor ioExecutor, TransportId transportId,
-			DuplexTransportConnection connection) {
-		super(keyManager, connectionRegistry, streamReaderFactory,
-				streamWriterFactory, syncSessionFactory,
-				transportPropertyManager, ioExecutor, transportId, connection);
-	}
-
-	@Override
-	public void run() {
-		// Read and recognise the tag
-		StreamContext ctx = recogniseTag(reader, transportId);
-		if (ctx == null) {
-			LOG.info("Unrecognised tag");
-			onReadError(false);
-			return;
-		}
-		ContactId contactId = ctx.getContactId();
-		if (contactId == null) {
-			LOG.warning("Expected contact tag, got rendezvous tag");
-			onReadError(true);
-			return;
-		}
-		if (ctx.isHandshakeMode()) {
-			// TODO: Support handshake mode for contacts
-			LOG.warning("Received handshake tag, expected rotation mode");
-			onReadError(true);
-			return;
-		}
-		connectionRegistry.registerIncomingConnection(contactId, transportId,
-				this);
-		// Start the outgoing session on another thread
-		ioExecutor.execute(() -> runOutgoingSession(contactId));
-		try {
-			// Store any transport properties discovered from the connection
-			transportPropertyManager.addRemotePropertiesFromConnection(
-					contactId, transportId, remote);
-			// Update the connection registry when we receive our priority
-			PriorityHandler handler = p -> connectionRegistry.setPriority(
-					contactId, transportId, this, p);
-			// Create and run the incoming session
-			createIncomingSession(ctx, reader, handler).run();
-			reader.dispose(false, true);
-			interruptOutgoingSession();
-			connectionRegistry.unregisterConnection(contactId, transportId,
-					this, true, false);
-		} catch (DbException | IOException e) {
-			logException(LOG, WARNING, e);
-			onReadError(true);
-			connectionRegistry.unregisterConnection(contactId, transportId,
-					this, true, true);
-		}
-	}
-
-	private void runOutgoingSession(ContactId contactId) {
-		// Allocate a stream context
-		StreamContext ctx = allocateStreamContext(contactId, transportId);
-		if (ctx == null) {
-			LOG.warning("Could not allocate stream context");
-			onWriteError();
-			return;
-		}
-		try {
-			// Create and run the outgoing session
-			SyncSession out = createDuplexOutgoingSession(ctx, writer, null);
-			setOutgoingSession(out);
-			out.run();
-			writer.dispose(false);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-			onWriteError();
-		}
-	}
-}
-
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingHandshakeConnection.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingHandshakeConnection.java
@@ -1,93 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionManager;
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.contact.ContactExchangeManager;
-import org.briarproject.bramble.api.contact.HandshakeManager;
-import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriter;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-class IncomingHandshakeConnection extends HandshakeConnection
-		implements Runnable {
-
-	IncomingHandshakeConnection(KeyManager keyManager,
-			ConnectionRegistry connectionRegistry,
-			StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			HandshakeManager handshakeManager,
-			ContactExchangeManager contactExchangeManager,
-			ConnectionManager connectionManager,
-			PendingContactId pendingContactId,
-			TransportId transportId, DuplexTransportConnection connection) {
-		super(keyManager, connectionRegistry, streamReaderFactory,
-				streamWriterFactory, handshakeManager, contactExchangeManager,
-				connectionManager, pendingContactId, transportId, connection);
-	}
-
-	@Override
-	public void run() {
-		// Read and recognise the tag
-		StreamContext ctxIn = recogniseTag(reader, transportId);
-		if (ctxIn == null) {
-			LOG.info("Unrecognised tag");
-			onError(false);
-			return;
-		}
-		PendingContactId inPendingContactId = ctxIn.getPendingContactId();
-		if (inPendingContactId == null) {
-			LOG.warning("Expected rendezvous tag, got contact tag");
-			onError(true);
-			return;
-		}
-		// Allocate the outgoing stream context
-		StreamContext ctxOut =
-				allocateStreamContext(pendingContactId, transportId);
-		if (ctxOut == null) {
-			LOG.warning("Could not allocate stream context");
-			onError(true);
-			return;
-		}
-		// Close the connection if it's redundant
-		if (!connectionRegistry.registerConnection(pendingContactId)) {
-			LOG.info("Redundant rendezvous connection");
-			onError(true);
-			return;
-		}
-		// Handshake and exchange contacts
-		try {
-			InputStream in = streamReaderFactory.createStreamReader(
-					reader.getInputStream(), ctxIn);
-			// Flush the output stream to send the outgoing stream header
-			StreamWriter out = streamWriterFactory.createStreamWriter(
-					writer.getOutputStream(), ctxOut);
-			out.getOutputStream().flush();
-			HandshakeResult result =
-					handshakeManager.handshake(pendingContactId, in, out);
-			contactExchangeManager.exchangeContacts(pendingContactId,
-					connection, result.getMasterKey(), result.isAlice(), false);
-			connectionRegistry.unregisterConnection(pendingContactId, true);
-			// Reuse the connection as a transport connection
-			connectionManager.manageIncomingConnection(transportId, connection);
-		} catch (IOException | DbException e) {
-			logException(LOG, WARNING, e);
-			onError(true);
-			connectionRegistry.unregisterConnection(pendingContactId, false);
-		}
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingSimplexSyncConnection.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingSimplexSyncConnection.java
@@ -1,79 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.properties.TransportPropertyManager;
-import org.briarproject.bramble.api.sync.PriorityHandler;
-import org.briarproject.bramble.api.sync.SyncSessionFactory;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-
-import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-class IncomingSimplexSyncConnection extends SyncConnection implements Runnable {
-
-	private final TransportId transportId;
-	private final TransportConnectionReader reader;
-
-	IncomingSimplexSyncConnection(KeyManager keyManager,
-			ConnectionRegistry connectionRegistry,
-			StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			SyncSessionFactory syncSessionFactory,
-			TransportPropertyManager transportPropertyManager,
-			TransportId transportId, TransportConnectionReader reader) {
-		super(keyManager, connectionRegistry, streamReaderFactory,
-				streamWriterFactory, syncSessionFactory,
-				transportPropertyManager);
-		this.transportId = transportId;
-		this.reader = reader;
-	}
-
-	@Override
-	public void run() {
-		// Read and recognise the tag
-		StreamContext ctx = recogniseTag(reader, transportId);
-		if (ctx == null) {
-			LOG.info("Unrecognised tag");
-			onError(false);
-			return;
-		}
-		ContactId contactId = ctx.getContactId();
-		if (contactId == null) {
-			LOG.warning("Received rendezvous stream, expected contact");
-			onError(true);
-			return;
-		}
-		if (ctx.isHandshakeMode()) {
-			// TODO: Support handshake mode for contacts
-			LOG.warning("Received handshake tag, expected rotation mode");
-			onError(true);
-			return;
-		}
-		try {
-			// We don't expect to receive a priority for this connection
-			PriorityHandler handler = p ->
-					LOG.info("Ignoring priority for simplex connection");
-			// Create and run the incoming session
-			createIncomingSession(ctx, reader, handler).run();
-			reader.dispose(false, true);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-			onError(true);
-		}
-	}
-
-	private void onError(boolean recognised) {
-		disposeOnError(reader, recognised);
-	}
-}
-
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingDuplexSyncConnection.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingDuplexSyncConnection.java
@@ -1,140 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.properties.TransportPropertyManager;
-import org.briarproject.bramble.api.sync.Priority;
-import org.briarproject.bramble.api.sync.PriorityHandler;
-import org.briarproject.bramble.api.sync.SyncSession;
-import org.briarproject.bramble.api.sync.SyncSessionFactory;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-import java.security.SecureRandom;
-import java.util.concurrent.Executor;
-
-import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.api.sync.SyncConstants.PRIORITY_NONCE_BYTES;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-class OutgoingDuplexSyncConnection extends DuplexSyncConnection
-		implements Runnable {
-
-	private final SecureRandom secureRandom;
-	private final ContactId contactId;
-
-	OutgoingDuplexSyncConnection(KeyManager keyManager,
-			ConnectionRegistry connectionRegistry,
-			StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			SyncSessionFactory syncSessionFactory,
-			TransportPropertyManager transportPropertyManager,
-			Executor ioExecutor, SecureRandom secureRandom, ContactId contactId,
-			TransportId transportId, DuplexTransportConnection connection) {
-		super(keyManager, connectionRegistry, streamReaderFactory,
-				streamWriterFactory, syncSessionFactory,
-				transportPropertyManager, ioExecutor, transportId, connection);
-		this.secureRandom = secureRandom;
-		this.contactId = contactId;
-	}
-
-	@Override
-	public void run() {
-		// Allocate a stream context
-		StreamContext ctx = allocateStreamContext(contactId, transportId);
-		if (ctx == null) {
-			LOG.warning("Could not allocate stream context");
-			onWriteError();
-			return;
-		}
-		if (ctx.isHandshakeMode()) {
-			// TODO: Support handshake mode for contacts
-			LOG.warning("Cannot use handshake mode stream context");
-			onWriteError();
-			return;
-		}
-		// Start the incoming session on another thread
-		Priority priority = generatePriority();
-		ioExecutor.execute(() -> runIncomingSession(priority));
-		try {
-			// Create and run the outgoing session
-			SyncSession out =
-					createDuplexOutgoingSession(ctx, writer, priority);
-			setOutgoingSession(out);
-			out.run();
-			writer.dispose(false);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-			onWriteError();
-		}
-	}
-
-	private void runIncomingSession(Priority priority) {
-		// Read and recognise the tag
-		StreamContext ctx = recogniseTag(reader, transportId);
-		// Unrecognised tags are suspicious in this case
-		if (ctx == null) {
-			LOG.warning("Unrecognised tag for returning stream");
-			onReadError();
-			return;
-		}
-		// Check that the stream comes from the expected contact
-		ContactId inContactId = ctx.getContactId();
-		if (inContactId == null) {
-			LOG.warning("Expected contact tag, got rendezvous tag");
-			onReadError();
-			return;
-		}
-		if (!contactId.equals(inContactId)) {
-			LOG.warning("Wrong contact ID for returning stream");
-			onReadError();
-			return;
-		}
-		if (ctx.isHandshakeMode()) {
-			// TODO: Support handshake mode for contacts
-			LOG.warning("Received handshake tag, expected rotation mode");
-			onReadError();
-			return;
-		}
-		connectionRegistry.registerOutgoingConnection(contactId, transportId,
-				this, priority);
-		try {
-			// Store any transport properties discovered from the connection
-			transportPropertyManager.addRemotePropertiesFromConnection(
-					contactId, transportId, remote);
-			// We don't expect to receive a priority for this connection
-			PriorityHandler handler = p ->
-					LOG.info("Ignoring priority for outgoing connection");
-			// Create and run the incoming session
-			createIncomingSession(ctx, reader, handler).run();
-			reader.dispose(false, true);
-			interruptOutgoingSession();
-			connectionRegistry.unregisterConnection(contactId, transportId,
-					this, false, false);
-		} catch (DbException | IOException e) {
-			logException(LOG, WARNING, e);
-			onReadError();
-			connectionRegistry.unregisterConnection(contactId, transportId,
-					this, false, true);
-		}
-	}
-
-	private void onReadError() {
-		// 'Recognised' is always true for outgoing connections
-		onReadError(true);
-	}
-
-	private Priority generatePriority() {
-		byte[] nonce = new byte[PRIORITY_NONCE_BYTES];
-		secureRandom.nextBytes(nonce);
-		return new Priority(nonce);
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingHandshakeConnection.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingHandshakeConnection.java
@@ -1,115 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionManager;
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.contact.Contact;
-import org.briarproject.bramble.api.contact.ContactExchangeManager;
-import org.briarproject.bramble.api.contact.HandshakeManager;
-import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriter;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-class OutgoingHandshakeConnection extends HandshakeConnection
-		implements Runnable {
-
-	OutgoingHandshakeConnection(KeyManager keyManager,
-			ConnectionRegistry connectionRegistry,
-			StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			HandshakeManager handshakeManager,
-			ContactExchangeManager contactExchangeManager,
-			ConnectionManager connectionManager,
-			PendingContactId pendingContactId,
-			TransportId transportId, DuplexTransportConnection connection) {
-		super(keyManager, connectionRegistry, streamReaderFactory,
-				streamWriterFactory, handshakeManager, contactExchangeManager,
-				connectionManager, pendingContactId, transportId, connection);
-	}
-
-	@Override
-	public void run() {
-		// Allocate the outgoing stream context
-		StreamContext ctxOut =
-				allocateStreamContext(pendingContactId, transportId);
-		if (ctxOut == null) {
-			LOG.warning("Could not allocate stream context");
-			onError();
-			return;
-		}
-		// Flush the output stream to send the outgoing stream header
-		StreamWriter out;
-		try {
-			out = streamWriterFactory.createStreamWriter(
-					writer.getOutputStream(), ctxOut);
-			out.getOutputStream().flush();
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-			onError();
-			return;
-		}
-		// Read and recognise the tag
-		StreamContext ctxIn = recogniseTag(reader, transportId);
-		// Unrecognised tags are suspicious in this case
-		if (ctxIn == null) {
-			LOG.warning("Unrecognised tag for returning stream");
-			onError();
-			return;
-		}
-		// Check that the stream comes from the expected pending contact
-		PendingContactId inPendingContactId = ctxIn.getPendingContactId();
-		if (inPendingContactId == null) {
-			LOG.warning("Expected rendezvous tag, got contact tag");
-			onError();
-			return;
-		}
-		if (!inPendingContactId.equals(pendingContactId)) {
-			LOG.warning("Wrong pending contact ID for returning stream");
-			onError();
-			return;
-		}
-		// Close the connection if it's redundant
-		if (!connectionRegistry.registerConnection(pendingContactId)) {
-			LOG.info("Redundant rendezvous connection");
-			onError();
-			return;
-		}
-		// Handshake and exchange contacts
-		try {
-			InputStream in = streamReaderFactory.createStreamReader(
-					reader.getInputStream(), ctxIn);
-			HandshakeResult result =
-					handshakeManager.handshake(pendingContactId, in, out);
-			Contact contact = contactExchangeManager.exchangeContacts(
-					pendingContactId, connection, result.getMasterKey(),
-					result.isAlice(), false);
-			connectionRegistry.unregisterConnection(pendingContactId, true);
-			// Reuse the connection as a transport connection
-			connectionManager.manageOutgoingConnection(contact.getId(),
-					transportId, connection);
-		} catch (IOException | DbException e) {
-			logException(LOG, WARNING, e);
-			onError();
-			connectionRegistry.unregisterConnection(pendingContactId, false);
-		}
-	}
-
-	private void onError() {
-		// 'Recognised' is always true for outgoing connections
-		onError(true);
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingSimplexSyncConnection.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingSimplexSyncConnection.java
@@ -1,78 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.properties.TransportPropertyManager;
-import org.briarproject.bramble.api.sync.SyncSession;
-import org.briarproject.bramble.api.sync.SyncSessionFactory;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriter;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-
-import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-class OutgoingSimplexSyncConnection extends SyncConnection implements Runnable {
-
-	private final ContactId contactId;
-	private final TransportId transportId;
-	private final TransportConnectionWriter writer;
-
-	OutgoingSimplexSyncConnection(KeyManager keyManager,
-			ConnectionRegistry connectionRegistry,
-			StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			SyncSessionFactory syncSessionFactory,
-			TransportPropertyManager transportPropertyManager,
-			ContactId contactId, TransportId transportId,
-			TransportConnectionWriter writer) {
-		super(keyManager, connectionRegistry, streamReaderFactory,
-				streamWriterFactory, syncSessionFactory,
-				transportPropertyManager);
-		this.contactId = contactId;
-		this.transportId = transportId;
-		this.writer = writer;
-	}
-
-	@Override
-	public void run() {
-		// Allocate a stream context
-		StreamContext ctx = allocateStreamContext(contactId, transportId);
-		if (ctx == null) {
-			LOG.warning("Could not allocate stream context");
-			onError();
-			return;
-		}
-		try {
-			// Create and run the outgoing session
-			createSimplexOutgoingSession(ctx, writer).run();
-			writer.dispose(false);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-			onError();
-		}
-	}
-
-	private void onError() {
-		disposeOnError(writer);
-	}
-
-	private SyncSession createSimplexOutgoingSession(StreamContext ctx,
-			TransportConnectionWriter w) throws IOException {
-		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
-				w.getOutputStream(), ctx);
-		ContactId c = requireNonNull(ctx.getContactId());
-		return syncSessionFactory.createSimplexOutgoingSession(c,
-				ctx.getTransportId(), w.getMaxLatency(), streamWriter);
-	}
-}
-
--- a/bramble-core/src/main/java/org/briarproject/bramble/connection/SyncConnection.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/connection/SyncConnection.java
@@ -1,64 +0,0 @@
-package org.briarproject.bramble.connection;
-
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.properties.TransportPropertyManager;
-import org.briarproject.bramble.api.sync.PriorityHandler;
-import org.briarproject.bramble.api.sync.SyncSession;
-import org.briarproject.bramble.api.sync.SyncSessionFactory;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import javax.annotation.Nullable;
-
-import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-class SyncConnection extends Connection {
-
-	final SyncSessionFactory syncSessionFactory;
-	final TransportPropertyManager transportPropertyManager;
-
-	SyncConnection(KeyManager keyManager, ConnectionRegistry connectionRegistry,
-			StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			SyncSessionFactory syncSessionFactory,
-			TransportPropertyManager transportPropertyManager) {
-		super(keyManager, connectionRegistry, streamReaderFactory,
-				streamWriterFactory);
-		this.syncSessionFactory = syncSessionFactory;
-		this.transportPropertyManager = transportPropertyManager;
-	}
-
-	@Nullable
-	StreamContext allocateStreamContext(ContactId contactId,
-			TransportId transportId) {
-		try {
-			return keyManager.getStreamContext(contactId, transportId);
-		} catch (DbException e) {
-			logException(LOG, WARNING, e);
-			return null;
-		}
-	}
-
-	SyncSession createIncomingSession(StreamContext ctx,
-			TransportConnectionReader r, PriorityHandler handler)
-			throws IOException {
-		InputStream streamReader = streamReaderFactory.createStreamReader(
-				r.getInputStream(), ctx);
-		ContactId c = requireNonNull(ctx.getContactId());
-		return syncSessionFactory
-				.createIncomingSession(c, streamReader, handler);
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/contact/ContactManagerImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/contact/ContactManagerImpl.java
@@ -139,8 +139,7 @@ class ContactManagerImpl implements ContactManager, EventListener {
 				pendingContactFactory.createPendingContact(link, alias);
 		Transaction txn = db.startTransaction(false);
 		try {
-			AuthorId local = identityManager.getLocalAuthor(txn).getId();
-			db.addPendingContact(txn, p, local);
+			db.addPendingContact(txn, p);
 			KeyPair ourKeyPair = identityManager.getHandshakeKeys(txn);
 			keyManager.addPendingContact(txn, p.getId(), p.getPublicKey(),
 					ourKeyPair);
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java
@@ -7,10 +7,8 @@ import net.i2p.crypto.eddsa.KeyPairGenerator;
 import org.briarproject.bramble.api.crypto.AgreementPrivateKey;
 import org.briarproject.bramble.api.crypto.AgreementPublicKey;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
-import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.KeyParser;
-import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.crypto.PrivateKey;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
@@ -40,9 +38,6 @@ import static java.lang.System.arraycopy;
 import static java.util.logging.Level.INFO;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
-import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_CIPHERTEXT;
-import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_PASSWORD;
-import static org.briarproject.bramble.api.crypto.DecryptionResult.KEY_STRENGTHENER_ERROR;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
 import static org.briarproject.bramble.util.LogUtils.logDuration;
 import static org.briarproject.bramble.util.LogUtils.now;
@@ -56,8 +51,7 @@ class CryptoComponentImpl implements CryptoComponent {
 	private static final int SIGNATURE_KEY_PAIR_BITS = 256;
 	private static final int STORAGE_IV_BYTES = 24; // 196 bits
 	private static final int PBKDF_SALT_BYTES = 32; // 256 bits
-	private static final byte PBKDF_FORMAT_SCRYPT = 0;
-	private static final byte PBKDF_FORMAT_SCRYPT_STRENGTHENED = 1;
+	private static final int PBKDF_FORMAT_SCRYPT = 0;

 	private final SecureRandom secureRandom;
 	private final PasswordBasedKdf passwordBasedKdf;
@@ -317,8 +311,7 @@ class CryptoComponentImpl implements CryptoComponent {
 	}

 	@Override
-	public byte[] encryptWithPassword(byte[] input, String password,
-			@Nullable KeyStrengthener keyStrengthener) {
+	public byte[] encryptWithPassword(byte[] input, String password) {
 		AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();
 		int macBytes = cipher.getMacBytes();
 		// Generate a random salt
@@ -326,9 +319,8 @@ class CryptoComponentImpl implements CryptoComponent {
 		secureRandom.nextBytes(salt);
 		// Calibrate the KDF
 		int cost = passwordBasedKdf.chooseCostParameter();
-		// Derive the encryption key from the password
+		// Derive the key from the password
 		SecretKey key = passwordBasedKdf.deriveKey(password, salt, cost);
-		if (keyStrengthener != null) key = keyStrengthener.strengthenKey(key);
 		// Generate a random IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
 		secureRandom.nextBytes(iv);
@@ -339,9 +331,7 @@ class CryptoComponentImpl implements CryptoComponent {
 		byte[] output = new byte[outputLen];
 		int outputOff = 0;
 		// Format version
-		byte formatVersion = keyStrengthener == null
-				? PBKDF_FORMAT_SCRYPT : PBKDF_FORMAT_SCRYPT_STRENGTHENED;
-		output[outputOff] = formatVersion;
+		output[outputOff] = PBKDF_FORMAT_SCRYPT;
 		outputOff++;
 		// Salt
 		arraycopy(salt, 0, output, outputOff, salt.length);
@@ -363,26 +353,21 @@ class CryptoComponentImpl implements CryptoComponent {
 	}

 	@Override
-	public byte[] decryptWithPassword(byte[] input, String password,
-			@Nullable KeyStrengthener keyStrengthener)
-			throws DecryptionException {
+	@Nullable
+	public byte[] decryptWithPassword(byte[] input, String password) {
 		AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();
 		int macBytes = cipher.getMacBytes();
 		// The input contains the format version, salt, cost parameter, IV,
 		// ciphertext and MAC
 		if (input.length < 1 + PBKDF_SALT_BYTES + INT_32_BYTES
-				+ STORAGE_IV_BYTES + macBytes) {
-			throw new DecryptionException(INVALID_CIPHERTEXT);
-		}
+				+ STORAGE_IV_BYTES + macBytes)
+			return null; // Invalid input
 		int inputOff = 0;
 		// Format version
 		byte formatVersion = input[inputOff];
 		inputOff++;
-		// Check whether we support this format version
-		if (formatVersion != PBKDF_FORMAT_SCRYPT &&
-				formatVersion != PBKDF_FORMAT_SCRYPT_STRENGTHENED) {
-			throw new DecryptionException(INVALID_CIPHERTEXT);
-		}
+		if (formatVersion != PBKDF_FORMAT_SCRYPT)
+			return null; // Unknown format
 		// Salt
 		byte[] salt = new byte[PBKDF_SALT_BYTES];
 		arraycopy(input, inputOff, salt, 0, salt.length);
@@ -390,22 +375,14 @@ class CryptoComponentImpl implements CryptoComponent {
 		// Cost parameter
 		long cost = ByteUtils.readUint32(input, inputOff);
 		inputOff += INT_32_BYTES;
-		if (cost < 2 || cost > Integer.MAX_VALUE) {
-			throw new DecryptionException(INVALID_CIPHERTEXT);
-		}
+		if (cost < 2 || cost > Integer.MAX_VALUE)
+			return null; // Invalid cost parameter
 		// IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
 		arraycopy(input, inputOff, iv, 0, iv.length);
 		inputOff += iv.length;
-		// Derive the decryption key from the password
+		// Derive the key from the password
 		SecretKey key = passwordBasedKdf.deriveKey(password, salt, (int) cost);
-		if (formatVersion == PBKDF_FORMAT_SCRYPT_STRENGTHENED) {
-			if (keyStrengthener == null || !keyStrengthener.isInitialised()) {
-				// Can't derive the same strengthened key
-				throw new DecryptionException(KEY_STRENGTHENER_ERROR);
-			}
-			key = keyStrengthener.strengthenKey(key);
-		}
 		// Initialise the cipher
 		try {
 			cipher.init(false, key, iv);
@@ -419,16 +396,10 @@ class CryptoComponentImpl implements CryptoComponent {
 			cipher.process(input, inputOff, inputLen, output, 0);
 			return output;
 		} catch (GeneralSecurityException e) {
-			throw new DecryptionException(INVALID_PASSWORD);
+			return null; // Invalid ciphertext
 		}
 	}

-	@Override
-	public boolean isEncryptedWithStrengthenedKey(byte[] ciphertext) {
-		return ciphertext.length > 0 &&
-				ciphertext[0] == PBKDF_FORMAT_SCRYPT_STRENGTHENED;
-	}
-
 	@Override
 	public byte[] encryptToKey(PublicKey publicKey, byte[] plaintext) {
 		try {
--- a/bramble-core/src/main/java/org/briarproject/bramble/db/Database.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/db/Database.java
@@ -267,16 +267,6 @@ interface Database<T> {
 	 */
 	Collection<ContactId> getContacts(T txn, AuthorId local) throws DbException;

-	/**
-	 * Returns the contact with the given {@code handshakePublicKey}
-	 * for the given local pseudonym or {@code null} if none exists.
-	 * <p/>
-	 * Read-only.
-	 */
-	@Nullable
-	Contact getContact(T txn, PublicKey handshakePublicKey, AuthorId local)
-			throws DbException;
-
 	/**
 	 * Returns the group with the given ID.
 	 * <p/>
--- a/bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseComponentImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseComponentImpl.java
@@ -291,17 +291,12 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}

 	@Override
-	public void addPendingContact(Transaction transaction, PendingContact p,
-			AuthorId local) throws DbException {
+	public void addPendingContact(Transaction transaction, PendingContact p)
+			throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
-		Contact contact = db.getContact(txn, p.getPublicKey(), local);
-		if (contact != null)
-			throw new ContactExistsException(local, contact.getAuthor());
-		if (db.containsPendingContact(txn, p.getId())) {
-			PendingContact existing = db.getPendingContact(txn, p.getId());
-			throw new PendingContactExistsException(existing);
-		}
+		if (db.containsPendingContact(txn, p.getId()))
+			throw new PendingContactExistsException();
 		db.addPendingContact(txn, p);
 		transaction.attach(new PendingContactAddedEvent(p));
 	}
--- a/bramble-core/src/main/java/org/briarproject/bramble/db/H2Database.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/db/H2Database.java
@@ -25,7 +25,6 @@ import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
-import static org.briarproject.bramble.util.IoUtils.isNonEmptyDirectory;
 import static org.briarproject.bramble.util.LogUtils.logFileOrDir;

 /**
@@ -70,9 +69,8 @@ class H2Database extends JdbcDatabase {
 			LOG.info("Contents of account directory before opening DB:");
 			logFileOrDir(LOG, INFO, dir.getParentFile());
 		}
-		boolean reopen = isNonEmptyDirectory(dir);
+		boolean reopen = !dir.mkdirs();
 		if (LOG.isLoggable(INFO)) LOG.info("Reopening DB: " + reopen);
-		if (!reopen && dir.mkdirs()) LOG.info("Created database directory");
 		super.open("org.h2.Driver", reopen, key, listener);
 		if (LOG.isLoggable(INFO)) {
 			LOG.info("Contents of account directory after opening DB:");
--- a/bramble-core/src/main/java/org/briarproject/bramble/db/HyperSqlDatabase.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/db/HyperSqlDatabase.java
@@ -20,11 +20,9 @@ import java.util.logging.Logger;
 import javax.annotation.Nullable;
 import javax.inject.Inject;

-import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
-import static org.briarproject.bramble.util.IoUtils.isNonEmptyDirectory;

 /**
 * Contains all the HSQLDB-specific code for the database.
@@ -66,10 +64,7 @@ class HyperSqlDatabase extends JdbcDatabase {
 	public boolean open(SecretKey key, @Nullable MigrationListener listener)
 			throws DbException {
 		this.key = key;
-		File dir = config.getDatabaseDirectory();
-		boolean reopen = isNonEmptyDirectory(dir);
-		if (LOG.isLoggable(INFO)) LOG.info("Reopening DB: " + reopen);
-		if (!reopen && dir.mkdirs()) LOG.info("Created database directory");
+		boolean reopen = !config.getDatabaseDirectory().mkdirs();
 		super.open("org.hsqldb.jdbc.JDBCDriver", reopen, key, listener);
 		return reopen;
 	}
--- a/bramble-core/src/main/java/org/briarproject/bramble/db/JdbcDatabase.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/db/JdbcDatabase.java
@@ -1465,47 +1465,6 @@ abstract class JdbcDatabase implements Database<Connection> {
 		}
 	}

-	@Nullable
-	@Override
-	public Contact getContact(Connection txn, PublicKey handshakePublicKey,
-			AuthorId localAuthorId) throws DbException {
-		PreparedStatement ps = null;
-		ResultSet rs = null;
-		try {
-			String sql = "SELECT contactId, authorId, formatVersion, name,"
-					+ " alias, publicKey, verified"
-					+ " FROM contacts"
-					+ " WHERE handshakePublicKey = ? AND localAuthorId = ?";
-			ps = txn.prepareStatement(sql);
-			ps.setBytes(1, handshakePublicKey.getEncoded());
-			ps.setBytes(2, localAuthorId.getBytes());
-			rs = ps.executeQuery();
-			if (!rs.next()) {
-				rs.close();
-				ps.close();
-				return null;
-			}
-			ContactId contactId = new ContactId(rs.getInt(1));
-			AuthorId authorId = new AuthorId(rs.getBytes(2));
-			int formatVersion = rs.getInt(3);
-			String name = rs.getString(4);
-			String alias = rs.getString(5);
-			PublicKey publicKey = new SignaturePublicKey(rs.getBytes(6));
-			boolean verified = rs.getBoolean(7);
-			if (rs.next()) throw new DbStateException();
-			rs.close();
-			ps.close();
-			Author author =
-					new Author(authorId, formatVersion, name, publicKey);
-			return new Contact(contactId, author, localAuthorId, alias,
-					handshakePublicKey, verified);
-		} catch (SQLException e) {
-			tryToClose(rs, LOG, WARNING);
-			tryToClose(ps, LOG, WARNING);
-			throw new DbException(e);
-		}
-	}
-
 	@Override
 	public Group getGroup(Connection txn, GroupId g) throws DbException {
 		PreparedStatement ps = null;
--- a/bramble-core/src/main/java/org/briarproject/bramble/io/IoModule.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/io/IoModule.java
@@ -1,18 +0,0 @@
-package org.briarproject.bramble.io;
-
-import org.briarproject.bramble.api.io.TimeoutMonitor;
-
-import javax.inject.Singleton;
-
-import dagger.Module;
-import dagger.Provides;
-
-@Module
-public class IoModule {
-
-	@Provides
-	@Singleton
-	TimeoutMonitor provideTimeoutMonitor(TimeoutMonitorImpl timeoutMonitor) {
-		return timeoutMonitor;
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/io/TimeoutInputStream.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/io/TimeoutInputStream.java
@@ -1,104 +0,0 @@
-package org.briarproject.bramble.io;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.system.Clock;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import javax.annotation.concurrent.GuardedBy;
-
-@NotNullByDefault
-class TimeoutInputStream extends InputStream {
-
-	private final Clock clock;
-	private final InputStream in;
-	private final long timeoutMs;
-	private final CloseListener listener;
-	private final Object lock = new Object();
-	@GuardedBy("lock")
-	private long readStartedMs = -1;
-
-	TimeoutInputStream(Clock clock, InputStream in, long timeoutMs,
-			CloseListener listener) {
-		this.clock = clock;
-		this.in = in;
-		this.timeoutMs = timeoutMs;
-		this.listener = listener;
-	}
-
-	@Override
-	public int read() throws IOException {
-		synchronized (lock) {
-			readStartedMs = clock.currentTimeMillis();
-		}
-		int input = in.read();
-		synchronized (lock) {
-			readStartedMs = -1;
-		}
-		return input;
-	}
-
-	@Override
-	public int read(byte[] b) throws IOException {
-		return read(b, 0, b.length);
-	}
-
-	@Override
-	public int read(byte[] b, int off, int len) throws IOException {
-		synchronized (lock) {
-			readStartedMs = clock.currentTimeMillis();
-		}
-		int read = in.read(b, off, len);
-		synchronized (lock) {
-			readStartedMs = -1;
-		}
-		return read;
-	}
-
-	@Override
-	public void close() throws IOException {
-		try {
-			in.close();
-		} finally {
-			listener.onClose(this);
-		}
-	}
-
-	@Override
-	public int available() throws IOException {
-		return in.available();
-	}
-
-	@Override
-	public void mark(int readlimit) {
-		in.mark(readlimit);
-	}
-
-	@Override
-	public boolean markSupported() {
-		return in.markSupported();
-	}
-
-	@Override
-	public void reset() throws IOException {
-		in.reset();
-	}
-
-	@Override
-	public long skip(long n) throws IOException {
-		return in.skip(n);
-	}
-
-	boolean hasTimedOut() {
-		synchronized (lock) {
-			return readStartedMs != -1 &&
-					clock.currentTimeMillis() - readStartedMs > timeoutMs;
-		}
-	}
-
-	interface CloseListener {
-
-		void onClose(TimeoutInputStream closed);
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/io/TimeoutMonitorImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/io/TimeoutMonitorImpl.java
@@ -1,96 +0,0 @@
-package org.briarproject.bramble.io;
-
-import org.briarproject.bramble.api.io.TimeoutMonitor;
-import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.system.Clock;
-import org.briarproject.bramble.api.system.Scheduler;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.concurrent.Executor;
-import java.util.concurrent.Future;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.logging.Logger;
-
-import javax.annotation.concurrent.GuardedBy;
-import javax.inject.Inject;
-
-import static java.util.concurrent.TimeUnit.MILLISECONDS;
-import static java.util.concurrent.TimeUnit.SECONDS;
-import static java.util.logging.Level.INFO;
-import static java.util.logging.Logger.getLogger;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-class TimeoutMonitorImpl implements TimeoutMonitor {
-
-	private static final Logger LOG =
-			getLogger(TimeoutMonitorImpl.class.getName());
-
-	private static final long CHECK_INTERVAL_MS = SECONDS.toMillis(10);
-
-	private final ScheduledExecutorService scheduler;
-	private final Executor ioExecutor;
-	private final Clock clock;
-	private final Object lock = new Object();
-	@GuardedBy("lock")
-	private final List<TimeoutInputStream> streams = new ArrayList<>();
-
-	@GuardedBy("lock")
-	private Future<?> task = null;
-
-	@Inject
-	TimeoutMonitorImpl(@Scheduler ScheduledExecutorService scheduler,
-			@IoExecutor Executor ioExecutor, Clock clock) {
-		this.scheduler = scheduler;
-		this.ioExecutor = ioExecutor;
-		this.clock = clock;
-	}
-
-	@Override
-	public InputStream createTimeoutInputStream(InputStream in,
-			long timeoutMs) {
-		TimeoutInputStream stream = new TimeoutInputStream(clock, in,
-				timeoutMs, this::removeStream);
-		synchronized (lock) {
-			if (streams.isEmpty()) {
-				task = scheduler.scheduleWithFixedDelay(this::checkTimeouts,
-						CHECK_INTERVAL_MS, CHECK_INTERVAL_MS, MILLISECONDS);
-			}
-			streams.add(stream);
-		}
-		return stream;
-	}
-
-	private void removeStream(TimeoutInputStream stream) {
-		Future<?> toCancel = null;
-		synchronized (lock) {
-			if (streams.remove(stream) && streams.isEmpty()) {
-				toCancel = task;
-				task = null;
-			}
-		}
-		if (toCancel != null) toCancel.cancel(false);
-	}
-
-	@Scheduler
-	private void checkTimeouts() {
-		ioExecutor.execute(() -> {
-			List<TimeoutInputStream> snapshot;
-			synchronized (lock) {
-				snapshot = new ArrayList<>(streams);
-			}
-			for (TimeoutInputStream stream : snapshot) {
-				if (stream.hasTimedOut()) {
-					LOG.info("Input stream has timed out");
-					try {
-						stream.close();
-					} catch (IOException e) {
-						logException(LOG, INFO, e);
-					}
-				}
-			}
-		});
-	}
-}
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/ConnectionManagerImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/ConnectionManagerImpl.java
@@ -0,0 +1,694 @@
+package org.briarproject.bramble.plugin;
+
+import org.briarproject.bramble.api.contact.Contact;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.ConnectionManager;
+import org.briarproject.bramble.api.plugin.ConnectionRegistry;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.concurrent.Executor;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+import javax.inject.Inject;
+
+import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
+import static org.briarproject.bramble.util.IoUtils.read;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class ConnectionManagerImpl implements ConnectionManager {
+
+	private static final Logger LOG =
+			getLogger(ConnectionManagerImpl.class.getName());
+
+	private final Executor ioExecutor;
+	private final KeyManager keyManager;
+	private final StreamReaderFactory streamReaderFactory;
+	private final StreamWriterFactory streamWriterFactory;
+	private final SyncSessionFactory syncSessionFactory;
+	private final HandshakeManager handshakeManager;
+	private final ContactExchangeManager contactExchangeManager;
+	private final ConnectionRegistry connectionRegistry;
+
+	@Inject
+	ConnectionManagerImpl(@IoExecutor Executor ioExecutor,
+			KeyManager keyManager, StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionRegistry connectionRegistry) {
+		this.ioExecutor = ioExecutor;
+		this.keyManager = keyManager;
+		this.streamReaderFactory = streamReaderFactory;
+		this.streamWriterFactory = streamWriterFactory;
+		this.syncSessionFactory = syncSessionFactory;
+		this.handshakeManager = handshakeManager;
+		this.contactExchangeManager = contactExchangeManager;
+		this.connectionRegistry = connectionRegistry;
+	}
+
+	@Override
+	public void manageIncomingConnection(TransportId t,
+			TransportConnectionReader r) {
+		ioExecutor.execute(new ManageIncomingSimplexConnection(t, r));
+	}
+
+	@Override
+	public void manageIncomingConnection(TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new ManageIncomingDuplexConnection(t, d));
+	}
+
+	@Override
+	public void manageIncomingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new ManageIncomingHandshakeConnection(p, t, d));
+	}
+
+	@Override
+	public void manageOutgoingConnection(ContactId c, TransportId t,
+			TransportConnectionWriter w) {
+		ioExecutor.execute(new ManageOutgoingSimplexConnection(c, t, w));
+	}
+
+	@Override
+	public void manageOutgoingConnection(ContactId c, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new ManageOutgoingDuplexConnection(c, t, d));
+	}
+
+	@Override
+	public void manageOutgoingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new ManageOutgoingHandshakeConnection(p, t, d));
+	}
+
+	private byte[] readTag(InputStream in) throws IOException {
+		byte[] tag = new byte[TAG_LENGTH];
+		read(in, tag);
+		return tag;
+	}
+
+	private SyncSession createIncomingSession(StreamContext ctx,
+			TransportConnectionReader r) throws IOException {
+		InputStream streamReader = streamReaderFactory.createStreamReader(
+				r.getInputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory.createIncomingSession(c, streamReader);
+	}
+
+	private SyncSession createSimplexOutgoingSession(StreamContext ctx,
+			TransportConnectionWriter w) throws IOException {
+		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
+				w.getOutputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory.createSimplexOutgoingSession(c,
+				w.getMaxLatency(), streamWriter);
+	}
+
+	private SyncSession createDuplexOutgoingSession(StreamContext ctx,
+			TransportConnectionWriter w) throws IOException {
+		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
+				w.getOutputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory.createDuplexOutgoingSession(c,
+				w.getMaxLatency(), w.getMaxIdleTime(), streamWriter);
+	}
+
+	private void disposeOnError(TransportConnectionReader reader,
+			boolean recognised) {
+		try {
+			reader.dispose(true, recognised);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+		}
+	}
+
+	private void disposeOnError(TransportConnectionWriter writer) {
+		try {
+			writer.dispose(true);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+		}
+	}
+
+	private class ManageIncomingSimplexConnection implements Runnable {
+
+		private final TransportId transportId;
+		private final TransportConnectionReader reader;
+
+		private ManageIncomingSimplexConnection(TransportId transportId,
+				TransportConnectionReader reader) {
+			this.transportId = transportId;
+			this.reader = reader;
+		}
+
+		@Override
+		public void run() {
+			// Read and recognise the tag
+			StreamContext ctx;
+			try {
+				byte[] tag = readTag(reader.getInputStream());
+				ctx = keyManager.getStreamContext(transportId, tag);
+			} catch (IOException | DbException e) {
+				logException(LOG, WARNING, e);
+				onError(false);
+				return;
+			}
+			if (ctx == null) {
+				LOG.info("Unrecognised tag");
+				onError(false);
+				return;
+			}
+			ContactId contactId = ctx.getContactId();
+			if (contactId == null) {
+				LOG.warning("Received rendezvous stream, expected contact");
+				onError(true);
+				return;
+			}
+			if (ctx.isHandshakeMode()) {
+				// TODO: Support handshake mode for contacts
+				LOG.warning("Received handshake tag, expected rotation mode");
+				onError(true);
+				return;
+			}
+			connectionRegistry.registerConnection(contactId, transportId, true);
+			try {
+				// Create and run the incoming session
+				createIncomingSession(ctx, reader).run();
+				reader.dispose(false, true);
+			} catch (IOException e) {
+				logException(LOG, WARNING, e);
+				onError(true);
+			} finally {
+				connectionRegistry.unregisterConnection(contactId, transportId,
+						true);
+			}
+		}
+
+		private void onError(boolean recognised) {
+			disposeOnError(reader, recognised);
+		}
+	}
+
+	private class ManageOutgoingSimplexConnection implements Runnable {
+
+		private final ContactId contactId;
+		private final TransportId transportId;
+		private final TransportConnectionWriter writer;
+
+		private ManageOutgoingSimplexConnection(ContactId contactId,
+				TransportId transportId, TransportConnectionWriter writer) {
+			this.contactId = contactId;
+			this.transportId = transportId;
+			this.writer = writer;
+		}
+
+		@Override
+		public void run() {
+			// Allocate a stream context
+			StreamContext ctx;
+			try {
+				ctx = keyManager.getStreamContext(contactId, transportId);
+			} catch (DbException e) {
+				logException(LOG, WARNING, e);
+				onError();
+				return;
+			}
+			if (ctx == null) {
+				LOG.warning("Could not allocate stream context");
+				onError();
+				return;
+			}
+			connectionRegistry.registerConnection(contactId, transportId,
+					false);
+			try {
+				// Create and run the outgoing session
+				createSimplexOutgoingSession(ctx, writer).run();
+				writer.dispose(false);
+			} catch (IOException e) {
+				logException(LOG, WARNING, e);
+				onError();
+			} finally {
+				connectionRegistry.unregisterConnection(contactId, transportId,
+						false);
+			}
+		}
+
+		private void onError() {
+			disposeOnError(writer);
+		}
+	}
+
+	private class ManageIncomingDuplexConnection implements Runnable {
+
+		private final TransportId transportId;
+		private final TransportConnectionReader reader;
+		private final TransportConnectionWriter writer;
+
+		@Nullable
+		private volatile SyncSession outgoingSession = null;
+
+		private ManageIncomingDuplexConnection(TransportId transportId,
+				DuplexTransportConnection connection) {
+			this.transportId = transportId;
+			reader = connection.getReader();
+			writer = connection.getWriter();
+		}
+
+		@Override
+		public void run() {
+			// Read and recognise the tag
+			StreamContext ctx;
+			try {
+				byte[] tag = readTag(reader.getInputStream());
+				ctx = keyManager.getStreamContext(transportId, tag);
+			} catch (IOException | DbException e) {
+				logException(LOG, WARNING, e);
+				onReadError(false);
+				return;
+			}
+			if (ctx == null) {
+				LOG.info("Unrecognised tag");
+				onReadError(false);
+				return;
+			}
+			ContactId contactId = ctx.getContactId();
+			if (contactId == null) {
+				LOG.warning("Expected contact tag, got rendezvous tag");
+				onReadError(true);
+				return;
+			}
+			if (ctx.isHandshakeMode()) {
+				// TODO: Support handshake mode for contacts
+				LOG.warning("Received handshake tag, expected rotation mode");
+				onReadError(true);
+				return;
+			}
+			connectionRegistry.registerConnection(contactId, transportId, true);
+			// Start the outgoing session on another thread
+			ioExecutor.execute(() -> runOutgoingSession(contactId));
+			try {
+				// Create and run the incoming session
+				createIncomingSession(ctx, reader).run();
+				reader.dispose(false, true);
+				// Interrupt the outgoing session so it finishes cleanly
+				SyncSession out = outgoingSession;
+				if (out != null) out.interrupt();
+			} catch (IOException e) {
+				logException(LOG, WARNING, e);
+				onReadError(true);
+			} finally {
+				connectionRegistry.unregisterConnection(contactId, transportId,
+						true);
+			}
+		}
+
+		private void runOutgoingSession(ContactId contactId) {
+			// Allocate a stream context
+			StreamContext ctx;
+			try {
+				ctx = keyManager.getStreamContext(contactId, transportId);
+			} catch (DbException e) {
+				logException(LOG, WARNING, e);
+				onWriteError();
+				return;
+			}
+			if (ctx == null) {
+				LOG.warning("Could not allocate stream context");
+				onWriteError();
+				return;
+			}
+			try {
+				// Create and run the outgoing session
+				SyncSession out = createDuplexOutgoingSession(ctx, writer);
+				outgoingSession = out;
+				out.run();
+				writer.dispose(false);
+			} catch (IOException e) {
+				logException(LOG, WARNING, e);
+				onWriteError();
+			}
+		}
+
+		private void onReadError(boolean recognised) {
+			disposeOnError(reader, recognised);
+			disposeOnError(writer);
+			// Interrupt the outgoing session so it finishes
+			SyncSession out = outgoingSession;
+			if (out != null) out.interrupt();
+		}
+
+		private void onWriteError() {
+			disposeOnError(reader, true);
+			disposeOnError(writer);
+		}
+	}
+
+	private class ManageOutgoingDuplexConnection implements Runnable {
+
+		private final ContactId contactId;
+		private final TransportId transportId;
+		private final TransportConnectionReader reader;
+		private final TransportConnectionWriter writer;
+
+		@Nullable
+		private volatile SyncSession outgoingSession = null;
+
+		private ManageOutgoingDuplexConnection(ContactId contactId,
+				TransportId transportId, DuplexTransportConnection connection) {
+			this.contactId = contactId;
+			this.transportId = transportId;
+			reader = connection.getReader();
+			writer = connection.getWriter();
+		}
+
+		@Override
+		public void run() {
+			// Allocate a stream context
+			StreamContext ctx;
+			try {
+				ctx = keyManager.getStreamContext(contactId, transportId);
+			} catch (DbException e) {
+				logException(LOG, WARNING, e);
+				onWriteError();
+				return;
+			}
+			if (ctx == null) {
+				LOG.warning("Could not allocate stream context");
+				onWriteError();
+				return;
+			}
+			if (ctx.isHandshakeMode()) {
+				// TODO: Support handshake mode for contacts
+				LOG.warning("Cannot use handshake mode stream context");
+				onWriteError();
+				return;
+			}
+			// Start the incoming session on another thread
+			ioExecutor.execute(this::runIncomingSession);
+			try {
+				// Create and run the outgoing session
+				SyncSession out = createDuplexOutgoingSession(ctx, writer);
+				outgoingSession = out;
+				out.run();
+				writer.dispose(false);
+			} catch (IOException e) {
+				logException(LOG, WARNING, e);
+				onWriteError();
+			}
+		}
+
+		private void runIncomingSession() {
+			// Read and recognise the tag
+			StreamContext ctx;
+			try {
+				byte[] tag = readTag(reader.getInputStream());
+				ctx = keyManager.getStreamContext(transportId, tag);
+			} catch (IOException | DbException e) {
+				logException(LOG, WARNING, e);
+				onReadError();
+				return;
+			}
+			// Unrecognised tags are suspicious in this case
+			if (ctx == null) {
+				LOG.warning("Unrecognised tag for returning stream");
+				onReadError();
+				return;
+			}
+			// Check that the stream comes from the expected contact
+			ContactId inContactId = ctx.getContactId();
+			if (inContactId == null) {
+				LOG.warning("Expected contact tag, got rendezvous tag");
+				onReadError();
+				return;
+			}
+			if (!contactId.equals(inContactId)) {
+				LOG.warning("Wrong contact ID for returning stream");
+				onReadError();
+				return;
+			}
+			if (ctx.isHandshakeMode()) {
+				// TODO: Support handshake mode for contacts
+				LOG.warning("Received handshake tag, expected rotation mode");
+				onReadError();
+				return;
+			}
+			connectionRegistry.registerConnection(contactId, transportId,
+					false);
+			try {
+				// Create and run the incoming session
+				createIncomingSession(ctx, reader).run();
+				reader.dispose(false, true);
+				// Interrupt the outgoing session so it finishes cleanly
+				SyncSession out = outgoingSession;
+				if (out != null) out.interrupt();
+			} catch (IOException e) {
+				logException(LOG, WARNING, e);
+				onReadError();
+			} finally {
+				connectionRegistry.unregisterConnection(contactId, transportId,
+						false);
+			}
+		}
+
+		private void onReadError() {
+			// 'Recognised' is always true for outgoing connections
+			disposeOnError(reader, true);
+			disposeOnError(writer);
+			// Interrupt the outgoing session so it finishes
+			SyncSession out = outgoingSession;
+			if (out != null) out.interrupt();
+		}
+
+		private void onWriteError() {
+			disposeOnError(reader, true);
+			disposeOnError(writer);
+		}
+	}
+
+	private class ManageIncomingHandshakeConnection implements Runnable {
+
+		private final PendingContactId pendingContactId;
+		private final TransportId transportId;
+		private final DuplexTransportConnection connection;
+		private final TransportConnectionReader reader;
+		private final TransportConnectionWriter writer;
+
+		private ManageIncomingHandshakeConnection(
+				PendingContactId pendingContactId, TransportId transportId,
+				DuplexTransportConnection connection) {
+			this.pendingContactId = pendingContactId;
+			this.transportId = transportId;
+			this.connection = connection;
+			reader = connection.getReader();
+			writer = connection.getWriter();
+		}
+
+		@Override
+		public void run() {
+			// Read and recognise the tag
+			StreamContext ctxIn;
+			try {
+				byte[] tag = readTag(reader.getInputStream());
+				ctxIn = keyManager.getStreamContext(transportId, tag);
+			} catch (IOException | DbException e) {
+				logException(LOG, WARNING, e);
+				onError(false);
+				return;
+			}
+			if (ctxIn == null) {
+				LOG.info("Unrecognised tag");
+				onError(false);
+				return;
+			}
+			PendingContactId inPendingContactId = ctxIn.getPendingContactId();
+			if (inPendingContactId == null) {
+				LOG.warning("Expected rendezvous tag, got contact tag");
+				onError(true);
+				return;
+			}
+			// Allocate the outgoing stream context
+			StreamContext ctxOut;
+			try {
+				ctxOut = keyManager.getStreamContext(pendingContactId,
+						transportId);
+			} catch (DbException e) {
+				logException(LOG, WARNING, e);
+				onError(true);
+				return;
+			}
+			if (ctxOut == null) {
+				LOG.warning("Could not allocate stream context");
+				onError(true);
+				return;
+			}
+			// Close the connection if it's redundant
+			if (!connectionRegistry.registerConnection(pendingContactId)) {
+				LOG.info("Redundant rendezvous connection");
+				onError(true);
+				return;
+			}
+			// Handshake and exchange contacts
+			try {
+				InputStream in = streamReaderFactory.createStreamReader(
+						reader.getInputStream(), ctxIn);
+				// Flush the output stream to send the outgoing stream header
+				StreamWriter out = streamWriterFactory.createStreamWriter(
+						writer.getOutputStream(), ctxOut);
+				out.getOutputStream().flush();
+				HandshakeResult result = handshakeManager.handshake(
+						pendingContactId, in, out);
+				Contact contact = contactExchangeManager.exchangeContacts(
+						pendingContactId, connection, result.getMasterKey(),
+						result.isAlice(), false);
+				connectionRegistry.unregisterConnection(pendingContactId, true);
+				// Reuse the connection as a transport connection
+				manageOutgoingConnection(contact.getId(), transportId,
+						connection);
+			} catch (IOException | DbException e) {
+				logException(LOG, WARNING, e);
+				onError(true);
+				connectionRegistry.unregisterConnection(pendingContactId,
+						false);
+			}
+		}
+
+		private void onError(boolean recognised) {
+			disposeOnError(reader, recognised);
+			disposeOnError(writer);
+		}
+	}
+
+	private class ManageOutgoingHandshakeConnection implements Runnable {
+
+		private final PendingContactId pendingContactId;
+		private final TransportId transportId;
+		private final DuplexTransportConnection connection;
+		private final TransportConnectionReader reader;
+		private final TransportConnectionWriter writer;
+
+		private ManageOutgoingHandshakeConnection(
+				PendingContactId pendingContactId, TransportId transportId,
+				DuplexTransportConnection connection) {
+			this.pendingContactId = pendingContactId;
+			this.transportId = transportId;
+			this.connection = connection;
+			reader = connection.getReader();
+			writer = connection.getWriter();
+		}
+
+		@Override
+		public void run() {
+			// Allocate the outgoing stream context
+			StreamContext ctxOut;
+			try {
+				ctxOut = keyManager.getStreamContext(pendingContactId,
+						transportId);
+			} catch (DbException e) {
+				logException(LOG, WARNING, e);
+				onError();
+				return;
+			}
+			if (ctxOut == null) {
+				LOG.warning("Could not allocate stream context");
+				onError();
+				return;
+			}
+			// Flush the output stream to send the outgoing stream header
+			StreamWriter out;
+			try {
+				out = streamWriterFactory.createStreamWriter(
+						writer.getOutputStream(), ctxOut);
+				out.getOutputStream().flush();
+			} catch (IOException e) {
+				logException(LOG, WARNING, e);
+				onError();
+				return;
+			}
+			// Read and recognise the tag
+			StreamContext ctxIn;
+			try {
+				byte[] tag = readTag(reader.getInputStream());
+				ctxIn = keyManager.getStreamContext(transportId, tag);
+			} catch (IOException | DbException e) {
+				logException(LOG, WARNING, e);
+				onError();
+				return;
+			}
+			// Unrecognised tags are suspicious in this case
+			if (ctxIn == null) {
+				LOG.warning("Unrecognised tag for returning stream");
+				onError();
+				return;
+			}
+			// Check that the stream comes from the expected pending contact
+			PendingContactId inPendingContactId = ctxIn.getPendingContactId();
+			if (inPendingContactId == null) {
+				LOG.warning("Expected rendezvous tag, got contact tag");
+				onError();
+				return;
+			}
+			if (!inPendingContactId.equals(pendingContactId)) {
+				LOG.warning("Wrong pending contact ID for returning stream");
+				onError();
+				return;
+			}
+			// Close the connection if it's redundant
+			if (!connectionRegistry.registerConnection(pendingContactId)) {
+				LOG.info("Redundant rendezvous connection");
+				onError();
+				return;
+			}
+			// Handshake and exchange contacts
+			try {
+				InputStream in = streamReaderFactory.createStreamReader(
+						reader.getInputStream(), ctxIn);
+				HandshakeResult result = handshakeManager.handshake(
+						pendingContactId, in, out);
+				Contact contact = contactExchangeManager.exchangeContacts(
+						pendingContactId, connection, result.getMasterKey(),
+						result.isAlice(), false);
+				connectionRegistry.unregisterConnection(pendingContactId, true);
+				// Reuse the connection as a transport connection
+				manageOutgoingConnection(contact.getId(), transportId,
+						connection);
+			} catch (IOException | DbException e) {
+				logException(LOG, WARNING, e);
+				onError();
+				connectionRegistry.unregisterConnection(pendingContactId,
+						false);
+			}
+		}
+
+		private void onError() {
+			// 'Recognised' is always true for outgoing connections
+			disposeOnError(reader, true);
+			disposeOnError(writer);
+		}
+	}
+}
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/ConnectionRegistryImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/ConnectionRegistryImpl.java
@@ -0,0 +1,150 @@
+package org.briarproject.bramble.plugin;
+
+import org.briarproject.bramble.api.Multiset;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.ConnectionRegistry;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
+import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.logging.Logger;
+
+import javax.annotation.concurrent.GuardedBy;
+import javax.annotation.concurrent.ThreadSafe;
+import javax.inject.Inject;
+
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Logger.getLogger;
+
+@ThreadSafe
+@NotNullByDefault
+class ConnectionRegistryImpl implements ConnectionRegistry {
+
+	private static final Logger LOG =
+			getLogger(ConnectionRegistryImpl.class.getName());
+
+	private final EventBus eventBus;
+
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private final Map<TransportId, Multiset<ContactId>> contactConnections;
+	@GuardedBy("lock")
+	private final Multiset<ContactId> contactCounts;
+	@GuardedBy("lock")
+	private final Set<PendingContactId> connectedPendingContacts;
+
+	@Inject
+	ConnectionRegistryImpl(EventBus eventBus) {
+		this.eventBus = eventBus;
+		contactConnections = new HashMap<>();
+		contactCounts = new Multiset<>();
+		connectedPendingContacts = new HashSet<>();
+	}
+
+	@Override
+	public void registerConnection(ContactId c, TransportId t,
+			boolean incoming) {
+		if (LOG.isLoggable(INFO)) {
+			if (incoming) LOG.info("Incoming connection registered: " + t);
+			else LOG.info("Outgoing connection registered: " + t);
+		}
+		boolean firstConnection = false;
+		synchronized (lock) {
+			Multiset<ContactId> m = contactConnections.get(t);
+			if (m == null) {
+				m = new Multiset<>();
+				contactConnections.put(t, m);
+			}
+			m.add(c);
+			if (contactCounts.add(c) == 1) firstConnection = true;
+		}
+		eventBus.broadcast(new ConnectionOpenedEvent(c, t, incoming));
+		if (firstConnection) {
+			LOG.info("Contact connected");
+			eventBus.broadcast(new ContactConnectedEvent(c));
+		}
+	}
+
+	@Override
+	public void unregisterConnection(ContactId c, TransportId t,
+			boolean incoming) {
+		if (LOG.isLoggable(INFO)) {
+			if (incoming) LOG.info("Incoming connection unregistered: " + t);
+			else LOG.info("Outgoing connection unregistered: " + t);
+		}
+		boolean lastConnection = false;
+		synchronized (lock) {
+			Multiset<ContactId> m = contactConnections.get(t);
+			if (m == null || !m.contains(c))
+				throw new IllegalArgumentException();
+			m.remove(c);
+			if (contactCounts.remove(c) == 0) lastConnection = true;
+		}
+		eventBus.broadcast(new ConnectionClosedEvent(c, t, incoming));
+		if (lastConnection) {
+			LOG.info("Contact disconnected");
+			eventBus.broadcast(new ContactDisconnectedEvent(c));
+		}
+	}
+
+	@Override
+	public Collection<ContactId> getConnectedContacts(TransportId t) {
+		synchronized (lock) {
+			Multiset<ContactId> m = contactConnections.get(t);
+			if (m == null) return Collections.emptyList();
+			List<ContactId> ids = new ArrayList<>(m.keySet());
+			if (LOG.isLoggable(INFO))
+				LOG.info(ids.size() + " contacts connected: " + t);
+			return ids;
+		}
+	}
+
+	@Override
+	public boolean isConnected(ContactId c, TransportId t) {
+		synchronized (lock) {
+			Multiset<ContactId> m = contactConnections.get(t);
+			return m != null && m.contains(c);
+		}
+	}
+
+	@Override
+	public boolean isConnected(ContactId c) {
+		synchronized (lock) {
+			return contactCounts.contains(c);
+		}
+	}
+
+	@Override
+	public boolean registerConnection(PendingContactId p) {
+		boolean added;
+		synchronized (lock) {
+			added = connectedPendingContacts.add(p);
+		}
+		if (added) eventBus.broadcast(new RendezvousConnectionOpenedEvent(p));
+		return added;
+	}
+
+	@Override
+	public void unregisterConnection(PendingContactId p, boolean success) {
+		synchronized (lock) {
+			if (!connectedPendingContacts.remove(p))
+				throw new IllegalArgumentException();
+		}
+		eventBus.broadcast(new RendezvousConnectionClosedEvent(p, success));
+	}
+}
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/PluginManagerImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/PluginManagerImpl.java
@@ -1,14 +1,13 @@
 package org.briarproject.bramble.plugin;

-import org.briarproject.bramble.api.connection.ConnectionManager;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.lifecycle.Service;
 import org.briarproject.bramble.api.lifecycle.ServiceException;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.ConnectionManager;
 import org.briarproject.bramble.api.plugin.Plugin;
-import org.briarproject.bramble.api.plugin.Plugin.State;
 import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.PluginConfig;
 import org.briarproject.bramble.api.plugin.PluginException;
@@ -19,9 +18,8 @@ import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.plugin.event.TransportActiveEvent;
-import org.briarproject.bramble.api.plugin.event.TransportInactiveEvent;
-import org.briarproject.bramble.api.plugin.event.TransportStateEvent;
+import org.briarproject.bramble.api.plugin.event.TransportDisabledEvent;
+import org.briarproject.bramble.api.plugin.event.TransportEnabledEvent;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPlugin;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 import org.briarproject.bramble.api.properties.TransportProperties;
@@ -38,7 +36,6 @@ import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.Executor;
 import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.concurrent.atomic.AtomicReference;
 import java.util.logging.Logger;

 import javax.annotation.concurrent.ThreadSafe;
@@ -48,9 +45,6 @@ import static java.util.logging.Level.FINE;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
-import static org.briarproject.bramble.api.plugin.Plugin.PREF_PLUGIN_ENABLE;
-import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
-import static org.briarproject.bramble.api.plugin.Plugin.State.STARTING_STOPPING;
 import static org.briarproject.bramble.util.LogUtils.logDuration;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.LogUtils.now;
@@ -183,26 +177,6 @@ class PluginManagerImpl implements PluginManager, Service {
 		return supported;
 	}

-	@Override
-	public void setPluginEnabled(TransportId t, boolean enabled) {
-		Plugin plugin = plugins.get(t);
-		if (plugin == null) return;
-
-		Settings s = new Settings();
-		s.putBoolean(PREF_PLUGIN_ENABLE, enabled);
-		ioExecutor.execute(() -> mergeSettings(s, t.getString()));
-	}
-
-	private void mergeSettings(Settings s, String namespace) {
-		try {
-			long start = now();
-			settingsManager.mergeSettings(s, namespace);
-			logDuration(LOG, "Merging settings", start);
-		} catch (DbException e) {
-			logException(LOG, WARNING, e);
-		}
-	}
-
 	private class PluginStarter implements Runnable {

 		private final Plugin plugin;
@@ -276,8 +250,7 @@ class PluginManagerImpl implements PluginManager, Service {
 	private class Callback implements PluginCallback {

 		private final TransportId id;
-		private final AtomicReference<State> state =
-				new AtomicReference<>(STARTING_STOPPING);
+		private final AtomicBoolean enabled = new AtomicBoolean(false);

 		private Callback(TransportId id) {
 			this.id = id;
@@ -305,7 +278,11 @@ class PluginManagerImpl implements PluginManager, Service {

 		@Override
 		public void mergeSettings(Settings s) {
-			PluginManagerImpl.this.mergeSettings(s, id.getString());
+			try {
+				settingsManager.mergeSettings(s, id.getString());
+			} catch (DbException e) {
+				logException(LOG, WARNING, e);
+			}
 		}

 		@Override
@@ -318,20 +295,15 @@ class PluginManagerImpl implements PluginManager, Service {
 		}

 		@Override
-		public void pluginStateChanged(State newState) {
-			State oldState = state.getAndSet(newState);
-			if (newState != oldState) {
-				if (LOG.isLoggable(INFO)) {
-					LOG.info(id + " changed from state " + oldState
-							+ " to " + newState);
-				}
-				eventBus.broadcast(new TransportStateEvent(id, newState));
-				if (newState == ACTIVE) {
-					eventBus.broadcast(new TransportActiveEvent(id));
-				} else if (oldState == ACTIVE) {
-					eventBus.broadcast(new TransportInactiveEvent(id));
-				}
-			}
+		public void transportEnabled() {
+			if (!enabled.getAndSet(true))
+				eventBus.broadcast(new TransportEnabledEvent(id));
+		}
+
+		@Override
+		public void transportDisabled() {
+			if (enabled.getAndSet(false))
+				eventBus.broadcast(new TransportDisabledEvent(id));
 		}

 		@Override
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/PluginModule.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/PluginModule.java
@@ -3,6 +3,8 @@ package org.briarproject.bramble.plugin;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
+import org.briarproject.bramble.api.plugin.ConnectionManager;
+import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.PluginConfig;
 import org.briarproject.bramble.api.plugin.PluginManager;

@@ -27,6 +29,20 @@ public class PluginModule {
 		return new BackoffFactoryImpl();
 	}

+	@Provides
+	@Singleton
+	ConnectionManager provideConnectionManager(
+			ConnectionManagerImpl connectionManager) {
+		return connectionManager;
+	}
+
+	@Provides
+	@Singleton
+	ConnectionRegistry provideConnectionRegistry(
+			ConnectionRegistryImpl connectionRegistry) {
+		return connectionRegistry;
+	}
+
 	@Provides
 	@Singleton
 	PluginManager providePluginManager(LifecycleManager lifecycleManager,
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/PollerImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/PollerImpl.java
@@ -1,8 +1,6 @@
 package org.briarproject.bramble.plugin;

 import org.briarproject.bramble.api.Pair;
-import org.briarproject.bramble.api.connection.ConnectionManager;
-import org.briarproject.bramble.api.connection.ConnectionRegistry;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.event.ContactAddedEvent;
 import org.briarproject.bramble.api.db.DbException;
@@ -11,6 +9,8 @@ import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.ConnectionHandler;
+import org.briarproject.bramble.api.plugin.ConnectionManager;
+import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.PluginManager;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
@@ -20,8 +20,8 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
 import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
-import org.briarproject.bramble.api.plugin.event.TransportActiveEvent;
-import org.briarproject.bramble.api.plugin.event.TransportInactiveEvent;
+import org.briarproject.bramble.api.plugin.event.TransportDisabledEvent;
+import org.briarproject.bramble.api.plugin.event.TransportEnabledEvent;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPlugin;
 import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.properties.TransportPropertyManager;
@@ -98,21 +98,21 @@ class PollerImpl implements Poller, EventListener {
 			ConnectionClosedEvent c = (ConnectionClosedEvent) e;
 			// Reschedule polling, the polling interval may have decreased
 			reschedule(c.getTransportId());
-			// If an outgoing connection failed, try to reconnect
-			if (!c.isIncoming() && c.isException()) {
+			if (!c.isIncoming()) {
+				// Connect to the disconnected contact
 				connectToContact(c.getContactId(), c.getTransportId());
 			}
 		} else if (e instanceof ConnectionOpenedEvent) {
 			ConnectionOpenedEvent c = (ConnectionOpenedEvent) e;
 			// Reschedule polling, the polling interval may have decreased
 			reschedule(c.getTransportId());
-		} else if (e instanceof TransportActiveEvent) {
-			TransportActiveEvent t = (TransportActiveEvent) e;
-			// Poll the newly activated transport
+		} else if (e instanceof TransportEnabledEvent) {
+			TransportEnabledEvent t = (TransportEnabledEvent) e;
+			// Poll the newly enabled transport
 			pollNow(t.getTransportId());
-		} else if (e instanceof TransportInactiveEvent) {
-			TransportInactiveEvent t = (TransportInactiveEvent) e;
-			// Cancel polling for the deactivated transport
+		} else if (e instanceof TransportDisabledEvent) {
+			TransportDisabledEvent t = (TransportDisabledEvent) e;
+			// Cancel polling for the disabled transport
 			cancel(t.getTransportId());
 		}
 	}
@@ -215,7 +215,7 @@ class PollerImpl implements Poller, EventListener {
 			Map<ContactId, TransportProperties> remote =
 					transportPropertyManager.getRemoteProperties(t);
 			Collection<ContactId> connected =
-					connectionRegistry.getConnectedOrBetterContacts(t);
+					connectionRegistry.getConnectedContacts(t);
 			Collection<Pair<TransportProperties, ConnectionHandler>>
 					properties = new ArrayList<>();
 			for (Entry<ContactId, TransportProperties> e : remote.entrySet()) {
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothConnectionLimiter.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothConnectionLimiter.java
@@ -23,9 +23,17 @@ interface BluetoothConnectionLimiter {
 	boolean canOpenContactConnection();

 	/**
-	 * Informs the limiter that the given connection has been opened.
+	 * Informs the limiter that a contact connection has been opened. The
+	 * limiter may close the new connection if key agreement is in progress.
+	 * <p/>
+	 * Returns false if the limiter has closed the new connection.
 	 */
-	void connectionOpened(DuplexTransportConnection conn);
+	boolean contactConnectionOpened(DuplexTransportConnection conn);
+
+	/**
+	 * Informs the limiter that a key agreement connection has been opened.
+	 */
+	void keyAgreementConnectionOpened(DuplexTransportConnection conn);

 	/**
 	 * Informs the limiter that the given connection has been closed.
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothConnectionLimiterImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothConnectionLimiterImpl.java
@@ -1,48 +1,46 @@
 package org.briarproject.bramble.plugin.bluetooth;

-import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.sync.event.CloseSyncConnectionsEvent;

+import java.io.IOException;
+import java.util.ArrayList;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.logging.Logger;

-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;

 import static java.util.logging.Level.INFO;
-import static java.util.logging.Logger.getLogger;
-import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;

@NotNullByDefault
@ThreadSafe
 class BluetoothConnectionLimiterImpl implements BluetoothConnectionLimiter {

 	private static final Logger LOG =
-			getLogger(BluetoothConnectionLimiterImpl.class.getName());
-
-	private final EventBus eventBus;
+			Logger.getLogger(BluetoothConnectionLimiterImpl.class.getName());

 	private final Object lock = new Object();
-	@GuardedBy("lock")
-	private final List<DuplexTransportConnection> connections =
+	// The following are locking: lock
+	private final LinkedList<DuplexTransportConnection> connections =
 			new LinkedList<>();
-	@GuardedBy("lock")
 	private boolean keyAgreementInProgress = false;

-	BluetoothConnectionLimiterImpl(EventBus eventBus) {
-		this.eventBus = eventBus;
-	}
-
 	@Override
 	public void keyAgreementStarted() {
+		List<DuplexTransportConnection> close;
 		synchronized (lock) {
 			keyAgreementInProgress = true;
+			close = new ArrayList<>(connections);
+			connections.clear();
 		}
-		LOG.info("Key agreement started");
-		eventBus.broadcast(new CloseSyncConnectionsEvent(ID));
+		if (LOG.isLoggable(INFO)) {
+			LOG.info("Key agreement started, closing " + close.size() +
+					" connections");
+		}
+		for (DuplexTransportConnection conn : close) tryToClose(conn);
 	}

 	@Override
@@ -67,22 +65,44 @@ class BluetoothConnectionLimiterImpl implements BluetoothConnectionLimiter {
 	}

 	@Override
-	public void connectionOpened(DuplexTransportConnection conn) {
+	public boolean contactConnectionOpened(DuplexTransportConnection conn) {
+		boolean accept = true;
 		synchronized (lock) {
-			connections.add(conn);
-			if (LOG.isLoggable(INFO)) {
-				LOG.info("Connection opened, " + connections.size() + " open");
+			if (keyAgreementInProgress) {
+				LOG.info("Refusing contact connection during key agreement");
+				accept = false;
+			} else {
+				LOG.info("Accepting contact connection");
+				connections.add(conn);
 			}
 		}
+		if (!accept) tryToClose(conn);
+		return accept;
+	}
+
+	@Override
+	public void keyAgreementConnectionOpened(DuplexTransportConnection conn) {
+		synchronized (lock) {
+			LOG.info("Accepting key agreement connection");
+			connections.add(conn);
+		}
+	}
+
+	private void tryToClose(DuplexTransportConnection conn) {
+		try {
+			conn.getWriter().dispose(false);
+			conn.getReader().dispose(false, false);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+		}
 	}

 	@Override
 	public void connectionClosed(DuplexTransportConnection conn) {
 		synchronized (lock) {
 			connections.remove(conn);
-			if (LOG.isLoggable(INFO)) {
+			if (LOG.isLoggable(INFO))
 				LOG.info("Connection closed, " + connections.size() + " open");
-			}
 		}
 	}

--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothPlugin.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothPlugin.java
@@ -5,14 +5,11 @@ import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventListener;
-import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementListeningEvent;
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementStoppedListeningEvent;
-import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.ConnectionHandler;
@@ -39,21 +36,16 @@ import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.logging.Logger;

 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
-import javax.annotation.concurrent.ThreadSafe;

 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.TRANSPORT_ID_BLUETOOTH;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PREF_BT_ENABLE;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_UUID;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.UUID_BYTES;
-import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
-import static org.briarproject.bramble.api.plugin.Plugin.State.DISABLED;
-import static org.briarproject.bramble.api.plugin.Plugin.State.INACTIVE;
-import static org.briarproject.bramble.api.plugin.Plugin.State.STARTING_STOPPING;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
 import static org.briarproject.bramble.util.StringUtils.isNullOrEmpty;
@@ -68,18 +60,17 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 			getLogger(BluetoothPlugin.class.getName());

 	final BluetoothConnectionLimiter connectionLimiter;
-	final TimeoutMonitor timeoutMonitor;

 	private final Executor ioExecutor;
 	private final SecureRandom secureRandom;
 	private final Backoff backoff;
 	private final PluginCallback callback;
-	private final int maxLatency, maxIdleTime;
+	private final int maxLatency;
 	private final AtomicBoolean used = new AtomicBoolean(false);

-	protected final PluginState state = new PluginState();
-
+	private volatile boolean running = false, contactConnections = false;
 	private volatile String contactConnectionsUuid = null;
+	private volatile SS socket = null;

 	abstract void initialiseAdapter() throws IOException;

@@ -114,35 +105,28 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 	abstract DuplexTransportConnection discoverAndConnect(String uuid);

 	BluetoothPlugin(BluetoothConnectionLimiter connectionLimiter,
-			TimeoutMonitor timeoutMonitor, Executor ioExecutor,
-			SecureRandom secureRandom, Backoff backoff,
-			PluginCallback callback, int maxLatency, int maxIdleTime) {
+			Executor ioExecutor, SecureRandom secureRandom,
+			Backoff backoff, PluginCallback callback, int maxLatency) {
 		this.connectionLimiter = connectionLimiter;
-		this.timeoutMonitor = timeoutMonitor;
 		this.ioExecutor = ioExecutor;
 		this.secureRandom = secureRandom;
 		this.backoff = backoff;
 		this.callback = callback;
 		this.maxLatency = maxLatency;
-		this.maxIdleTime = maxIdleTime;
 	}

 	void onAdapterEnabled() {
 		LOG.info("Bluetooth enabled");
 		// We may not have been able to get the local address before
 		ioExecutor.execute(this::updateProperties);
-		if (getState() == INACTIVE) bind();
+		if (shouldAllowContactConnections()) bind();
 	}

 	void onAdapterDisabled() {
 		LOG.info("Bluetooth disabled");
+		tryToClose(socket);
 		connectionLimiter.allConnectionsClosed();
-		// The server socket may not have been closed automatically
-		SS ss = state.clearServerSocket();
-		if (ss != null) {
-			LOG.info("Closing server socket");
-			tryToClose(ss);
-		}
+		callback.transportDisabled();
 	}

 	@Override
@@ -157,30 +141,38 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {

 	@Override
 	public int getMaxIdleTime() {
-		return maxIdleTime;
+		// Bluetooth detects dead connections so we don't need keepalives
+		return Integer.MAX_VALUE;
 	}

 	@Override
 	public void start() throws PluginException {
 		if (used.getAndSet(true)) throw new IllegalStateException();
-		Settings settings = callback.getSettings();
-		boolean enabledByUser = settings.getBoolean(PREF_PLUGIN_ENABLE, false);
-		state.setStarted(enabledByUser);
 		try {
 			initialiseAdapter();
 		} catch (IOException e) {
 			throw new PluginException(e);
 		}
 		updateProperties();
-		if (enabledByUser) {
+		running = true;
+		loadSettings(callback.getSettings());
+		if (shouldAllowContactConnections()) {
 			if (isAdapterEnabled()) bind();
 			else enableAdapter();
 		}
 	}

+	private void loadSettings(Settings settings) {
+		contactConnections = settings.getBoolean(PREF_BT_ENABLE, false);
+	}
+
+	private boolean shouldAllowContactConnections() {
+		return contactConnections;
+	}
+
 	private void bind() {
 		ioExecutor.execute(() -> {
-			if (getState() != INACTIVE) return;
+			if (!isRunning() || !shouldAllowContactConnections()) return;
 			// Bind a server socket to accept connections from contacts
 			SS ss;
 			try {
@@ -189,13 +181,14 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 				logException(LOG, WARNING, e);
 				return;
 			}
-			if (!state.setServerSocket(ss)) {
-				LOG.info("Closing redundant server socket");
+			if (!isRunning() || !shouldAllowContactConnections()) {
 				tryToClose(ss);
 				return;
 			}
+			socket = ss;
 			backoff.reset();
-			acceptContactConnections(ss);
+			callback.transportEnabled();
+			acceptContactConnections();
 		});
 	}

@@ -224,39 +217,34 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		if (changed) callback.mergeLocalProperties(p);
 	}

-	private void acceptContactConnections(SS ss) {
+	private void acceptContactConnections() {
 		while (true) {
 			DuplexTransportConnection conn;
 			try {
-				conn = acceptConnection(ss);
+				conn = acceptConnection(socket);
 			} catch (IOException e) {
-				// This is expected when the server socket is closed
-				LOG.info("Server socket closed");
-				state.clearServerSocket();
+				// This is expected when the socket is closed
+				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
 				return;
 			}
-			LOG.info("Connection received");
-			connectionLimiter.connectionOpened(conn);
 			backoff.reset();
-			callback.handleConnection(conn);
+			if (connectionLimiter.contactConnectionOpened(conn))
+				callback.handleConnection(conn);
+			if (!running) return;
 		}
 	}

 	@Override
 	public void stop() {
-		SS ss = state.setStopped();
-		tryToClose(ss);
+		running = false;
+		tryToClose(socket);
+		callback.transportDisabled();
 		disableAdapterIfEnabledByUs();
 	}

 	@Override
-	public State getState() {
-		return state.getState();
-	}
-
-	@Override
-	public int getReasonsDisabled() {
-		return state.getReasonsDisabled();
+	public boolean isRunning() {
+		return running && isAdapterEnabled();
 	}

 	@Override
@@ -272,7 +260,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 	@Override
 	public void poll(Collection<Pair<TransportProperties, ConnectionHandler>>
 			properties) {
-		if (getState() != ACTIVE) return;
+		if (!isRunning() || !shouldAllowContactConnections()) return;
 		backoff.increment();
 		for (Pair<TransportProperties, ConnectionHandler> p : properties) {
 			connect(p.getFirst(), p.getSecond());
@@ -285,10 +273,13 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		String uuid = p.get(PROP_UUID);
 		if (isNullOrEmpty(uuid)) return;
 		ioExecutor.execute(() -> {
+			if (!isRunning() || !shouldAllowContactConnections()) return;
+			if (!connectionLimiter.canOpenContactConnection()) return;
 			DuplexTransportConnection d = createConnection(p);
 			if (d != null) {
 				backoff.reset();
-				h.handleConnection(d);
+				if (connectionLimiter.contactConnectionOpened(d))
+					h.handleConnection(d);
 			}
 		});
 	}
@@ -326,15 +317,16 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {

 	@Override
 	public DuplexTransportConnection createConnection(TransportProperties p) {
-		if (getState() != ACTIVE) return null;
+		if (!isRunning() || !shouldAllowContactConnections()) return null;
 		if (!connectionLimiter.canOpenContactConnection()) return null;
 		String address = p.get(PROP_ADDRESS);
 		if (isNullOrEmpty(address)) return null;
 		String uuid = p.get(PROP_UUID);
 		if (isNullOrEmpty(uuid)) return null;
 		DuplexTransportConnection conn = connect(address, uuid);
-		if (conn != null) connectionLimiter.connectionOpened(conn);
-		return conn;
+		if (conn == null) return null;
+		// TODO: Why don't we reset the backoff here?
+		return connectionLimiter.contactConnectionOpened(conn) ? conn : null;
 	}

 	@Override
@@ -344,7 +336,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {

 	@Override
 	public KeyAgreementListener createKeyAgreementListener(byte[] commitment) {
-		if (getState() != ACTIVE) return null;
+		if (!isRunning()) return null;
 		// No truncation necessary because COMMIT_LENGTH = 16
 		String uuid = UUID.nameUUIDFromBytes(commitment).toString();
 		if (LOG.isLoggable(INFO)) LOG.info("Key agreement UUID " + uuid);
@@ -356,7 +348,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 			logException(LOG, WARNING, e);
 			return null;
 		}
-		if (getState() != ACTIVE) {
+		if (!isRunning()) {
 			tryToClose(ss);
 			return null;
 		}
@@ -370,7 +362,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
 			byte[] commitment, BdfList descriptor) {
-		if (getState() != ACTIVE) return null;
+		if (!isRunning()) return null;
 		// No truncation necessary because COMMIT_LENGTH = 16
 		String uuid = UUID.nameUUIDFromBytes(commitment).toString();
 		DuplexTransportConnection conn;
@@ -390,7 +382,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 				LOG.info("Connecting to key agreement UUID " + uuid);
 			conn = connect(address, uuid);
 		}
-		if (conn != null) connectionLimiter.connectionOpened(conn);
+		if (conn != null) connectionLimiter.keyAgreementConnectionOpened(conn);
 		return conn;
 	}

@@ -430,17 +422,17 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		}
 	}

-	@IoExecutor
 	private void onSettingsUpdated(Settings settings) {
-		boolean enabledByUser = settings.getBoolean(PREF_PLUGIN_ENABLE, false);
-		SS ss = state.setEnabledByUser(enabledByUser);
-		State s = getState();
-		if (ss != null) {
-			LOG.info("Disabled by user, closing server socket");
-			tryToClose(ss);
+		boolean wasAllowed = shouldAllowContactConnections();
+		loadSettings(settings);
+		boolean isAllowed = shouldAllowContactConnections();
+		if (wasAllowed && !isAllowed) {
+			LOG.info("Contact connections disabled");
+			tryToClose(socket);
+			callback.transportDisabled();
 			disableAdapterIfEnabledByUs();
-		} else if (s == INACTIVE) {
-			LOG.info("Enabled by user, opening server socket");
+		} else if (!wasAllowed && isAllowed) {
+			LOG.info("Contact connections enabled");
 			if (isAdapterEnabled()) bind();
 			else enableAdapter();
 		}
@@ -459,7 +451,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		public KeyAgreementConnection accept() throws IOException {
 			DuplexTransportConnection conn = acceptConnection(ss);
 			if (LOG.isLoggable(INFO)) LOG.info(ID + ": Incoming connection");
-			connectionLimiter.connectionOpened(conn);
+			connectionLimiter.keyAgreementConnectionOpened(conn);
 			return new KeyAgreementConnection(conn, ID);
 		}

@@ -468,70 +460,4 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 			tryToClose(ss);
 		}
 	}
-
-	@ThreadSafe
-	@NotNullByDefault
-	protected class PluginState {
-
-		@GuardedBy("this")
-		private boolean started = false,
-				stopped = false,
-				enabledByUser = false;
-
-		@GuardedBy("this")
-		@Nullable
-		private SS serverSocket = null;
-
-		synchronized void setStarted(boolean enabledByUser) {
-			started = true;
-			this.enabledByUser = enabledByUser;
-			callback.pluginStateChanged(getState());
-		}
-
-		@Nullable
-		synchronized SS setStopped() {
-			stopped = true;
-			SS ss = serverSocket;
-			serverSocket = null;
-			callback.pluginStateChanged(getState());
-			return ss;
-		}
-
-		@Nullable
-		synchronized SS setEnabledByUser(boolean enabledByUser) {
-			this.enabledByUser = enabledByUser;
-			SS ss = null;
-			if (!enabledByUser) {
-				ss = serverSocket;
-				serverSocket = null;
-			}
-			callback.pluginStateChanged(getState());
-			return ss;
-		}
-
-		synchronized boolean setServerSocket(SS ss) {
-			if (stopped || serverSocket != null) return false;
-			serverSocket = ss;
-			callback.pluginStateChanged(getState());
-			return true;
-		}
-
-		@Nullable
-		synchronized SS clearServerSocket() {
-			SS ss = serverSocket;
-			serverSocket = null;
-			callback.pluginStateChanged(getState());
-			return ss;
-		}
-
-		synchronized State getState() {
-			if (!started || stopped) return STARTING_STOPPING;
-			if (!enabledByUser) return DISABLED;
-			return serverSocket == null ? INACTIVE : ACTIVE;
-		}
-
-		synchronized int getReasonsDisabled() {
-			return getState() == DISABLED ? REASON_USER : 0;
-		}
-	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/plugin/file/FilePlugin.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/plugin/file/FilePlugin.java
@@ -16,7 +16,6 @@ import java.util.logging.Logger;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.api.plugin.FileConstants.PROP_PATH;
-import static org.briarproject.bramble.api.plugin.Plugin.State.ACTIVE;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.StringUtils.isNullOrEmpty;

@@ -46,7 +45,7 @@ abstract class FilePlugin implements SimplexPlugin {

 	@Override
 	public TransportConnectionReader createReader(TransportProperties p) {
-		if (getState() != ACTIVE) return null;
+		if (!isRunning()) return null;
 		String path = p.get(PROP_PATH);
 		if (isNullOrEmpty(path)) return null;
 		try {
@@ -61,7 +60,7 @@ abstract class FilePlugin implements SimplexPlugin {

 	@Override
 	public TransportConnectionWriter createWriter(TransportProperties p) {
-		if (getState() != ACTIVE) return null;
+		if (!isRunning()) return null;
 		String path = p.get(PROP_PATH);
 		if (isNullOrEmpty(path)) return null;
 		try {
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Torsten Grote	464dcf8742	send attachments one after the other with delay	2019-06-20 12:18:43 -03:00
akwizgran	09af494d5c	DO NOT MERGE: Delay sending of attachments.	2019-06-19 12:55:01 +01:00