Only show Introduction Accept Information if success is still possible

Don't automatically respond to declined introductions

See merge request akwizgran/briar!777

bramble-android/build.gradle

@@ -1,6 +1,8 @@
 import de.undercouch.gradle.tasks.download.Download
 import de.undercouch.gradle.tasks.download.Verify
 
+import java.security.NoSuchAlgorithmException
+
 apply plugin: 'com.android.library'
 apply plugin: 'witness'
 apply plugin: 'de.undercouch.download'
@@ -67,30 +69,68 @@ def torBinaries = [
 		"geoip"      : '8239b98374493529a29096e45fc5877d4d6fdad0146ad8380b291f90d61484ea'
 ]
 
-def downloadBinary(name) {
-	return tasks.create("downloadBinary${name}", Download) {
+def verifyOrDeleteBinary(name, chksum, alreadyVerified) {
+	return tasks.create("verifyOrDeleteBinary${name}", VerifyOrDelete) {
+		src "${torBinaryDir}/${name}.zip"
+		algorithm 'SHA-256'
+		checksum chksum
+		result alreadyVerified
+		onlyIf {
+			src.exists()
+		}
+	}
+}
+
+def downloadBinary(name, chksum, alreadyVerified) {
+	return tasks.create([
+			name: "downloadBinary${name}",
+			type: Download,
+			dependsOn: verifyOrDeleteBinary(name, chksum, alreadyVerified)]) {
 		src "${torDownloadUrl}${name}.zip"
 				.replace('tor_', "tor-${torVersion}-")
 				.replace('geoip', "geoip-${geoipVersion}")
 				.replaceAll('_', '-')
 		dest "${torBinaryDir}/${name}.zip"
-		onlyIfNewer true
+		onlyIf {
+			!dest.exists()
+		}
 	}
 }
 
 def verifyBinary(name, chksum) {
+	boolean[] alreadyVerified = [false]
 	return tasks.create([
 			name     : "verifyBinary${name}",
 			type     : Verify,
-			dependsOn: downloadBinary(name)]) {
+			dependsOn: downloadBinary(name, chksum, alreadyVerified)]) {
 		src "${torBinaryDir}/${name}.zip"
 		algorithm 'SHA-256'
 		checksum chksum
+		onlyIf {
+			!alreadyVerified[0]
+		}
 	}
 }
 
 project.afterEvaluate {
-	torBinaries.every { key, value ->
-		preBuild.dependsOn.add(verifyBinary(key, value))
+	torBinaries.every { name, checksum ->
+		preBuild.dependsOn.add(verifyBinary(name, checksum))
+	}
+}
+
+class VerifyOrDelete extends Verify {
+
+	boolean[] result
+
+	@TaskAction
+	@Override
+	void verify() throws IOException, NoSuchAlgorithmException {
+		try {
+			super.verify()
+			result[0] = true
+		} catch (Exception e) {
+			println "${src} failed verification - deleting"
+			src.delete()
+		}
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/AndroidPluginModule.java

@@ -48,7 +48,7 @@ public class AndroidPluginModule {
 				appContext, locationUtils, reporter, eventBus,
 				torSocketFactory, backoffFactory);
 		DuplexPluginFactory lan = new AndroidLanTcpPluginFactory(ioExecutor,
-				backoffFactory, appContext);
+				scheduler, backoffFactory, appContext);
 		Collection<DuplexPluginFactory> duplex =
 				Arrays.asList(bluetooth, tor, lan);
 		@NotNullByDefault

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPlugin.java

@@ -5,37 +5,84 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
 import android.net.ConnectivityManager;
+import android.net.Network;
 import android.net.NetworkInfo;
+import android.net.wifi.WifiInfo;
+import android.net.wifi.WifiManager;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.util.Collection;
 import java.util.concurrent.Executor;
+import java.util.concurrent.ScheduledExecutorService;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
+import javax.net.SocketFactory;
 
 import static android.content.Context.CONNECTIVITY_SERVICE;
+import static android.content.Context.WIFI_SERVICE;
 import static android.net.ConnectivityManager.CONNECTIVITY_ACTION;
 import static android.net.ConnectivityManager.TYPE_WIFI;
+import static android.net.wifi.WifiManager.EXTRA_WIFI_STATE;
+import static android.os.Build.VERSION.SDK_INT;
+import static java.util.Collections.emptyList;
+import static java.util.Collections.singletonList;
+import static java.util.concurrent.TimeUnit.SECONDS;
 
 @NotNullByDefault
 class AndroidLanTcpPlugin extends LanTcpPlugin {
 
+	// See android.net.wifi.WifiManager
+	private static final String WIFI_AP_STATE_CHANGED_ACTION =
+			"android.net.wifi.WIFI_AP_STATE_CHANGED";
+	private static final int WIFI_AP_STATE_ENABLED = 13;
+
+	private static final byte[] WIFI_AP_ADDRESS_BYTES =
+			{(byte) 192, (byte) 168, 43, 1};
+	private static final InetAddress WIFI_AP_ADDRESS;
+
 	private static final Logger LOG =
 			Logger.getLogger(AndroidLanTcpPlugin.class.getName());
 
+	static {
+		try {
+			WIFI_AP_ADDRESS = InetAddress.getByAddress(WIFI_AP_ADDRESS_BYTES);
+		} catch (UnknownHostException e) {
+			// Should only be thrown if the address has an illegal length
+			throw new AssertionError(e);
+		}
+	}
+
+	private final ScheduledExecutorService scheduler;
 	private final Context appContext;
+	private final ConnectivityManager connectivityManager;
+	@Nullable
+	private final WifiManager wifiManager;
 
 	@Nullable
 	private volatile BroadcastReceiver networkStateReceiver = null;
+	private volatile SocketFactory socketFactory;
 
-	AndroidLanTcpPlugin(Executor ioExecutor, Backoff backoff,
-			Context appContext, DuplexPluginCallback callback, int maxLatency,
-			int maxIdleTime) {
+	AndroidLanTcpPlugin(Executor ioExecutor, ScheduledExecutorService scheduler,
+			Backoff backoff, Context appContext, DuplexPluginCallback callback,
+			int maxLatency, int maxIdleTime) {
 		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime);
+		this.scheduler = scheduler;
 		this.appContext = appContext;
+		ConnectivityManager connectivityManager = (ConnectivityManager)
+				appContext.getSystemService(CONNECTIVITY_SERVICE);
+		if (connectivityManager == null) throw new AssertionError();
+		this.connectivityManager = connectivityManager;
+		wifiManager = (WifiManager) appContext.getApplicationContext()
+				.getSystemService(WIFI_SERVICE);
+		socketFactory = SocketFactory.getDefault();
 	}
 
 	@Override
@@ -44,7 +91,9 @@ class AndroidLanTcpPlugin extends LanTcpPlugin {
 		running = true;
 		// Register to receive network status events
 		networkStateReceiver = new NetworkStateReceiver();
-		IntentFilter filter = new IntentFilter(CONNECTIVITY_ACTION);
+		IntentFilter filter = new IntentFilter();
+		filter.addAction(CONNECTIVITY_ACTION);
+		filter.addAction(WIFI_AP_STATE_CHANGED_ACTION);
 		appContext.registerReceiver(networkStateReceiver, filter);
 	}
 
@@ -56,21 +105,92 @@ class AndroidLanTcpPlugin extends LanTcpPlugin {
 		tryToClose(socket);
 	}
 
+	@Override
+	protected Socket createSocket() throws IOException {
+		return socketFactory.createSocket();
+	}
+
+	@Override
+	protected Collection<InetAddress> getLocalIpAddresses() {
+		// If the device doesn't have wifi, don't open any sockets
+		if (wifiManager == null) return emptyList();
+		// If we're connected to a wifi network, use that network
+		WifiInfo info = wifiManager.getConnectionInfo();
+		if (info != null && info.getIpAddress() != 0)
+			return singletonList(intToInetAddress(info.getIpAddress()));
+		// If we're running an access point, return its address
+		if (super.getLocalIpAddresses().contains(WIFI_AP_ADDRESS))
+				return singletonList(WIFI_AP_ADDRESS);
+		// No suitable addresses
+		return emptyList();
+	}
+
+	private InetAddress intToInetAddress(int ip) {
+		byte[] ipBytes = new byte[4];
+		ipBytes[0] = (byte) (ip & 0xFF);
+		ipBytes[1] = (byte) ((ip >> 8) & 0xFF);
+		ipBytes[2] = (byte) ((ip >> 16) & 0xFF);
+		ipBytes[3] = (byte) ((ip >> 24) & 0xFF);
+		try {
+			return InetAddress.getByAddress(ipBytes);
+		} catch (UnknownHostException e) {
+			// Should only be thrown if address has illegal length
+			throw new AssertionError(e);
+		}
+	}
+
+	// On API 21 and later, a socket that is not created with the wifi
+	// network's socket factory may try to connect via another network
+	private SocketFactory getSocketFactory() {
+		if (SDK_INT < 21) return SocketFactory.getDefault();
+		for (Network net : connectivityManager.getAllNetworks()) {
+			NetworkInfo info = connectivityManager.getNetworkInfo(net);
+			if (info != null && info.getType() == TYPE_WIFI)
+				return net.getSocketFactory();
+		}
+		LOG.warning("Could not find suitable socket factory");
+		return SocketFactory.getDefault();
+	}
+
 	private class NetworkStateReceiver extends BroadcastReceiver {
 
 		@Override
 		public void onReceive(Context ctx, Intent i) {
 			if (!running) return;
-			Object o = ctx.getSystemService(CONNECTIVITY_SERVICE);
-			ConnectivityManager cm = (ConnectivityManager) o;
-			NetworkInfo net = cm.getActiveNetworkInfo();
-			if (net != null && net.getType() == TYPE_WIFI && net.isConnected()) {
-				LOG.info("Connected to Wi-Fi");
-				if (socket == null || socket.isClosed()) bind();
+			if (isApEnabledEvent(i)) {
+				// The state change may be broadcast before the AP address is
+				// visible, so delay handling the event
+				scheduler.schedule(this::handleConnectivityChange, 1, SECONDS);
 			} else {
-				LOG.info("Not connected to Wi-Fi");
-				tryToClose(socket);
+				handleConnectivityChange();
 			}
 		}
+
+		private void handleConnectivityChange() {
+			if (!running) return;
+			Collection<InetAddress> addrs = getLocalIpAddresses();
+			if (addrs.contains(WIFI_AP_ADDRESS)) {
+				LOG.info("Providing wifi hotspot");
+				// There's no corresponding Network object and thus no way
+				// to get a suitable socket factory, so we won't be able to
+				// make outgoing connections on API 21+ if another network
+				// has internet access
+				socketFactory = SocketFactory.getDefault();
+				if (socket == null || socket.isClosed()) bind();
+			} else if (addrs.isEmpty()) {
+				LOG.info("Not connected to wifi");
+				socketFactory = SocketFactory.getDefault();
+				tryToClose(socket);
+			} else {
+				LOG.info("Connected to wifi");
+				socketFactory = getSocketFactory();
+				if (socket == null || socket.isClosed()) bind();
+			}
+		}
+
+		private boolean isApEnabledEvent(Intent i) {
+			return WIFI_AP_STATE_CHANGED_ACTION.equals(i.getAction()) &&
+					i.getIntExtra(EXTRA_WIFI_STATE, 0) == WIFI_AP_STATE_ENABLED;
+		}
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPluginFactory.java

@@ -11,6 +11,7 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 
 import java.util.concurrent.Executor;
+import java.util.concurrent.ScheduledExecutorService;
 
 import javax.annotation.concurrent.Immutable;
 
@@ -27,12 +28,15 @@ public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 	private static final double BACKOFF_BASE = 1.2;
 
 	private final Executor ioExecutor;
+	private final ScheduledExecutorService scheduler;
 	private final BackoffFactory backoffFactory;
 	private final Context appContext;
 
 	public AndroidLanTcpPluginFactory(Executor ioExecutor,
-			BackoffFactory backoffFactory, Context appContext) {
+			ScheduledExecutorService scheduler, BackoffFactory backoffFactory,
+			Context appContext) {
 		this.ioExecutor = ioExecutor;
+		this.scheduler = scheduler;
 		this.backoffFactory = backoffFactory;
 		this.appContext = appContext;
 	}
@@ -51,7 +55,7 @@ public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
-		return new AndroidLanTcpPlugin(ioExecutor, backoff, appContext,
-				callback, MAX_LATENCY, MAX_IDLE_TIME);
+		return new AndroidLanTcpPlugin(ioExecutor, scheduler, backoff,
+				appContext, callback, MAX_LATENCY, MAX_IDLE_TIME);
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java

@@ -16,6 +16,7 @@ import android.os.PowerManager;
 import net.freehaven.tor.control.EventHandler;
 import net.freehaven.tor.control.TorControlConnection;
 
+import org.briarproject.bramble.PoliteExecutor;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.event.Event;
@@ -63,8 +64,6 @@ import java.util.concurrent.Future;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReentrantLock;
 import java.util.logging.Logger;
 import java.util.regex.Pattern;
 import java.util.zip.ZipInputStream;
@@ -111,7 +110,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private static final Logger LOG =
 			Logger.getLogger(TorPlugin.class.getName());
 
-	private final Executor ioExecutor;
+	private final Executor ioExecutor, connectionStatusExecutor;
 	private final ScheduledExecutorService scheduler;
 	private final Context appContext;
 	private final LocationUtils locationUtils;
@@ -125,7 +124,6 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private final File torDirectory, torFile, geoIpFile, configFile;
 	private final File doneFile, cookieFile;
 	private final PowerManager.WakeLock wakeLock;
-	private final Lock connectionStatusLock;
 	private final AtomicReference<Future<?>> connectivityCheck =
 			new AtomicReference<>();
 	private final AtomicBoolean used = new AtomicBoolean(false);
@@ -167,7 +165,9 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		// This tag will prevent Huawei's powermanager from killing us.
 		wakeLock = pm.newWakeLock(PARTIAL_WAKE_LOCK, "LocationManagerService");
 		wakeLock.setReferenceCounted(false);
-		connectionStatusLock = new ReentrantLock();
+		// Don't execute more than one connection status check at a time
+		connectionStatusExecutor = new PoliteExecutor("TorPlugin",
+				ioExecutor, 1);
 	}
 
 	@Override
@@ -614,7 +614,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
-			byte[] commitment, BdfList descriptor, long timeout) {
+			byte[] commitment, BdfList descriptor) {
 		throw new UnsupportedOperationException();
 	}
 
@@ -697,56 +697,46 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 
 	private void updateConnectionStatus() {
-		ioExecutor.execute(() -> {
+		connectionStatusExecutor.execute(() -> {
 			if (!running) return;
+			Object o = appContext.getSystemService(CONNECTIVITY_SERVICE);
+			ConnectivityManager cm = (ConnectivityManager) o;
+			NetworkInfo net = cm.getActiveNetworkInfo();
+			boolean online = net != null && net.isConnected();
+			boolean wifi = online && net.getType() == TYPE_WIFI;
+			String country = locationUtils.getCurrentCountry();
+			boolean blocked = TorNetworkMetadata.isTorProbablyBlocked(
+					country);
+			Settings s = callback.getSettings();
+			int network = s.getInt(PREF_TOR_NETWORK, PREF_TOR_NETWORK_ALWAYS);
+
+			if (LOG.isLoggable(INFO)) {
+				LOG.info("Online: " + online + ", wifi: " + wifi);
+				if ("".equals(country)) LOG.info("Country code unknown");
+				else LOG.info("Country code: " + country);
+			}
+
 			try {
-				connectionStatusLock.lock();
-				updateConnectionStatusLocked();
-			} finally {
-				connectionStatusLock.unlock();
+				if (!online) {
+					LOG.info("Disabling network, device is offline");
+					enableNetwork(false);
+				} else if (blocked) {
+					LOG.info("Disabling network, country is blocked");
+					enableNetwork(false);
+				} else if (network == PREF_TOR_NETWORK_NEVER
+						|| (network == PREF_TOR_NETWORK_WIFI && !wifi)) {
+					LOG.info("Disabling network due to data setting");
+					enableNetwork(false);
+				} else {
+					LOG.info("Enabling network");
+					enableNetwork(true);
+				}
+			} catch (IOException e) {
+				if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			}
 		});
 	}
 
-	// Locking: connectionStatusLock
-	private void updateConnectionStatusLocked() {
-		Object o = appContext.getSystemService(CONNECTIVITY_SERVICE);
-		ConnectivityManager cm = (ConnectivityManager) o;
-		NetworkInfo net = cm.getActiveNetworkInfo();
-		boolean online = net != null && net.isConnected();
-		boolean wifi = online && net.getType() == TYPE_WIFI;
-		String country = locationUtils.getCurrentCountry();
-		boolean blocked = TorNetworkMetadata.isTorProbablyBlocked(
-				country);
-		Settings s = callback.getSettings();
-		int network = s.getInt(PREF_TOR_NETWORK, PREF_TOR_NETWORK_ALWAYS);
-
-		if (LOG.isLoggable(INFO)) {
-			LOG.info("Online: " + online + ", wifi: " + wifi);
-			if ("".equals(country)) LOG.info("Country code unknown");
-			else LOG.info("Country code: " + country);
-		}
-
-		try {
-			if (!online) {
-				LOG.info("Disabling network, device is offline");
-				enableNetwork(false);
-			} else if (blocked) {
-				LOG.info("Disabling network, country is blocked");
-				enableNetwork(false);
-			} else if (network == PREF_TOR_NETWORK_NEVER
-					|| (network == PREF_TOR_NETWORK_WIFI && !wifi)) {
-				LOG.info("Disabling network due to data setting");
-				enableNetwork(false);
-			} else {
-				LOG.info("Enabling network");
-				enableNetwork(true);
-			}
-		} catch (IOException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		}
-	}
-
 	private void scheduleConnectionStatusUpdate() {
 		Future<?> newConnectivityCheck =
 				scheduler.schedule(this::updateConnectionStatus, 1, MINUTES);
@@ -788,7 +778,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 
 		private synchronized void enableNetwork(boolean enable) {
 			networkEnabled = enable;
-			circuitBuilt = false;
+			if (!enable) circuitBuilt = false;
 		}
 
 		private synchronized boolean isConnected() {

bramble-api/src/main/java/org/briarproject/bramble/api/client/ClientHelper.java

@@ -7,6 +7,8 @@ import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.sync.GroupId;
 import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.MessageId;
@@ -88,6 +90,10 @@ public interface ClientHelper {
 	BdfDictionary toDictionary(byte[] b, int off, int len)
 			throws FormatException;
 
+	BdfDictionary toDictionary(TransportProperties transportProperties);
+
+	BdfDictionary toDictionary(Map<TransportId, TransportProperties> map);
+
 	BdfList toList(byte[] b, int off, int len) throws FormatException;
 
 	BdfList toList(byte[] b) throws FormatException;
@@ -99,8 +105,15 @@ public interface ClientHelper {
 	byte[] sign(String label, BdfList toSign, byte[] privateKey)
 			throws FormatException, GeneralSecurityException;
 
-	void verifySignature(String label, byte[] sig, byte[] publicKey,
-			BdfList signed) throws FormatException, GeneralSecurityException;
+	void verifySignature(byte[] signature, String label, BdfList signed,
+			byte[] publicKey) throws FormatException, GeneralSecurityException;
 
 	Author parseAndValidateAuthor(BdfList author) throws FormatException;
+
+	TransportProperties parseAndValidateTransportProperties(
+			BdfDictionary properties) throws FormatException;
+
+	Map<TransportId, TransportProperties> parseAndValidateTransportPropertiesMap(
+			BdfDictionary properties) throws FormatException;
+
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactId.java

@@ -6,7 +6,7 @@ import javax.annotation.concurrent.Immutable;
 
 /**
  * Type-safe wrapper for an integer that uniquely identifies a contact within
- * the scope of a single node.
+ * the scope of the local device.
  */
 @Immutable
 @NotNullByDefault

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactManager.java

@@ -5,6 +5,7 @@ import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
+import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import java.util.Collection;
@@ -13,23 +14,28 @@ import java.util.Collection;
 public interface ContactManager {
 
 	/**
-	 * Registers a hook to be called whenever a contact is added.
+	 * Registers a hook to be called whenever a contact is added or removed.
+	 * This method should be called before
+	 * {@link LifecycleManager#startServices(String)}.
 	 */
-	void registerAddContactHook(AddContactHook hook);
+	void registerContactHook(ContactHook hook);
 
 	/**
-	 * Registers a hook to be called whenever a contact is removed.
-	 */
-	void registerRemoveContactHook(RemoveContactHook hook);
-
-	/**
-	 * Stores a contact within the given transaction associated with the given
-	 * local and remote pseudonyms, and returns an ID for the contact.
+	 * Stores a contact associated with the given local and remote pseudonyms,
+	 * derives and stores transport keys for each transport, and returns an ID
+	 * for the contact.
 	 */
 	ContactId addContact(Transaction txn, Author remote, AuthorId local,
 			SecretKey master, long timestamp, boolean alice, boolean verified,
 			boolean active) throws DbException;
 
+	/**
+	 * Stores a contact associated with the given local and remote pseudonyms
+	 * and returns an ID for the contact.
+	 */
+	ContactId addContact(Transaction txn, Author remote, AuthorId local,
+			boolean verified, boolean active) throws DbException;
+
 	/**
 	 * Stores a contact associated with the given local and remote pseudonyms,
 	 * and returns an ID for the contact.
@@ -94,11 +100,10 @@ public interface ContactManager {
 	boolean contactExists(AuthorId remoteAuthorId, AuthorId localAuthorId)
 			throws DbException;
 
-	interface AddContactHook {
-		void addingContact(Transaction txn, Contact c) throws DbException;
-	}
+	interface ContactHook {
+
+		void addingContact(Transaction txn, Contact c) throws DbException;
 
-	interface RemoveContactHook {
 		void removingContact(Transaction txn, Contact c) throws DbException;
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java

@@ -67,8 +67,8 @@ public interface CryptoComponent {
 	 * signature created for another purpose
 	 * @return true if the signature was valid, false otherwise.
 	 */
-	boolean verify(String label, byte[] signedData, byte[] publicKey,
-			byte[] signature) throws GeneralSecurityException;
+	boolean verifySignature(byte[] signature, String label, byte[] signed,
+			byte[] publicKey) throws GeneralSecurityException;
 
 	/**
 	 * Returns the hash of the given inputs. The inputs are unambiguously
@@ -91,6 +91,18 @@ public interface CryptoComponent {
 	 */
 	byte[] mac(String label, SecretKey macKey, byte[]... inputs);
 
+	/**
+	 * Verifies that the given message authentication code is valid for the
+	 * given secret key and inputs.
+	 *
+	 * @param label a namespaced label indicating the purpose of this MAC, to
+	 * prevent it from being repurposed or colliding with a MAC created for
+	 * another purpose
+	 * @return true if the MAC was valid, false otherwise.
+	 */
+	boolean verifyMac(byte[] mac, String label, SecretKey macKey,
+			byte[]... inputs);
+
 	/**
 	 * Encrypts and authenticates the given plaintext so it can be written to
 	 * storage. The encryption and authentication keys are derived from the

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoConstants.java

@@ -16,4 +16,10 @@ public interface CryptoConstants {
 	 * The maximum length of a signature in bytes.
 	 */
 	int MAX_SIGNATURE_BYTES = 64;
+
+	/**
+	 * The length of a MAC in bytes.
+	 */
+	int MAC_BYTES = SecretKey.LENGTH;
+
 }

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java

@@ -14,9 +14,10 @@ public interface TransportCrypto {
 	 * rotation period from the given master secret.
 	 *
 	 * @param alice whether the keys are for use by Alice or Bob.
+	 * @param active whether the keys are usable for outgoing streams.
 	 */
 	TransportKeys deriveTransportKeys(TransportId t, SecretKey master,
-			long rotationPeriod, boolean alice);
+			long rotationPeriod, boolean alice, boolean active);
 
 	/**
 	 * Rotates the given transport keys to the given rotation period. If the

bramble-api/src/main/java/org/briarproject/bramble/api/data/BdfDictionary.java

@@ -34,7 +34,7 @@ public class BdfDictionary extends TreeMap<String, Object> {
 		super();
 	}
 
-	public BdfDictionary(Map<String, Object> m) {
+	public BdfDictionary(Map<String, ?> m) {
 		super(m);
 	}
 

bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java

@@ -18,7 +18,8 @@ import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.api.sync.MessageStatus;
 import org.briarproject.bramble.api.sync.Offer;
 import org.briarproject.bramble.api.sync.Request;
-import org.briarproject.bramble.api.sync.ValidationManager;
+import org.briarproject.bramble.api.transport.KeySet;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
 import java.util.Collection;
@@ -43,7 +44,7 @@ public interface DatabaseComponent {
 	 * @throws DataTooOldException if the data uses an older schema than the
 	 * current code and cannot be migrated
 	 */
-	boolean open() throws DbException;
+	boolean open(@Nullable MigrationListener listener) throws DbException;
 
 	/**
 	 * Waits for any open transactions to finish and closes the database.
@@ -103,10 +104,17 @@ public interface DatabaseComponent {
 			throws DbException;
 
 	/**
-	 * Stores transport keys for a newly added contact.
+	 * Stores the given transport keys, optionally binding them to the given
+	 * contact, and returns a key set ID.
 	 */
-	void addTransportKeys(Transaction txn, ContactId c, TransportKeys k)
-			throws DbException;
+	KeySetId addTransportKeys(Transaction txn, @Nullable ContactId c,
+			TransportKeys k) throws DbException;
+
+	/**
+	 * Binds the given keys for the given transport to the given contact.
+	 */
+	void bindTransportKeys(Transaction txn, ContactId c, TransportId t,
+			KeySetId k) throws DbException;
 
 	/**
 	 * Returns true if the database contains the given contact for the given
@@ -259,31 +267,30 @@ public interface DatabaseComponent {
 	Collection<LocalAuthor> getLocalAuthors(Transaction txn) throws DbException;
 
 	/**
-	 * Returns the IDs of any messages that need to be validated by the given
-	 * client.
+	 * Returns the IDs of any messages that need to be validated.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getMessagesToValidate(Transaction txn, ClientId c)
+	Collection<MessageId> getMessagesToValidate(Transaction txn)
 			throws DbException;
 
 	/**
-	 * Returns the IDs of any messages that are valid but pending delivery due
-	 * to dependencies on other messages for the given client.
+	 * Returns the IDs of any messages that are pending delivery due to
+	 * dependencies on other messages.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getPendingMessages(Transaction txn, ClientId c)
+	Collection<MessageId> getPendingMessages(Transaction txn)
 			throws DbException;
 
 	/**
-	 * Returns the IDs of any messages from the given client
-	 * that have a shared dependent, but are still not shared themselves.
+	 * Returns the IDs of any messages that have shared dependents but have
+	 * not yet been shared themselves.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getMessagesToShare(Transaction txn,
-			ClientId c) throws DbException;
+	Collection<MessageId> getMessagesToShare(Transaction txn)
+			throws DbException;
 
 	/**
 	 * Returns the message with the given ID, in serialised form, or null if
@@ -340,12 +347,8 @@ public interface DatabaseComponent {
 
 	/**
 	 * Returns the IDs and states of all dependencies of the given message.
-	 * Missing dependencies have the state
-	 * {@link ValidationManager.State UNKNOWN}.
-	 * Dependencies in other groups have the state
-	 * {@link ValidationManager.State INVALID}.
-	 * Note that these states are not set on the dependencies themselves; the
-	 * returned states should only be taken in the context of the given message.
+	 * For missing dependencies and dependencies in other groups, the state
+	 * {@link State UNKNOWN} is returned.
 	 * <p/>
 	 * Read-only.
 	 */
@@ -353,9 +356,9 @@ public interface DatabaseComponent {
 			throws DbException;
 
 	/**
-	 * Returns all IDs of messages that depend on the given message.
-	 * Messages in other groups that declare a dependency on the given message
-	 * will be returned even though such dependencies are invalid.
+	 * Returns the IDs and states of all dependents of the given message.
+	 * Dependents in other groups are not returned. If the given message is
+	 * missing, no dependents are returned.
 	 * <p/>
 	 * Read-only.
 	 */
@@ -400,15 +403,14 @@ public interface DatabaseComponent {
 	 * <p/>
 	 * Read-only.
 	 */
-	Map<ContactId, TransportKeys> getTransportKeys(Transaction txn,
-			TransportId t) throws DbException;
+	Collection<KeySet> getTransportKeys(Transaction txn, TransportId t)
+			throws DbException;
 
 	/**
-	 * Increments the outgoing stream counter for the given contact and
-	 * transport in the given rotation period .
+	 * Increments the outgoing stream counter for the given transport keys.
 	 */
-	void incrementStreamCounter(Transaction txn, ContactId c, TransportId t,
-			long rotationPeriod) throws DbException;
+	void incrementStreamCounter(Transaction txn, TransportId t, KeySetId k)
+			throws DbException;
 
 	/**
 	 * Merges the given metadata with the existing metadata for the given
@@ -478,6 +480,12 @@ public interface DatabaseComponent {
 	 */
 	void removeTransport(Transaction txn, TransportId t) throws DbException;
 
+	/**
+	 * Removes the given transport keys from the database.
+	 */
+	void removeTransportKeys(Transaction txn, TransportId t, KeySetId k)
+		throws DbException;
+
 	/**
 	 * Marks the given contact as verified.
 	 */
@@ -513,15 +521,21 @@ public interface DatabaseComponent {
 			Collection<MessageId> dependencies) throws DbException;
 
 	/**
-	 * Sets the reordering window for the given contact and transport in the
+	 * Sets the reordering window for the given key set and transport in the
 	 * given rotation period.
 	 */
-	void setReorderingWindow(Transaction txn, ContactId c, TransportId t,
+	void setReorderingWindow(Transaction txn, KeySetId k, TransportId t,
 			long rotationPeriod, long base, byte[] bitmap) throws DbException;
 
+	/**
+	 * Marks the given transport keys as usable for outgoing streams.
+	 */
+	void setTransportKeysActive(Transaction txn, TransportId t, KeySetId k)
+		throws DbException;
+
 	/**
 	 * Stores the given transport keys, deleting any keys they have replaced.
 	 */
-	void updateTransportKeys(Transaction txn,
-			Map<ContactId, TransportKeys> keys) throws DbException;
+	void updateTransportKeys(Transaction txn, Collection<KeySet> keys)
+			throws DbException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/db/MigrationListener.java

@@ -0,0 +1,11 @@
+package org.briarproject.bramble.api.db;
+
+public interface MigrationListener {
+
+	/**
+	 * This is called when a migration is started while opening the database.
+	 * It will be called once for each migration being applied.
+	 */
+	void onMigrationRun();
+
+}

bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementListener.java

@@ -2,7 +2,7 @@ package org.briarproject.bramble.api.keyagreement;
 
 import org.briarproject.bramble.api.data.BdfList;
 
-import java.util.concurrent.Callable;
+import java.io.IOException;
 
 /**
  * An class for managing a particular key agreement listener.
@@ -24,11 +24,11 @@ public abstract class KeyAgreementListener {
 	}
 
 	/**
-	 * Starts listening for incoming connections, and returns a Callable that
-	 * will return a KeyAgreementConnection when an incoming connection is
-	 * received.
+	 * Blocks until an incoming connection is received and returns it.
+	 *
+	 * @throws IOException if an error occurs or {@link #close()} is called.
 	 */
-	public abstract Callable<KeyAgreementConnection> listen();
+	public abstract KeyAgreementConnection accept() throws IOException;
 
 	/**
 	 * Closes the underlying server socket.

bramble-api/src/main/java/org/briarproject/bramble/api/lifecycle/LifecycleManager.java

@@ -21,7 +21,25 @@ public interface LifecycleManager {
 	 * The result of calling {@link #startServices(String)}.
 	 */
 	enum StartResult {
-		ALREADY_RUNNING, DB_ERROR, SERVICE_ERROR, SUCCESS
+		ALREADY_RUNNING,
+		DB_ERROR,
+		DATA_TOO_OLD_ERROR,
+		DATA_TOO_NEW_ERROR,
+		SERVICE_ERROR,
+		SUCCESS
+	}
+
+	/**
+	 * The state the lifecycle can be in.
+	 * Returned by {@link #getLifecycleState()}
+	 */
+	enum LifecycleState {
+
+		STARTING, MIGRATING_DATABASE, STARTING_SERVICES, RUNNING, STOPPING;
+
+		public boolean isAfter(LifecycleState state) {
+			return ordinal() > state.ordinal();
+		}
 	}
 
 	/**
@@ -71,4 +89,10 @@ public interface LifecycleManager {
 	 * the {@link DatabaseComponent} to be closed before returning.
 	 */
 	void waitForShutdown() throws InterruptedException;
+
+	/**
+	 * Returns the current state of the lifecycle.
+	 */
+	LifecycleState getLifecycleState();
+
 }

bramble-api/src/main/java/org/briarproject/bramble/api/lifecycle/event/LifecycleEvent.java

@@ -0,0 +1,20 @@
+package org.briarproject.bramble.api.lifecycle.event;
+
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState;
+
+/**
+ * An event that is broadcast when the app enters a new lifecycle state.
+ */
+public class LifecycleEvent extends Event {
+
+	private final LifecycleState state;
+
+	public LifecycleEvent(LifecycleState state) {
+		this.state = state;
+	}
+
+	public LifecycleState getLifecycleState() {
+		return state;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/lifecycle/event/ShutdownEvent.java

@@ -1,9 +0,0 @@
-package org.briarproject.bramble.api.lifecycle.event;
-
-import org.briarproject.bramble.api.event.Event;
-
-/**
- * An event that is broadcast when the app is shutting down.
- */
-public class ShutdownEvent extends Event {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TransportId.java

@@ -1,22 +1,23 @@
 package org.briarproject.bramble.api.plugin;
 
-import java.nio.charset.Charset;
+import org.briarproject.bramble.util.StringUtils;
 
 /**
- * Type-safe wrapper for a string that uniquely identifies a transport plugin.
+ * Type-safe wrapper for a namespaced string that uniquely identifies a
+ * transport plugin.
  */
 public class TransportId {
 
 	/**
-	 * The maximum length of transport identifier in UTF-8 bytes.
+	 * The maximum length of a transport identifier in UTF-8 bytes.
 	 */
-	public static int MAX_TRANSPORT_ID_LENGTH = 64;
+	public static int MAX_TRANSPORT_ID_LENGTH = 100;
 
 	private final String id;
 
 	public TransportId(String id) {
-		byte[] b = id.getBytes(Charset.forName("UTF-8"));
-		if (b.length == 0 || b.length > MAX_TRANSPORT_ID_LENGTH)
+		int length = StringUtils.toUtf8(id).length;
+		if (length == 0 || length > MAX_TRANSPORT_ID_LENGTH)
 			throw new IllegalArgumentException();
 		this.id = id;
 	}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPlugin.java

@@ -36,9 +36,9 @@ public interface DuplexPlugin extends Plugin {
 
 	/**
 	 * Attempts to connect to the remote peer specified in the given descriptor.
-	 * Returns null if no connection can be established within the given time.
+	 * Returns null if no connection can be established.
 	 */
 	@Nullable
 	DuplexTransportConnection createKeyAgreementConnection(
-			byte[] remoteCommitment, BdfList descriptor, long timeout);
+			byte[] remoteCommitment, BdfList descriptor);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/ClientId.java

@@ -1,19 +1,29 @@
 package org.briarproject.bramble.api.sync;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.util.StringUtils;
 
 import javax.annotation.concurrent.Immutable;
 
 /**
- * Wrapper for a name-spaced string that uniquely identifies a sync client.
+ * Type-safe wrapper for a namespaced string that uniquely identifies a sync
+ * client.
  */
 @Immutable
 @NotNullByDefault
 public class ClientId implements Comparable<ClientId> {
 
+	/**
+	 * The maximum length of a client identifier in UTF-8 bytes.
+	 */
+	public static int MAX_CLIENT_ID_LENGTH = 100;
+
 	private final String id;
 
 	public ClientId(String id) {
+		int length = StringUtils.toUtf8(id).length;
+		if (length == 0 || length > MAX_CLIENT_ID_LENGTH)
+			throw new IllegalArgumentException();
 		this.id = id;
 	}
 

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Group.java

@@ -10,6 +10,11 @@ public class Group {
 		SHARED // The group is visible and messages are shared
 	}
 
+	/**
+	 * The current version of the group format.
+	 */
+	public static final int FORMAT_VERSION = 1;
+
 	private final GroupId id;
 	private final ClientId clientId;
 	private final byte[] descriptor;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Message.java

@@ -5,6 +5,11 @@ import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LEN
 
 public class Message {
 
+	/**
+	 * The current version of the message format.
+	 */
+	public static final int FORMAT_VERSION = 1;
+
 	private final MessageId id;
 	private final GroupId groupId;
 	private final long timestamp;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/MessageId.java

@@ -16,7 +16,13 @@ public class MessageId extends UniqueId {
 	/**
 	 * Label for hashing messages to calculate their identifiers.
 	 */
-	public static final String LABEL = "org.briarproject.bramble/MESSAGE_ID";
+	public static final String ID_LABEL = "org.briarproject.bramble/MESSAGE_ID";
+
+	/**
+	 * Label for hashing blocks of messages.
+	 */
+	public static final String BLOCK_LABEL =
+			"org.briarproject.bramble/MESSAGE_BLOCK";
 
 	public MessageId(byte[] id) {
 		super(id);

bramble-api/src/main/java/org/briarproject/bramble/api/transport/KeyManager.java

@@ -6,6 +6,8 @@ import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.plugin.TransportId;
 
+import java.util.Map;
+
 import javax.annotation.Nullable;
 
 /**
@@ -16,13 +18,51 @@ public interface KeyManager {
 
 	/**
 	 * Informs the key manager that a new contact has been added. Derives and
-	 * stores transport keys for communicating with the contact.
+	 * stores a set of transport keys for communicating with the contact over
+	 * each transport.
+	 * <p/>
 	 * {@link StreamContext StreamContexts} for the contact can be created
 	 * after this method has returned.
 	 */
 	void addContact(Transaction txn, ContactId c, SecretKey master,
 			long timestamp, boolean alice) throws DbException;
 
+	/**
+	 * Derives and stores a set of unbound transport keys for each transport
+	 * and returns the key set IDs.
+	 * <p/>
+	 * The keys must be bound before they can be used for incoming streams,
+	 * and also activated before they can be used for outgoing streams.
+	 */
+	Map<TransportId, KeySetId> addUnboundKeys(Transaction txn, SecretKey master,
+			long timestamp, boolean alice) throws DbException;
+
+	/**
+	 * Binds the given transport keys to the given contact.
+	 */
+	void bindKeys(Transaction txn, ContactId c, Map<TransportId, KeySetId> keys)
+			throws DbException;
+
+	/**
+	 * Marks the given transport keys as usable for outgoing streams. Keys must
+	 * be bound before they are activated.
+	 */
+	void activateKeys(Transaction txn, Map<TransportId, KeySetId> keys)
+			throws DbException;
+
+	/**
+	 * Removes the given transport keys, which must not have been bound, from
+	 * the manager and the database.
+	 */
+	void removeKeys(Transaction txn, Map<TransportId, KeySetId> keys)
+		throws DbException;
+
+	/**
+	 * Returns true if we have keys that can be used for outgoing streams to
+	 * the given contact over the given transport.
+	 */
+	boolean canSendOutgoingStreams(ContactId c, TransportId t);
+
 	/**
 	 * Returns a {@link StreamContext} for sending a stream to the given
 	 * contact over the given transport, or null if an error occurs or the

bramble-api/src/main/java/org/briarproject/bramble/api/transport/KeySet.java

@@ -0,0 +1,51 @@
+package org.briarproject.bramble.api.transport;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * A set of transport keys for communicating with a contact. If the keys have
+ * not yet been bound to a contact, {@link #getContactId()}} returns null.
+ */
+@Immutable
+@NotNullByDefault
+public class KeySet {
+
+	private final KeySetId keySetId;
+	@Nullable
+	private final ContactId contactId;
+	private final TransportKeys transportKeys;
+
+	public KeySet(KeySetId keySetId, @Nullable ContactId contactId,
+			TransportKeys transportKeys) {
+		this.keySetId = keySetId;
+		this.contactId = contactId;
+		this.transportKeys = transportKeys;
+	}
+
+	public KeySetId getKeySetId() {
+		return keySetId;
+	}
+
+	@Nullable
+	public ContactId getContactId() {
+		return contactId;
+	}
+
+	public TransportKeys getTransportKeys() {
+		return transportKeys;
+	}
+
+	@Override
+	public int hashCode() {
+		return keySetId.hashCode();
+	}
+
+	@Override
+	public boolean equals(Object o) {
+		return o instanceof KeySet && keySetId.equals(((KeySet) o).keySetId);
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/KeySetId.java

@@ -0,0 +1,36 @@
+package org.briarproject.bramble.api.transport;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * Type-safe wrapper for an integer that uniquely identifies a set of transport
+ * keys within the scope of the local device.
+ * <p/>
+ * Key sets created on a given device must have increasing identifiers.
+ */
+@Immutable
+@NotNullByDefault
+public class KeySetId {
+
+	private final int id;
+
+	public KeySetId(int id) {
+		this.id = id;
+	}
+
+	public int getInt() {
+		return id;
+	}
+
+	@Override
+	public int hashCode() {
+		return id;
+	}
+
+	@Override
+	public boolean equals(Object o) {
+		return o instanceof KeySetId && id == ((KeySetId) o).id;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/OutgoingKeys.java

@@ -10,18 +10,20 @@ public class OutgoingKeys {
 
 	private final SecretKey tagKey, headerKey;
 	private final long rotationPeriod, streamCounter;
+	private final boolean active;
 
 	public OutgoingKeys(SecretKey tagKey, SecretKey headerKey,
-			long rotationPeriod) {
-		this(tagKey, headerKey, rotationPeriod, 0);
+			long rotationPeriod, boolean active) {
+		this(tagKey, headerKey, rotationPeriod, 0, active);
 	}
 
 	public OutgoingKeys(SecretKey tagKey, SecretKey headerKey,
-			long rotationPeriod, long streamCounter) {
+			long rotationPeriod, long streamCounter, boolean active) {
 		this.tagKey = tagKey;
 		this.headerKey = headerKey;
 		this.rotationPeriod = rotationPeriod;
 		this.streamCounter = streamCounter;
+		this.active = active;
 	}
 
 	public SecretKey getTagKey() {
@@ -39,4 +41,8 @@ public class OutgoingKeys {
 	public long getStreamCounter() {
 		return streamCounter;
 	}
+
+	public boolean isActive() {
+		return active;
+	}
 }

bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java

@@ -5,6 +5,8 @@ import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.identity.LocalAuthor;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.sync.ClientId;
 import org.briarproject.bramble.api.sync.Group;
 import org.briarproject.bramble.api.sync.GroupId;
@@ -16,13 +18,18 @@ import java.io.File;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Random;
 import java.util.concurrent.atomic.AtomicInteger;
 
 import static org.briarproject.bramble.api.identity.Author.FORMAT_VERSION;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
+import static org.briarproject.bramble.api.plugin.TransportId.MAX_TRANSPORT_ID_LENGTH;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MAX_PROPERTY_LENGTH;
+import static org.briarproject.bramble.api.sync.ClientId.MAX_CLIENT_ID_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
@@ -54,6 +61,33 @@ public class TestUtils {
 		return getRandomBytes(UniqueId.LENGTH);
 	}
 
+	public static ClientId getClientId() {
+		return new ClientId(getRandomString(MAX_CLIENT_ID_LENGTH));
+	}
+
+	public static TransportId getTransportId() {
+		return new TransportId(getRandomString(MAX_TRANSPORT_ID_LENGTH));
+	}
+
+	public static TransportProperties getTransportProperties(int number) {
+		TransportProperties tp = new TransportProperties();
+		for (int i = 0; i < number; i++) {
+			tp.put(getRandomString(1 + random.nextInt(MAX_PROPERTY_LENGTH)),
+					getRandomString(1 + random.nextInt(MAX_PROPERTY_LENGTH))
+			);
+		}
+		return tp;
+	}
+
+	public static Map<TransportId, TransportProperties> getTransportPropertiesMap(
+			int number) {
+		Map<TransportId, TransportProperties> map = new HashMap<>();
+		for (int i = 0; i < number; i++) {
+			map.put(getTransportId(), getTransportProperties(number));
+		}
+		return map;
+	}
+
 	public static SecretKey getSecretKey() {
 		return new SecretKey(getRandomBytes(SecretKey.LENGTH));
 	}

bramble-core/src/main/java/org/briarproject/bramble/client/ClientHelperImpl.java

@@ -18,6 +18,8 @@ import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorFactory;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.sync.GroupId;
 import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.MessageFactory;
@@ -37,6 +39,8 @@ import javax.inject.Inject;
 import static org.briarproject.bramble.api.identity.Author.FORMAT_VERSION;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MAX_PROPERTIES_PER_TRANSPORT;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MAX_PROPERTY_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
 import static org.briarproject.bramble.util.ValidationUtils.checkLength;
 import static org.briarproject.bramble.util.ValidationUtils.checkSize;
@@ -324,6 +328,20 @@ class ClientHelperImpl implements ClientHelper {
 		}
 	}
 
+	@Override
+	public BdfDictionary toDictionary(TransportProperties transportProperties) {
+		return new BdfDictionary(transportProperties);
+	}
+
+	@Override
+	public BdfDictionary toDictionary(
+			Map<TransportId, TransportProperties> map) {
+		BdfDictionary d = new BdfDictionary();
+		for (Entry<TransportId, TransportProperties> e : map.entrySet())
+			d.put(e.getKey().getString(), new BdfDictionary(e.getValue()));
+		return d;
+	}
+
 	@Override
 	public BdfList toList(byte[] b, int off, int len) throws FormatException {
 		ByteArrayInputStream in = new ByteArrayInputStream(b, off, len);
@@ -363,9 +381,10 @@ class ClientHelperImpl implements ClientHelper {
 	}
 
 	@Override
-	public void verifySignature(String label, byte[] sig, byte[] publicKey,
-			BdfList signed) throws FormatException, GeneralSecurityException {
-		if (!crypto.verify(label, toByteArray(signed), publicKey, sig)) {
+	public void verifySignature(byte[] signature, String label, BdfList signed,
+			byte[] publicKey) throws FormatException, GeneralSecurityException {
+		if (!crypto.verifySignature(signature, label, toByteArray(signed),
+				publicKey)) {
 			throw new GeneralSecurityException("Invalid signature");
 		}
 	}
@@ -382,4 +401,33 @@ class ClientHelperImpl implements ClientHelper {
 		checkLength(publicKey, 1, MAX_PUBLIC_KEY_LENGTH);
 		return authorFactory.createAuthor(formatVersion, name, publicKey);
 	}
+
+	@Override
+	public TransportProperties parseAndValidateTransportProperties(
+			BdfDictionary properties) throws FormatException {
+		checkSize(properties, 0, MAX_PROPERTIES_PER_TRANSPORT);
+		TransportProperties p = new TransportProperties();
+		for (String key : properties.keySet()) {
+			checkLength(key, 1, MAX_PROPERTY_LENGTH);
+			String value = properties.getString(key);
+			checkLength(value, 1, MAX_PROPERTY_LENGTH);
+			p.put(key, value);
+		}
+		return p;
+	}
+
+	@Override
+	public Map<TransportId, TransportProperties> parseAndValidateTransportPropertiesMap(
+			BdfDictionary properties) throws FormatException {
+		Map<TransportId, TransportProperties> tpMap = new HashMap<>();
+		for (String key : properties.keySet()) {
+			TransportId transportId = new TransportId(key);
+			TransportProperties transportProperties =
+					parseAndValidateTransportProperties(
+							properties.getDictionary(key));
+			tpMap.put(transportId, transportProperties);
+		}
+		return tpMap;
+	}
+
 }

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java

@@ -251,7 +251,8 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		r.readListEnd();
 		LOG.info("Received pseudonym");
 		// Verify the signature
-		if (!crypto.verify(SIGNING_LABEL_EXCHANGE, nonce, publicKey, sig)) {
+		if (!crypto.verifySignature(sig, SIGNING_LABEL_EXCHANGE, nonce,
+				publicKey)) {
 			if (LOG.isLoggable(INFO))
 				LOG.info("Invalid signature");
 			throw new GeneralSecurityException();

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactManagerImpl.java

@@ -27,36 +27,37 @@ class ContactManagerImpl implements ContactManager {
 
 	private final DatabaseComponent db;
 	private final KeyManager keyManager;
-	private final List<AddContactHook> addHooks;
-	private final List<RemoveContactHook> removeHooks;
+	private final List<ContactHook> hooks;
 
 	@Inject
 	ContactManagerImpl(DatabaseComponent db, KeyManager keyManager) {
 		this.db = db;
 		this.keyManager = keyManager;
-		addHooks = new CopyOnWriteArrayList<>();
-		removeHooks = new CopyOnWriteArrayList<>();
+		hooks = new CopyOnWriteArrayList<>();
 	}
 
 	@Override
-	public void registerAddContactHook(AddContactHook hook) {
-		addHooks.add(hook);
-	}
-
-	@Override
-	public void registerRemoveContactHook(RemoveContactHook hook) {
-		removeHooks.add(hook);
+	public void registerContactHook(ContactHook hook) {
+		hooks.add(hook);
 	}
 
 	@Override
 	public ContactId addContact(Transaction txn, Author remote, AuthorId local,
-			SecretKey master,long timestamp, boolean alice, boolean verified,
+			SecretKey master, long timestamp, boolean alice, boolean verified,
 			boolean active) throws DbException {
 		ContactId c = db.addContact(txn, remote, local, verified, active);
 		keyManager.addContact(txn, c, master, timestamp, alice);
 		Contact contact = db.getContact(txn, c);
-		for (AddContactHook hook : addHooks)
-			hook.addingContact(txn, contact);
+		for (ContactHook hook : hooks) hook.addingContact(txn, contact);
+		return c;
+	}
+
+	@Override
+	public ContactId addContact(Transaction txn, Author remote, AuthorId local,
+			boolean verified, boolean active) throws DbException {
+		ContactId c = db.addContact(txn, remote, local, verified, active);
+		Contact contact = db.getContact(txn, c);
+		for (ContactHook hook : hooks) hook.addingContact(txn, contact);
 		return c;
 	}
 
@@ -156,7 +157,7 @@ class ContactManagerImpl implements ContactManager {
 	@Override
 	public boolean contactExists(AuthorId remoteAuthorId,
 			AuthorId localAuthorId) throws DbException {
-		boolean exists = false;
+		boolean exists;
 		Transaction txn = db.startTransaction(true);
 		try {
 			exists = contactExists(txn, remoteAuthorId, localAuthorId);
@@ -171,8 +172,7 @@ class ContactManagerImpl implements ContactManager {
 	public void removeContact(Transaction txn, ContactId c)
 			throws DbException {
 		Contact contact = db.getContact(txn, c);
-		for (RemoveContactHook hook : removeHooks)
-			hook.removingContact(txn, contact);
+		for (ContactHook hook : hooks) hook.removingContact(txn, contact);
 		db.removeContact(txn, c);
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java

@@ -205,12 +205,12 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	public boolean verify(String label, byte[] signedData, byte[] publicKey,
-			byte[] signature) throws GeneralSecurityException {
+	public boolean verifySignature(byte[] signature, String label,
+			byte[] signed, byte[] publicKey) throws GeneralSecurityException {
 		PublicKey key = signatureKeyParser.parsePublicKey(publicKey);
 		Signature sig = new EdSignature();
 		sig.initVerify(key);
-		updateSignature(sig, label, signedData);
+		updateSignature(sig, label, signed);
 		return sig.verify(signature);
 	}
 
@@ -262,6 +262,17 @@ class CryptoComponentImpl implements CryptoComponent {
 		return output;
 	}
 
+	@Override
+	public boolean verifyMac(byte[] mac, String label, SecretKey macKey,
+			byte[]... inputs) {
+		byte[] expected = mac(label, macKey, inputs);
+		if (mac.length != expected.length) return false;
+		// Constant-time comparison
+		int cmp = 0;
+		for (int i = 0; i < mac.length; i++) cmp |= mac[i] ^ expected[i];
+		return cmp == 0;
+	}
+
 	@Override
 	public byte[] encryptWithPassword(byte[] input, String password) {
 		AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();

bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java

@@ -36,7 +36,8 @@ class TransportCryptoImpl implements TransportCrypto {
 
 	@Override
 	public TransportKeys deriveTransportKeys(TransportId t,
-			SecretKey master, long rotationPeriod, boolean alice) {
+			SecretKey master, long rotationPeriod, boolean alice,
+			boolean active) {
 		// Keys for the previous period are derived from the master secret
 		SecretKey inTagPrev = deriveTagKey(master, t, !alice);
 		SecretKey inHeaderPrev = deriveHeaderKey(master, t, !alice);
@@ -57,7 +58,7 @@ class TransportCryptoImpl implements TransportCrypto {
 		IncomingKeys inNext = new IncomingKeys(inTagNext, inHeaderNext,
 				rotationPeriod + 1);
 		OutgoingKeys outCurr = new OutgoingKeys(outTagCurr, outHeaderCurr,
-				rotationPeriod);
+				rotationPeriod, active);
 		// Collect and return the keys
 		return new TransportKeys(t, inPrev, inCurr, inNext, outCurr);
 	}
@@ -71,6 +72,7 @@ class TransportCryptoImpl implements TransportCrypto {
 		IncomingKeys inNext = k.getNextIncomingKeys();
 		OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
 		long startPeriod = outCurr.getRotationPeriod();
+		boolean active = outCurr.isActive();
 		// Rotate the keys
 		for (long p = startPeriod + 1; p <= rotationPeriod; p++) {
 			inPrev = inCurr;
@@ -80,7 +82,7 @@ class TransportCryptoImpl implements TransportCrypto {
 			inNext = new IncomingKeys(inNextTag, inNextHeader, p + 1);
 			SecretKey outCurrTag = rotateKey(outCurr.getTagKey(), p);
 			SecretKey outCurrHeader = rotateKey(outCurr.getHeaderKey(), p);
-			outCurr = new OutgoingKeys(outCurrTag, outCurrHeader, p);
+			outCurr = new OutgoingKeys(outCurrTag, outCurrHeader, p, active);
 		}
 		// Collect and return the keys
 		return new TransportKeys(k.getTransportId(), inPrev, inCurr, inNext,

bramble-core/src/main/java/org/briarproject/bramble/db/Database.java

@@ -6,6 +6,7 @@ import org.briarproject.bramble.api.db.DataTooNewException;
 import org.briarproject.bramble.api.db.DataTooOldException;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Metadata;
+import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.identity.LocalAuthor;
@@ -20,6 +21,8 @@ import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.api.sync.MessageStatus;
 import org.briarproject.bramble.api.sync.ValidationManager.State;
+import org.briarproject.bramble.api.transport.KeySet;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
 import java.util.Collection;
@@ -45,7 +48,7 @@ interface Database<T> {
 	 * @throws DataTooOldException if the data uses an older schema than the
 	 * current code and cannot be migrated
 	 */
-	boolean open() throws DbException;
+	boolean open(@Nullable MigrationListener listener) throws DbException;
 
 	/**
 	 * Prevents new transactions from starting, waits for all current
@@ -104,10 +107,11 @@ interface Database<T> {
 			@Nullable ContactId sender) throws DbException;
 
 	/**
-	 * Adds a dependency between two messages in the given group.
+	 * Adds a dependency between two messages, where the dependent message is
+	 * in the given state.
 	 */
-	void addMessageDependency(T txn, GroupId g, MessageId dependent,
-			MessageId dependency) throws DbException;
+	void addMessageDependency(T txn, Message dependent, MessageId dependency,
+			State dependentState) throws DbException;
 
 	/**
 	 * Records that a message has been offered by the given contact.
@@ -121,9 +125,16 @@ interface Database<T> {
 			throws DbException;
 
 	/**
-	 * Stores transport keys for a newly added contact.
+	 * Stores the given transport keys, optionally binding them to the given
+	 * contact, and returns a key set ID.
 	 */
-	void addTransportKeys(T txn, ContactId c, TransportKeys k)
+	KeySetId addTransportKeys(T txn, @Nullable ContactId c, TransportKeys k)
+			throws DbException;
+
+	/**
+	 * Binds the given keys for the given transport to the given contact.
+	 */
+	void bindTransportKeys(T txn, ContactId c, TransportId t, KeySetId k)
 			throws DbException;
 
 	/**
@@ -291,10 +302,8 @@ interface Database<T> {
 
 	/**
 	 * Returns the IDs and states of all dependencies of the given message.
-	 * Missing dependencies have the state {@link State UNKNOWN}.
-	 * Dependencies in other groups have the state {@link State INVALID}.
-	 * Note that these states are not set on the dependencies themselves; the
-	 * returned states should only be taken in the context of the given message.
+	 * For missing dependencies and dependencies in other groups, the state
+	 * {@link State UNKNOWN} is returned.
 	 * <p/>
 	 * Read-only.
 	 */
@@ -302,9 +311,9 @@ interface Database<T> {
 			throws DbException;
 
 	/**
-	 * Returns all IDs and states of all dependents of the given message.
-	 * Messages in other groups that declare a dependency on the given message
-	 * will be returned even though such dependencies are invalid.
+	 * Returns the IDs and states of all dependents of the given message.
+	 * Dependents in other groups are not returned. If the given message is
+	 * missing, no dependents are returned.
 	 * <p/>
 	 * Read-only.
 	 */
@@ -423,31 +432,27 @@ interface Database<T> {
 			throws DbException;
 
 	/**
-	 * Returns the IDs of any messages that need to be validated by the given
-	 * client.
+	 * Returns the IDs of any messages that need to be validated.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getMessagesToValidate(T txn, ClientId c)
-			throws DbException;
+	Collection<MessageId> getMessagesToValidate(T txn) throws DbException;
 
 	/**
-	 * Returns the IDs of any messages that are still pending due to
-	 * dependencies to other messages for the given client.
+	 * Returns the IDs of any messages that are pending delivery due to
+	 * dependencies on other messages.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getPendingMessages(T txn, ClientId c)
-			throws DbException;
+	Collection<MessageId> getPendingMessages(T txn) throws DbException;
 
 	/**
-	 * Returns the IDs of any messages from the given client
-	 * that have a shared dependent, but are still not shared themselves.
+	 * Returns the IDs of any messages that have a shared dependent but have
+	 * not yet been shared themselves.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getMessagesToShare(T txn, ClientId c)
-			throws DbException;
+	Collection<MessageId> getMessagesToShare(T txn) throws DbException;
 
 	/**
 	 * Returns the next time (in milliseconds since the Unix epoch) when a
@@ -490,15 +495,14 @@ interface Database<T> {
 	 * <p/>
 	 * Read-only.
 	 */
-	Map<ContactId, TransportKeys> getTransportKeys(T txn, TransportId t)
+	Collection<KeySet> getTransportKeys(T txn, TransportId t)
 			throws DbException;
 
 	/**
-	 * Increments the outgoing stream counter for the given contact and
-	 * transport in the given rotation period.
+	 * Increments the outgoing stream counter for the given transport keys.
 	 */
-	void incrementStreamCounter(T txn, ContactId c, TransportId t,
-			long rotationPeriod) throws DbException;
+	void incrementStreamCounter(T txn, TransportId t, KeySetId k)
+			throws DbException;
 
 	/**
 	 * Marks the given messages as not needing to be acknowledged to the
@@ -588,6 +592,12 @@ interface Database<T> {
 	 */
 	void removeTransport(T txn, TransportId t) throws DbException;
 
+	/**
+	 * Removes the given transport keys from the database.
+	 */
+	void removeTransportKeys(T txn, TransportId t, KeySetId k)
+			throws DbException;
+
 	/**
 	 * Resets the transmission count and expiry time of the given message with
 	 * respect to the given contact.
@@ -623,12 +633,18 @@ interface Database<T> {
 	void setMessageState(T txn, MessageId m, State state) throws DbException;
 
 	/**
-	 * Sets the reordering window for the given contact and transport in the
+	 * Sets the reordering window for the given key set and transport in the
 	 * given rotation period.
 	 */
-	void setReorderingWindow(T txn, ContactId c, TransportId t,
+	void setReorderingWindow(T txn, KeySetId k, TransportId t,
 			long rotationPeriod, long base, byte[] bitmap) throws DbException;
 
+	/**
+	 * Marks the given transport keys as usable for outgoing streams.
+	 */
+	void setTransportKeysActive(T txn, TransportId t, KeySetId k)
+		throws DbException;
+
 	/**
 	 * Updates the transmission count and expiry time of the given message
 	 * with respect to the given contact, using the latency of the transport
@@ -640,6 +656,5 @@ interface Database<T> {
 	/**
 	 * Stores the given transport keys, deleting any keys they have replaced.
 	 */
-	void updateTransportKeys(T txn, Map<ContactId, TransportKeys> keys)
-			throws DbException;
+	void updateTransportKeys(T txn, Collection<KeySet> keys) throws DbException;
 }

bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseComponentImpl.java

@@ -10,6 +10,7 @@ import org.briarproject.bramble.api.db.ContactExistsException;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Metadata;
+import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.db.NoSuchContactException;
 import org.briarproject.bramble.api.db.NoSuchGroupException;
 import org.briarproject.bramble.api.db.NoSuchLocalAuthorException;
@@ -50,15 +51,15 @@ import org.briarproject.bramble.api.sync.event.MessageToAckEvent;
 import org.briarproject.bramble.api.sync.event.MessageToRequestEvent;
 import org.briarproject.bramble.api.sync.event.MessagesAckedEvent;
 import org.briarproject.bramble.api.sync.event.MessagesSentEvent;
+import org.briarproject.bramble.api.transport.KeySet;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Map.Entry;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 import java.util.logging.Logger;
@@ -100,8 +101,9 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public boolean open() throws DbException {
-		boolean reopened = db.open();
+	public boolean open(@Nullable MigrationListener listener)
+			throws DbException {
+		boolean reopened = db.open(listener);
 		shutdown.addShutdownHook(() -> {
 			try {
 				close();
@@ -232,15 +234,27 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public void addTransportKeys(Transaction transaction, ContactId c,
-			TransportKeys k) throws DbException {
+	public KeySetId addTransportKeys(Transaction transaction,
+			@Nullable ContactId c, TransportKeys k) throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		if (c != null && !db.containsContact(txn, c))
+			throw new NoSuchContactException();
+		if (!db.containsTransport(txn, k.getTransportId()))
+			throw new NoSuchTransportException();
+		return db.addTransportKeys(txn, c, k);
+	}
+
+	@Override
+	public void bindTransportKeys(Transaction transaction, ContactId c,
+			TransportId t, KeySetId k) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
 		if (!db.containsContact(txn, c))
 			throw new NoSuchContactException();
-		if (!db.containsTransport(txn, k.getTransportId()))
+		if (!db.containsTransport(txn, t))
 			throw new NoSuchTransportException();
-		db.addTransportKeys(txn, c, k);
+		db.bindTransportKeys(txn, c, t, k);
 	}
 
 	@Override
@@ -453,24 +467,24 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public Collection<MessageId> getMessagesToValidate(Transaction transaction,
-			ClientId c) throws DbException {
+	public Collection<MessageId> getMessagesToValidate(Transaction transaction)
+			throws DbException {
 		T txn = unbox(transaction);
-		return db.getMessagesToValidate(txn, c);
+		return db.getMessagesToValidate(txn);
 	}
 
 	@Override
-	public Collection<MessageId> getPendingMessages(Transaction transaction,
-			ClientId c) throws DbException {
+	public Collection<MessageId> getPendingMessages(Transaction transaction)
+			throws DbException {
 		T txn = unbox(transaction);
-		return db.getPendingMessages(txn, c);
+		return db.getPendingMessages(txn);
 	}
 
 	@Override
-	public Collection<MessageId> getMessagesToShare(
-			Transaction transaction, ClientId c) throws DbException {
+	public Collection<MessageId> getMessagesToShare(Transaction transaction)
+			throws DbException {
 		T txn = unbox(transaction);
-		return db.getMessagesToShare(txn, c);
+		return db.getMessagesToShare(txn);
 	}
 
 	@Nullable
@@ -571,7 +585,7 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 
 	@Override
 	public long getNextSendTime(Transaction transaction, ContactId c)
-		throws DbException {
+			throws DbException {
 		T txn = unbox(transaction);
 		return db.getNextSendTime(txn, c);
 	}
@@ -584,8 +598,8 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public Map<ContactId, TransportKeys> getTransportKeys(
-			Transaction transaction, TransportId t) throws DbException {
+	public Collection<KeySet> getTransportKeys(Transaction transaction,
+			TransportId t) throws DbException {
 		T txn = unbox(transaction);
 		if (!db.containsTransport(txn, t))
 			throw new NoSuchTransportException();
@@ -593,15 +607,13 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public void incrementStreamCounter(Transaction transaction, ContactId c,
-			TransportId t, long rotationPeriod) throws DbException {
+	public void incrementStreamCounter(Transaction transaction, TransportId t,
+			KeySetId k) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
-		if (!db.containsContact(txn, c))
-			throw new NoSuchContactException();
 		if (!db.containsTransport(txn, t))
 			throw new NoSuchTransportException();
-		db.incrementStreamCounter(txn, c, t, rotationPeriod);
+		db.incrementStreamCounter(txn, t, k);
 	}
 
 	@Override
@@ -763,6 +775,7 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		T txn = unbox(transaction);
 		if (!db.containsMessage(txn, m))
 			throw new NoSuchMessageException();
+		// TODO: Don't allow messages with dependents to be removed
 		db.removeMessage(txn, m);
 	}
 
@@ -776,6 +789,16 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		db.removeTransport(txn, t);
 	}
 
+	@Override
+	public void removeTransportKeys(Transaction transaction,
+			TransportId t, KeySetId k) throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		if (!db.containsTransport(txn, t))
+			throw new NoSuchTransportException();
+		db.removeTransportKeys(txn, t, k);
+	}
+
 	@Override
 	public void setContactVerified(Transaction transaction, ContactId c)
 			throws DbException {
@@ -848,38 +871,42 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		T txn = unbox(transaction);
 		if (!db.containsMessage(txn, dependent.getId()))
 			throw new NoSuchMessageException();
+		State dependentState = db.getMessageState(txn, dependent.getId());
 		for (MessageId dependency : dependencies) {
-			db.addMessageDependency(txn, dependent.getGroupId(),
-					dependent.getId(), dependency);
+			db.addMessageDependency(txn, dependent, dependency, dependentState);
 		}
 	}
 
 	@Override
-	public void setReorderingWindow(Transaction transaction, ContactId c,
+	public void setReorderingWindow(Transaction transaction, KeySetId k,
 			TransportId t, long rotationPeriod, long base, byte[] bitmap)
 			throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
-		if (!db.containsContact(txn, c))
-			throw new NoSuchContactException();
 		if (!db.containsTransport(txn, t))
 			throw new NoSuchTransportException();
-		db.setReorderingWindow(txn, c, t, rotationPeriod, base, bitmap);
+		db.setReorderingWindow(txn, k, t, rotationPeriod, base, bitmap);
+	}
+
+	@Override
+	public void setTransportKeysActive(Transaction transaction, TransportId t,
+			KeySetId k) throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		if (!db.containsTransport(txn, t))
+			throw new NoSuchTransportException();
+		db.setTransportKeysActive(txn, t, k);
 	}
 
 	@Override
 	public void updateTransportKeys(Transaction transaction,
-			Map<ContactId, TransportKeys> keys) throws DbException {
+			Collection<KeySet> keys) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
-		Map<ContactId, TransportKeys> filtered = new HashMap<>();
-		for (Entry<ContactId, TransportKeys> e : keys.entrySet()) {
-			ContactId c = e.getKey();
-			TransportKeys k = e.getValue();
-			if (db.containsContact(txn, c)
-					&& db.containsTransport(txn, k.getTransportId())) {
-				filtered.put(c, k);
-			}
+		Collection<KeySet> filtered = new ArrayList<>();
+		for (KeySet ks : keys) {
+			TransportId t = ks.getTransportKeys().getTransportId();
+			if (db.containsTransport(txn, t)) filtered.add(ks);
 		}
 		db.updateTransportKeys(txn, filtered);
 	}

bramble-core/src/main/java/org/briarproject/bramble/db/H2Database.java

@@ -3,6 +3,7 @@ package org.briarproject.bramble.db;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.util.StringUtils;
@@ -13,6 +14,7 @@ import java.sql.DriverManager;
 import java.sql.SQLException;
 import java.util.Properties;
 
+import javax.annotation.Nullable;
 import javax.inject.Inject;
 
 /**
@@ -42,10 +44,11 @@ class H2Database extends JdbcDatabase {
 	}
 
 	@Override
-	public boolean open() throws DbException {
+	public boolean open(@Nullable MigrationListener listener)
+			throws DbException {
 		boolean reopen = config.databaseExists();
 		if (!reopen) config.getDatabaseDirectory().mkdirs();
-		super.open("org.h2.Driver", reopen);
+		super.open("org.h2.Driver", reopen, listener);
 		return reopen;
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/db/HyperSqlDatabase.java

@@ -3,6 +3,7 @@ package org.briarproject.bramble.db;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.util.StringUtils;
@@ -13,6 +14,7 @@ import java.sql.DriverManager;
 import java.sql.SQLException;
 import java.sql.Statement;
 
+import javax.annotation.Nullable;
 import javax.inject.Inject;
 
 /**
@@ -44,10 +46,10 @@ class HyperSqlDatabase extends JdbcDatabase {
 	}
 
 	@Override
-	public boolean open() throws DbException {
+	public boolean open(@Nullable MigrationListener listener) throws DbException {
 		boolean reopen = config.databaseExists();
 		if (!reopen) config.getDatabaseDirectory().mkdirs();
-		super.open("org.hsqldb.jdbc.JDBCDriver", reopen);
+		super.open("org.hsqldb.jdbc.JDBCDriver", reopen, listener);
 		return reopen;
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/db/JdbcDatabase.java

@@ -8,6 +8,7 @@ import org.briarproject.bramble.api.db.DataTooOldException;
 import org.briarproject.bramble.api.db.DbClosedException;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Metadata;
+import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.identity.LocalAuthor;
@@ -24,6 +25,8 @@ import org.briarproject.bramble.api.sync.MessageStatus;
 import org.briarproject.bramble.api.sync.ValidationManager.State;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.transport.IncomingKeys;
+import org.briarproject.bramble.api.transport.KeySet;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.OutgoingKeys;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
@@ -49,6 +52,7 @@ import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
 
+import static java.sql.Types.INTEGER;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static org.briarproject.bramble.api.db.Metadata.REMOVE;
@@ -56,7 +60,6 @@ import static org.briarproject.bramble.api.sync.Group.Visibility.INVISIBLE;
 import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
 import static org.briarproject.bramble.api.sync.Group.Visibility.VISIBLE;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.DELIVERED;
-import static org.briarproject.bramble.api.sync.ValidationManager.State.INVALID;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.PENDING;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.UNKNOWN;
 import static org.briarproject.bramble.db.DatabaseConstants.DB_SETTINGS_NAMESPACE;
@@ -71,7 +74,7 @@ import static org.briarproject.bramble.db.ExponentialBackoff.calculateExpiry;
 abstract class JdbcDatabase implements Database<Connection> {
 
 	// Package access for testing
-	static final int CODE_SCHEMA_VERSION = 35;
+	static final int CODE_SCHEMA_VERSION = 36;
 
 	private static final String CREATE_SETTINGS =
 			"CREATE TABLE settings"
@@ -169,6 +172,10 @@ abstract class JdbcDatabase implements Database<Connection> {
 					+ " (groupId _HASH NOT NULL,"
 					+ " messageId _HASH NOT NULL,"
 					+ " dependencyId _HASH NOT NULL," // Not a foreign key
+					+ " messageState INT NOT NULL," // Denormalised
+					// Denormalised, null if dependency is missing or in a
+					// different group
+					+ " dependencyState INT,"
 					+ " FOREIGN KEY (groupId)"
 					+ " REFERENCES groups (groupId)"
 					+ " ON DELETE CASCADE,"
@@ -218,37 +225,44 @@ abstract class JdbcDatabase implements Database<Connection> {
 					+ " maxLatency INT NOT NULL,"
 					+ " PRIMARY KEY (transportId))";
 
+	private static final String CREATE_OUTGOING_KEYS =
+			"CREATE TABLE outgoingKeys"
+					+ " (transportId _STRING NOT NULL,"
+					+ " keySetId _COUNTER,"
+					+ " rotationPeriod BIGINT NOT NULL,"
+					+ " contactId INT," // Null if keys are not bound
+					+ " tagKey _SECRET NOT NULL,"
+					+ " headerKey _SECRET NOT NULL,"
+					+ " stream BIGINT NOT NULL,"
+					+ " active BOOLEAN NOT NULL,"
+					+ " PRIMARY KEY (transportId, keySetId),"
+					+ " FOREIGN KEY (transportId)"
+					+ " REFERENCES transports (transportId)"
+					+ " ON DELETE CASCADE,"
+					+ " UNIQUE (keySetId),"
+					+ " FOREIGN KEY (contactId)"
+					+ " REFERENCES contacts (contactId)"
+					+ " ON DELETE CASCADE)";
+
 	private static final String CREATE_INCOMING_KEYS =
 			"CREATE TABLE incomingKeys"
-					+ " (contactId INT NOT NULL,"
-					+ " transportId _STRING NOT NULL,"
+					+ " (transportId _STRING NOT NULL,"
+					+ " keySetId INT NOT NULL,"
 					+ " rotationPeriod BIGINT NOT NULL,"
+					+ " contactId INT," // Null if keys are not bound
 					+ " tagKey _SECRET NOT NULL,"
 					+ " headerKey _SECRET NOT NULL,"
 					+ " base BIGINT NOT NULL,"
 					+ " bitmap _BINARY NOT NULL,"
-					+ " PRIMARY KEY (contactId, transportId, rotationPeriod),"
-					+ " FOREIGN KEY (contactId)"
-					+ " REFERENCES contacts (contactId)"
-					+ " ON DELETE CASCADE,"
+					+ " PRIMARY KEY (transportId, keySetId, rotationPeriod),"
 					+ " FOREIGN KEY (transportId)"
 					+ " REFERENCES transports (transportId)"
-					+ " ON DELETE CASCADE)";
-
-	private static final String CREATE_OUTGOING_KEYS =
-			"CREATE TABLE outgoingKeys"
-					+ " (contactId INT NOT NULL,"
-					+ " transportId _STRING NOT NULL,"
-					+ " rotationPeriod BIGINT NOT NULL,"
-					+ " tagKey _SECRET NOT NULL,"
-					+ " headerKey _SECRET NOT NULL,"
-					+ " stream BIGINT NOT NULL,"
-					+ " PRIMARY KEY (contactId, transportId),"
+					+ " ON DELETE CASCADE,"
+					+ " FOREIGN KEY (keySetId)"
+					+ " REFERENCES outgoingKeys (keySetId)"
+					+ " ON DELETE CASCADE,"
 					+ " FOREIGN KEY (contactId)"
 					+ " REFERENCES contacts (contactId)"
-					+ " ON DELETE CASCADE,"
-					+ " FOREIGN KEY (transportId)"
-					+ " REFERENCES transports (transportId)"
 					+ " ON DELETE CASCADE)";
 
 	private static final String INDEX_CONTACTS_BY_AUTHOR_ID =
@@ -263,6 +277,10 @@ abstract class JdbcDatabase implements Database<Connection> {
 			"CREATE INDEX IF NOT EXISTS messageMetadataByGroupIdState"
 					+ " ON messageMetadata (groupId, state)";
 
+	private static final String INDEX_MESSAGE_DEPENDENCIES_BY_DEPENDENCY_ID =
+			"CREATE INDEX IF NOT EXISTS messageDependenciesByDependencyId"
+					+ " ON messageDependencies (dependencyId)";
+
 	private static final String INDEX_STATUSES_BY_CONTACT_ID_GROUP_ID =
 			"CREATE INDEX IF NOT EXISTS statusesByContactIdGroupId"
 					+ " ON statuses (contactId, groupId)";
@@ -301,7 +319,8 @@ abstract class JdbcDatabase implements Database<Connection> {
 		this.clock = clock;
 	}
 
-	protected void open(String driverClass, boolean reopen) throws DbException {
+	protected void open(String driverClass, boolean reopen,
+			@Nullable MigrationListener listener) throws DbException {
 		// Load the JDBC driver
 		try {
 			Class.forName(driverClass);
@@ -312,7 +331,7 @@ abstract class JdbcDatabase implements Database<Connection> {
 		Connection txn = startTransaction();
 		try {
 			if (reopen) {
-				checkSchemaVersion(txn);
+				checkSchemaVersion(txn, listener);
 			} else {
 				createTables(txn);
 				storeSchemaVersion(txn, CODE_SCHEMA_VERSION);
@@ -335,7 +354,8 @@ abstract class JdbcDatabase implements Database<Connection> {
 	 * @throws DataTooOldException if the data uses an older schema than the
 	 * current code and cannot be migrated
 	 */
-	private void checkSchemaVersion(Connection txn) throws DbException {
+	private void checkSchemaVersion(Connection txn,
+			@Nullable MigrationListener listener) throws DbException {
 		Settings s = getSettings(txn, DB_SETTINGS_NAMESPACE);
 		int dataSchemaVersion = s.getInt(SCHEMA_VERSION_KEY, -1);
 		if (dataSchemaVersion == -1) throw new DbException();
@@ -348,6 +368,7 @@ abstract class JdbcDatabase implements Database<Connection> {
 			if (start == dataSchemaVersion) {
 				if (LOG.isLoggable(INFO))
 					LOG.info("Migrating from schema " + start + " to " + end);
+				if (listener != null) listener.onMigrationRun();
 				// Apply the migration
 				m.migrate(txn);
 				// Store the new schema version
@@ -403,8 +424,8 @@ abstract class JdbcDatabase implements Database<Connection> {
 			s.executeUpdate(insertTypeNames(CREATE_OFFERS));
 			s.executeUpdate(insertTypeNames(CREATE_STATUSES));
 			s.executeUpdate(insertTypeNames(CREATE_TRANSPORTS));
-			s.executeUpdate(insertTypeNames(CREATE_INCOMING_KEYS));
 			s.executeUpdate(insertTypeNames(CREATE_OUTGOING_KEYS));
+			s.executeUpdate(insertTypeNames(CREATE_INCOMING_KEYS));
 			s.close();
 		} catch (SQLException e) {
 			tryToClose(s);
@@ -419,6 +440,7 @@ abstract class JdbcDatabase implements Database<Connection> {
 			s.executeUpdate(INDEX_CONTACTS_BY_AUTHOR_ID);
 			s.executeUpdate(INDEX_GROUPS_BY_CLIENT_ID);
 			s.executeUpdate(INDEX_MESSAGE_METADATA_BY_GROUP_ID_STATE);
+			s.executeUpdate(INDEX_MESSAGE_DEPENDENCIES_BY_DEPENDENCY_ID);
 			s.executeUpdate(INDEX_STATUSES_BY_CONTACT_ID_GROUP_ID);
 			s.executeUpdate(INDEX_STATUSES_BY_CONTACT_ID_TIMESTAMP);
 			s.close();
@@ -711,6 +733,17 @@ abstract class JdbcDatabase implements Database<Connection> {
 						m.getLength(), state, e.getValue(), messageShared,
 						false, seen);
 			}
+			// Update denormalised column in messageDependencies if dependency
+			// is in same group as dependent
+			sql = "UPDATE messageDependencies SET dependencyState = ?"
+					+ " WHERE groupId = ? AND dependencyId = ?";
+			ps = txn.prepareStatement(sql);
+			ps.setInt(1, state.getValue());
+			ps.setBytes(2, m.getGroupId().getBytes());
+			ps.setBytes(3, m.getId().getBytes());
+			affected = ps.executeUpdate();
+			if (affected < 0) throw new DbStateException();
+			ps.close();
 		} catch (SQLException e) {
 			tryToClose(ps);
 			throw new DbException(e);
@@ -780,21 +813,42 @@ abstract class JdbcDatabase implements Database<Connection> {
 	}
 
 	@Override
-	public void addMessageDependency(Connection txn, GroupId g,
-			MessageId dependent, MessageId dependency) throws DbException {
+	public void addMessageDependency(Connection txn, Message dependent,
+			MessageId dependency, State dependentState) throws DbException {
 		PreparedStatement ps = null;
+		ResultSet rs = null;
 		try {
-			String sql = "INSERT INTO messageDependencies"
-					+ " (groupId, messageId, dependencyId)"
-					+ " VALUES (?, ?, ?)";
+			// Get state of dependency if present and in same group as dependent
+			String sql = "SELECT state FROM messages"
+					+ " WHERE messageId = ? AND groupId = ?";
 			ps = txn.prepareStatement(sql);
-			ps.setBytes(1, g.getBytes());
-			ps.setBytes(2, dependent.getBytes());
+			ps.setBytes(1, dependency.getBytes());
+			ps.setBytes(2, dependent.getGroupId().getBytes());
+			rs = ps.executeQuery();
+			State dependencyState = null;
+			if (rs.next()) {
+				dependencyState = State.fromValue(rs.getInt(1));
+				if (rs.next()) throw new DbStateException();
+			}
+			rs.close();
+			ps.close();
+			// Create messageDependencies row
+			sql = "INSERT INTO messageDependencies"
+					+ " (groupId, messageId, dependencyId, messageState,"
+					+ " dependencyState)"
+					+ " VALUES (?, ?, ?, ? ,?)";
+			ps = txn.prepareStatement(sql);
+			ps.setBytes(1, dependent.getGroupId().getBytes());
+			ps.setBytes(2, dependent.getId().getBytes());
 			ps.setBytes(3, dependency.getBytes());
+			ps.setInt(4, dependentState.getValue());
+			if (dependencyState == null) ps.setNull(5, INTEGER);
+			else ps.setInt(5, dependencyState.getValue());
 			int affected = ps.executeUpdate();
 			if (affected != 1) throw new DbStateException();
 			ps.close();
 		} catch (SQLException e) {
+			tryToClose(rs);
 			tryToClose(ps);
 			throw new DbException(e);
 		}
@@ -820,61 +874,105 @@ abstract class JdbcDatabase implements Database<Connection> {
 	}
 
 	@Override
-	public void addTransportKeys(Connection txn, ContactId c, TransportKeys k)
-			throws DbException {
+	public KeySetId addTransportKeys(Connection txn, @Nullable ContactId c,
+			TransportKeys k) throws DbException {
 		PreparedStatement ps = null;
+		ResultSet rs = null;
 		try {
-			// Store the incoming keys
-			String sql = "INSERT INTO incomingKeys (contactId, transportId,"
-					+ " rotationPeriod, tagKey, headerKey, base, bitmap)"
+			// Store the outgoing keys
+			String sql = "INSERT INTO outgoingKeys (contactId, transportId,"
+					+ " rotationPeriod, tagKey, headerKey, stream, active)"
 					+ " VALUES (?, ?, ?, ?, ?, ?, ?)";
 			ps = txn.prepareStatement(sql);
-			ps.setInt(1, c.getInt());
-			ps.setString(2, k.getTransportId().getString());
-			// Previous rotation period
-			IncomingKeys inPrev = k.getPreviousIncomingKeys();
-			ps.setLong(3, inPrev.getRotationPeriod());
-			ps.setBytes(4, inPrev.getTagKey().getBytes());
-			ps.setBytes(5, inPrev.getHeaderKey().getBytes());
-			ps.setLong(6, inPrev.getWindowBase());
-			ps.setBytes(7, inPrev.getWindowBitmap());
-			ps.addBatch();
-			// Current rotation period
-			IncomingKeys inCurr = k.getCurrentIncomingKeys();
-			ps.setLong(3, inCurr.getRotationPeriod());
-			ps.setBytes(4, inCurr.getTagKey().getBytes());
-			ps.setBytes(5, inCurr.getHeaderKey().getBytes());
-			ps.setLong(6, inCurr.getWindowBase());
-			ps.setBytes(7, inCurr.getWindowBitmap());
-			ps.addBatch();
-			// Next rotation period
-			IncomingKeys inNext = k.getNextIncomingKeys();
-			ps.setLong(3, inNext.getRotationPeriod());
-			ps.setBytes(4, inNext.getTagKey().getBytes());
-			ps.setBytes(5, inNext.getHeaderKey().getBytes());
-			ps.setLong(6, inNext.getWindowBase());
-			ps.setBytes(7, inNext.getWindowBitmap());
-			ps.addBatch();
-			int[] batchAffected = ps.executeBatch();
-			if (batchAffected.length != 3) throw new DbStateException();
-			for (int rows : batchAffected)
-				if (rows != 1) throw new DbStateException();
-			ps.close();
-			// Store the outgoing keys
-			sql = "INSERT INTO outgoingKeys (contactId, transportId,"
-					+ " rotationPeriod, tagKey, headerKey, stream)"
-					+ " VALUES (?, ?, ?, ?, ?, ?)";
-			ps = txn.prepareStatement(sql);
-			ps.setInt(1, c.getInt());
+			if (c == null) ps.setNull(1, INTEGER);
+			else ps.setInt(1, c.getInt());
 			ps.setString(2, k.getTransportId().getString());
 			OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
 			ps.setLong(3, outCurr.getRotationPeriod());
 			ps.setBytes(4, outCurr.getTagKey().getBytes());
 			ps.setBytes(5, outCurr.getHeaderKey().getBytes());
 			ps.setLong(6, outCurr.getStreamCounter());
+			ps.setBoolean(7, outCurr.isActive());
 			int affected = ps.executeUpdate();
 			if (affected != 1) throw new DbStateException();
 			ps.close();
+			// Get the new (highest) key set ID
+			sql = "SELECT keySetId FROM outgoingKeys"
+					+ " ORDER BY keySetId DESC LIMIT 1";
+			ps = txn.prepareStatement(sql);
+			rs = ps.executeQuery();
+			if (!rs.next()) throw new DbStateException();
+			KeySetId keySetId = new KeySetId(rs.getInt(1));
+			if (rs.next()) throw new DbStateException();
+			rs.close();
+			ps.close();
+			// Store the incoming keys
+			sql = "INSERT INTO incomingKeys (keySetId, contactId, transportId,"
+					+ " rotationPeriod, tagKey, headerKey, base, bitmap)"
+					+ " VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
+			ps = txn.prepareStatement(sql);
+			ps.setInt(1, keySetId.getInt());
+			if (c == null) ps.setNull(2, INTEGER);
+			else ps.setInt(2, c.getInt());
+			ps.setString(3, k.getTransportId().getString());
+			// Previous rotation period
+			IncomingKeys inPrev = k.getPreviousIncomingKeys();
+			ps.setLong(4, inPrev.getRotationPeriod());
+			ps.setBytes(5, inPrev.getTagKey().getBytes());
+			ps.setBytes(6, inPrev.getHeaderKey().getBytes());
+			ps.setLong(7, inPrev.getWindowBase());
+			ps.setBytes(8, inPrev.getWindowBitmap());
+			ps.addBatch();
+			// Current rotation period
+			IncomingKeys inCurr = k.getCurrentIncomingKeys();
+			ps.setLong(4, inCurr.getRotationPeriod());
+			ps.setBytes(5, inCurr.getTagKey().getBytes());
+			ps.setBytes(6, inCurr.getHeaderKey().getBytes());
+			ps.setLong(7, inCurr.getWindowBase());
+			ps.setBytes(8, inCurr.getWindowBitmap());
+			ps.addBatch();
+			// Next rotation period
+			IncomingKeys inNext = k.getNextIncomingKeys();
+			ps.setLong(4, inNext.getRotationPeriod());
+			ps.setBytes(5, inNext.getTagKey().getBytes());
+			ps.setBytes(6, inNext.getHeaderKey().getBytes());
+			ps.setLong(7, inNext.getWindowBase());
+			ps.setBytes(8, inNext.getWindowBitmap());
+			ps.addBatch();
+			int[] batchAffected = ps.executeBatch();
+			if (batchAffected.length != 3) throw new DbStateException();
+			for (int rows : batchAffected)
+				if (rows != 1) throw new DbStateException();
+			ps.close();
+			return keySetId;
+		} catch (SQLException e) {
+			tryToClose(rs);
+			tryToClose(ps);
+			throw new DbException(e);
+		}
+	}
+
+	@Override
+	public void bindTransportKeys(Connection txn, ContactId c, TransportId t,
+			KeySetId k) throws DbException {
+		PreparedStatement ps = null;
+		try {
+			String sql = "UPDATE outgoingKeys SET contactId = ?"
+					+ " WHERE keySetId = ?";
+			ps = txn.prepareStatement(sql);
+			ps.setInt(1, c.getInt());
+			ps.setInt(2, k.getInt());
+			int affected = ps.executeUpdate();
+			if (affected < 0) throw new DbStateException();
+			ps.close();
+			sql = "UPDATE incomingKeys SET contactId = ?"
+					+ " WHERE keySetId = ?";
+			ps = txn.prepareStatement(sql);
+			ps.setInt(1, c.getInt());
+			ps.setInt(2, k.getInt());
+			affected = ps.executeUpdate();
+			if (affected < 0) throw new DbStateException();
+			ps.close();
 		} catch (SQLException e) {
 			tryToClose(ps);
 			throw new DbException(e);
@@ -1659,11 +1757,9 @@ abstract class JdbcDatabase implements Database<Connection> {
 		PreparedStatement ps = null;
 		ResultSet rs = null;
 		try {
-			String sql = "SELECT d.dependencyId, m.state, d.groupId, m.groupId"
-					+ " FROM messageDependencies AS d"
-					+ " LEFT OUTER JOIN messages AS m"
-					+ " ON d.dependencyId = m.messageId"
-					+ " WHERE d.messageId = ?";
+			String sql = "SELECT dependencyId, dependencyState"
+					+ " FROM messageDependencies"
+					+ " WHERE messageId = ?";
 			ps = txn.prepareStatement(sql);
 			ps.setBytes(1, m.getBytes());
 			rs = ps.executeQuery();
@@ -1671,14 +1767,8 @@ abstract class JdbcDatabase implements Database<Connection> {
 			while (rs.next()) {
 				MessageId dependency = new MessageId(rs.getBytes(1));
 				State state = State.fromValue(rs.getInt(2));
-				if (rs.wasNull()) {
-					state = UNKNOWN; // Missing dependency
-				} else {
-					GroupId dependentGroupId = new GroupId(rs.getBytes(3));
-					GroupId dependencyGroupId = new GroupId(rs.getBytes(4));
-					if (!dependentGroupId.equals(dependencyGroupId))
-						state = INVALID; // Dependency in another group
-				}
+				if (rs.wasNull())
+					state = UNKNOWN; // Missing or in a different group
 				dependencies.put(dependency, state);
 			}
 			rs.close();
@@ -1697,11 +1787,12 @@ abstract class JdbcDatabase implements Database<Connection> {
 		PreparedStatement ps = null;
 		ResultSet rs = null;
 		try {
-			String sql = "SELECT d.messageId, m.state"
-					+ " FROM messageDependencies AS d"
-					+ " JOIN messages AS m"
-					+ " ON d.messageId = m.messageId"
-					+ " WHERE dependencyId = ?";
+			// Exclude dependencies that are missing or in a different group
+			// from the dependent
+			String sql = "SELECT messageId, messageState"
+					+ " FROM messageDependencies"
+					+ " WHERE dependencyId = ?"
+					+ " AND dependencyState IS NOT NULL";
 			ps = txn.prepareStatement(sql);
 			ps.setBytes(1, m.getBytes());
 			rs = ps.executeQuery();
@@ -1864,28 +1955,26 @@ abstract class JdbcDatabase implements Database<Connection> {
 	}
 
 	@Override
-	public Collection<MessageId> getMessagesToValidate(Connection txn,
-			ClientId c) throws DbException {
-		return getMessagesInState(txn, c, UNKNOWN);
+	public Collection<MessageId> getMessagesToValidate(Connection txn)
+			throws DbException {
+		return getMessagesInState(txn, UNKNOWN);
 	}
 
 	@Override
-	public Collection<MessageId> getPendingMessages(Connection txn,
-			ClientId c) throws DbException {
-		return getMessagesInState(txn, c, PENDING);
+	public Collection<MessageId> getPendingMessages(Connection txn)
+			throws DbException {
+		return getMessagesInState(txn, PENDING);
 	}
 
-	private Collection<MessageId> getMessagesInState(Connection txn, ClientId c,
+	private Collection<MessageId> getMessagesInState(Connection txn,
 			State state) throws DbException {
 		PreparedStatement ps = null;
 		ResultSet rs = null;
 		try {
-			String sql = "SELECT messageId FROM messages AS m"
-					+ " JOIN groups AS g ON m.groupId = g.groupId"
-					+ " WHERE state = ? AND clientId = ? AND raw IS NOT NULL";
+			String sql = "SELECT messageId FROM messages"
+					+ " WHERE state = ? AND raw IS NOT NULL";
 			ps = txn.prepareStatement(sql);
 			ps.setInt(1, state.getValue());
-			ps.setString(2, c.getString());
 			rs = ps.executeQuery();
 			List<MessageId> ids = new ArrayList<>();
 			while (rs.next()) ids.add(new MessageId(rs.getBytes(1)));
@@ -1900,7 +1989,7 @@ abstract class JdbcDatabase implements Database<Connection> {
 	}
 
 	@Override
-	public Collection<MessageId> getMessagesToShare(Connection txn, ClientId c)
+	public Collection<MessageId> getMessagesToShare(Connection txn)
 			throws DbException {
 		PreparedStatement ps = null;
 		ResultSet rs = null;
@@ -1910,12 +1999,10 @@ abstract class JdbcDatabase implements Database<Connection> {
 					+ " ON m.messageId = d.dependencyId"
 					+ " JOIN messages AS m1"
 					+ " ON d.messageId = m1.messageId"
-					+ " JOIN groups AS g"
-					+ " ON m.groupId = g.groupId"
-					+ " WHERE m.shared = FALSE AND m1.shared = TRUE"
-					+ " AND g.clientId = ?";
+					+ " WHERE m.state = ?"
+					+ " AND m.shared = FALSE AND m1.shared = TRUE";
 			ps = txn.prepareStatement(sql);
-			ps.setString(1, c.getString());
+			ps.setInt(1, DELIVERED.getValue());
 			rs = ps.executeQuery();
 			List<MessageId> ids = new ArrayList<>();
 			while (rs.next()) ids.add(new MessageId(rs.getBytes(1)));
@@ -2044,8 +2131,8 @@ abstract class JdbcDatabase implements Database<Connection> {
 	}
 
 	@Override
-	public Map<ContactId, TransportKeys> getTransportKeys(Connection txn,
-			TransportId t) throws DbException {
+	public Collection<KeySet> getTransportKeys(Connection txn, TransportId t)
+			throws DbException {
 		PreparedStatement ps = null;
 		ResultSet rs = null;
 		try {
@@ -2054,7 +2141,7 @@ abstract class JdbcDatabase implements Database<Connection> {
 					+ " base, bitmap"
 					+ " FROM incomingKeys"
 					+ " WHERE transportId = ?"
-					+ " ORDER BY contactId, rotationPeriod";
+					+ " ORDER BY keySetId, rotationPeriod";
 			ps = txn.prepareStatement(sql);
 			ps.setString(1, t.getString());
 			rs = ps.executeQuery();
@@ -2071,29 +2158,34 @@ abstract class JdbcDatabase implements Database<Connection> {
 			rs.close();
 			ps.close();
 			// Retrieve the outgoing keys in the same order
-			sql = "SELECT contactId, rotationPeriod, tagKey, headerKey, stream"
+			sql = "SELECT keySetId, contactId, rotationPeriod,"
+					+ " tagKey, headerKey, stream, active"
 					+ " FROM outgoingKeys"
 					+ " WHERE transportId = ?"
-					+ " ORDER BY contactId, rotationPeriod";
+					+ " ORDER BY keySetId";
 			ps = txn.prepareStatement(sql);
 			ps.setString(1, t.getString());
 			rs = ps.executeQuery();
-			Map<ContactId, TransportKeys> keys = new HashMap<>();
+			Collection<KeySet> keys = new ArrayList<>();
 			for (int i = 0; rs.next(); i++) {
 				// There should be three times as many incoming keys
 				if (inKeys.size() < (i + 1) * 3) throw new DbStateException();
-				ContactId contactId = new ContactId(rs.getInt(1));
-				long rotationPeriod = rs.getLong(2);
-				SecretKey tagKey = new SecretKey(rs.getBytes(3));
-				SecretKey headerKey = new SecretKey(rs.getBytes(4));
-				long streamCounter = rs.getLong(5);
+				KeySetId keySetId = new KeySetId(rs.getInt(1));
+				ContactId contactId = new ContactId(rs.getInt(2));
+				if (rs.wasNull()) contactId = null;
+				long rotationPeriod = rs.getLong(3);
+				SecretKey tagKey = new SecretKey(rs.getBytes(4));
+				SecretKey headerKey = new SecretKey(rs.getBytes(5));
+				long streamCounter = rs.getLong(6);
+				boolean active = rs.getBoolean(7);
 				OutgoingKeys outCurr = new OutgoingKeys(tagKey, headerKey,
-						rotationPeriod, streamCounter);
+						rotationPeriod, streamCounter, active);
 				IncomingKeys inPrev = inKeys.get(i * 3);
 				IncomingKeys inCurr = inKeys.get(i * 3 + 1);
 				IncomingKeys inNext = inKeys.get(i * 3 + 2);
-				keys.put(contactId, new TransportKeys(t, inPrev, inCurr,
-						inNext, outCurr));
+				TransportKeys transportKeys = new TransportKeys(t, inPrev,
+						inCurr, inNext, outCurr);
+				keys.add(new KeySet(keySetId, contactId, transportKeys));
 			}
 			rs.close();
 			ps.close();
@@ -2106,17 +2198,15 @@ abstract class JdbcDatabase implements Database<Connection> {
 	}
 
 	@Override
-	public void incrementStreamCounter(Connection txn, ContactId c,
-			TransportId t, long rotationPeriod) throws DbException {
+	public void incrementStreamCounter(Connection txn, TransportId t,
+			KeySetId k) throws DbException {
 		PreparedStatement ps = null;
 		try {
 			String sql = "UPDATE outgoingKeys SET stream = stream + 1"
-					+ " WHERE contactId = ? AND transportId = ?"
-					+ " AND rotationPeriod = ?";
+					+ " WHERE transportId = ? AND keySetId = ?";
 			ps = txn.prepareStatement(sql);
-			ps.setInt(1, c.getInt());
-			ps.setString(2, t.getString());
-			ps.setLong(3, rotationPeriod);
+			ps.setString(1, t.getString());
+			ps.setInt(2, k.getInt());
 			int affected = ps.executeUpdate();
 			if (affected != 1) throw new DbStateException();
 			ps.close();
@@ -2592,6 +2682,27 @@ abstract class JdbcDatabase implements Database<Connection> {
 		}
 	}
 
+	@Override
+	public void removeTransportKeys(Connection txn, TransportId t, KeySetId k)
+			throws DbException {
+		PreparedStatement ps = null;
+		try {
+			// Delete any existing outgoing keys - this will also remove any
+			// incoming keys with the same key set ID
+			String sql = "DELETE FROM outgoingKeys"
+					+ " WHERE transportId = ? AND keySetId = ?";
+			ps = txn.prepareStatement(sql);
+			ps.setString(1, t.getString());
+			ps.setInt(2, k.getInt());
+			int affected = ps.executeUpdate();
+			if (affected < 0) throw new DbStateException();
+			ps.close();
+		} catch (SQLException e) {
+			tryToClose(ps);
+			throw new DbException(e);
+		}
+	}
+
 	@Override
 	public void resetExpiryTime(Connection txn, ContactId c, MessageId m)
 			throws DbException {
@@ -2731,6 +2842,25 @@ abstract class JdbcDatabase implements Database<Connection> {
 			affected = ps.executeUpdate();
 			if (affected < 0) throw new DbStateException();
 			ps.close();
+			// Update denormalised column in messageDependencies
+			sql = "UPDATE messageDependencies SET messageState = ?"
+					+ " WHERE messageId = ?";
+			ps = txn.prepareStatement(sql);
+			ps.setInt(1, state.getValue());
+			ps.setBytes(2, m.getBytes());
+			affected = ps.executeUpdate();
+			if (affected < 0) throw new DbStateException();
+			ps.close();
+			// Update denormalised column in messageDependencies if dependency
+			// is present and in same group as dependent
+			sql = "UPDATE messageDependencies SET dependencyState = ?"
+					+ " WHERE dependencyId = ? AND dependencyState IS NOT NULL";
+			ps = txn.prepareStatement(sql);
+			ps.setInt(1, state.getValue());
+			ps.setBytes(2, m.getBytes());
+			affected = ps.executeUpdate();
+			if (affected < 0) throw new DbStateException();
+			ps.close();
 		} catch (SQLException e) {
 			tryToClose(ps);
 			throw new DbException(e);
@@ -2738,18 +2868,18 @@ abstract class JdbcDatabase implements Database<Connection> {
 	}
 
 	@Override
-	public void setReorderingWindow(Connection txn, ContactId c, TransportId t,
+	public void setReorderingWindow(Connection txn, KeySetId k, TransportId t,
 			long rotationPeriod, long base, byte[] bitmap) throws DbException {
 		PreparedStatement ps = null;
 		try {
 			String sql = "UPDATE incomingKeys SET base = ?, bitmap = ?"
-					+ " WHERE contactId = ? AND transportId = ?"
+					+ " WHERE transportId = ? AND keySetId = ?"
 					+ " AND rotationPeriod = ?";
 			ps = txn.prepareStatement(sql);
 			ps.setLong(1, base);
 			ps.setBytes(2, bitmap);
-			ps.setInt(3, c.getInt());
-			ps.setString(4, t.getString());
+			ps.setString(3, t.getString());
+			ps.setInt(4, k.getInt());
 			ps.setLong(5, rotationPeriod);
 			int affected = ps.executeUpdate();
 			if (affected < 0 || affected > 1) throw new DbStateException();
@@ -2760,6 +2890,25 @@ abstract class JdbcDatabase implements Database<Connection> {
 		}
 	}
 
+	@Override
+	public void setTransportKeysActive(Connection txn, TransportId t,
+			KeySetId k) throws DbException {
+		PreparedStatement ps = null;
+		try {
+			String sql = "UPDATE outgoingKeys SET active = true"
+					+ " WHERE transportId = ? AND keySetId = ?";
+			ps = txn.prepareStatement(sql);
+			ps.setString(1, t.getString());
+			ps.setInt(2, k.getInt());
+			int affected = ps.executeUpdate();
+			if (affected < 0 || affected > 1) throw new DbStateException();
+			ps.close();
+		} catch (SQLException e) {
+			tryToClose(ps);
+			throw new DbException(e);
+		}
+	}
+
 	@Override
 	public void updateExpiryTime(Connection txn, ContactId c, MessageId m,
 			int maxLatency) throws DbException {
@@ -2795,45 +2944,12 @@ abstract class JdbcDatabase implements Database<Connection> {
 	}
 
 	@Override
-	public void updateTransportKeys(Connection txn,
-			Map<ContactId, TransportKeys> keys) throws DbException {
-		PreparedStatement ps = null;
-		try {
-			// Delete any existing incoming keys
-			String sql = "DELETE FROM incomingKeys"
-					+ " WHERE contactId = ?"
-					+ " AND transportId = ?";
-			ps = txn.prepareStatement(sql);
-			for (Entry<ContactId, TransportKeys> e : keys.entrySet()) {
-				ps.setInt(1, e.getKey().getInt());
-				ps.setString(2, e.getValue().getTransportId().getString());
-				ps.addBatch();
-			}
-			int[] batchAffected = ps.executeBatch();
-			if (batchAffected.length != keys.size())
-				throw new DbStateException();
-			ps.close();
-			// Delete any existing outgoing keys
-			sql = "DELETE FROM outgoingKeys"
-					+ " WHERE contactId = ?"
-					+ " AND transportId = ?";
-			ps = txn.prepareStatement(sql);
-			for (Entry<ContactId, TransportKeys> e : keys.entrySet()) {
-				ps.setInt(1, e.getKey().getInt());
-				ps.setString(2, e.getValue().getTransportId().getString());
-				ps.addBatch();
-			}
-			batchAffected = ps.executeBatch();
-			if (batchAffected.length != keys.size())
-				throw new DbStateException();
-			ps.close();
-		} catch (SQLException e) {
-			tryToClose(ps);
-			throw new DbException(e);
-		}
-		// Store the new keys
-		for (Entry<ContactId, TransportKeys> e : keys.entrySet()) {
-			addTransportKeys(txn, e.getKey(), e.getValue());
+	public void updateTransportKeys(Connection txn, Collection<KeySet> keys)
+			throws DbException {
+		for (KeySet ks : keys) {
+			TransportKeys k = ks.getTransportKeys();
+			removeTransportKeys(txn, k.getTransportId(), ks.getKeySetId());
+			addTransportKeys(txn, ks.getContactId(), k);
 		}
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/ConnectionChooser.java

@@ -0,0 +1,36 @@
+package org.briarproject.bramble.keyagreement;
+
+import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
+
+import java.util.concurrent.Callable;
+
+import javax.annotation.Nullable;
+
+interface ConnectionChooser {
+
+	/**
+	 * Submits a connection task to the chooser.
+	 */
+	void submit(Callable<KeyAgreementConnection> task);
+
+	/**
+	 * Returns a connection returned by any of the tasks submitted to the
+	 * chooser, waiting up to the given amount of time for a connection if
+	 * necessary. Returns null if the time elapses without a connection
+	 * becoming available.
+	 *
+	 * @param timeout the timeout in milliseconds
+	 * @throws InterruptedException if the thread is interrupted while waiting
+	 * for a connection to become available
+	 */
+	@Nullable
+	KeyAgreementConnection poll(long timeout) throws InterruptedException;
+
+	/**
+	 * Stops the chooser. Any connections already returned to the chooser are
+	 * closed unless they have been removed from the chooser by calling
+	 * {@link #poll(long)}. Any connections subsequently returned to the
+	 * chooser will also be closed.
+	 */
+	void stop();
+}

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/ConnectionChooserImpl.java

@@ -0,0 +1,112 @@
+package org.briarproject.bramble.keyagreement;
+
+import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.system.Clock;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Queue;
+import java.util.concurrent.Callable;
+import java.util.concurrent.Executor;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.ThreadSafe;
+import javax.inject.Inject;
+
+import static java.util.logging.Level.INFO;
+
+@NotNullByDefault
+@ThreadSafe
+class ConnectionChooserImpl implements ConnectionChooser {
+
+	private static final Logger LOG =
+			Logger.getLogger(ConnectionChooserImpl.class.getName());
+
+	private final Clock clock;
+	private final Executor ioExecutor;
+	private final Object lock = new Object();
+
+	// The following are locking: lock
+	private boolean stopped = false;
+	private final Queue<KeyAgreementConnection> results = new LinkedList<>();
+
+	@Inject
+	ConnectionChooserImpl(Clock clock, @IoExecutor Executor ioExecutor) {
+		this.clock = clock;
+		this.ioExecutor = ioExecutor;
+	}
+
+	@Override
+	public void submit(Callable<KeyAgreementConnection> task) {
+		ioExecutor.execute(() -> {
+			try {
+				KeyAgreementConnection c = task.call();
+				if (c != null) addResult(c);
+			} catch (Exception e) {
+				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+			}
+		});
+	}
+
+	@Nullable
+	@Override
+	public KeyAgreementConnection poll(long timeout)
+			throws InterruptedException {
+		long now = clock.currentTimeMillis();
+		long end = now + timeout;
+		synchronized (lock) {
+			while (!stopped && results.isEmpty() && now < end) {
+				lock.wait(end - now);
+				now = clock.currentTimeMillis();
+			}
+			return results.poll();
+		}
+	}
+
+	@Override
+	public void stop() {
+		List<KeyAgreementConnection> unused;
+		synchronized (lock) {
+			unused = new ArrayList<>(results);
+			results.clear();
+			stopped = true;
+			lock.notifyAll();
+		}
+		if (LOG.isLoggable(INFO))
+			LOG.info("Closing " + unused.size() + " unused connections");
+		for (KeyAgreementConnection c : unused) tryToClose(c.getConnection());
+	}
+
+	private void addResult(KeyAgreementConnection c) {
+		if (LOG.isLoggable(INFO))
+			LOG.info("Got connection for " + c.getTransportId());
+		boolean close = false;
+		synchronized (lock) {
+			if (stopped) {
+				close = true;
+			} else {
+				results.add(c);
+				lock.notifyAll();
+			}
+		}
+		if (close) {
+			LOG.info("Already stopped");
+			tryToClose(c.getConnection());
+		}
+	}
+
+	private void tryToClose(DuplexTransportConnection conn) {
+		try {
+			conn.getReader().dispose(false, true);
+			conn.getWriter().dispose(false);
+		} catch (IOException e) {
+			if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementConnector.java

@@ -13,23 +13,19 @@ import org.briarproject.bramble.api.plugin.PluginManager;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.system.Clock;
 
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.Callable;
-import java.util.concurrent.CompletionService;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Executor;
-import java.util.concurrent.ExecutorCompletionService;
-import java.util.concurrent.Future;
+import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
 
-import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.CONNECTION_TIMEOUT;
@@ -45,29 +41,27 @@ class KeyAgreementConnector {
 			Logger.getLogger(KeyAgreementConnector.class.getName());
 
 	private final Callbacks callbacks;
-	private final Clock clock;
 	private final KeyAgreementCrypto keyAgreementCrypto;
 	private final PluginManager pluginManager;
-	private final CompletionService<KeyAgreementConnection> connect;
+	private final ConnectionChooser connectionChooser;
 
-	private final List<KeyAgreementListener> listeners = new ArrayList<>();
-	private final List<Future<KeyAgreementConnection>> pending =
-			new ArrayList<>();
+	private final List<KeyAgreementListener> listeners =
+			new CopyOnWriteArrayList<>();
+	private final CountDownLatch aliceLatch = new CountDownLatch(1);
+	private final AtomicBoolean waitingSent = new AtomicBoolean(false);
 
-	private volatile boolean connecting = false;
-	private volatile boolean alice = false;
+	private volatile boolean alice = false, stopped = false;
 
-	KeyAgreementConnector(Callbacks callbacks, Clock clock,
+	KeyAgreementConnector(Callbacks callbacks,
 			KeyAgreementCrypto keyAgreementCrypto, PluginManager pluginManager,
-			Executor ioExecutor) {
+			ConnectionChooser connectionChooser) {
 		this.callbacks = callbacks;
-		this.clock = clock;
 		this.keyAgreementCrypto = keyAgreementCrypto;
 		this.pluginManager = pluginManager;
-		connect = new ExecutorCompletionService<>(ioExecutor);
+		this.connectionChooser = connectionChooser;
 	}
 
-	public Payload listen(KeyPair localKeyPair) {
+	Payload listen(KeyPair localKeyPair) {
 		LOG.info("Starting BQP listeners");
 		// Derive commitment
 		byte[] commitment = keyAgreementCrypto.deriveKeyCommitment(
@@ -80,8 +74,9 @@ class KeyAgreementConnector {
 			if (l != null) {
 				TransportId id = plugin.getId();
 				descriptors.add(new TransportDescriptor(id, l.getDescriptor()));
-				pending.add(connect.submit(new ReadableTask(l.listen())));
+				if (LOG.isLoggable(INFO)) LOG.info("Listening via " + id);
 				listeners.add(l);
+				connectionChooser.submit(new ReadableTask(l::accept));
 			}
 		}
 		return new Payload(commitment, descriptors);
@@ -89,125 +84,92 @@ class KeyAgreementConnector {
 
 	void stopListening() {
 		LOG.info("Stopping BQP listeners");
-		for (KeyAgreementListener l : listeners) {
-			l.close();
-		}
-		listeners.clear();
+		stopped = true;
+		aliceLatch.countDown();
+		for (KeyAgreementListener l : listeners) l.close();
+		connectionChooser.stop();
 	}
 
 	@Nullable
-	public KeyAgreementTransport connect(Payload remotePayload,
-			boolean alice) {
-		// Let the listeners know if we are Alice
-		this.connecting = true;
+	public KeyAgreementTransport connect(Payload remotePayload, boolean alice) {
+		// Let the ReadableTasks know if we are Alice
 		this.alice = alice;
-		long end = clock.currentTimeMillis() + CONNECTION_TIMEOUT;
+		aliceLatch.countDown();
 
 		// Start connecting over supported transports
-		LOG.info("Starting outgoing BQP connections");
+		if (LOG.isLoggable(INFO)) {
+			LOG.info("Starting outgoing BQP connections as "
+					+ (alice ? "Alice" : "Bob"));
+		}
 		for (TransportDescriptor d : remotePayload.getTransportDescriptors()) {
 			Plugin p = pluginManager.getPlugin(d.getId());
 			if (p instanceof DuplexPlugin) {
+				if (LOG.isLoggable(INFO))
+					LOG.info("Connecting via " + d.getId());
 				DuplexPlugin plugin = (DuplexPlugin) p;
-				pending.add(connect.submit(new ReadableTask(
-						new ConnectorTask(plugin, remotePayload.getCommitment(),
-								d.getDescriptor(), end))));
+				byte[] commitment = remotePayload.getCommitment();
+				BdfList descriptor = d.getDescriptor();
+				connectionChooser.submit(new ReadableTask(
+						new ConnectorTask(plugin, commitment, descriptor)));
 			}
 		}
 
 		// Get chosen connection
-		KeyAgreementConnection chosen = null;
 		try {
-			long now = clock.currentTimeMillis();
-			Future<KeyAgreementConnection> f =
-					connect.poll(end - now, MILLISECONDS);
-			if (f == null)
-				return null; // No task completed within the timeout.
-			chosen = f.get();
+			KeyAgreementConnection chosen =
+					connectionChooser.poll(CONNECTION_TIMEOUT);
+			if (chosen == null) return null;
 			return new KeyAgreementTransport(chosen);
 		} catch (InterruptedException e) {
 			LOG.info("Interrupted while waiting for connection");
 			Thread.currentThread().interrupt();
 			return null;
-		} catch (ExecutionException | IOException e) {
+		} catch (IOException e) {
 			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			return null;
 		} finally {
 			stopListening();
-			// Close all other connections
-			closePending(chosen);
 		}
 	}
 
-	private void closePending(@Nullable KeyAgreementConnection chosen) {
-		for (Future<KeyAgreementConnection> f : pending) {
-			try {
-				if (f.cancel(true)) {
-					LOG.info("Cancelled task");
-				} else if (!f.isCancelled()) {
-					KeyAgreementConnection c = f.get();
-					if (c != null && c != chosen)
-						tryToClose(c.getConnection(), false);
-				}
-			} catch (InterruptedException e) {
-				LOG.info("Interrupted while closing sockets");
-				Thread.currentThread().interrupt();
-				return;
-			} catch (ExecutionException e) {
-				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
-			}
-		}
-	}
-
-	private void tryToClose(DuplexTransportConnection conn, boolean exception) {
-		try {
-			if (LOG.isLoggable(INFO))
-				LOG.info("Closing connection, exception: " + exception);
-			conn.getReader().dispose(exception, true);
-			conn.getWriter().dispose(exception);
-		} catch (IOException e) {
-			if (LOG.isLoggable(INFO)) LOG.info(e.toString());
-		}
+	private void waitingForAlice() {
+		if (!waitingSent.getAndSet(true)) callbacks.connectionWaiting();
 	}
 
 	private class ConnectorTask implements Callable<KeyAgreementConnection> {
 
 		private final byte[] commitment;
 		private final BdfList descriptor;
-		private final long end;
 		private final DuplexPlugin plugin;
 
 		private ConnectorTask(DuplexPlugin plugin, byte[] commitment,
-				BdfList descriptor, long end) {
+				BdfList descriptor) {
 			this.plugin = plugin;
 			this.commitment = commitment;
 			this.descriptor = descriptor;
-			this.end = end;
 		}
 
+		@Nullable
 		@Override
 		public KeyAgreementConnection call() throws Exception {
-			// Repeat attempts until we connect, get interrupted, or time out
-			while (true) {
-				long now = clock.currentTimeMillis();
-				if (now > end) throw new IOException();
+			// Repeat attempts until we connect, get stopped, or get interrupted
+			while (!stopped) {
 				DuplexTransportConnection conn =
 						plugin.createKeyAgreementConnection(commitment,
-								descriptor, end - now);
+								descriptor);
 				if (conn != null) {
 					if (LOG.isLoggable(INFO))
-						LOG.info(plugin.getId().getString() +
-								": Outgoing connection");
+						LOG.info(plugin.getId() + ": Outgoing connection");
 					return new KeyAgreementConnection(conn, plugin.getId());
 				}
 				// Wait 2s before retry (to circumvent transient failures)
 				Thread.sleep(2000);
 			}
+			return null;
 		}
 	}
 
-	private class ReadableTask
-			implements Callable<KeyAgreementConnection> {
+	private class ReadableTask implements Callable<KeyAgreementConnection> {
 
 		private final Callable<KeyAgreementConnection> connectionTask;
 
@@ -215,24 +177,23 @@ class KeyAgreementConnector {
 			this.connectionTask = connectionTask;
 		}
 
+		@Nullable
 		@Override
 		public KeyAgreementConnection call() throws Exception {
 			KeyAgreementConnection c = connectionTask.call();
+			if (c == null) return null;
+			aliceLatch.await();
+			if (alice || stopped) return c;
+			// Bob waits here for Alice to scan his QR code, determine her
+			// role, and send her key
 			InputStream in = c.getConnection().getReader().getInputStream();
-			boolean waitingSent = false;
-			while (!alice && in.available() == 0) {
-				if (!waitingSent && connecting && !alice) {
-					// Bob waits here until Alice obtains his payload.
-					callbacks.connectionWaiting();
-					waitingSent = true;
-				}
-				if (LOG.isLoggable(INFO)) {
-					LOG.info(c.getTransportId().getString() +
-							": Waiting for connection");
-				}
-				Thread.sleep(1000);
+			while (!stopped && in.available() == 0) {
+				if (LOG.isLoggable(INFO))
+					LOG.info(c.getTransportId() + ": Waiting for data");
+				waitingForAlice();
+				Thread.sleep(500);
 			}
-			if (!alice && LOG.isLoggable(INFO))
+			if (!stopped && LOG.isLoggable(INFO))
 				LOG.info(c.getTransportId().getString() + ": Data available");
 			return c;
 		}

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementModule.java

@@ -27,4 +27,10 @@ public class KeyAgreementModule {
 	PayloadParser providePayloadParser(BdfReaderFactory bdfReaderFactory) {
 		return new PayloadParserImpl(bdfReaderFactory);
 	}
+
+	@Provides
+	ConnectionChooser provideConnectionChooser(
+			ConnectionChooserImpl connectionChooser) {
+		return connectionChooser;
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementProtocol.java

@@ -99,7 +99,8 @@ class KeyAgreementProtocol {
 			PublicKey theirPublicKey;
 			if (alice) {
 				sendKey();
-				// Alice waits here until Bob obtains her payload.
+				// Alice waits here for Bob to scan her QR code, determine his
+				// role, receive her key and respond with his key
 				callbacks.connectionWaiting();
 				theirPublicKey = receiveKey();
 			} else {

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementTaskImpl.java

@@ -15,14 +15,11 @@ import org.briarproject.bramble.api.keyagreement.event.KeyAgreementFinishedEvent
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementListeningEvent;
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementStartedEvent;
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementWaitingEvent;
-import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.PluginManager;
-import org.briarproject.bramble.api.system.Clock;
 
 import java.io.IOException;
-import java.util.concurrent.Executor;
 import java.util.logging.Logger;
 
 import javax.inject.Inject;
@@ -31,9 +28,8 @@ import static java.util.logging.Level.WARNING;
 
 @MethodsNotNullByDefault
 @ParametersNotNullByDefault
-class KeyAgreementTaskImpl extends Thread implements
-		KeyAgreementTask, KeyAgreementConnector.Callbacks,
-		KeyAgreementProtocol.Callbacks {
+class KeyAgreementTaskImpl extends Thread implements KeyAgreementTask,
+		KeyAgreementProtocol.Callbacks, KeyAgreementConnector.Callbacks {
 
 	private static final Logger LOG =
 			Logger.getLogger(KeyAgreementTaskImpl.class.getName());
@@ -49,17 +45,17 @@ class KeyAgreementTaskImpl extends Thread implements
 	private Payload remotePayload;
 
 	@Inject
-	KeyAgreementTaskImpl(Clock clock, CryptoComponent crypto,
+	KeyAgreementTaskImpl(CryptoComponent crypto,
 			KeyAgreementCrypto keyAgreementCrypto, EventBus eventBus,
 			PayloadEncoder payloadEncoder, PluginManager pluginManager,
-			@IoExecutor Executor ioExecutor) {
+			ConnectionChooser connectionChooser) {
 		this.crypto = crypto;
 		this.keyAgreementCrypto = keyAgreementCrypto;
 		this.eventBus = eventBus;
 		this.payloadEncoder = payloadEncoder;
 		localKeyPair = crypto.generateAgreementKeyPair();
-		connector = new KeyAgreementConnector(this, clock, keyAgreementCrypto,
-				pluginManager, ioExecutor);
+		connector = new KeyAgreementConnector(this, keyAgreementCrypto,
+				pluginManager, connectionChooser);
 	}
 
 	@Override
@@ -73,10 +69,8 @@ class KeyAgreementTaskImpl extends Thread implements
 	@Override
 	public synchronized void stopListening() {
 		if (localPayload != null) {
-			if (remotePayload == null)
-				connector.stopListening();
-			else
-				interrupt();
+			if (remotePayload == null) connector.stopListening();
+			else interrupt();
 		}
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/lifecycle/LifecycleManagerImpl.java

@@ -2,8 +2,11 @@ package org.briarproject.bramble.lifecycle;
 
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.db.DataTooNewException;
+import org.briarproject.bramble.api.db.DataTooOldException;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.identity.AuthorFactory;
@@ -12,7 +15,7 @@ import org.briarproject.bramble.api.identity.LocalAuthor;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.lifecycle.Service;
 import org.briarproject.bramble.api.lifecycle.ServiceException;
-import org.briarproject.bramble.api.lifecycle.event.ShutdownEvent;
+import org.briarproject.bramble.api.lifecycle.event.LifecycleEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Client;
 
@@ -29,14 +32,21 @@ import javax.inject.Inject;
 
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.MIGRATING_DATABASE;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.RUNNING;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STARTING;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STARTING_SERVICES;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STOPPING;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.ALREADY_RUNNING;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.DATA_TOO_NEW_ERROR;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.DATA_TOO_OLD_ERROR;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.DB_ERROR;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.SERVICE_ERROR;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.SUCCESS;
 
 @ThreadSafe
 @NotNullByDefault
-class LifecycleManagerImpl implements LifecycleManager {
+class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 
 	private static final Logger LOG =
 			Logger.getLogger(LifecycleManagerImpl.class.getName());
@@ -54,6 +64,8 @@ class LifecycleManagerImpl implements LifecycleManager {
 	private final CountDownLatch startupLatch = new CountDownLatch(1);
 	private final CountDownLatch shutdownLatch = new CountDownLatch(1);
 
+	private volatile LifecycleState state = STARTING;
+
 	@Inject
 	LifecycleManagerImpl(DatabaseComponent db, EventBus eventBus,
 			CryptoComponent crypto, AuthorFactory authorFactory,
@@ -119,7 +131,7 @@ class LifecycleManagerImpl implements LifecycleManager {
 			LOG.info("Starting services");
 			long start = System.currentTimeMillis();
 
-			boolean reopened = db.open();
+			boolean reopened = db.open(this);
 			long duration = System.currentTimeMillis() - start;
 			if (LOG.isLoggable(INFO)) {
 				if (reopened)
@@ -131,7 +143,10 @@ class LifecycleManagerImpl implements LifecycleManager {
 				registerLocalAuthor(createLocalAuthor(nickname));
 			}
 
+			state = STARTING_SERVICES;
 			dbLatch.countDown();
+			eventBus.broadcast(new LifecycleEvent(STARTING_SERVICES));
+
 			Transaction txn = db.startTransaction(false);
 			try {
 				for (Client c : clients) {
@@ -157,8 +172,17 @@ class LifecycleManagerImpl implements LifecycleManager {
 							+ " took " + duration + " ms");
 				}
 			}
+
+			state = RUNNING;
 			startupLatch.countDown();
+			eventBus.broadcast(new LifecycleEvent(RUNNING));
 			return SUCCESS;
+		} catch (DataTooOldException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+			return DATA_TOO_OLD_ERROR;
+		} catch (DataTooNewException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+			return DATA_TOO_NEW_ERROR;
 		} catch (DbException e) {
 			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			return DB_ERROR;
@@ -170,6 +194,12 @@ class LifecycleManagerImpl implements LifecycleManager {
 		}
 	}
 
+	@Override
+	public void onMigrationRun() {
+		state = MIGRATING_DATABASE;
+		eventBus.broadcast(new LifecycleEvent(MIGRATING_DATABASE));
+	}
+
 	@Override
 	public void stopServices() {
 		try {
@@ -180,7 +210,8 @@ class LifecycleManagerImpl implements LifecycleManager {
 		}
 		try {
 			LOG.info("Stopping services");
-			eventBus.broadcast(new ShutdownEvent());
+			state = STOPPING;
+			eventBus.broadcast(new LifecycleEvent(STOPPING));
 			for (Service s : services) {
 				long start = System.currentTimeMillis();
 				s.stopService();
@@ -225,4 +256,8 @@ class LifecycleManagerImpl implements LifecycleManager {
 		shutdownLatch.await();
 	}
 
+	@Override
+	public LifecycleState getLifecycleState() {
+		return state;
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothPlugin.java

@@ -28,7 +28,6 @@ import java.util.Collection;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.UUID;
-import java.util.concurrent.Callable;
 import java.util.concurrent.Executor;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.logging.Logger;
@@ -343,7 +342,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
-			byte[] commitment, BdfList descriptor, long timeout) {
+			byte[] commitment, BdfList descriptor) {
 		if (!isRunning()) return null;
 		String address;
 		try {
@@ -406,13 +405,10 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		}
 
 		@Override
-		public Callable<KeyAgreementConnection> listen() {
-			return () -> {
-				DuplexTransportConnection conn = acceptConnection(ss);
-				if (LOG.isLoggable(INFO))
-					LOG.info(ID.getString() + ": Incoming connection");
-				return new KeyAgreementConnection(conn, ID);
-			};
+		public KeyAgreementConnection accept() throws IOException {
+			DuplexTransportConnection conn = acceptConnection(ss);
+			if (LOG.isLoggable(INFO)) LOG.info(ID + ": Incoming connection");
+			return new KeyAgreementConnection(conn, ID);
 		}
 
 		@Override

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/LanTcpPlugin.java

@@ -25,7 +25,6 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
-import java.util.concurrent.Callable;
 import java.util.concurrent.Executor;
 import java.util.logging.Logger;
 
@@ -224,7 +223,7 @@ class LanTcpPlugin extends TcpPlugin {
 
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
-			byte[] commitment, BdfList descriptor, long timeout) {
+			byte[] commitment, BdfList descriptor) {
 		if (!isRunning()) return null;
 		InetSocketAddress remote;
 		try {
@@ -242,10 +241,11 @@ class LanTcpPlugin extends TcpPlugin {
 			}
 			return null;
 		}
-		Socket s = new Socket();
 		try {
 			if (LOG.isLoggable(INFO))
 				LOG.info("Connecting to " + scrubSocketAddress(remote));
+			Socket s = createSocket();
+			s.bind(new InetSocketAddress(socket.getInetAddress(), 0));
 			s.connect(remote);
 			s.setSoTimeout(socketTimeout);
 			if (LOG.isLoggable(INFO))
@@ -283,14 +283,11 @@ class LanTcpPlugin extends TcpPlugin {
 		}
 
 		@Override
-		public Callable<KeyAgreementConnection> listen() {
-			return () -> {
-				Socket s = ss.accept();
-				if (LOG.isLoggable(INFO))
-					LOG.info(ID.getString() + ": Incoming connection");
-				return new KeyAgreementConnection(
-						new TcpTransportConnection(LanTcpPlugin.this, s), ID);
-			};
+		public KeyAgreementConnection accept() throws IOException {
+			Socket s = ss.accept();
+			if (LOG.isLoggable(INFO)) LOG.info(ID + ": Incoming connection");
+			return new KeyAgreementConnection(new TcpTransportConnection(
+					LanTcpPlugin.this, s), ID);
 		}
 
 		@Override

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/TcpPlugin.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.plugin.tcp;
 
+import org.briarproject.bramble.PoliteExecutor;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
@@ -47,7 +48,7 @@ abstract class TcpPlugin implements DuplexPlugin {
 	private static final Logger LOG =
 			Logger.getLogger(TcpPlugin.class.getName());
 
-	protected final Executor ioExecutor;
+	protected final Executor ioExecutor, bindExecutor;
 	protected final Backoff backoff;
 	protected final DuplexPluginCallback callback;
 	protected final int maxLatency, maxIdleTime, socketTimeout;
@@ -90,6 +91,8 @@ abstract class TcpPlugin implements DuplexPlugin {
 		if (maxIdleTime > Integer.MAX_VALUE / 2)
 			socketTimeout = Integer.MAX_VALUE;
 		else socketTimeout = maxIdleTime * 2;
+		// Don't execute more than one bind operation at a time
+		bindExecutor = new PoliteExecutor("TcpPlugin", ioExecutor, 1);
 	}
 
 	@Override
@@ -110,8 +113,9 @@ abstract class TcpPlugin implements DuplexPlugin {
 	}
 
 	protected void bind() {
-		ioExecutor.execute(() -> {
+		bindExecutor.execute(() -> {
 			if (!running) return;
+			if (socket != null && !socket.isClosed()) return;
 			ServerSocket ss = null;
 			for (InetSocketAddress addr : getLocalSocketAddresses()) {
 				try {
@@ -243,10 +247,11 @@ abstract class TcpPlugin implements DuplexPlugin {
 				}
 				continue;
 			}
-			Socket s = new Socket();
 			try {
 				if (LOG.isLoggable(INFO))
 					LOG.info("Connecting to " + scrubSocketAddress(remote));
+				Socket s = createSocket();
+				s.bind(new InetSocketAddress(socket.getInetAddress(), 0));
 				s.connect(remote);
 				s.setSoTimeout(socketTimeout);
 				if (LOG.isLoggable(INFO))
@@ -261,6 +266,10 @@ abstract class TcpPlugin implements DuplexPlugin {
 		return null;
 	}
 
+	protected Socket createSocket() throws IOException {
+		return new Socket();
+	}
+
 	@Nullable
 	InetSocketAddress parseSocketAddress(String ipPort) {
 		if (StringUtils.isNullOrEmpty(ipPort)) return null;
@@ -297,7 +306,7 @@ abstract class TcpPlugin implements DuplexPlugin {
 
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
-			byte[] commitment, BdfList descriptor, long timeout) {
+			byte[] commitment, BdfList descriptor) {
 		throw new UnsupportedOperationException();
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/properties/PropertiesModule.java

@@ -46,8 +46,7 @@ public class PropertiesModule {
 		lifecycleManager.registerClient(transportPropertyManager);
 		validationManager.registerIncomingMessageHook(CLIENT_ID,
 				transportPropertyManager);
-		contactManager.registerAddContactHook(transportPropertyManager);
-		contactManager.registerRemoveContactHook(transportPropertyManager);
+		contactManager.registerContactHook(transportPropertyManager);
 		return transportPropertyManager;
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/properties/TransportPropertyManagerImpl.java

@@ -5,8 +5,7 @@ import org.briarproject.bramble.api.client.ClientHelper;
 import org.briarproject.bramble.api.client.ContactGroupFactory;
 import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.ContactManager.AddContactHook;
-import org.briarproject.bramble.api.contact.ContactManager.RemoveContactHook;
+import org.briarproject.bramble.api.contact.ContactManager.ContactHook;
 import org.briarproject.bramble.api.data.BdfDictionary;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.data.MetadataParser;
@@ -40,7 +39,7 @@ import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
 @Immutable
 @NotNullByDefault
 class TransportPropertyManagerImpl implements TransportPropertyManager,
-		Client, AddContactHook, RemoveContactHook, IncomingMessageHook {
+		Client, ContactHook, IncomingMessageHook {
 
 	private final DatabaseComponent db;
 	private final ClientHelper clientHelper;
@@ -348,10 +347,7 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 			throws FormatException {
 		// Transport ID, version, properties
 		BdfDictionary dictionary = message.getDictionary(2);
-		TransportProperties p = new TransportProperties();
-		for (String key : dictionary.keySet())
-			p.put(key, dictionary.getString(key));
-		return p;
+		return clientHelper.parseAndValidateTransportProperties(dictionary);
 	}
 
 	private static class LatestUpdate {

bramble-core/src/main/java/org/briarproject/bramble/properties/TransportPropertyValidator.java

@@ -15,8 +15,6 @@ import org.briarproject.bramble.api.system.Clock;
 import javax.annotation.concurrent.Immutable;
 
 import static org.briarproject.bramble.api.plugin.TransportId.MAX_TRANSPORT_ID_LENGTH;
-import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MAX_PROPERTIES_PER_TRANSPORT;
-import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MAX_PROPERTY_LENGTH;
 import static org.briarproject.bramble.util.ValidationUtils.checkLength;
 import static org.briarproject.bramble.util.ValidationUtils.checkSize;
 
@@ -42,12 +40,7 @@ class TransportPropertyValidator extends BdfMessageValidator {
 		if (version < 0) throw new FormatException();
 		// Properties
 		BdfDictionary dictionary = body.getDictionary(2);
-		checkSize(dictionary, 0, MAX_PROPERTIES_PER_TRANSPORT);
-		for (String key : dictionary.keySet()) {
-			checkLength(key, 0, MAX_PROPERTY_LENGTH);
-			String value = dictionary.getString(key);
-			checkLength(value, 0, MAX_PROPERTY_LENGTH);
-		}
+		clientHelper.parseAndValidateTransportProperties(dictionary);
 		// Return the metadata
 		BdfDictionary meta = new BdfDictionary();
 		meta.put("transportId", transportId);

bramble-core/src/main/java/org/briarproject/bramble/sync/DuplexOutgoingSession.java

@@ -10,7 +10,7 @@ import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.lifecycle.event.ShutdownEvent;
+import org.briarproject.bramble.api.lifecycle.event.LifecycleEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.Offer;
@@ -38,6 +38,7 @@ import javax.annotation.concurrent.ThreadSafe;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STOPPING;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_IDS;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_RECORD_PAYLOAD_LENGTH;
 
@@ -209,8 +210,9 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		} else if (e instanceof MessageToRequestEvent) {
 			if (((MessageToRequestEvent) e).getContactId().equals(contactId))
 				generateRequest();
-		} else if (e instanceof ShutdownEvent) {
-			interrupt();
+		} else if (e instanceof LifecycleEvent) {
+			LifecycleEvent l = (LifecycleEvent) e;
+			if (l.getLifecycleState() == STOPPING) interrupt();
 		}
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/sync/GroupFactoryImpl.java

@@ -12,8 +12,8 @@ import org.briarproject.bramble.util.StringUtils;
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
+import static org.briarproject.bramble.api.sync.Group.FORMAT_VERSION;
 import static org.briarproject.bramble.api.sync.GroupId.LABEL;
-import static org.briarproject.bramble.api.sync.SyncConstants.PROTOCOL_VERSION;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
 
 @Immutable
@@ -31,7 +31,7 @@ class GroupFactoryImpl implements GroupFactory {
 	public Group createGroup(ClientId c, int clientVersion, byte[] descriptor) {
 		byte[] clientVersionBytes = new byte[INT_32_BYTES];
 		ByteUtils.writeUint32(clientVersion, clientVersionBytes, 0);
-		byte[] hash = crypto.hash(LABEL, new byte[] {PROTOCOL_VERSION},
+		byte[] hash = crypto.hash(LABEL, new byte[] {FORMAT_VERSION},
 				StringUtils.toUtf8(c.getString()), clientVersionBytes,
 				descriptor);
 		return new Group(new GroupId(hash), c, descriptor);

bramble-core/src/main/java/org/briarproject/bramble/sync/IncomingSession.java

@@ -11,7 +11,7 @@ import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.lifecycle.event.ShutdownEvent;
+import org.briarproject.bramble.api.lifecycle.event.LifecycleEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.Message;
@@ -27,6 +27,7 @@ import java.util.logging.Logger;
 import javax.annotation.concurrent.ThreadSafe;
 
 import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STOPPING;
 
 /**
  * An incoming {@link SyncSession}.
@@ -96,8 +97,9 @@ class IncomingSession implements SyncSession, EventListener {
 		if (e instanceof ContactRemovedEvent) {
 			ContactRemovedEvent c = (ContactRemovedEvent) e;
 			if (c.getContactId().equals(contactId)) interrupt();
-		} else if (e instanceof ShutdownEvent) {
-			interrupt();
+		} else if (e instanceof LifecycleEvent) {
+			LifecycleEvent l = (LifecycleEvent) e;
+			if (l.getLifecycleState() == STOPPING) interrupt();
 		}
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/sync/MessageFactoryImpl.java

@@ -12,10 +12,12 @@ import org.briarproject.bramble.util.ByteUtils;
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
-import static org.briarproject.bramble.api.sync.MessageId.LABEL;
+import static org.briarproject.bramble.api.sync.Message.FORMAT_VERSION;
+import static org.briarproject.bramble.api.sync.MessageId.BLOCK_LABEL;
+import static org.briarproject.bramble.api.sync.MessageId.ID_LABEL;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
-import static org.briarproject.bramble.api.sync.SyncConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
 
 @Immutable
 @NotNullByDefault
@@ -32,11 +34,14 @@ class MessageFactoryImpl implements MessageFactory {
 	public Message createMessage(GroupId g, long timestamp, byte[] body) {
 		if (body.length > MAX_MESSAGE_BODY_LENGTH)
 			throw new IllegalArgumentException();
-		byte[] timeBytes = new byte[ByteUtils.INT_64_BYTES];
+		byte[] versionBytes = new byte[] {FORMAT_VERSION};
+		// There's only one block, so the root hash is the hash of the block
+		byte[] rootHash = crypto.hash(BLOCK_LABEL, versionBytes, body);
+		byte[] timeBytes = new byte[INT_64_BYTES];
 		ByteUtils.writeUint64(timestamp, timeBytes, 0);
-		byte[] hash = crypto.hash(LABEL, new byte[] {PROTOCOL_VERSION},
-				g.getBytes(), timeBytes, body);
-		MessageId id = new MessageId(hash);
+		byte[] idHash = crypto.hash(ID_LABEL, versionBytes, g.getBytes(),
+				timeBytes, rootHash);
+		MessageId id = new MessageId(idHash);
 		byte[] raw = new byte[MESSAGE_HEADER_LENGTH + body.length];
 		System.arraycopy(g.getBytes(), 0, raw, 0, UniqueId.LENGTH);
 		ByteUtils.writeUint64(timestamp, raw, UniqueId.LENGTH);

bramble-core/src/main/java/org/briarproject/bramble/sync/SimplexOutgoingSession.java

@@ -10,7 +10,7 @@ import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.lifecycle.event.ShutdownEvent;
+import org.briarproject.bramble.api.lifecycle.event.LifecycleEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.RecordWriter;
@@ -28,6 +28,7 @@ import javax.annotation.concurrent.ThreadSafe;
 
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STOPPING;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_IDS;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_RECORD_PAYLOAD_LENGTH;
 
@@ -109,8 +110,9 @@ class SimplexOutgoingSession implements SyncSession, EventListener {
 		if (e instanceof ContactRemovedEvent) {
 			ContactRemovedEvent c = (ContactRemovedEvent) e;
 			if (c.getContactId().equals(contactId)) interrupt();
-		} else if (e instanceof ShutdownEvent) {
-			interrupt();
+		} else if (e instanceof LifecycleEvent) {
+			LifecycleEvent l = (LifecycleEvent) e;
+			if (l.getLifecycleState() == STOPPING) interrupt();
 		}
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/sync/ValidationManagerImpl.java

@@ -71,11 +71,9 @@ class ValidationManagerImpl implements ValidationManager, Service,
 	@Override
 	public void startService() {
 		if (used.getAndSet(true)) throw new IllegalStateException();
-		for (ClientId c : validators.keySet()) {
-			validateOutstandingMessagesAsync(c);
-			deliverOutstandingMessagesAsync(c);
-			shareOutstandingMessagesAsync(c);
-		}
+		validateOutstandingMessagesAsync();
+		deliverOutstandingMessagesAsync();
+		shareOutstandingMessagesAsync();
 	}
 
 	@Override
@@ -93,17 +91,17 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		hooks.put(c, hook);
 	}
 
-	private void validateOutstandingMessagesAsync(ClientId c) {
-		dbExecutor.execute(() -> validateOutstandingMessages(c));
+	private void validateOutstandingMessagesAsync() {
+		dbExecutor.execute(this::validateOutstandingMessages);
 	}
 
 	@DatabaseExecutor
-	private void validateOutstandingMessages(ClientId c) {
+	private void validateOutstandingMessages() {
 		try {
 			Queue<MessageId> unvalidated = new LinkedList<>();
 			Transaction txn = db.startTransaction(true);
 			try {
-				unvalidated.addAll(db.getMessagesToValidate(txn, c));
+				unvalidated.addAll(db.getMessagesToValidate(txn));
 				db.commitTransaction(txn);
 			} finally {
 				db.endTransaction(txn);
@@ -148,17 +146,17 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		}
 	}
 
-	private void deliverOutstandingMessagesAsync(ClientId c) {
-		dbExecutor.execute(() -> deliverOutstandingMessages(c));
+	private void deliverOutstandingMessagesAsync() {
+		dbExecutor.execute(this::deliverOutstandingMessages);
 	}
 
 	@DatabaseExecutor
-	private void deliverOutstandingMessages(ClientId c) {
+	private void deliverOutstandingMessages() {
 		try {
 			Queue<MessageId> pending = new LinkedList<>();
 			Transaction txn = db.startTransaction(true);
 			try {
-				pending.addAll(db.getPendingMessages(txn, c));
+				pending.addAll(db.getPendingMessages(txn));
 				db.commitTransaction(txn);
 			} finally {
 				db.endTransaction(txn);
@@ -353,17 +351,17 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		return pending;
 	}
 
-	private void shareOutstandingMessagesAsync(ClientId c) {
-		dbExecutor.execute(() -> shareOutstandingMessages(c));
+	private void shareOutstandingMessagesAsync() {
+		dbExecutor.execute(this::shareOutstandingMessages);
 	}
 
 	@DatabaseExecutor
-	private void shareOutstandingMessages(ClientId c) {
+	private void shareOutstandingMessages() {
 		try {
 			Queue<MessageId> toShare = new LinkedList<>();
 			Transaction txn = db.startTransaction(true);
 			try {
-				toShare.addAll(db.getMessagesToShare(txn, c));
+				toShare.addAll(db.getMessagesToShare(txn));
 				db.commitTransaction(txn);
 			} finally {
 				db.endTransaction(txn);

bramble-core/src/main/java/org/briarproject/bramble/system/SystemModule.java

@@ -4,8 +4,9 @@ import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.system.Scheduler;
 
-import java.util.concurrent.Executors;
+import java.util.concurrent.RejectedExecutionHandler;
 import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledThreadPoolExecutor;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -25,7 +26,10 @@ public class SystemModule {
 	private final ScheduledExecutorService scheduler;
 
 	public SystemModule() {
-		scheduler = Executors.newSingleThreadScheduledExecutor();
+		// Discard tasks that are submitted during shutdown
+		RejectedExecutionHandler policy =
+				new ScheduledThreadPoolExecutor.DiscardPolicy();
+		scheduler = new ScheduledThreadPoolExecutor(1, policy);
 	}
 
 	@Provides

bramble-core/src/main/java/org/briarproject/bramble/transport/KeyManagerImpl.java

@@ -19,6 +19,7 @@ import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.StreamContext;
 
 import java.util.HashMap;
@@ -104,6 +105,67 @@ class KeyManagerImpl implements KeyManager, Service, EventListener {
 			m.addContact(txn, c, master, timestamp, alice);
 	}
 
+	@Override
+	public Map<TransportId, KeySetId> addUnboundKeys(Transaction txn,
+			SecretKey master, long timestamp, boolean alice)
+			throws DbException {
+		Map<TransportId, KeySetId> ids = new HashMap<>();
+		for (Entry<TransportId, TransportKeyManager> e : managers.entrySet()) {
+			TransportId t = e.getKey();
+			TransportKeyManager m = e.getValue();
+			ids.put(t, m.addUnboundKeys(txn, master, timestamp, alice));
+		}
+		return ids;
+	}
+
+	@Override
+	public void bindKeys(Transaction txn, ContactId c,
+			Map<TransportId, KeySetId> keys) throws DbException {
+		for (Entry<TransportId, KeySetId> e : keys.entrySet()) {
+			TransportId t = e.getKey();
+			TransportKeyManager m = managers.get(t);
+			if (m == null) {
+				if (LOG.isLoggable(INFO)) LOG.info("No key manager for " + t);
+			} else {
+				m.bindKeys(txn, c, e.getValue());
+			}
+		}
+	}
+
+	@Override
+	public void activateKeys(Transaction txn, Map<TransportId, KeySetId> keys)
+			throws DbException {
+		for (Entry<TransportId, KeySetId> e : keys.entrySet()) {
+			TransportId t = e.getKey();
+			TransportKeyManager m = managers.get(t);
+			if (m == null) {
+				if (LOG.isLoggable(INFO)) LOG.info("No key manager for " + t);
+			} else {
+				m.activateKeys(txn, e.getValue());
+			}
+		}
+	}
+
+	@Override
+	public void removeKeys(Transaction txn, Map<TransportId, KeySetId> keys)
+			throws DbException {
+		for (Entry<TransportId, KeySetId> e : keys.entrySet()) {
+			TransportId t = e.getKey();
+			TransportKeyManager m = managers.get(t);
+			if (m == null) {
+				if (LOG.isLoggable(INFO)) LOG.info("No key manager for " + t);
+			} else {
+				m.removeKeys(txn, e.getValue());
+			}
+		}
+	}
+
+	@Override
+	public boolean canSendOutgoingStreams(ContactId c, TransportId t) {
+		TransportKeyManager m = managers.get(t);
+		return m == null ? false : m.canSendOutgoingStreams(c);
+	}
+
 	@Override
 	public StreamContext getStreamContext(ContactId c, TransportId t)
 			throws DbException {
@@ -114,7 +176,7 @@ class KeyManagerImpl implements KeyManager, Service, EventListener {
 			if (LOG.isLoggable(INFO)) LOG.info("No key manager for " + t);
 			return null;
 		}
-		StreamContext ctx = null;
+		StreamContext ctx;
 		Transaction txn = db.startTransaction(false);
 		try {
 			ctx = m.getStreamContext(txn, c);
@@ -133,7 +195,7 @@ class KeyManagerImpl implements KeyManager, Service, EventListener {
 			if (LOG.isLoggable(INFO)) LOG.info("No key manager for " + t);
 			return null;
 		}
-		StreamContext ctx = null;
+		StreamContext ctx;
 		Transaction txn = db.startTransaction(false);
 		try {
 			ctx = m.getStreamContext(txn, tag);

bramble-core/src/main/java/org/briarproject/bramble/transport/MutableKeySet.java

@@ -0,0 +1,34 @@
+package org.briarproject.bramble.transport;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.transport.KeySetId;
+
+import javax.annotation.Nullable;
+
+public class MutableKeySet {
+
+	private final KeySetId keySetId;
+	@Nullable
+	private final ContactId contactId;
+	private final MutableTransportKeys transportKeys;
+
+	public MutableKeySet(KeySetId keySetId, @Nullable ContactId contactId,
+			MutableTransportKeys transportKeys) {
+		this.keySetId = keySetId;
+		this.contactId = contactId;
+		this.transportKeys = transportKeys;
+	}
+
+	public KeySetId getKeySetId() {
+		return keySetId;
+	}
+
+	@Nullable
+	public ContactId getContactId() {
+		return contactId;
+	}
+
+	public MutableTransportKeys getTransportKeys() {
+		return transportKeys;
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/transport/MutableOutgoingKeys.java

@@ -13,17 +13,19 @@ class MutableOutgoingKeys {
 	private final SecretKey tagKey, headerKey;
 	private final long rotationPeriod;
 	private long streamCounter;
+	private boolean active;
 
 	MutableOutgoingKeys(OutgoingKeys out) {
 		tagKey = out.getTagKey();
 		headerKey = out.getHeaderKey();
 		rotationPeriod = out.getRotationPeriod();
 		streamCounter = out.getStreamCounter();
+		active = out.isActive();
 	}
 
 	OutgoingKeys snapshot() {
 		return new OutgoingKeys(tagKey, headerKey, rotationPeriod,
-				streamCounter);
+				streamCounter, active);
 	}
 
 	SecretKey getTagKey() {
@@ -45,4 +47,12 @@ class MutableOutgoingKeys {
 	void incrementStreamCounter() {
 		streamCounter++;
 	}
+
+	boolean isActive() {
+		return active;
+	}
+
+	void activate() {
+		active = true;
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/transport/TransportKeyManager.java

@@ -5,6 +5,7 @@ import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.StreamContext;
 
 import javax.annotation.Nullable;
@@ -17,8 +18,19 @@ interface TransportKeyManager {
 	void addContact(Transaction txn, ContactId c, SecretKey master,
 			long timestamp, boolean alice) throws DbException;
 
+	KeySetId addUnboundKeys(Transaction txn, SecretKey master, long timestamp,
+			boolean alice) throws DbException;
+
+	void bindKeys(Transaction txn, ContactId c, KeySetId k) throws DbException;
+
+	void activateKeys(Transaction txn, KeySetId k) throws DbException;
+
+	void removeKeys(Transaction txn, KeySetId k) throws DbException;
+
 	void removeContact(ContactId c);
 
+	boolean canSendOutgoingStreams(ContactId c);
+
 	@Nullable
 	StreamContext getStreamContext(Transaction txn, ContactId c)
 			throws DbException;

bramble-core/src/main/java/org/briarproject/bramble/transport/TransportKeyManagerImpl.java

@@ -11,19 +11,24 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.system.Scheduler;
+import org.briarproject.bramble.api.transport.KeySet;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.StreamContext;
 import org.briarproject.bramble.api.transport.TransportKeys;
 import org.briarproject.bramble.transport.ReorderingWindow.Change;
 
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
-import java.util.Map.Entry;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.logging.Logger;
 
+import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
 
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
@@ -47,12 +52,13 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 	private final Clock clock;
 	private final TransportId transportId;
 	private final long rotationPeriodLength;
-	private final ReentrantLock lock;
+	private final AtomicBoolean used = new AtomicBoolean(false);
+	private final ReentrantLock lock = new ReentrantLock();
 
 	// The following are locking: lock
-	private final Map<Bytes, TagContext> inContexts;
-	private final Map<ContactId, MutableOutgoingKeys> outContexts;
-	private final Map<ContactId, MutableTransportKeys> keys;
+	private final Map<KeySetId, MutableKeySet> keys = new HashMap<>();
+	private final Map<Bytes, TagContext> inContexts = new HashMap<>();
+	private final Map<ContactId, MutableKeySet> outContexts = new HashMap<>();
 
 	TransportKeyManagerImpl(DatabaseComponent db,
 			TransportCrypto transportCrypto, Executor dbExecutor,
@@ -65,20 +71,16 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 		this.clock = clock;
 		this.transportId = transportId;
 		rotationPeriodLength = maxLatency + MAX_CLOCK_DIFFERENCE;
-		lock = new ReentrantLock();
-		inContexts = new HashMap<>();
-		outContexts = new HashMap<>();
-		keys = new HashMap<>();
 	}
 
 	@Override
 	public void start(Transaction txn) throws DbException {
+		if (used.getAndSet(true)) throw new IllegalStateException();
 		long now = clock.currentTimeMillis();
 		lock.lock();
 		try {
 			// Load the transport keys from the DB
-			Map<ContactId, TransportKeys> loaded =
-					db.getTransportKeys(txn, transportId);
+			Collection<KeySet> loaded = db.getTransportKeys(txn, transportId);
 			// Rotate the keys to the current rotation period
 			RotationResult rotationResult = rotateKeys(loaded, now);
 			// Initialise mutable state for all contacts
@@ -93,41 +95,48 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 		scheduleKeyRotation(now);
 	}
 
-	private RotationResult rotateKeys(Map<ContactId, TransportKeys> keys,
-			long now) {
+	private RotationResult rotateKeys(Collection<KeySet> keys, long now) {
 		RotationResult rotationResult = new RotationResult();
 		long rotationPeriod = now / rotationPeriodLength;
-		for (Entry<ContactId, TransportKeys> e : keys.entrySet()) {
-			ContactId c = e.getKey();
-			TransportKeys k = e.getValue();
+		for (KeySet ks : keys) {
+			TransportKeys k = ks.getTransportKeys();
 			TransportKeys k1 =
 					transportCrypto.rotateTransportKeys(k, rotationPeriod);
+			KeySet ks1 = new KeySet(ks.getKeySetId(), ks.getContactId(), k1);
 			if (k1.getRotationPeriod() > k.getRotationPeriod())
-				rotationResult.rotated.put(c, k1);
-			rotationResult.current.put(c, k1);
+				rotationResult.rotated.add(ks1);
+			rotationResult.current.add(ks1);
 		}
 		return rotationResult;
 	}
 
 	// Locking: lock
-	private void addKeys(Map<ContactId, TransportKeys> m) {
-		for (Entry<ContactId, TransportKeys> e : m.entrySet())
-			addKeys(e.getKey(), new MutableTransportKeys(e.getValue()));
+	private void addKeys(Collection<KeySet> keys) {
+		for (KeySet ks : keys) {
+			addKeys(ks.getKeySetId(), ks.getContactId(),
+					new MutableTransportKeys(ks.getTransportKeys()));
+		}
 	}
 
 	// Locking: lock
-	private void addKeys(ContactId c, MutableTransportKeys m) {
-		encodeTags(c, m.getPreviousIncomingKeys());
-		encodeTags(c, m.getCurrentIncomingKeys());
-		encodeTags(c, m.getNextIncomingKeys());
-		outContexts.put(c, m.getCurrentOutgoingKeys());
-		keys.put(c, m);
+	private void addKeys(KeySetId keySetId, @Nullable ContactId contactId,
+			MutableTransportKeys m) {
+		MutableKeySet ks = new MutableKeySet(keySetId, contactId, m);
+		keys.put(keySetId, ks);
+		if (contactId != null) {
+			encodeTags(keySetId, contactId, m.getPreviousIncomingKeys());
+			encodeTags(keySetId, contactId, m.getCurrentIncomingKeys());
+			encodeTags(keySetId, contactId, m.getNextIncomingKeys());
+			considerReplacingOutgoingKeys(ks);
+		}
 	}
 
 	// Locking: lock
-	private void encodeTags(ContactId c, MutableIncomingKeys inKeys) {
+	private void encodeTags(KeySetId keySetId, ContactId contactId,
+			MutableIncomingKeys inKeys) {
 		for (long streamNumber : inKeys.getWindow().getUnseen()) {
-			TagContext tagCtx = new TagContext(c, inKeys, streamNumber);
+			TagContext tagCtx =
+					new TagContext(keySetId, contactId, inKeys, streamNumber);
 			byte[] tag = new byte[TAG_LENGTH];
 			transportCrypto.encodeTag(tag, inKeys.getTagKey(), PROTOCOL_VERSION,
 					streamNumber);
@@ -135,6 +144,17 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 		}
 	}
 
+	// Locking: lock
+	private void considerReplacingOutgoingKeys(MutableKeySet ks) {
+		// Use the active outgoing keys with the highest key set ID
+		if (ks.getTransportKeys().getCurrentOutgoingKeys().isActive()) {
+			MutableKeySet old = outContexts.get(ks.getContactId());
+			if (old == null ||
+					old.getKeySetId().getInt() < ks.getKeySetId().getInt())
+				outContexts.put(ks.getContactId(), ks);
+		}
+	}
+
 	private void scheduleKeyRotation(long now) {
 		long delay = rotationPeriodLength - now % rotationPeriodLength;
 		scheduler.schedule((Runnable) this::rotateKeys, delay, MILLISECONDS);
@@ -159,20 +179,82 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 	@Override
 	public void addContact(Transaction txn, ContactId c, SecretKey master,
 			long timestamp, boolean alice) throws DbException {
+		deriveAndAddKeys(txn, c, master, timestamp, alice, true);
+	}
+
+	@Override
+	public KeySetId addUnboundKeys(Transaction txn, SecretKey master,
+			long timestamp, boolean alice) throws DbException {
+		return deriveAndAddKeys(txn, null, master, timestamp, alice, false);
+	}
+
+	private KeySetId deriveAndAddKeys(Transaction txn, @Nullable ContactId c,
+			SecretKey master, long timestamp, boolean alice, boolean active)
+			throws DbException {
 		lock.lock();
 		try {
 			// Work out what rotation period the timestamp belongs to
 			long rotationPeriod = timestamp / rotationPeriodLength;
 			// Derive the transport keys
 			TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
-					master, rotationPeriod, alice);
+					master, rotationPeriod, alice, active);
 			// Rotate the keys to the current rotation period if necessary
 			rotationPeriod = clock.currentTimeMillis() / rotationPeriodLength;
 			k = transportCrypto.rotateTransportKeys(k, rotationPeriod);
-			// Initialise mutable state for the contact
-			addKeys(c, new MutableTransportKeys(k));
 			// Write the keys back to the DB
-			db.addTransportKeys(txn, c, k);
+			KeySetId keySetId = db.addTransportKeys(txn, c, k);
+			// Initialise mutable state for the contact
+			addKeys(keySetId, c, new MutableTransportKeys(k));
+			return keySetId;
+		} finally {
+			lock.unlock();
+		}
+	}
+
+	@Override
+	public void bindKeys(Transaction txn, ContactId c, KeySetId k)
+			throws DbException {
+		lock.lock();
+		try {
+			MutableKeySet ks = keys.get(k);
+			if (ks == null) throw new IllegalArgumentException();
+			// Check that the keys haven't already been bound
+			if (ks.getContactId() != null) throw new IllegalArgumentException();
+			MutableTransportKeys m = ks.getTransportKeys();
+			addKeys(k, c, m);
+			db.bindTransportKeys(txn, c, m.getTransportId(), k);
+		} finally {
+			lock.unlock();
+		}
+	}
+
+	@Override
+	public void activateKeys(Transaction txn, KeySetId k) throws DbException {
+		lock.lock();
+		try {
+			MutableKeySet ks = keys.get(k);
+			if (ks == null) throw new IllegalArgumentException();
+			// Check that the keys have been bound
+			if (ks.getContactId() == null) throw new IllegalArgumentException();
+			MutableTransportKeys m = ks.getTransportKeys();
+			m.getCurrentOutgoingKeys().activate();
+			considerReplacingOutgoingKeys(ks);
+			db.setTransportKeysActive(txn, m.getTransportId(), k);
+		} finally {
+			lock.unlock();
+		}
+	}
+
+	@Override
+	public void removeKeys(Transaction txn, KeySetId k) throws DbException {
+		lock.lock();
+		try {
+			MutableKeySet ks = keys.remove(k);
+			if (ks == null) throw new IllegalArgumentException();
+			// Check that the keys haven't been bound
+			if (ks.getContactId() != null) throw new IllegalArgumentException();
+			TransportId t = ks.getTransportKeys().getTransportId();
+			db.removeTransportKeys(txn, t, k);
 		} finally {
 			lock.unlock();
 		}
@@ -183,12 +265,29 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 		lock.lock();
 		try {
 			// Remove mutable state for the contact
-			Iterator<Entry<Bytes, TagContext>> it =
-					inContexts.entrySet().iterator();
-			while (it.hasNext())
-				if (it.next().getValue().contactId.equals(c)) it.remove();
+			Iterator<TagContext> it = inContexts.values().iterator();
+			while (it.hasNext()) if (it.next().contactId.equals(c)) it.remove();
 			outContexts.remove(c);
-			keys.remove(c);
+			Iterator<MutableKeySet> it1 = keys.values().iterator();
+			while (it1.hasNext()) {
+				ContactId c1 = it1.next().getContactId();
+				if (c1 != null && c1.equals(c)) it1.remove();
+			}
+		} finally {
+			lock.unlock();
+		}
+	}
+
+	@Override
+	public boolean canSendOutgoingStreams(ContactId c) {
+		lock.lock();
+		try {
+			MutableKeySet ks = outContexts.get(c);
+			if (ks == null) return false;
+			MutableOutgoingKeys outKeys =
+					ks.getTransportKeys().getCurrentOutgoingKeys();
+			if (!outKeys.isActive()) throw new AssertionError();
+			return outKeys.getStreamCounter() <= MAX_32_BIT_UNSIGNED;
 		} finally {
 			lock.unlock();
 		}
@@ -200,8 +299,11 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 		lock.lock();
 		try {
 			// Look up the outgoing keys for the contact
-			MutableOutgoingKeys outKeys = outContexts.get(c);
-			if (outKeys == null) return null;
+			MutableKeySet ks = outContexts.get(c);
+			if (ks == null) return null;
+			MutableOutgoingKeys outKeys =
+					ks.getTransportKeys().getCurrentOutgoingKeys();
+			if (!outKeys.isActive()) throw new AssertionError();
 			if (outKeys.getStreamCounter() > MAX_32_BIT_UNSIGNED) return null;
 			// Create a stream context
 			StreamContext ctx = new StreamContext(c, transportId,
@@ -209,8 +311,7 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 					outKeys.getStreamCounter());
 			// Increment the stream counter and write it back to the DB
 			outKeys.incrementStreamCounter();
-			db.incrementStreamCounter(txn, c, transportId,
-					outKeys.getRotationPeriod());
+			db.incrementStreamCounter(txn, transportId, ks.getKeySetId());
 			return ctx;
 		} finally {
 			lock.unlock();
@@ -238,8 +339,9 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 				byte[] addTag = new byte[TAG_LENGTH];
 				transportCrypto.encodeTag(addTag, inKeys.getTagKey(),
 						PROTOCOL_VERSION, streamNumber);
-				inContexts.put(new Bytes(addTag), new TagContext(
-						tagCtx.contactId, inKeys, streamNumber));
+				TagContext tagCtx1 = new TagContext(tagCtx.keySetId,
+						tagCtx.contactId, inKeys, streamNumber);
+				inContexts.put(new Bytes(addTag), tagCtx1);
 			}
 			// Remove tags for any stream numbers removed from the window
 			for (long streamNumber : change.getRemoved()) {
@@ -250,9 +352,19 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 				inContexts.remove(new Bytes(removeTag));
 			}
 			// Write the window back to the DB
-			db.setReorderingWindow(txn, tagCtx.contactId, transportId,
+			db.setReorderingWindow(txn, tagCtx.keySetId, transportId,
 					inKeys.getRotationPeriod(), window.getBase(),
 					window.getBitmap());
+			// If the outgoing keys are inactive, activate them
+			MutableKeySet ks = keys.get(tagCtx.keySetId);
+			MutableOutgoingKeys outKeys =
+					ks.getTransportKeys().getCurrentOutgoingKeys();
+			if (!outKeys.isActive()) {
+				LOG.info("Activating outgoing keys");
+				outKeys.activate();
+				considerReplacingOutgoingKeys(ks);
+				db.setTransportKeysActive(txn, transportId, tagCtx.keySetId);
+			}
 			return ctx;
 		} finally {
 			lock.unlock();
@@ -264,9 +376,11 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 		lock.lock();
 		try {
 			// Rotate the keys to the current rotation period
-			Map<ContactId, TransportKeys> snapshot = new HashMap<>();
-			for (Entry<ContactId, MutableTransportKeys> e : keys.entrySet())
-				snapshot.put(e.getKey(), e.getValue().snapshot());
+			Collection<KeySet> snapshot = new ArrayList<>(keys.size());
+			for (MutableKeySet ks : keys.values()) {
+				snapshot.add(new KeySet(ks.getKeySetId(), ks.getContactId(),
+						ks.getTransportKeys().snapshot()));
+			}
 			RotationResult rotationResult = rotateKeys(snapshot, now);
 			// Rebuild the mutable state for all contacts
 			inContexts.clear();
@@ -285,12 +399,14 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 
 	private static class TagContext {
 
+		private final KeySetId keySetId;
 		private final ContactId contactId;
 		private final MutableIncomingKeys inKeys;
 		private final long streamNumber;
 
-		private TagContext(ContactId contactId, MutableIncomingKeys inKeys,
-				long streamNumber) {
+		private TagContext(KeySetId keySetId, ContactId contactId,
+				MutableIncomingKeys inKeys, long streamNumber) {
+			this.keySetId = keySetId;
 			this.contactId = contactId;
 			this.inKeys = inKeys;
 			this.streamNumber = streamNumber;
@@ -299,11 +415,7 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 
 	private static class RotationResult {
 
-		private final Map<ContactId, TransportKeys> current, rotated;
-
-		private RotationResult() {
-			current = new HashMap<>();
-			rotated = new HashMap<>();
-		}
+		private final Collection<KeySet> current = new ArrayList<>();
+		private final Collection<KeySet> rotated = new ArrayList<>();
 	}
 }

bramble-core/src/test/java/org/briarproject/bramble/client/ClientHelperImplTest.java

@@ -37,6 +37,7 @@ import java.util.Random;
 
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
+import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
 import static org.briarproject.bramble.test.TestUtils.getAuthor;
 import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
 import static org.briarproject.bramble.test.TestUtils.getRandomId;
@@ -300,30 +301,34 @@ public class ClientHelperImplTest extends BrambleTestCase {
 
 	@Test
 	public void testVerifySignature() throws Exception {
+		byte[] signature = getRandomBytes(MAX_SIGNATURE_LENGTH);
 		byte[] publicKey = getRandomBytes(42);
-		byte[] bytes = expectToByteArray(list);
+		byte[] signed = expectToByteArray(list);
 
 		context.checking(new Expectations() {{
-			oneOf(cryptoComponent).verify(label, bytes, publicKey, rawMessage);
+			oneOf(cryptoComponent).verifySignature(signature, label, signed,
+					publicKey);
 			will(returnValue(true));
 		}});
 
-		clientHelper.verifySignature(label, rawMessage, publicKey, list);
+		clientHelper.verifySignature(signature, label, list, publicKey);
 		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testVerifyWrongSignature() throws Exception {
+		byte[] signature = getRandomBytes(MAX_SIGNATURE_LENGTH);
 		byte[] publicKey = getRandomBytes(42);
-		byte[] bytes = expectToByteArray(list);
+		byte[] signed = expectToByteArray(list);
 
 		context.checking(new Expectations() {{
-			oneOf(cryptoComponent).verify(label, bytes, publicKey, rawMessage);
+			oneOf(cryptoComponent).verifySignature(signature, label, signed,
+					publicKey);
 			will(returnValue(false));
 		}});
 
 		try {
-			clientHelper.verifySignature(label, rawMessage, publicKey, list);
+			clientHelper.verifySignature(signature, label, list, publicKey);
 			fail();
 		} catch (GeneralSecurityException e) {
 			// expected

bramble-core/src/test/java/org/briarproject/bramble/crypto/EdSignatureTest.java

@@ -143,9 +143,9 @@ public class EdSignatureTest extends SignatureTest {
 	}
 
 	@Override
-	protected boolean verify(String label, byte[] signedData, byte[] publicKey,
-			byte[] signature) throws GeneralSecurityException {
-		return crypto.verify(label, signedData, publicKey, signature);
+	protected boolean verify(byte[] signature, String label, byte[] signed,
+			byte[] publicKey) throws GeneralSecurityException {
+		return crypto.verifySignature(signature, label, signed, publicKey);
 	}
 
 	@Test

bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTest.java

@@ -17,6 +17,7 @@ import java.util.List;
 import java.util.Set;
 
 import static org.briarproject.bramble.test.TestUtils.getSecretKey;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
@@ -27,13 +28,13 @@ public class KeyDerivationTest extends BrambleTestCase {
 			new CryptoComponentImpl(new TestSecureRandomProvider(), null);
 	private final TransportCrypto transportCrypto =
 			new TransportCryptoImpl(crypto);
-	private final TransportId transportId = new TransportId("id");
+	private final TransportId transportId = getTransportId();
 	private final SecretKey master = getSecretKey();
 
 	@Test
 	public void testKeysAreDistinct() {
 		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
-				master, 123, true);
+				master, 123, true, true);
 		assertAllDifferent(k);
 	}
 
@@ -41,9 +42,9 @@ public class KeyDerivationTest extends BrambleTestCase {
 	public void testCurrentKeysMatchCurrentKeysOfContact() {
 		// Start in rotation period 123
 		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
-				master, 123, true);
+				master, 123, true, true);
 		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
-				master, 123, false);
+				master, 123, false, true);
 		// Alice's incoming keys should equal Bob's outgoing keys
 		assertArrayEquals(kA.getCurrentIncomingKeys().getTagKey().getBytes(),
 				kB.getCurrentOutgoingKeys().getTagKey().getBytes());
@@ -73,9 +74,9 @@ public class KeyDerivationTest extends BrambleTestCase {
 	public void testPreviousKeysMatchPreviousKeysOfContact() {
 		// Start in rotation period 123
 		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
-				master, 123, true);
+				master, 123, true, true);
 		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
-				master, 123, false);
+				master, 123, false, true);
 		// Compare Alice's previous keys in period 456 with Bob's current keys
 		// in period 455
 		kA = transportCrypto.rotateTransportKeys(kA, 456);
@@ -100,9 +101,9 @@ public class KeyDerivationTest extends BrambleTestCase {
 	public void testNextKeysMatchNextKeysOfContact() {
 		// Start in rotation period 123
 		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
-				master, 123, true);
+				master, 123, true, true);
 		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
-				master, 123, false);
+				master, 123, false, true);
 		// Compare Alice's current keys in period 456 with Bob's next keys in
 		// period 455
 		kA = transportCrypto.rotateTransportKeys(kA, 456);
@@ -127,20 +128,20 @@ public class KeyDerivationTest extends BrambleTestCase {
 		SecretKey master1 = getSecretKey();
 		assertFalse(Arrays.equals(master.getBytes(), master1.getBytes()));
 		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
-				master, 123, true);
+				master, 123, true, true);
 		TransportKeys k1 = transportCrypto.deriveTransportKeys(transportId,
-				master1, 123, true);
+				master1, 123, true, true);
 		assertAllDifferent(k, k1);
 	}
 
 	@Test
 	public void testTransportIdAffectsOutput() {
-		TransportId transportId1 = new TransportId("id1");
+		TransportId transportId1 = getTransportId();
 		assertFalse(transportId.getString().equals(transportId1.getString()));
 		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
-				master, 123, true);
+				master, 123, true, true);
 		TransportKeys k1 = transportCrypto.deriveTransportKeys(transportId1,
-				master, 123, true);
+				master, 123, true, true);
 		assertAllDifferent(k, k1);
 	}
 

bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyEncodingAndParsingTest.java

@@ -126,13 +126,13 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
 		byte[] signature = crypto.sign("test", message,
 				privateKey.getEncoded());
 		// Verify the signature
-		assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
-				signature));
+		assertTrue(crypto.verifySignature(signature, "test", message,
+				publicKey.getEncoded()));
 		// Encode and parse the public key - no exceptions should be thrown
 		publicKey = parser.parsePublicKey(publicKey.getEncoded());
 		// Verify the signature again
-		assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
-				signature));
+		assertTrue(crypto.verifySignature(signature, "test", message,
+				publicKey.getEncoded()));
 	}
 
 	@Test
@@ -146,15 +146,15 @@ public class KeyEncodingAndParsingTest extends BrambleTestCase {
 		byte[] signature = crypto.sign("test", message,
 				privateKey.getEncoded());
 		// Verify the signature
-		assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
-				signature));
+		assertTrue(crypto.verifySignature(signature, "test", message,
+				publicKey.getEncoded()));
 		// Encode and parse the private key - no exceptions should be thrown
 		privateKey = parser.parsePrivateKey(privateKey.getEncoded());
 		// Sign the data again - the signatures should be the same
 		byte[] signature1 = crypto.sign("test", message,
 				privateKey.getEncoded());
-		assertTrue(crypto.verify("test", message, publicKey.getEncoded(),
-				signature1));
+		assertTrue(crypto.verifySignature(signature1, "test", message,
+				publicKey.getEncoded()));
 		assertArrayEquals(signature, signature1);
 	}
 

bramble-core/src/test/java/org/briarproject/bramble/crypto/MacTest.java

@@ -13,6 +13,7 @@ import static org.briarproject.bramble.test.TestUtils.getSecretKey;
 import static org.briarproject.bramble.util.StringUtils.getRandomString;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
 
 public class MacTest extends BrambleTestCase {
 
@@ -32,6 +33,7 @@ public class MacTest extends BrambleTestCase {
 		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
 		byte[] mac1 = crypto.mac(label1, key1, input1, input2, input3);
 		assertArrayEquals(mac, mac1);
+		assertTrue(crypto.verifyMac(mac, label1, key1, input1, input2, input3));
 	}
 
 	@Test
@@ -40,6 +42,11 @@ public class MacTest extends BrambleTestCase {
 		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
 		byte[] mac1 = crypto.mac(label2, key1, input1, input2, input3);
 		assertFalse(Arrays.equals(mac, mac1));
+		// Each MAC should fail to verify with the other MAC's label
+		assertFalse(crypto.verifyMac(mac, label2, key1, input1, input2,
+				input3));
+		assertFalse(crypto.verifyMac(mac1, label1, key2, input1, input2,
+				input3));
 	}
 
 	@Test
@@ -48,6 +55,11 @@ public class MacTest extends BrambleTestCase {
 		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
 		byte[] mac1 = crypto.mac(label1, key2, input1, input2, input3);
 		assertFalse(Arrays.equals(mac, mac1));
+		// Each MAC should fail to verify with the other MAC's key
+		assertFalse(crypto.verifyMac(mac, label1, key2, input1, input2,
+				input3));
+		assertFalse(crypto.verifyMac(mac1, label2, key1, input1, input2,
+				input3));
 	}
 
 	@Test
@@ -57,6 +69,11 @@ public class MacTest extends BrambleTestCase {
 		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
 		byte[] mac1 = crypto.mac(label1, key1, input3, input2, input1);
 		assertFalse(Arrays.equals(mac, mac1));
+		// Each MAC should fail to verify with the other MAC's inputs
+		assertFalse(crypto.verifyMac(mac, label1, key2, input3, input2,
+				input1));
+		assertFalse(crypto.verifyMac(mac1, label1, key1, input1, input2,
+				input3));
 	}
 
 }

bramble-core/src/test/java/org/briarproject/bramble/crypto/SignatureTest.java

@@ -28,8 +28,8 @@ public abstract class SignatureTest extends BrambleTestCase {
 	protected abstract byte[] sign(String label, byte[] toSign,
 			byte[] privateKey) throws GeneralSecurityException;
 
-	protected abstract boolean verify(String label, byte[] signedData,
-			byte[] publicKey, byte[] signature) throws GeneralSecurityException;
+	protected abstract boolean verify(byte[] signature, String label,
+			byte[] signed, byte[] publicKey) throws GeneralSecurityException;
 
 	SignatureTest() {
 		crypto = new CryptoComponentImpl(new TestSecureRandomProvider(), null);
@@ -85,7 +85,7 @@ public abstract class SignatureTest extends BrambleTestCase {
 	@Test
 	public void testSignatureVerification() throws Exception {
 		byte[] sig = sign(label, inputBytes, privateKey);
-		assertTrue(verify(label, inputBytes, publicKey, sig));
+		assertTrue(verify(sig, label, inputBytes, publicKey));
 	}
 
 	@Test
@@ -95,7 +95,7 @@ public abstract class SignatureTest extends BrambleTestCase {
 		byte[] privateKey2 = k2.getPrivate().getEncoded();
 		// calculate the signature with different key, should fail to verify
 		byte[] sig = sign(label, inputBytes, privateKey2);
-		assertFalse(verify(label, inputBytes, publicKey, sig));
+		assertFalse(verify(sig, label, inputBytes, publicKey));
 	}
 
 	@Test
@@ -104,7 +104,7 @@ public abstract class SignatureTest extends BrambleTestCase {
 		byte[] inputBytes2 = TestUtils.getRandomBytes(123);
 		// calculate the signature with different input, should fail to verify
 		byte[] sig = sign(label, inputBytes, privateKey);
-		assertFalse(verify(label, inputBytes2, publicKey, sig));
+		assertFalse(verify(sig, label, inputBytes2, publicKey));
 	}
 
 	@Test
@@ -113,7 +113,7 @@ public abstract class SignatureTest extends BrambleTestCase {
 		String label2 = StringUtils.getRandomString(42);
 		// calculate the signature with different label, should fail to verify
 		byte[] sig = sign(label, inputBytes, privateKey);
-		assertFalse(verify(label2, inputBytes, publicKey, sig));
+		assertFalse(verify(sig, label2, inputBytes, publicKey));
 	}
 
 }

bramble-core/src/test/java/org/briarproject/bramble/db/DatabaseComponentImplTest.java

@@ -44,34 +44,36 @@ import org.briarproject.bramble.api.sync.event.MessageToRequestEvent;
 import org.briarproject.bramble.api.sync.event.MessagesAckedEvent;
 import org.briarproject.bramble.api.sync.event.MessagesSentEvent;
 import org.briarproject.bramble.api.transport.IncomingKeys;
+import org.briarproject.bramble.api.transport.KeySet;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.OutgoingKeys;
 import org.briarproject.bramble.api.transport.TransportKeys;
 import org.briarproject.bramble.test.BrambleMockTestCase;
 import org.briarproject.bramble.test.CaptureArgumentAction;
-import org.briarproject.bramble.test.TestUtils;
 import org.jmock.Expectations;
 import org.junit.Test;
 
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.Map;
 import java.util.concurrent.atomic.AtomicReference;
 
 import static java.util.Collections.emptyMap;
 import static java.util.Collections.singletonList;
-import static java.util.Collections.singletonMap;
 import static org.briarproject.bramble.api.sync.Group.Visibility.INVISIBLE;
 import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
 import static org.briarproject.bramble.api.sync.Group.Visibility.VISIBLE;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.DELIVERED;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.UNKNOWN;
 import static org.briarproject.bramble.api.transport.TransportConstants.REORDERING_WINDOW_SIZE;
 import static org.briarproject.bramble.db.DatabaseConstants.MAX_OFFERED_MESSAGES;
 import static org.briarproject.bramble.test.TestUtils.getAuthor;
+import static org.briarproject.bramble.test.TestUtils.getClientId;
+import static org.briarproject.bramble.test.TestUtils.getGroup;
 import static org.briarproject.bramble.test.TestUtils.getLocalAuthor;
-import static org.briarproject.bramble.util.StringUtils.getRandomString;
+import static org.briarproject.bramble.test.TestUtils.getRandomId;
+import static org.briarproject.bramble.test.TestUtils.getSecretKey;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
@@ -100,27 +102,28 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 	private final int maxLatency;
 	private final ContactId contactId;
 	private final Contact contact;
+	private final KeySetId keySetId;
 
 	public DatabaseComponentImplTest() {
-		clientId = new ClientId(getRandomString(123));
-		groupId = new GroupId(TestUtils.getRandomId());
-		byte[] descriptor = new byte[MAX_GROUP_DESCRIPTOR_LENGTH];
-		group = new Group(groupId, clientId, descriptor);
+		clientId = getClientId();
+		group = getGroup(clientId);
+		groupId = group.getId();
 		author = getAuthor();
 		localAuthor = getLocalAuthor();
-		messageId = new MessageId(TestUtils.getRandomId());
-		messageId1 = new MessageId(TestUtils.getRandomId());
+		messageId = new MessageId(getRandomId());
+		messageId1 = new MessageId(getRandomId());
 		long timestamp = System.currentTimeMillis();
 		size = 1234;
 		raw = new byte[size];
 		message = new Message(messageId, groupId, timestamp, raw);
 		metadata = new Metadata();
 		metadata.put("foo", new byte[] {'b', 'a', 'r'});
-		transportId = new TransportId("id");
+		transportId = getTransportId();
 		maxLatency = Integer.MAX_VALUE;
 		contactId = new ContactId(234);
 		contact = new Contact(contactId, author, localAuthor.getId(),
 				true, true);
+		keySetId = new KeySetId(345);
 	}
 
 	private DatabaseComponent createDatabaseComponent(Database<Object> database,
@@ -134,7 +137,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 		int shutdownHandle = 12345;
 		context.checking(new Expectations() {{
 			// open()
-			oneOf(database).open();
+			oneOf(database).open(null);
 			will(returnValue(false));
 			oneOf(shutdown).addShutdownHook(with(any(Runnable.class)));
 			will(returnValue(shutdownHandle));
@@ -201,7 +204,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 		DatabaseComponent db = createDatabaseComponent(database, eventBus,
 				shutdown);
 
-		assertFalse(db.open());
+		assertFalse(db.open(null));
 		Transaction transaction = db.startTransaction(false);
 		try {
 			db.addLocalAuthor(transaction, localAuthor);
@@ -282,11 +285,11 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			throws Exception {
 		context.checking(new Expectations() {{
 			// Check whether the contact is in the DB (which it's not)
-			exactly(18).of(database).startTransaction();
+			exactly(17).of(database).startTransaction();
 			will(returnValue(txn));
-			exactly(18).of(database).containsContact(txn, contactId);
+			exactly(17).of(database).containsContact(txn, contactId);
 			will(returnValue(false));
-			exactly(18).of(database).abortTransaction(txn);
+			exactly(17).of(database).abortTransaction(txn);
 		}});
 		DatabaseComponent db = createDatabaseComponent(database, eventBus,
 				shutdown);
@@ -301,6 +304,16 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			db.endTransaction(transaction);
 		}
 
+		transaction = db.startTransaction(false);
+		try {
+			db.bindTransportKeys(transaction, contactId, transportId, keySetId);
+			fail();
+		} catch (NoSuchContactException expected) {
+			// Expected
+		} finally {
+			db.endTransaction(transaction);
+		}
+
 		transaction = db.startTransaction(false);
 		try {
 			db.generateAck(transaction, contactId, 123);
@@ -371,16 +384,6 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			db.endTransaction(transaction);
 		}
 
-		transaction = db.startTransaction(false);
-		try {
-			db.incrementStreamCounter(transaction, contactId, transportId, 0);
-			fail();
-		} catch (NoSuchContactException expected) {
-			// Expected
-		} finally {
-			db.endTransaction(transaction);
-		}
-
 		transaction = db.startTransaction(false);
 		try {
 			db.getGroupVisibility(transaction, contactId, groupId);
@@ -454,17 +457,6 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			db.endTransaction(transaction);
 		}
 
-		transaction = db.startTransaction(false);
-		try {
-			db.setReorderingWindow(transaction, contactId, transportId, 0, 0,
-					new byte[REORDERING_WINDOW_SIZE / 8]);
-			fail();
-		} catch (NoSuchContactException expected) {
-			// Expected
-		} finally {
-			db.endTransaction(transaction);
-		}
-
 		transaction = db.startTransaction(false);
 		try {
 			db.setGroupVisibility(transaction, contactId, groupId, SHARED);
@@ -777,13 +769,13 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			// endTransaction()
 			oneOf(database).commitTransaction(txn);
 			// Check whether the transport is in the DB (which it's not)
-			exactly(4).of(database).startTransaction();
+			exactly(6).of(database).startTransaction();
 			will(returnValue(txn));
-			exactly(2).of(database).containsContact(txn, contactId);
+			oneOf(database).containsContact(txn, contactId);
 			will(returnValue(true));
-			exactly(4).of(database).containsTransport(txn, transportId);
+			exactly(6).of(database).containsTransport(txn, transportId);
 			will(returnValue(false));
-			exactly(4).of(database).abortTransaction(txn);
+			exactly(6).of(database).abortTransaction(txn);
 		}});
 		DatabaseComponent db = createDatabaseComponent(database, eventBus,
 				shutdown);
@@ -798,6 +790,16 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			db.endTransaction(transaction);
 		}
 
+		transaction = db.startTransaction(false);
+		try {
+			db.bindTransportKeys(transaction, contactId, transportId, keySetId);
+			fail();
+		} catch (NoSuchTransportException expected) {
+			// Expected
+		} finally {
+			db.endTransaction(transaction);
+		}
+
 		transaction = db.startTransaction(false);
 		try {
 			db.getTransportKeys(transaction, transportId);
@@ -810,7 +812,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 
 		transaction = db.startTransaction(false);
 		try {
-			db.incrementStreamCounter(transaction, contactId, transportId, 0);
+			db.incrementStreamCounter(transaction, transportId, keySetId);
 			fail();
 		} catch (NoSuchTransportException expected) {
 			// Expected
@@ -830,7 +832,17 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 
 		transaction = db.startTransaction(false);
 		try {
-			db.setReorderingWindow(transaction, contactId, transportId, 0, 0,
+			db.removeTransportKeys(transaction, transportId, keySetId);
+			fail();
+		} catch (NoSuchTransportException expected) {
+			// Expected
+		} finally {
+			db.endTransaction(transaction);
+		}
+
+		transaction = db.startTransaction(false);
+		try {
+			db.setReorderingWindow(transaction, keySetId, transportId, 0, 0,
 					new byte[REORDERING_WINDOW_SIZE / 8]);
 			fail();
 		} catch (NoSuchTransportException expected) {
@@ -907,7 +919,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 
 	@Test
 	public void testGenerateOffer() throws Exception {
-		MessageId messageId1 = new MessageId(TestUtils.getRandomId());
+		MessageId messageId1 = new MessageId(getRandomId());
 		Collection<MessageId> ids = Arrays.asList(messageId, messageId1);
 		context.checking(new Expectations() {{
 			oneOf(database).startTransaction();
@@ -938,7 +950,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 
 	@Test
 	public void testGenerateRequest() throws Exception {
-		MessageId messageId1 = new MessageId(TestUtils.getRandomId());
+		MessageId messageId1 = new MessageId(getRandomId());
 		Collection<MessageId> ids = Arrays.asList(messageId, messageId1);
 		context.checking(new Expectations() {{
 			oneOf(database).startTransaction();
@@ -1126,9 +1138,9 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 
 	@Test
 	public void testReceiveOffer() throws Exception {
-		MessageId messageId1 = new MessageId(TestUtils.getRandomId());
-		MessageId messageId2 = new MessageId(TestUtils.getRandomId());
-		MessageId messageId3 = new MessageId(TestUtils.getRandomId());
+		MessageId messageId1 = new MessageId(getRandomId());
+		MessageId messageId2 = new MessageId(getRandomId());
+		MessageId messageId3 = new MessageId(getRandomId());
 		context.checking(new Expectations() {{
 			oneOf(database).startTransaction();
 			will(returnValue(txn));
@@ -1303,15 +1315,13 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 	@Test
 	public void testTransportKeys() throws Exception {
 		TransportKeys transportKeys = createTransportKeys();
-		Map<ContactId, TransportKeys> keys =
-				singletonMap(contactId, transportKeys);
+		Collection<KeySet> keys =
+				singletonList(new KeySet(keySetId, contactId, transportKeys));
 		context.checking(new Expectations() {{
 			// startTransaction()
 			oneOf(database).startTransaction();
 			will(returnValue(txn));
 			// updateTransportKeys()
-			oneOf(database).containsContact(txn, contactId);
-			will(returnValue(true));
 			oneOf(database).containsTransport(txn, transportId);
 			will(returnValue(true));
 			oneOf(database).updateTransportKeys(txn, keys);
@@ -1337,22 +1347,22 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 	}
 
 	private TransportKeys createTransportKeys() {
-		SecretKey inPrevTagKey = TestUtils.getSecretKey();
-		SecretKey inPrevHeaderKey = TestUtils.getSecretKey();
+		SecretKey inPrevTagKey = getSecretKey();
+		SecretKey inPrevHeaderKey = getSecretKey();
 		IncomingKeys inPrev = new IncomingKeys(inPrevTagKey, inPrevHeaderKey,
 				1, 123, new byte[4]);
-		SecretKey inCurrTagKey = TestUtils.getSecretKey();
-		SecretKey inCurrHeaderKey = TestUtils.getSecretKey();
+		SecretKey inCurrTagKey = getSecretKey();
+		SecretKey inCurrHeaderKey = getSecretKey();
 		IncomingKeys inCurr = new IncomingKeys(inCurrTagKey, inCurrHeaderKey,
 				2, 234, new byte[4]);
-		SecretKey inNextTagKey = TestUtils.getSecretKey();
-		SecretKey inNextHeaderKey = TestUtils.getSecretKey();
+		SecretKey inNextTagKey = getSecretKey();
+		SecretKey inNextHeaderKey = getSecretKey();
 		IncomingKeys inNext = new IncomingKeys(inNextTagKey, inNextHeaderKey,
 				3, 345, new byte[4]);
-		SecretKey outCurrTagKey = TestUtils.getSecretKey();
-		SecretKey outCurrHeaderKey = TestUtils.getSecretKey();
+		SecretKey outCurrTagKey = getSecretKey();
+		SecretKey outCurrHeaderKey = getSecretKey();
 		OutgoingKeys outCurr = new OutgoingKeys(outCurrTagKey, outCurrHeaderKey,
-				2, 456);
+				2, 456, true);
 		return new TransportKeys(transportId, inPrev, inCurr, inNext, outCurr);
 	}
 
@@ -1498,10 +1508,10 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 	@SuppressWarnings("unchecked")
 	public void testMessageDependencies() throws Exception {
 		int shutdownHandle = 12345;
-		MessageId messageId2 = new MessageId(TestUtils.getRandomId());
+		MessageId messageId2 = new MessageId(getRandomId());
 		context.checking(new Expectations() {{
 			// open()
-			oneOf(database).open();
+			oneOf(database).open(null);
 			will(returnValue(false));
 			oneOf(shutdown).addShutdownHook(with(any(Runnable.class)));
 			will(returnValue(shutdownHandle));
@@ -1518,10 +1528,12 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			// addMessageDependencies()
 			oneOf(database).containsMessage(txn, messageId);
 			will(returnValue(true));
-			oneOf(database).addMessageDependency(txn, groupId, messageId,
-					messageId1);
-			oneOf(database).addMessageDependency(txn, groupId, messageId,
-					messageId2);
+			oneOf(database).getMessageState(txn, messageId);
+			will(returnValue(DELIVERED));
+			oneOf(database).addMessageDependency(txn, message, messageId1,
+					DELIVERED);
+			oneOf(database).addMessageDependency(txn, message, messageId2,
+					DELIVERED);
 			// getMessageDependencies()
 			oneOf(database).containsMessage(txn, messageId);
 			will(returnValue(true));
@@ -1543,7 +1555,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 		DatabaseComponent db = createDatabaseComponent(database, eventBus,
 				shutdown);
 
-		assertFalse(db.open());
+		assertFalse(db.open(null));
 		Transaction transaction = db.startTransaction(false);
 		try {
 			db.addLocalMessage(transaction, message, metadata, true);

bramble-core/src/test/java/org/briarproject/bramble/db/DatabaseMigrationTest.java

@@ -62,7 +62,7 @@ public abstract class DatabaseMigrationTest extends BrambleMockTestCase {
 	public void testDoesNotRunMigrationsWhenCreatingDatabase()
 			throws Exception {
 		Database<Connection> db = createDatabase(singletonList(migration));
-		assertFalse(db.open());
+		assertFalse(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		db.close();
 	}
@@ -72,14 +72,14 @@ public abstract class DatabaseMigrationTest extends BrambleMockTestCase {
 			throws Exception {
 		// Open the DB for the first time
 		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open());
+		assertFalse(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		// Override the data schema version
 		setDataSchemaVersion(db, -1);
 		db.close();
 		// Reopen the DB - an exception should be thrown
 		db = createDatabase(asList(migration, migration1));
-		db.open();
+		db.open(null);
 	}
 
 	@Test
@@ -87,12 +87,12 @@ public abstract class DatabaseMigrationTest extends BrambleMockTestCase {
 			throws Exception {
 		// Open the DB for the first time
 		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open());
+		assertFalse(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		db.close();
 		// Reopen the DB - migrations should not be run
 		db = createDatabase(asList(migration, migration1));
-		assertTrue(db.open());
+		assertTrue(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		db.close();
 	}
@@ -101,14 +101,14 @@ public abstract class DatabaseMigrationTest extends BrambleMockTestCase {
 	public void testThrowsExceptionIfDataIsNewerThanCode() throws Exception {
 		// Open the DB for the first time
 		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open());
+		assertFalse(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		// Override the data schema version
 		setDataSchemaVersion(db, CODE_SCHEMA_VERSION + 1);
 		db.close();
 		// Reopen the DB - an exception should be thrown
 		db = createDatabase(asList(migration, migration1));
-		db.open();
+		db.open(null);
 	}
 
 	@Test(expected = DataTooOldException.class)
@@ -116,13 +116,13 @@ public abstract class DatabaseMigrationTest extends BrambleMockTestCase {
 			throws Exception {
 		// Open the DB for the first time
 		Database<Connection> db = createDatabase(emptyList());
-		assertFalse(db.open());
+		assertFalse(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		setDataSchemaVersion(db, CODE_SCHEMA_VERSION - 1);
 		db.close();
 		// Reopen the DB - an exception should be thrown
 		db = createDatabase(emptyList());
-		db.open();
+		db.open(null);
 	}
 
 	@Test(expected = DataTooOldException.class)
@@ -141,14 +141,14 @@ public abstract class DatabaseMigrationTest extends BrambleMockTestCase {
 
 		// Open the DB for the first time
 		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open());
+		assertFalse(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		// Override the data schema version
 		setDataSchemaVersion(db, CODE_SCHEMA_VERSION - 3);
 		db.close();
 		// Reopen the DB - an exception should be thrown
 		db = createDatabase(asList(migration, migration1));
-		db.open();
+		db.open(null);
 	}
 
 	@Test
@@ -170,14 +170,14 @@ public abstract class DatabaseMigrationTest extends BrambleMockTestCase {
 
 		// Open the DB for the first time
 		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open());
+		assertFalse(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		// Override the data schema version
 		setDataSchemaVersion(db, CODE_SCHEMA_VERSION - 2);
 		db.close();
 		// Reopen the DB - the first migration should be run
 		db = createDatabase(asList(migration, migration1));
-		assertTrue(db.open());
+		assertTrue(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		db.close();
 	}
@@ -202,14 +202,14 @@ public abstract class DatabaseMigrationTest extends BrambleMockTestCase {
 
 		// Open the DB for the first time
 		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open());
+		assertFalse(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		// Override the data schema version
 		setDataSchemaVersion(db, CODE_SCHEMA_VERSION - 2);
 		db.close();
 		// Reopen the DB - both migrations should be run
 		db = createDatabase(asList(migration, migration1));
-		assertTrue(db.open());
+		assertTrue(db.open(null));
 		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
 		db.close();
 	}

bramble-core/src/test/java/org/briarproject/bramble/db/DatabasePerformanceComparisonTest.java

@@ -71,7 +71,7 @@ public abstract class DatabasePerformanceComparisonTest
 			throws DbException {
 		Database<Connection> db = createDatabase(conditionA,
 				new TestDatabaseConfig(testDir, MAX_SIZE), new SystemClock());
-		db.open();
+		db.open(null);
 		return db;
 	}
 

bramble-core/src/test/java/org/briarproject/bramble/db/DatabasePerformanceTest.java

@@ -477,30 +477,30 @@ public abstract class DatabasePerformanceTest extends BrambleTestCase {
 
 	@Test
 	public void testGetMessagesToShare() throws Exception {
-		String name = "getMessagesToShare(T, ClientId)";
+		String name = "getMessagesToShare(T)";
 		benchmark(name, db -> {
 			Connection txn = db.startTransaction();
-			db.getMessagesToShare(txn, pickRandom(clientIds));
+			db.getMessagesToShare(txn);
 			db.commitTransaction(txn);
 		});
 	}
 
 	@Test
 	public void testGetMessagesToValidate() throws Exception {
-		String name = "getMessagesToValidate(T, ClientId)";
+		String name = "getMessagesToValidate(T)";
 		benchmark(name, db -> {
 			Connection txn = db.startTransaction();
-			db.getMessagesToValidate(txn, pickRandom(clientIds));
+			db.getMessagesToValidate(txn);
 			db.commitTransaction(txn);
 		});
 	}
 
 	@Test
 	public void testGetPendingMessages() throws Exception {
-		String name = "getPendingMessages(T, ClientId)";
+		String name = "getPendingMessages(T)";
 		benchmark(name, db -> {
 			Connection txn = db.startTransaction();
-			db.getPendingMessages(txn, pickRandom(clientIds));
+			db.getPendingMessages(txn);
 			db.commitTransaction(txn);
 		});
 	}
@@ -572,8 +572,9 @@ public abstract class DatabasePerformanceTest extends BrambleTestCase {
 					messageMeta.get(g.getId()).add(mm);
 					db.mergeMessageMetadata(txn, m.getId(), mm);
 					if (k > 0) {
-						db.addMessageDependency(txn, g.getId(), m.getId(),
-								pickRandom(groupMessages.get(g.getId())));
+						MessageId dependency =
+								pickRandom(groupMessages.get(g.getId()));
+						db.addMessageDependency(txn, m, dependency, state);
 					}
 					groupMessages.get(g.getId()).add(m.getId());
 				}
@@ -598,8 +599,9 @@ public abstract class DatabasePerformanceTest extends BrambleTestCase {
 				messageMeta.get(g.getId()).add(mm);
 				db.mergeMessageMetadata(txn, m.getId(), mm);
 				if (j > 0) {
-					db.addMessageDependency(txn, g.getId(), m.getId(),
-							pickRandom(groupMessages.get(g.getId())));
+					MessageId dependency =
+							pickRandom(groupMessages.get(g.getId()));
+					db.addMessageDependency(txn, m, dependency, DELIVERED);
 				}
 				groupMessages.get(g.getId()).add(m.getId());
 			}

bramble-core/src/test/java/org/briarproject/bramble/db/DatabaseTraceTest.java

@@ -43,7 +43,7 @@ public abstract class DatabaseTraceTest extends DatabasePerformanceTest {
 	private Database<Connection> openDatabase() throws DbException {
 		Database<Connection> db = createDatabase(
 				new TestDatabaseConfig(testDir, MAX_SIZE), new SystemClock());
-		db.open();
+		db.open(null);
 		return db;
 	}
 

bramble-core/src/test/java/org/briarproject/bramble/db/JdbcDatabaseTest.java

@@ -19,6 +19,8 @@ import org.briarproject.bramble.api.sync.MessageStatus;
 import org.briarproject.bramble.api.sync.ValidationManager.State;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.transport.IncomingKeys;
+import org.briarproject.bramble.api.transport.KeySet;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.OutgoingKeys;
 import org.briarproject.bramble.api.transport.TransportKeys;
 import org.briarproject.bramble.system.SystemClock;
@@ -34,7 +36,6 @@ import java.sql.Connection;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
@@ -42,23 +43,28 @@ import java.util.Random;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.atomic.AtomicBoolean;
 
+import static java.util.Collections.emptyList;
+import static java.util.Collections.emptyMap;
+import static java.util.Collections.singletonList;
+import static java.util.Collections.singletonMap;
 import static java.util.concurrent.TimeUnit.SECONDS;
 import static org.briarproject.bramble.api.db.Metadata.REMOVE;
 import static org.briarproject.bramble.api.sync.Group.Visibility.INVISIBLE;
 import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
 import static org.briarproject.bramble.api.sync.Group.Visibility.VISIBLE;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_LENGTH;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.DELIVERED;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.INVALID;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.PENDING;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.UNKNOWN;
 import static org.briarproject.bramble.test.TestUtils.getAuthor;
+import static org.briarproject.bramble.test.TestUtils.getClientId;
+import static org.briarproject.bramble.test.TestUtils.getGroup;
 import static org.briarproject.bramble.test.TestUtils.getLocalAuthor;
 import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
 import static org.briarproject.bramble.test.TestUtils.getRandomId;
 import static org.briarproject.bramble.test.TestUtils.getSecretKey;
-import static org.briarproject.bramble.util.StringUtils.getRandomString;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@@ -86,12 +92,12 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 	private final Message message;
 	private final TransportId transportId;
 	private final ContactId contactId;
+	private final KeySetId keySetId, keySetId1;
 
 	JdbcDatabaseTest() throws Exception {
-		groupId = new GroupId(getRandomId());
-		clientId = new ClientId(getRandomString(123));
-		byte[] descriptor = new byte[MAX_GROUP_DESCRIPTOR_LENGTH];
-		group = new Group(groupId, clientId, descriptor);
+		clientId = getClientId();
+		group = getGroup(clientId);
+		groupId = group.getId();
 		author = getAuthor();
 		localAuthor = getLocalAuthor();
 		messageId = new MessageId(getRandomId());
@@ -99,8 +105,10 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		size = 1234;
 		raw = getRandomBytes(size);
 		message = new Message(messageId, groupId, timestamp, raw);
-		transportId = new TransportId("id");
+		transportId = getTransportId();
 		contactId = new ContactId(1);
+		keySetId = new KeySetId(1);
+		keySetId1 = new KeySetId(2);
 	}
 
 	protected abstract JdbcDatabase createDatabase(DatabaseConfig config,
@@ -190,9 +198,9 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		// The contact has not seen the message, so it should be sendable
 		Collection<MessageId> ids =
 				db.getMessagesToSend(txn, contactId, ONE_MEGABYTE);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 		ids = db.getMessagesToOffer(txn, contactId, 100);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 
 		// Changing the status to seen = true should make the message unsendable
 		db.raiseSeenFlag(txn, contactId, messageId);
@@ -228,9 +236,9 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		// Marking the message delivered should make it sendable
 		db.setMessageState(txn, messageId, DELIVERED);
 		ids = db.getMessagesToSend(txn, contactId, ONE_MEGABYTE);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 		ids = db.getMessagesToOffer(txn, contactId, 100);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 
 		// Marking the message invalid should make it unsendable
 		db.setMessageState(txn, messageId, INVALID);
@@ -279,9 +287,9 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		// Sharing the group should make the message sendable
 		db.setGroupVisibility(txn, contactId, groupId, true);
 		ids = db.getMessagesToSend(txn, contactId, ONE_MEGABYTE);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 		ids = db.getMessagesToOffer(txn, contactId, 100);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 
 		// Unsharing the group should make the message unsendable
 		db.setGroupVisibility(txn, contactId, groupId, false);
@@ -324,9 +332,9 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		// Sharing the message should make it sendable
 		db.setMessageShared(txn, messageId);
 		ids = db.getMessagesToSend(txn, contactId, ONE_MEGABYTE);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 		ids = db.getMessagesToOffer(txn, contactId, 100);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 
 		db.commitTransaction(txn);
 		db.close();
@@ -352,7 +360,7 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 
 		// The message is just the right size to send
 		ids = db.getMessagesToSend(txn, contactId, size);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 
 		db.commitTransaction(txn);
 		db.close();
@@ -384,7 +392,7 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		db.lowerAckFlag(txn, contactId, Arrays.asList(messageId, messageId1));
 
 		// Both message IDs should have been removed
-		assertEquals(Collections.emptyList(), db.getMessagesToAck(txn,
+		assertEquals(emptyList(), db.getMessagesToAck(txn,
 				contactId, 1234));
 
 		// Raise the ack flag again
@@ -415,7 +423,7 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		// Retrieve the message from the database and mark it as sent
 		Collection<MessageId> ids = db.getMessagesToSend(txn, contactId,
 				ONE_MEGABYTE);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 		db.updateExpiryTime(txn, contactId, messageId, Integer.MAX_VALUE);
 
 		// The message should no longer be sendable
@@ -626,31 +634,31 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 
 		// The group should not be visible to the contact
 		assertEquals(INVISIBLE, db.getGroupVisibility(txn, contactId, groupId));
-		assertEquals(Collections.emptyMap(),
+		assertEquals(emptyMap(),
 				db.getGroupVisibility(txn, groupId));
 
 		// Make the group visible to the contact
 		db.addGroupVisibility(txn, contactId, groupId, false);
 		assertEquals(VISIBLE, db.getGroupVisibility(txn, contactId, groupId));
-		assertEquals(Collections.singletonMap(contactId, false),
+		assertEquals(singletonMap(contactId, false),
 				db.getGroupVisibility(txn, groupId));
 
 		// Share the group with the contact
 		db.setGroupVisibility(txn, contactId, groupId, true);
 		assertEquals(SHARED, db.getGroupVisibility(txn, contactId, groupId));
-		assertEquals(Collections.singletonMap(contactId, true),
+		assertEquals(singletonMap(contactId, true),
 				db.getGroupVisibility(txn, groupId));
 
 		// Unshare the group with the contact
 		db.setGroupVisibility(txn, contactId, groupId, false);
 		assertEquals(VISIBLE, db.getGroupVisibility(txn, contactId, groupId));
-		assertEquals(Collections.singletonMap(contactId, false),
+		assertEquals(singletonMap(contactId, false),
 				db.getGroupVisibility(txn, groupId));
 
 		// Make the group invisible again
 		db.removeGroupVisibility(txn, contactId, groupId);
 		assertEquals(INVISIBLE, db.getGroupVisibility(txn, contactId, groupId));
-		assertEquals(Collections.emptyMap(),
+		assertEquals(emptyMap(),
 				db.getGroupVisibility(txn, groupId));
 
 		db.commitTransaction(txn);
@@ -660,48 +668,125 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 	@Test
 	public void testTransportKeys() throws Exception {
 		TransportKeys keys = createTransportKeys();
+		TransportKeys keys1 = createTransportKeys();
 
 		Database<Connection> db = open(false);
 		Connection txn = db.startTransaction();
 
 		// Initially there should be no transport keys in the database
-		assertEquals(Collections.emptyMap(),
-				db.getTransportKeys(txn, transportId));
+		assertEquals(emptyList(), db.getTransportKeys(txn, transportId));
 
 		// Add the contact, the transport and the transport keys
 		db.addLocalAuthor(txn, localAuthor);
 		assertEquals(contactId, db.addContact(txn, author, localAuthor.getId(),
 				true, true));
 		db.addTransport(txn, transportId, 123);
-		db.addTransportKeys(txn, contactId, keys);
+		assertEquals(keySetId, db.addTransportKeys(txn, contactId, keys));
+		assertEquals(keySetId1, db.addTransportKeys(txn, contactId, keys1));
 
 		// Retrieve the transport keys
-		Map<ContactId, TransportKeys> newKeys =
-				db.getTransportKeys(txn, transportId);
-		assertEquals(1, newKeys.size());
-		Entry<ContactId, TransportKeys> e =
-				newKeys.entrySet().iterator().next();
-		assertEquals(contactId, e.getKey());
-		TransportKeys k = e.getValue();
-		assertEquals(transportId, k.getTransportId());
-		assertKeysEquals(keys.getPreviousIncomingKeys(),
-				k.getPreviousIncomingKeys());
-		assertKeysEquals(keys.getCurrentIncomingKeys(),
-				k.getCurrentIncomingKeys());
-		assertKeysEquals(keys.getNextIncomingKeys(),
-				k.getNextIncomingKeys());
-		assertKeysEquals(keys.getCurrentOutgoingKeys(),
-				k.getCurrentOutgoingKeys());
+		Collection<KeySet> allKeys = db.getTransportKeys(txn, transportId);
+		assertEquals(2, allKeys.size());
+		for (KeySet ks : allKeys) {
+			assertEquals(contactId, ks.getContactId());
+			if (ks.getKeySetId().equals(keySetId)) {
+				assertKeysEquals(keys, ks.getTransportKeys());
+			} else {
+				assertEquals(keySetId1, ks.getKeySetId());
+				assertKeysEquals(keys1, ks.getTransportKeys());
+			}
+		}
 
 		// Removing the contact should remove the transport keys
 		db.removeContact(txn, contactId);
-		assertEquals(Collections.emptyMap(),
-				db.getTransportKeys(txn, transportId));
+		assertEquals(emptyList(), db.getTransportKeys(txn, transportId));
 
 		db.commitTransaction(txn);
 		db.close();
 	}
 
+	@Test
+	public void testUnboundTransportKeys() throws Exception {
+		TransportKeys keys = createTransportKeys();
+		TransportKeys keys1 = createTransportKeys();
+
+		Database<Connection> db = open(false);
+		Connection txn = db.startTransaction();
+
+		// Initially there should be no transport keys in the database
+		assertEquals(emptyList(), db.getTransportKeys(txn, transportId));
+
+		// Add the contact, the transport and the unbound transport keys
+		db.addLocalAuthor(txn, localAuthor);
+		assertEquals(contactId, db.addContact(txn, author, localAuthor.getId(),
+				true, true));
+		db.addTransport(txn, transportId, 123);
+		assertEquals(keySetId, db.addTransportKeys(txn, null, keys));
+		assertEquals(keySetId1, db.addTransportKeys(txn, null, keys1));
+
+		// Retrieve the transport keys
+		Collection<KeySet> allKeys = db.getTransportKeys(txn, transportId);
+		assertEquals(2, allKeys.size());
+		for (KeySet ks : allKeys) {
+			assertNull(ks.getContactId());
+			if (ks.getKeySetId().equals(keySetId)) {
+				assertKeysEquals(keys, ks.getTransportKeys());
+			} else {
+				assertEquals(keySetId1, ks.getKeySetId());
+				assertKeysEquals(keys1, ks.getTransportKeys());
+			}
+		}
+
+		// Bind the first set of transport keys
+		db.bindTransportKeys(txn, contactId, transportId, keySetId);
+
+		// Retrieve the keys again - the first set should be bound
+		allKeys = db.getTransportKeys(txn, transportId);
+		assertEquals(2, allKeys.size());
+		for (KeySet ks : allKeys) {
+			if (ks.getKeySetId().equals(keySetId)) {
+				assertEquals(contactId, ks.getContactId());
+				assertKeysEquals(keys, ks.getTransportKeys());
+			} else {
+				assertEquals(keySetId1, ks.getKeySetId());
+				assertNull(ks.getContactId());
+				assertKeysEquals(keys1, ks.getTransportKeys());
+			}
+		}
+
+		// Remove the unbound transport keys
+		db.removeTransportKeys(txn, transportId, keySetId1);
+
+		// Retrieve the keys again - the second set should be gone
+		allKeys = db.getTransportKeys(txn, transportId);
+		assertEquals(1, allKeys.size());
+		KeySet ks = allKeys.iterator().next();
+		assertEquals(keySetId, ks.getKeySetId());
+		assertEquals(contactId, ks.getContactId());
+		assertKeysEquals(keys, ks.getTransportKeys());
+
+		// Removing the transport should remove the remaining transport keys
+		db.removeTransport(txn, transportId);
+		assertEquals(emptyList(), db.getTransportKeys(txn, transportId));
+
+		db.commitTransaction(txn);
+		db.close();
+	}
+
+	private void assertKeysEquals(TransportKeys expected,
+			TransportKeys actual) {
+		assertEquals(expected.getTransportId(), actual.getTransportId());
+		assertEquals(expected.getRotationPeriod(), actual.getRotationPeriod());
+		assertKeysEquals(expected.getPreviousIncomingKeys(),
+				actual.getPreviousIncomingKeys());
+		assertKeysEquals(expected.getCurrentIncomingKeys(),
+				actual.getCurrentIncomingKeys());
+		assertKeysEquals(expected.getNextIncomingKeys(),
+				actual.getNextIncomingKeys());
+		assertKeysEquals(expected.getCurrentOutgoingKeys(),
+				actual.getCurrentOutgoingKeys());
+	}
+
 	private void assertKeysEquals(IncomingKeys expected, IncomingKeys actual) {
 		assertArrayEquals(expected.getTagKey().getBytes(),
 				actual.getTagKey().getBytes());
@@ -719,6 +804,7 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 				actual.getHeaderKey().getBytes());
 		assertEquals(expected.getRotationPeriod(), actual.getRotationPeriod());
 		assertEquals(expected.getStreamCounter(), actual.getStreamCounter());
+		assertEquals(expected.isActive(), actual.isActive());
 	}
 
 	@Test
@@ -735,18 +821,18 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		assertEquals(contactId, db.addContact(txn, author, localAuthor.getId(),
 				true, true));
 		db.addTransport(txn, transportId, 123);
-		db.updateTransportKeys(txn, Collections.singletonMap(contactId, keys));
+		db.updateTransportKeys(txn,
+				singletonList(new KeySet(keySetId, contactId, keys)));
 
 		// Increment the stream counter twice and retrieve the transport keys
-		db.incrementStreamCounter(txn, contactId, transportId, rotationPeriod);
-		db.incrementStreamCounter(txn, contactId, transportId, rotationPeriod);
-		Map<ContactId, TransportKeys> newKeys =
-				db.getTransportKeys(txn, transportId);
+		db.incrementStreamCounter(txn, transportId, keySetId);
+		db.incrementStreamCounter(txn, transportId, keySetId);
+		Collection<KeySet> newKeys = db.getTransportKeys(txn, transportId);
 		assertEquals(1, newKeys.size());
-		Entry<ContactId, TransportKeys> e =
-				newKeys.entrySet().iterator().next();
-		assertEquals(contactId, e.getKey());
-		TransportKeys k = e.getValue();
+		KeySet ks = newKeys.iterator().next();
+		assertEquals(keySetId, ks.getKeySetId());
+		assertEquals(contactId, ks.getContactId());
+		TransportKeys k = ks.getTransportKeys();
 		assertEquals(transportId, k.getTransportId());
 		OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
 		assertEquals(rotationPeriod, outCurr.getRotationPeriod());
@@ -771,19 +857,19 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		assertEquals(contactId, db.addContact(txn, author, localAuthor.getId(),
 				true, true));
 		db.addTransport(txn, transportId, 123);
-		db.updateTransportKeys(txn, Collections.singletonMap(contactId, keys));
+		db.updateTransportKeys(txn,
+				singletonList(new KeySet(keySetId, contactId, keys)));
 
 		// Update the reordering window and retrieve the transport keys
 		new Random().nextBytes(bitmap);
-		db.setReorderingWindow(txn, contactId, transportId, rotationPeriod,
+		db.setReorderingWindow(txn, keySetId, transportId, rotationPeriod,
 				base + 1, bitmap);
-		Map<ContactId, TransportKeys> newKeys =
-				db.getTransportKeys(txn, transportId);
+		Collection<KeySet> newKeys = db.getTransportKeys(txn, transportId);
 		assertEquals(1, newKeys.size());
-		Entry<ContactId, TransportKeys> e =
-				newKeys.entrySet().iterator().next();
-		assertEquals(contactId, e.getKey());
-		TransportKeys k = e.getValue();
+		KeySet ks = newKeys.iterator().next();
+		assertEquals(keySetId, ks.getKeySetId());
+		assertEquals(contactId, ks.getContactId());
+		TransportKeys k = ks.getTransportKeys();
 		assertEquals(transportId, k.getTransportId());
 		IncomingKeys inCurr = k.getCurrentIncomingKeys();
 		assertEquals(rotationPeriod, inCurr.getRotationPeriod());
@@ -830,18 +916,18 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		db.addLocalAuthor(txn, localAuthor);
 		Collection<ContactId> contacts =
 				db.getContacts(txn, localAuthor.getId());
-		assertEquals(Collections.emptyList(), contacts);
+		assertEquals(emptyList(), contacts);
 
 		// Add a contact associated with the local author
 		assertEquals(contactId, db.addContact(txn, author, localAuthor.getId(),
 				true, true));
 		contacts = db.getContacts(txn, localAuthor.getId());
-		assertEquals(Collections.singletonList(contactId), contacts);
+		assertEquals(singletonList(contactId), contacts);
 
 		// Remove the local author - the contact should be removed
 		db.removeLocalAuthor(txn, localAuthor.getId());
 		contacts = db.getContacts(txn, localAuthor.getId());
-		assertEquals(Collections.emptyList(), contacts);
+		assertEquals(emptyList(), contacts);
 		assertFalse(db.containsContact(txn, contactId));
 
 		db.commitTransaction(txn);
@@ -1227,6 +1313,8 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		MessageId messageId4 = new MessageId(getRandomId());
 		Message message1 = new Message(messageId1, groupId, timestamp, raw);
 		Message message2 = new Message(messageId2, groupId, timestamp, raw);
+		Message message3 = new Message(messageId3, groupId, timestamp, raw);
+		Message message4 = new Message(messageId4, groupId, timestamp, raw);
 
 		Database<Connection> db = open(false);
 		Connection txn = db.startTransaction();
@@ -1234,21 +1322,21 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		// Add a group and some messages
 		db.addGroup(txn, group);
 		db.addMessage(txn, message, PENDING, true, contactId);
-		db.addMessage(txn, message1, DELIVERED, true, contactId);
+		db.addMessage(txn, message1, PENDING, true, contactId);
 		db.addMessage(txn, message2, INVALID, true, contactId);
 
 		// Add dependencies
-		db.addMessageDependency(txn, groupId, messageId, messageId1);
-		db.addMessageDependency(txn, groupId, messageId, messageId2);
-		db.addMessageDependency(txn, groupId, messageId1, messageId3);
-		db.addMessageDependency(txn, groupId, messageId2, messageId4);
+		db.addMessageDependency(txn, message, messageId1, PENDING);
+		db.addMessageDependency(txn, message, messageId2, PENDING);
+		db.addMessageDependency(txn, message1, messageId3, PENDING);
+		db.addMessageDependency(txn, message2, messageId4, INVALID);
 
 		Map<MessageId, State> dependencies;
 
 		// Retrieve dependencies for root
 		dependencies = db.getMessageDependencies(txn, messageId);
 		assertEquals(2, dependencies.size());
-		assertEquals(DELIVERED, dependencies.get(messageId1));
+		assertEquals(PENDING, dependencies.get(messageId1));
 		assertEquals(INVALID, dependencies.get(messageId2));
 
 		// Retrieve dependencies for message 1
@@ -1281,10 +1369,24 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		assertEquals(1, dependents.size());
 		assertEquals(PENDING, dependents.get(messageId));
 
+		// Message 3 is missing, so it has no dependents
+		dependents = db.getMessageDependents(txn, messageId3);
+		assertEquals(0, dependents.size());
+
+		// Add message 3
+		db.addMessage(txn, message3, UNKNOWN, false, contactId);
+
 		// Message 3 has message 1 as a dependent
 		dependents = db.getMessageDependents(txn, messageId3);
 		assertEquals(1, dependents.size());
-		assertEquals(DELIVERED, dependents.get(messageId1));
+		assertEquals(PENDING, dependents.get(messageId1));
+
+		// Message 4 is missing, so it has no dependents
+		dependents = db.getMessageDependents(txn, messageId4);
+		assertEquals(0, dependents.size());
+
+		// Add message 4
+		db.addMessage(txn, message4, UNKNOWN, false, contactId);
 
 		// Message 4 has message 2 as a dependent
 		dependents = db.getMessageDependents(txn, messageId4);
@@ -1305,9 +1407,8 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		db.addMessage(txn, message, PENDING, true, contactId);
 
 		// Add a second group
-		GroupId groupId1 = new GroupId(getRandomId());
-		Group group1 = new Group(groupId1, clientId,
-				getRandomBytes(MAX_GROUP_DESCRIPTOR_LENGTH));
+		Group group1 = getGroup(clientId);
+		GroupId groupId1 = group1.getId();
 		db.addGroup(txn, group1);
 
 		// Add a message to the second group
@@ -1324,16 +1425,16 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		db.addMessage(txn, message3, DELIVERED, true, contactId);
 
 		// Add dependencies between the messages
-		db.addMessageDependency(txn, groupId, messageId, messageId1);
-		db.addMessageDependency(txn, groupId, messageId, messageId2);
-		db.addMessageDependency(txn, groupId, messageId, messageId3);
+		db.addMessageDependency(txn, message, messageId1, PENDING);
+		db.addMessageDependency(txn, message, messageId2, PENDING);
+		db.addMessageDependency(txn, message, messageId3, PENDING);
 
 		// Retrieve the dependencies for the root
 		Map<MessageId, State> dependencies;
 		dependencies = db.getMessageDependencies(txn, messageId);
 
-		// The cross-group dependency should have state INVALID
-		assertEquals(INVALID, dependencies.get(messageId1));
+		// The cross-group dependency should have state UNKNOWN
+		assertEquals(UNKNOWN, dependencies.get(messageId1));
 
 		// The missing dependency should have state UNKNOWN
 		assertEquals(UNKNOWN, dependencies.get(messageId2));
@@ -1345,8 +1446,8 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		Map<MessageId, State> dependents;
 		dependents = db.getMessageDependents(txn, messageId1);
 
-		// The cross-group dependent should have its real state
-		assertEquals(PENDING, dependents.get(messageId));
+		// The cross-group dependent should be excluded
+		assertFalse(dependents.containsKey(messageId));
 
 		db.commitTransaction(txn);
 		db.close();
@@ -1376,12 +1477,12 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		Collection<MessageId> result;
 
 		// Retrieve messages to be validated
-		result = db.getMessagesToValidate(txn, clientId);
+		result = db.getMessagesToValidate(txn);
 		assertEquals(1, result.size());
 		assertTrue(result.contains(mId1));
 
 		// Retrieve pending messages
-		result = db.getPendingMessages(txn, clientId);
+		result = db.getPendingMessages(txn);
 		assertEquals(1, result.size());
 		assertTrue(result.contains(mId3));
 
@@ -1411,13 +1512,12 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		db.addMessage(txn, m4, DELIVERED, true, contactId);
 
 		// Introduce dependencies between the messages
-		db.addMessageDependency(txn, groupId, mId1, mId2);
-		db.addMessageDependency(txn, groupId, mId3, mId1);
-		db.addMessageDependency(txn, groupId, mId4, mId3);
+		db.addMessageDependency(txn, m1, mId2, DELIVERED);
+		db.addMessageDependency(txn, m3, mId1, DELIVERED);
+		db.addMessageDependency(txn, m4, mId3, DELIVERED);
 
 		// Retrieve messages to be shared
-		Collection<MessageId> result =
-				db.getMessagesToShare(txn, clientId);
+		Collection<MessageId> result = db.getMessagesToShare(txn);
 		assertEquals(2, result.size());
 		assertTrue(result.contains(mId2));
 		assertTrue(result.contains(mId3));
@@ -1545,9 +1645,9 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		// The message should be sendable
 		Collection<MessageId> ids = db.getMessagesToSend(txn, contactId,
 				ONE_MEGABYTE);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 		ids = db.getMessagesToOffer(txn, contactId, 100);
-		assertEquals(Collections.singletonList(messageId), ids);
+		assertEquals(singletonList(messageId), ids);
 
 		// The raw message should not be null
 		assertNotNull(db.getRawMessage(txn, messageId));
@@ -1700,7 +1800,7 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		Database<Connection> db = createDatabase(
 				new TestDatabaseConfig(testDir, MAX_SIZE), clock);
 		if (!resume) TestUtils.deleteTestDirectory(testDir);
-		db.open();
+		db.open(null);
 		return db;
 	}
 
@@ -1720,7 +1820,7 @@ public abstract class JdbcDatabaseTest extends BrambleTestCase {
 		SecretKey outCurrTagKey = getSecretKey();
 		SecretKey outCurrHeaderKey = getSecretKey();
 		OutgoingKeys outCurr = new OutgoingKeys(outCurrTagKey, outCurrHeaderKey,
-				2, 456);
+				2, 456, true);
 		return new TransportKeys(transportId, inPrev, inCurr, inNext, outCurr);
 	}
 

bramble-core/src/test/java/org/briarproject/bramble/db/SingleDatabasePerformanceTest.java

@@ -40,7 +40,7 @@ public abstract class SingleDatabasePerformanceTest
 	private Database<Connection> openDatabase() throws DbException {
 		Database<Connection> db = createDatabase(
 				new TestDatabaseConfig(testDir, MAX_SIZE), new SystemClock());
-		db.open();
+		db.open(null);
 		return db;
 	}
 

bramble-core/src/test/java/org/briarproject/bramble/keyagreement/KeyAgreementTransportTest.java

@@ -19,6 +19,7 @@ import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.RE
 import static org.briarproject.bramble.api.keyagreement.RecordTypes.ABORT;
 import static org.briarproject.bramble.api.keyagreement.RecordTypes.CONFIRM;
 import static org.briarproject.bramble.api.keyagreement.RecordTypes.KEY;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 
@@ -31,7 +32,7 @@ public class KeyAgreementTransportTest extends BrambleMockTestCase {
 	private final TransportConnectionWriter transportConnectionWriter =
 			context.mock(TransportConnectionWriter.class);
 
-	private final TransportId transportId = new TransportId("test");
+	private final TransportId transportId = getTransportId();
 	private final KeyAgreementConnection keyAgreementConnection =
 			new KeyAgreementConnection(duplexTransportConnection, transportId);
 

bramble-core/src/test/java/org/briarproject/bramble/plugin/ConnectionRegistryImplTest.java

@@ -17,6 +17,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.NoSuchElementException;
 
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
@@ -29,8 +30,8 @@ public class ConnectionRegistryImplTest extends BrambleTestCase {
 	public ConnectionRegistryImplTest() {
 		contactId = new ContactId(1);
 		contactId1 = new ContactId(2);
-		transportId = new TransportId("id");
-		transportId1 = new TransportId("id1");
+		transportId = getTransportId();
+		transportId1 = getTransportId();
 	}
 
 	@Test

bramble-core/src/test/java/org/briarproject/bramble/plugin/PluginManagerImplTest.java

@@ -24,6 +24,8 @@ import java.util.Arrays;
 import java.util.concurrent.Executor;
 import java.util.concurrent.Executors;
 
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
+
 public class PluginManagerImplTest extends BrambleTestCase {
 
 	@Test
@@ -46,21 +48,21 @@ public class PluginManagerImplTest extends BrambleTestCase {
 		SimplexPluginFactory simplexFactory =
 				context.mock(SimplexPluginFactory.class);
 		SimplexPlugin simplexPlugin = context.mock(SimplexPlugin.class);
-		TransportId simplexId = new TransportId("simplex");
+		TransportId simplexId = getTransportId();
 		SimplexPluginFactory simplexFailFactory =
 				context.mock(SimplexPluginFactory.class, "simplexFailFactory");
 		SimplexPlugin simplexFailPlugin =
 				context.mock(SimplexPlugin.class, "simplexFailPlugin");
-		TransportId simplexFailId = new TransportId("simplex1");
+		TransportId simplexFailId = getTransportId();
 
 		// Two duplex plugin factories: one creates a plugin, the other fails
 		DuplexPluginFactory duplexFactory =
 				context.mock(DuplexPluginFactory.class);
 		DuplexPlugin duplexPlugin = context.mock(DuplexPlugin.class);
-		TransportId duplexId = new TransportId("duplex");
+		TransportId duplexId = getTransportId();
 		DuplexPluginFactory duplexFailFactory =
 				context.mock(DuplexPluginFactory.class, "duplexFailFactory");
-		TransportId duplexFailId = new TransportId("duplex1");
+		TransportId duplexFailId = getTransportId();
 
 		context.checking(new Expectations() {{
 			allowing(simplexPlugin).getId();

bramble-core/src/test/java/org/briarproject/bramble/plugin/PollerTest.java

@@ -32,6 +32,7 @@ import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
 
 public class PollerTest extends BrambleMockTestCase {
 
@@ -48,7 +49,7 @@ public class PollerTest extends BrambleMockTestCase {
 	private final SecureRandom random;
 
 	private final Executor ioExecutor = new ImmediateExecutor();
-	private final TransportId transportId = new TransportId("id");
+	private final TransportId transportId = getTransportId();
 	private final ContactId contactId = new ContactId(234);
 	private final int pollingInterval = 60 * 1000;
 	private final long now = System.currentTimeMillis();
@@ -64,7 +65,7 @@ public class PollerTest extends BrambleMockTestCase {
 		SimplexPlugin simplexPlugin = context.mock(SimplexPlugin.class);
 		SimplexPlugin simplexPlugin1 =
 				context.mock(SimplexPlugin.class, "simplexPlugin1");
-		TransportId simplexId1 = new TransportId("simplex1");
+		TransportId simplexId1 = getTransportId();
 		List<SimplexPlugin> simplexPlugins = Arrays.asList(simplexPlugin,
 				simplexPlugin1);
 		TransportConnectionWriter simplexWriter =
@@ -72,7 +73,7 @@ public class PollerTest extends BrambleMockTestCase {
 
 		// Two duplex plugins: one supports polling, the other doesn't
 		DuplexPlugin duplexPlugin = context.mock(DuplexPlugin.class);
-		TransportId duplexId = new TransportId("duplex");
+		TransportId duplexId = getTransportId();
 		DuplexPlugin duplexPlugin1 =
 				context.mock(DuplexPlugin.class, "duplexPlugin1");
 		List<DuplexPlugin> duplexPlugins = Arrays.asList(duplexPlugin,
@@ -349,7 +350,6 @@ public class PollerTest extends BrambleMockTestCase {
 	@Test
 	public void testCancelsPollingOnTransportDisabled() throws Exception {
 		Plugin plugin = context.mock(Plugin.class);
-		List<ContactId> connected = Collections.singletonList(contactId);
 
 		context.checking(new Expectations() {{
 			allowing(plugin).getId();

bramble-core/src/test/java/org/briarproject/bramble/plugin/tcp/LanTcpPluginTest.java

@@ -2,7 +2,6 @@ package org.briarproject.bramble.plugin.tcp;
 
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.data.BdfList;
-import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
@@ -26,11 +25,9 @@ import java.util.Collections;
 import java.util.Comparator;
 import java.util.Hashtable;
 import java.util.Map;
-import java.util.concurrent.Callable;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.Executor;
 import java.util.concurrent.Executors;
-import java.util.concurrent.FutureTask;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import static java.util.concurrent.TimeUnit.SECONDS;
@@ -195,9 +192,16 @@ public class LanTcpPluginTest extends BrambleTestCase {
 		KeyAgreementListener kal =
 				plugin.createKeyAgreementListener(new byte[COMMIT_LENGTH]);
 		assertNotNull(kal);
-		Callable<KeyAgreementConnection> c = kal.listen();
-		FutureTask<KeyAgreementConnection> f = new FutureTask<>(c);
-		new Thread(f).start();
+		CountDownLatch latch = new CountDownLatch(1);
+		AtomicBoolean error = new AtomicBoolean(false);
+		new Thread(() -> {
+			try {
+				kal.accept();
+				latch.countDown();
+			} catch (IOException e) {
+				error.set(true);
+			}
+		}).start();
 		// The plugin should have bound a socket and stored the port number
 		BdfList descriptor = kal.getDescriptor();
 		assertEquals(3, descriptor.size());
@@ -213,10 +217,12 @@ public class LanTcpPluginTest extends BrambleTestCase {
 		InetSocketAddress socketAddr = new InetSocketAddress(addr, port);
 		Socket s = new Socket();
 		s.connect(socketAddr, 100);
-		assertNotNull(f.get(5, SECONDS));
+		// Check that the connection was accepted
+		assertTrue(latch.await(5, SECONDS));
+		assertFalse(error.get());
+		// Clean up
 		s.close();
 		kal.close();
-		// Stop the plugin
 		plugin.stop();
 	}
 
@@ -262,7 +268,7 @@ public class LanTcpPluginTest extends BrambleTestCase {
 		descriptor.add(local.getPort());
 		// Connect to the port
 		DuplexTransportConnection d = plugin.createKeyAgreementConnection(
-				new byte[COMMIT_LENGTH], descriptor, 5000);
+				new byte[COMMIT_LENGTH], descriptor);
 		assertNotNull(d);
 		// Check that the connection was accepted
 		assertTrue(latch.await(5, SECONDS));

bramble-core/src/test/java/org/briarproject/bramble/properties/TransportPropertyManagerImplTest.java

@@ -32,9 +32,9 @@ import java.util.Map;
 import static org.briarproject.bramble.api.properties.TransportPropertyManager.CLIENT_ID;
 import static org.briarproject.bramble.api.properties.TransportPropertyManager.CLIENT_VERSION;
 import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
 import static org.briarproject.bramble.test.TestUtils.getAuthor;
+import static org.briarproject.bramble.test.TestUtils.getGroup;
 import static org.briarproject.bramble.test.TestUtils.getLocalAuthor;
 import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
 import static org.briarproject.bramble.test.TestUtils.getRandomId;
@@ -51,7 +51,7 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 			context.mock(ContactGroupFactory.class);
 	private final Clock clock = context.mock(Clock.class);
 
-	private final Group localGroup = getGroup();
+	private final Group localGroup = getGroup(CLIENT_ID);
 	private final LocalAuthor localAuthor = getLocalAuthor();
 	private final BdfDictionary fooPropertiesDict = BdfDictionary.of(
 			new BdfEntry("fooKey1", "fooValue1"),
@@ -90,7 +90,8 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		Contact contact1 = getContact(true);
 		Contact contact2 = getContact(true);
 		List<Contact> contacts = Arrays.asList(contact1, contact2);
-		Group contactGroup1 = getGroup(), contactGroup2 = getGroup();
+		Group contactGroup1 = getGroup(CLIENT_ID);
+		Group contactGroup2 = getGroup(CLIENT_ID);
 
 		context.checking(new Expectations() {{
 			oneOf(db).containsGroup(txn, localGroup.getId());
@@ -143,7 +144,7 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 	public void testCreatesContactGroupWhenAddingContact() throws Exception {
 		Transaction txn = new Transaction(null, false);
 		Contact contact = getContact(true);
-		Group contactGroup = getGroup();
+		Group contactGroup = getGroup(CLIENT_ID);
 
 		context.checking(new Expectations() {{
 			// Create the group and share it with the contact
@@ -171,7 +172,7 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 	public void testRemovesGroupWhenRemovingContact() throws Exception {
 		Transaction txn = new Transaction(null, false);
 		Contact contact = getContact(true);
-		Group contactGroup = getGroup();
+		Group contactGroup = getGroup(CLIENT_ID);
 
 		context.checking(new Expectations() {{
 			oneOf(contactGroupFactory).createContactGroup(CLIENT_ID,
@@ -306,7 +307,7 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 	@Test
 	public void testStoresRemotePropertiesWithVersion0() throws Exception {
 		Contact contact = getContact(true);
-		Group contactGroup = getGroup();
+		Group contactGroup = getGroup(CLIENT_ID);
 		Transaction txn = new Transaction(null, false);
 		Map<TransportId, TransportProperties> properties =
 				new LinkedHashMap<>();
@@ -399,6 +400,9 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 			will(returnValue(messageMetadata));
 			oneOf(clientHelper).getMessageAsList(txn, fooUpdateId);
 			will(returnValue(fooUpdate));
+			oneOf(clientHelper).parseAndValidateTransportProperties(
+					fooPropertiesDict);
+			will(returnValue(fooProperties));
 			oneOf(db).commitTransaction(txn);
 			oneOf(db).endTransaction(txn);
 		}});
@@ -417,8 +421,8 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		Contact contact3 = getContact(true);
 		List<Contact> contacts =
 				Arrays.asList(contact1, contact2, contact3);
-		Group contactGroup2 = getGroup();
-		Group contactGroup3 = getGroup();
+		Group contactGroup2 = getGroup(CLIENT_ID);
+		Group contactGroup3 = getGroup(CLIENT_ID);
 		Map<MessageId, BdfDictionary> messageMetadata3 =
 				new LinkedHashMap<>();
 		// A remote update for another transport should be ignored
@@ -466,6 +470,9 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 			will(returnValue(messageMetadata3));
 			oneOf(clientHelper).getMessageAsList(txn, fooUpdateId);
 			will(returnValue(fooUpdate));
+			oneOf(clientHelper).parseAndValidateTransportProperties(
+					fooPropertiesDict);
+			will(returnValue(fooProperties));
 			oneOf(db).commitTransaction(txn);
 			oneOf(db).endTransaction(txn);
 		}});
@@ -501,6 +508,9 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 			will(returnValue(messageMetadata));
 			oneOf(clientHelper).getMessageAsList(txn, updateId);
 			will(returnValue(update));
+			oneOf(clientHelper).parseAndValidateTransportProperties(
+					fooPropertiesDict);
+			will(returnValue(fooProperties));
 			// Properties are unchanged so we're done
 			oneOf(db).commitTransaction(txn);
 			oneOf(db).endTransaction(txn);
@@ -514,7 +524,7 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 	public void testMergingNewPropertiesCreatesUpdate() throws Exception {
 		Transaction txn = new Transaction(null, false);
 		Contact contact = getContact(true);
-		Group contactGroup = getGroup();
+		Group contactGroup = getGroup(CLIENT_ID);
 
 		context.checking(new Expectations() {{
 			oneOf(db).startTransaction(false);
@@ -549,7 +559,7 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 	public void testMergingUpdatedPropertiesCreatesUpdate() throws Exception {
 		Transaction txn = new Transaction(null, false);
 		Contact contact = getContact(true);
-		Group contactGroup = getGroup();
+		Group contactGroup = getGroup(CLIENT_ID);
 		BdfDictionary oldMetadata = BdfDictionary.of(
 				new BdfEntry("transportId", "foo"),
 				new BdfEntry("version", 1),
@@ -561,9 +571,12 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		MessageId contactGroupUpdateId = new MessageId(getRandomId());
 		Map<MessageId, BdfDictionary> contactGroupMessageMetadata =
 				Collections.singletonMap(contactGroupUpdateId, oldMetadata);
-		BdfList oldUpdate = BdfList.of("foo", 1, BdfDictionary.of(
+		TransportProperties oldProperties = new TransportProperties();
+		oldProperties.put("fooKey1", "oldFooValue1");
+		BdfDictionary oldPropertiesDict = BdfDictionary.of(
 				new BdfEntry("fooKey1", "oldFooValue1")
-		));
+		);
+		BdfList oldUpdate = BdfList.of("foo", 1, oldPropertiesDict);
 
 		context.checking(new Expectations() {{
 			oneOf(db).startTransaction(false);
@@ -574,6 +587,9 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 			will(returnValue(localGroupMessageMetadata));
 			oneOf(clientHelper).getMessageAsList(txn, localGroupUpdateId);
 			will(returnValue(oldUpdate));
+			oneOf(clientHelper).parseAndValidateTransportProperties(
+					oldPropertiesDict);
+			will(returnValue(oldProperties));
 			// Store the merged properties in the local group, version 2
 			expectStoreMessage(txn, localGroup.getId(), "foo",
 					fooPropertiesDict, 2, true, false);
@@ -600,12 +616,6 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		t.mergeLocalProperties(new TransportId("foo"), fooProperties);
 	}
 
-	private Group getGroup() {
-		GroupId g = new GroupId(getRandomId());
-		byte[] descriptor = getRandomBytes(MAX_GROUP_DESCRIPTOR_LENGTH);
-		return new Group(g, CLIENT_ID, descriptor);
-	}
-
 	private Contact getContact(boolean active) {
 		ContactId c = new ContactId(nextContactId++);
 		return new Contact(c, getAuthor(), localAuthor.getId(),
@@ -643,8 +653,14 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 			// Retrieve and parse the latest local properties
 			oneOf(clientHelper).getMessageAsList(txn, fooVersion999);
 			will(returnValue(fooUpdate));
+			oneOf(clientHelper).parseAndValidateTransportProperties(
+					fooPropertiesDict);
+			will(returnValue(fooProperties));
 			oneOf(clientHelper).getMessageAsList(txn, barVersion3);
 			will(returnValue(barUpdate));
+			oneOf(clientHelper).parseAndValidateTransportProperties(
+					barPropertiesDict);
+			will(returnValue(barProperties));
 		}});
 	}
 

bramble-core/src/test/java/org/briarproject/bramble/properties/TransportPropertyValidatorTest.java

@@ -3,80 +3,78 @@ package org.briarproject.bramble.properties;
 import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.client.ClientHelper;
 import org.briarproject.bramble.api.data.BdfDictionary;
+import org.briarproject.bramble.api.data.BdfEntry;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.data.MetadataEncoder;
 import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.sync.ClientId;
+import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.sync.Group;
-import org.briarproject.bramble.api.sync.GroupId;
 import org.briarproject.bramble.api.sync.Message;
-import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.api.system.Clock;
-import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestUtils;
-import org.briarproject.bramble.util.StringUtils;
-import org.jmock.Mockery;
+import org.briarproject.bramble.test.BrambleMockTestCase;
+import org.jmock.Expectations;
 import org.junit.Test;
 
 import java.io.IOException;
 
 import static org.briarproject.bramble.api.plugin.TransportId.MAX_TRANSPORT_ID_LENGTH;
-import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MAX_PROPERTIES_PER_TRANSPORT;
+import static org.briarproject.bramble.test.TestUtils.getClientId;
+import static org.briarproject.bramble.test.TestUtils.getGroup;
+import static org.briarproject.bramble.test.TestUtils.getMessage;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
+import static org.briarproject.bramble.util.StringUtils.getRandomString;
 import static org.junit.Assert.assertEquals;
 
-public class TransportPropertyValidatorTest extends BrambleTestCase {
+public class TransportPropertyValidatorTest extends BrambleMockTestCase {
+
+	private final ClientHelper clientHelper = context.mock(ClientHelper.class);
 
 	private final TransportId transportId;
 	private final BdfDictionary bdfDictionary;
+	private final TransportProperties transportProperties;
 	private final Group group;
 	private final Message message;
 	private final TransportPropertyValidator tpv;
 
 	public TransportPropertyValidatorTest() {
-		transportId = new TransportId("test");
-		bdfDictionary = new BdfDictionary();
+		transportId = getTransportId();
+		bdfDictionary = BdfDictionary.of(new BdfEntry("foo", "bar"));
+		transportProperties = new TransportProperties();
+		transportProperties.put("foo", "bar");
 
-		GroupId groupId = new GroupId(TestUtils.getRandomId());
-		ClientId clientId = new ClientId(StringUtils.getRandomString(5));
-		byte[] descriptor = TestUtils.getRandomBytes(12);
-		group = new Group(groupId, clientId, descriptor);
+		group = getGroup(getClientId());
+		message = getMessage(group.getId());
 
-		MessageId messageId = new MessageId(TestUtils.getRandomId());
-		long timestamp = System.currentTimeMillis();
-		byte[] body = TestUtils.getRandomBytes(123);
-		message = new Message(messageId, groupId, timestamp, body);
-
-		Mockery context = new Mockery();
-		ClientHelper clientHelper = context.mock(ClientHelper.class);
 		MetadataEncoder metadataEncoder = context.mock(MetadataEncoder.class);
 		Clock clock = context.mock(Clock.class);
-
 		tpv = new TransportPropertyValidator(clientHelper, metadataEncoder,
 				clock);
 	}
 
 	@Test
 	public void testValidateProperMessage() throws IOException {
-
 		BdfList body = BdfList.of(transportId.getString(), 4, bdfDictionary);
 
-		BdfDictionary result = tpv.validateMessage(message, group, body)
-				.getDictionary();
+		context.checking(new Expectations() {{
+			oneOf(clientHelper).parseAndValidateTransportProperties(
+					bdfDictionary);
+			will(returnValue(transportProperties));
+		}});
 
-		assertEquals("test", result.getString("transportId"));
+		BdfDictionary result =
+				tpv.validateMessage(message, group, body).getDictionary();
+		assertEquals(transportId.getString(), result.getString("transportId"));
 		assertEquals(4, result.getLong("version").longValue());
 	}
 
 	@Test(expected = FormatException.class)
 	public void testValidateWrongVersionValue() throws IOException {
-
 		BdfList body = BdfList.of(transportId.getString(), -1, bdfDictionary);
 		tpv.validateMessage(message, group, body);
 	}
 
 	@Test(expected = FormatException.class)
 	public void testValidateWrongVersionType() throws IOException {
-
 		BdfList body = BdfList.of(transportId.getString(), bdfDictionary,
 				bdfDictionary);
 		tpv.validateMessage(message, group, body);
@@ -84,27 +82,15 @@ public class TransportPropertyValidatorTest extends BrambleTestCase {
 
 	@Test(expected = FormatException.class)
 	public void testValidateLongTransportId() throws IOException {
-
 		String wrongTransportIdString =
-				StringUtils.getRandomString(MAX_TRANSPORT_ID_LENGTH + 1);
+				getRandomString(MAX_TRANSPORT_ID_LENGTH + 1);
 		BdfList body = BdfList.of(wrongTransportIdString, 4, bdfDictionary);
 		tpv.validateMessage(message, group, body);
 	}
 
 	@Test(expected = FormatException.class)
 	public void testValidateEmptyTransportId() throws IOException {
-
 		BdfList body = BdfList.of("", 4, bdfDictionary);
 		tpv.validateMessage(message, group, body);
 	}
-
-	@Test(expected = FormatException.class)
-	public void testValidateTooManyProperties() throws IOException {
-
-		BdfDictionary d = new BdfDictionary();
-		for (int i = 0; i < MAX_PROPERTIES_PER_TRANSPORT + 1; i++)
-			d.put(String.valueOf(i), i);
-		BdfList body = BdfList.of(transportId.getString(), 4, d);
-		tpv.validateMessage(message, group, body);
-	}
 }

bramble-core/src/test/java/org/briarproject/bramble/sync/SyncIntegrationTest.java

@@ -36,7 +36,8 @@ import javax.inject.Inject;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.PROTOCOL_VERSION;
 import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
-import static org.briarproject.bramble.util.StringUtils.getRandomString;
+import static org.briarproject.bramble.test.TestUtils.getClientId;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@@ -73,13 +74,13 @@ public class SyncIntegrationTest extends BrambleTestCase {
 		component.inject(this);
 
 		contactId = new ContactId(234);
-		transportId = new TransportId("id");
+		transportId = getTransportId();
 		// Create the transport keys
 		tagKey = TestUtils.getSecretKey();
 		headerKey = TestUtils.getSecretKey();
 		streamNumber = 123;
 		// Create a group
-		ClientId clientId = new ClientId(getRandomString(123));
+		ClientId clientId = getClientId();
 		int clientVersion = 1234567890;
 		byte[] descriptor = new byte[MAX_GROUP_DESCRIPTOR_LENGTH];
 		Group group = groupFactory.createGroup(clientId, clientVersion,

bramble-core/src/test/java/org/briarproject/bramble/sync/ValidationManagerImplTest.java

@@ -21,9 +21,7 @@ import org.briarproject.bramble.api.sync.ValidationManager.State;
 import org.briarproject.bramble.api.sync.event.MessageAddedEvent;
 import org.briarproject.bramble.test.BrambleMockTestCase;
 import org.briarproject.bramble.test.ImmediateExecutor;
-import org.briarproject.bramble.test.TestUtils;
 import org.briarproject.bramble.util.ByteUtils;
-import org.briarproject.bramble.util.StringUtils;
 import org.jmock.Expectations;
 import org.junit.Before;
 import org.junit.Test;
@@ -38,6 +36,9 @@ import static org.briarproject.bramble.api.sync.ValidationManager.State.DELIVERE
 import static org.briarproject.bramble.api.sync.ValidationManager.State.INVALID;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.PENDING;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.UNKNOWN;
+import static org.briarproject.bramble.test.TestUtils.getClientId;
+import static org.briarproject.bramble.test.TestUtils.getGroup;
+import static org.briarproject.bramble.test.TestUtils.getRandomId;
 
 public class ValidationManagerImplTest extends BrambleMockTestCase {
 
@@ -51,14 +52,12 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 
 	private final Executor dbExecutor = new ImmediateExecutor();
 	private final Executor validationExecutor = new ImmediateExecutor();
-	private final ClientId clientId =
-			new ClientId(StringUtils.getRandomString(5));
-	private final MessageId messageId = new MessageId(TestUtils.getRandomId());
-	private final MessageId messageId1 = new MessageId(TestUtils.getRandomId());
-	private final MessageId messageId2 = new MessageId(TestUtils.getRandomId());
-	private final GroupId groupId = new GroupId(TestUtils.getRandomId());
-	private final byte[] descriptor = new byte[32];
-	private final Group group = new Group(groupId, clientId, descriptor);
+	private final ClientId clientId = getClientId();
+	private final MessageId messageId = new MessageId(getRandomId());
+	private final MessageId messageId1 = new MessageId(getRandomId());
+	private final MessageId messageId2 = new MessageId(getRandomId());
+	private final Group group = getGroup(clientId);
+	private final GroupId groupId = group.getId();
 	private final long timestamp = System.currentTimeMillis();
 	private final byte[] raw = new byte[123];
 	private final Message message = new Message(messageId, groupId, timestamp,
@@ -100,21 +99,21 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// validateOutstandingMessages()
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn));
-			oneOf(db).getMessagesToValidate(txn, clientId);
+			oneOf(db).getMessagesToValidate(txn);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn);
 			oneOf(db).endTransaction(txn);
 			// deliverOutstandingMessages()
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn1));
-			oneOf(db).getPendingMessages(txn1, clientId);
+			oneOf(db).getPendingMessages(txn1);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn1);
 			oneOf(db).endTransaction(txn1);
 			// shareOutstandingMessages()
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn2));
-			oneOf(db).getMessagesToShare(txn2, clientId);
+			oneOf(db).getMessagesToShare(txn2);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn2);
 			oneOf(db).endTransaction(txn2);
@@ -138,7 +137,7 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// Get messages to validate
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn));
-			oneOf(db).getMessagesToValidate(txn, clientId);
+			oneOf(db).getMessagesToValidate(txn);
 			will(returnValue(Arrays.asList(messageId, messageId1)));
 			oneOf(db).commitTransaction(txn);
 			oneOf(db).endTransaction(txn);
@@ -199,14 +198,14 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// Get pending messages to deliver
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn5));
-			oneOf(db).getPendingMessages(txn5, clientId);
+			oneOf(db).getPendingMessages(txn5);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn5);
 			oneOf(db).endTransaction(txn5);
 			// Get messages to share
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn6));
-			oneOf(db).getMessagesToShare(txn6, clientId);
+			oneOf(db).getMessagesToShare(txn6);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn6);
 			oneOf(db).endTransaction(txn6);
@@ -227,14 +226,14 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// Get messages to validate
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn));
-			oneOf(db).getMessagesToValidate(txn, clientId);
+			oneOf(db).getMessagesToValidate(txn);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn);
 			oneOf(db).endTransaction(txn);
 			// Get pending messages to deliver
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn1));
-			oneOf(db).getPendingMessages(txn1, clientId);
+			oneOf(db).getPendingMessages(txn1);
 			will(returnValue(Collections.singletonList(messageId)));
 			oneOf(db).commitTransaction(txn1);
 			oneOf(db).endTransaction(txn1);
@@ -292,7 +291,7 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// Get messages to share
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn4));
-			oneOf(db).getMessagesToShare(txn4, clientId);
+			oneOf(db).getMessagesToShare(txn4);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn4);
 			oneOf(db).endTransaction(txn4);
@@ -313,14 +312,14 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// No messages to validate
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn));
-			oneOf(db).getMessagesToValidate(txn, clientId);
+			oneOf(db).getMessagesToValidate(txn);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn);
 			oneOf(db).endTransaction(txn);
 			// No pending messages to deliver
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn1));
-			oneOf(db).getPendingMessages(txn1, clientId);
+			oneOf(db).getPendingMessages(txn1);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn1);
 			oneOf(db).endTransaction(txn1);
@@ -328,7 +327,7 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// Get messages to share
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn2));
-			oneOf(db).getMessagesToShare(txn2, clientId);
+			oneOf(db).getMessagesToShare(txn2);
 			will(returnValue(Collections.singletonList(messageId)));
 			oneOf(db).commitTransaction(txn2);
 			oneOf(db).endTransaction(txn2);
@@ -416,7 +415,7 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// Get messages to validate
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn));
-			oneOf(db).getMessagesToValidate(txn, clientId);
+			oneOf(db).getMessagesToValidate(txn);
 			will(returnValue(Arrays.asList(messageId, messageId1)));
 			oneOf(db).commitTransaction(txn);
 			oneOf(db).endTransaction(txn);
@@ -457,14 +456,14 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// Get pending messages to deliver
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn4));
-			oneOf(db).getPendingMessages(txn4, clientId);
+			oneOf(db).getPendingMessages(txn4);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn4);
 			oneOf(db).endTransaction(txn4);
 			// Get messages to share
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn5));
-			oneOf(db).getMessagesToShare(txn5, clientId);
+			oneOf(db).getMessagesToShare(txn5);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn5);
 			oneOf(db).endTransaction(txn5);
@@ -487,7 +486,7 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// Get messages to validate
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn));
-			oneOf(db).getMessagesToValidate(txn, clientId);
+			oneOf(db).getMessagesToValidate(txn);
 			will(returnValue(Arrays.asList(messageId, messageId1)));
 			oneOf(db).commitTransaction(txn);
 			oneOf(db).endTransaction(txn);
@@ -533,14 +532,14 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 			// Get pending messages to deliver
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn4));
-			oneOf(db).getPendingMessages(txn4, clientId);
+			oneOf(db).getPendingMessages(txn4);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn4);
 			oneOf(db).endTransaction(txn4);
 			// Get messages to share
 			oneOf(db).startTransaction(true);
 			will(returnValue(txn5));
-			oneOf(db).getMessagesToShare(txn5, clientId);
+			oneOf(db).getMessagesToShare(txn5);
 			will(returnValue(Collections.emptyList()));
 			oneOf(db).commitTransaction(txn5);
 			oneOf(db).endTransaction(txn5);
@@ -716,8 +715,8 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 
 	@Test
 	public void testRecursiveInvalidation() throws Exception {
-		MessageId messageId3 = new MessageId(TestUtils.getRandomId());
-		MessageId messageId4 = new MessageId(TestUtils.getRandomId());
+		MessageId messageId3 = new MessageId(getRandomId());
+		MessageId messageId4 = new MessageId(getRandomId());
 		Map<MessageId, State> twoDependents = new LinkedHashMap<>();
 		twoDependents.put(messageId1, PENDING);
 		twoDependents.put(messageId2, PENDING);
@@ -819,8 +818,8 @@ public class ValidationManagerImplTest extends BrambleMockTestCase {
 
 	@Test
 	public void testPendingDependentsGetDelivered() throws Exception {
-		MessageId messageId3 = new MessageId(TestUtils.getRandomId());
-		MessageId messageId4 = new MessageId(TestUtils.getRandomId());
+		MessageId messageId3 = new MessageId(getRandomId());
+		MessageId messageId4 = new MessageId(getRandomId());
 		Message message3 = new Message(messageId3, groupId, timestamp,
 				raw);
 		Message message4 = new Message(messageId4, groupId, timestamp,

bramble-core/src/test/java/org/briarproject/bramble/test/TestLifecycleModule.java

@@ -17,6 +17,8 @@ import javax.inject.Singleton;
 import dagger.Module;
 import dagger.Provides;
 
+import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.RUNNING;
+
 @Module
 public class TestLifecycleModule {
 
@@ -57,6 +59,11 @@ public class TestLifecycleModule {
 			@Override
 			public void waitForShutdown() throws InterruptedException {
 			}
+
+			@Override
+			public LifecycleState getLifecycleState() {
+				return RUNNING;
+			}
 		};
 		return lifecycleManager;
 	}

bramble-core/src/test/java/org/briarproject/bramble/test/TestPluginConfigModule.java

@@ -16,10 +16,12 @@ import javax.annotation.Nullable;
 import dagger.Module;
 import dagger.Provides;
 
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
+
 @Module
 public class TestPluginConfigModule {
 
-	public static final TransportId TRANSPORT_ID = new TransportId("id");
+	public static final TransportId TRANSPORT_ID = getTransportId();
 	public static final int MAX_LATENCY = 2 * 60 * 1000; // 2 minutes
 
 	@NotNullByDefault

bramble-core/src/test/java/org/briarproject/bramble/test/ValidatorTestCase.java

@@ -1,18 +1,20 @@
 package org.briarproject.bramble.test;
 
 import org.briarproject.bramble.api.client.ClientHelper;
+import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.data.MetadataEncoder;
-import org.briarproject.bramble.api.identity.AuthorFactory;
-import org.briarproject.bramble.api.sync.ClientId;
+import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.sync.Group;
 import org.briarproject.bramble.api.sync.GroupId;
 import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.api.system.Clock;
+import org.jmock.Expectations;
 
-import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
-import static org.briarproject.bramble.test.TestUtils.getRandomId;
-import static org.briarproject.bramble.util.StringUtils.getRandomString;
+import static org.briarproject.bramble.test.TestUtils.getAuthor;
+import static org.briarproject.bramble.test.TestUtils.getClientId;
+import static org.briarproject.bramble.test.TestUtils.getGroup;
+import static org.briarproject.bramble.test.TestUtils.getMessage;
 
 public abstract class ValidatorTestCase extends BrambleMockTestCase {
 
@@ -21,17 +23,27 @@ public abstract class ValidatorTestCase extends BrambleMockTestCase {
 	protected final MetadataEncoder metadataEncoder =
 			context.mock(MetadataEncoder.class);
 	protected final Clock clock = context.mock(Clock.class);
-	protected final AuthorFactory authorFactory =
-			context.mock(AuthorFactory.class);
 
-	protected final MessageId messageId = new MessageId(getRandomId());
-	protected final GroupId groupId = new GroupId(getRandomId());
-	protected final long timestamp = 1234567890 * 1000L;
-	protected final byte[] raw = getRandomBytes(123);
-	protected final Message message =
-			new Message(messageId, groupId, timestamp, raw);
-	protected final ClientId clientId = new ClientId(getRandomString(123));
-	protected final byte[] descriptor = getRandomBytes(123);
-	protected final Group group = new Group(groupId, clientId, descriptor);
+	protected final Group group = getGroup(getClientId());
+	protected final GroupId groupId = group.getId();
+	protected final byte[] descriptor = group.getDescriptor();
+	protected final Message message = getMessage(groupId);
+	protected final MessageId messageId = message.getId();
+	protected final long timestamp = message.getTimestamp();
+	protected final byte[] raw = message.getRaw();
+	protected final Author author = getAuthor();
+	protected final BdfList authorList = BdfList.of(
+			author.getFormatVersion(),
+			author.getName(),
+			author.getPublicKey()
+	);
 
-}
+	protected void expectParseAuthor(BdfList authorList, Author author)
+			throws Exception {
+		context.checking(new Expectations() {{
+			oneOf(clientHelper).parseAndValidateAuthor(authorList);
+			will(returnValue(author));
+		}});
+	}
+
+}

bramble-core/src/test/java/org/briarproject/bramble/transport/KeyManagerImplTest.java

@@ -12,51 +12,51 @@ import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.plugin.PluginConfig;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.test.BrambleTestCase;
+import org.briarproject.bramble.test.BrambleMockTestCase;
 import org.jmock.Expectations;
-import org.jmock.Mockery;
 import org.jmock.lib.concurrent.DeterministicExecutor;
 import org.junit.Before;
 import org.junit.Test;
 
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.Random;
 
+import static java.util.Collections.singletonList;
+import static java.util.Collections.singletonMap;
 import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
 import static org.briarproject.bramble.test.TestUtils.getAuthor;
 import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
 import static org.briarproject.bramble.test.TestUtils.getRandomId;
 import static org.briarproject.bramble.test.TestUtils.getSecretKey;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
 import static org.junit.Assert.assertEquals;
 
-public class KeyManagerImplTest extends BrambleTestCase {
+public class KeyManagerImplTest extends BrambleMockTestCase {
 
-	private final Mockery context = new Mockery();
-	private final KeyManagerImpl keyManager;
 	private final DatabaseComponent db = context.mock(DatabaseComponent.class);
 	private final PluginConfig pluginConfig = context.mock(PluginConfig.class);
 	private final TransportKeyManagerFactory transportKeyManagerFactory =
 			context.mock(TransportKeyManagerFactory.class);
 	private final TransportKeyManager transportKeyManager =
 			context.mock(TransportKeyManager.class);
+
 	private final DeterministicExecutor executor = new DeterministicExecutor();
 	private final Transaction txn = new Transaction(null, false);
-	private final ContactId contactId = new ContactId(42);
-	private final ContactId inactiveContactId = new ContactId(43);
-	private final TransportId transportId = new TransportId("tId");
-	private final TransportId unknownTransportId = new TransportId("id");
+	private final ContactId contactId = new ContactId(123);
+	private final ContactId inactiveContactId = new ContactId(234);
+	private final KeySetId keySetId = new KeySetId(345);
+	private final TransportId transportId = getTransportId();
+	private final TransportId unknownTransportId = getTransportId();
 	private final StreamContext streamContext =
 			new StreamContext(contactId, transportId, getSecretKey(),
 					getSecretKey(), 1);
 	private final byte[] tag = getRandomBytes(TAG_LENGTH);
 
-	public KeyManagerImplTest() {
-		keyManager = new KeyManagerImpl(db, executor, pluginConfig,
-				transportKeyManagerFactory);
-	}
+	private final KeyManagerImpl keyManager = new KeyManagerImpl(db, executor,
+			pluginConfig, transportKeyManagerFactory);
 
 	@Before
 	public void testStartService() throws Exception {
@@ -70,8 +70,8 @@ public class KeyManagerImplTest extends BrambleTestCase {
 				true, false));
 		SimplexPluginFactory pluginFactory =
 				context.mock(SimplexPluginFactory.class);
-		Collection<SimplexPluginFactory> factories = Collections
-				.singletonList(pluginFactory);
+		Collection<SimplexPluginFactory> factories =
+				singletonList(pluginFactory);
 		int maxLatency = 1337;
 
 		context.checking(new Expectations() {{
@@ -110,7 +110,22 @@ public class KeyManagerImplTest extends BrambleTestCase {
 		}});
 
 		keyManager.addContact(txn, contactId, secretKey, timestamp, alice);
-		context.assertIsSatisfied();
+	}
+
+	@Test
+	public void testAddUnboundKeys() throws Exception {
+		SecretKey secretKey = getSecretKey();
+		long timestamp = System.currentTimeMillis();
+		boolean alice = new Random().nextBoolean();
+
+		context.checking(new Expectations() {{
+			oneOf(transportKeyManager).addUnboundKeys(txn, secretKey,
+					timestamp, alice);
+			will(returnValue(keySetId));
+		}});
+
+		assertEquals(singletonMap(transportId, keySetId),
+				keyManager.addUnboundKeys(txn, secretKey, timestamp, alice));
 	}
 
 	@Test
@@ -138,7 +153,6 @@ public class KeyManagerImplTest extends BrambleTestCase {
 
 		assertEquals(streamContext,
 				keyManager.getStreamContext(contactId, transportId));
-		context.assertIsSatisfied();
 	}
 
 	@Test
@@ -161,7 +175,6 @@ public class KeyManagerImplTest extends BrambleTestCase {
 
 		assertEquals(streamContext,
 				keyManager.getStreamContext(transportId, tag));
-		context.assertIsSatisfied();
 	}
 
 	@Test
@@ -175,8 +188,6 @@ public class KeyManagerImplTest extends BrambleTestCase {
 		keyManager.eventOccurred(event);
 		executor.runUntilIdle();
 		assertEquals(null, keyManager.getStreamContext(contactId, transportId));
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
@@ -196,8 +207,5 @@ public class KeyManagerImplTest extends BrambleTestCase {
 		keyManager.eventOccurred(event);
 		assertEquals(streamContext,
 				keyManager.getStreamContext(inactiveContactId, transportId));
-
-		context.assertIsSatisfied();
 	}
-
 }

bramble-core/src/test/java/org/briarproject/bramble/transport/TransportKeyManagerImplTest.java

@@ -8,6 +8,8 @@ import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.transport.IncomingKeys;
+import org.briarproject.bramble.api.transport.KeySet;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.OutgoingKeys;
 import org.briarproject.bramble.api.transport.StreamContext;
 import org.briarproject.bramble.api.transport.TransportKeys;
@@ -22,23 +24,25 @@ import org.junit.Test;
 
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
-import java.util.LinkedHashMap;
 import java.util.List;
-import java.util.Map;
 import java.util.Random;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
 
+import static java.util.Arrays.asList;
+import static java.util.Collections.singletonList;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static org.briarproject.bramble.api.transport.TransportConstants.MAX_CLOCK_DIFFERENCE;
 import static org.briarproject.bramble.api.transport.TransportConstants.PROTOCOL_VERSION;
 import static org.briarproject.bramble.api.transport.TransportConstants.REORDERING_WINDOW_SIZE;
 import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
 import static org.briarproject.bramble.util.ByteUtils.MAX_32_BIT_UNSIGNED;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
 
 public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 
@@ -50,11 +54,14 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 			context.mock(ScheduledExecutorService.class);
 	private final Clock clock = context.mock(Clock.class);
 
-	private final TransportId transportId = new TransportId("id");
+	private final TransportId transportId = getTransportId();
 	private final long maxLatency = 30 * 1000; // 30 seconds
 	private final long rotationPeriodLength = maxLatency + MAX_CLOCK_DIFFERENCE;
 	private final ContactId contactId = new ContactId(123);
 	private final ContactId contactId1 = new ContactId(234);
+	private final KeySetId keySetId = new KeySetId(345);
+	private final KeySetId keySetId1 = new KeySetId(456);
+	private final KeySetId keySetId2 = new KeySetId(567);
 	private final SecretKey tagKey = TestUtils.getSecretKey();
 	private final SecretKey headerKey = TestUtils.getSecretKey();
 	private final SecretKey masterKey = TestUtils.getSecretKey();
@@ -62,12 +69,16 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 
 	@Test
 	public void testKeysAreRotatedAtStartup() throws Exception {
-		Map<ContactId, TransportKeys> loaded = new LinkedHashMap<>();
-		TransportKeys shouldRotate = createTransportKeys(900, 0);
-		TransportKeys shouldNotRotate = createTransportKeys(1000, 0);
-		loaded.put(contactId, shouldRotate);
-		loaded.put(contactId1, shouldNotRotate);
-		TransportKeys rotated = createTransportKeys(1000, 0);
+		TransportKeys shouldRotate = createTransportKeys(900, 0, true);
+		TransportKeys shouldNotRotate = createTransportKeys(1000, 0, true);
+		TransportKeys shouldRotate1 = createTransportKeys(999, 0, false);
+		Collection<KeySet> loaded = asList(
+				new KeySet(keySetId, contactId, shouldRotate),
+				new KeySet(keySetId1, contactId1, shouldNotRotate),
+				new KeySet(keySetId2, null, shouldRotate1)
+		);
+		TransportKeys rotated = createTransportKeys(1000, 0, true);
+		TransportKeys rotated1 = createTransportKeys(1000, 0, false);
 		Transaction txn = new Transaction(null, false);
 
 		context.checking(new Expectations() {{
@@ -82,6 +93,8 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 			will(returnValue(rotated));
 			oneOf(transportCrypto).rotateTransportKeys(shouldNotRotate, 1000);
 			will(returnValue(shouldNotRotate));
+			oneOf(transportCrypto).rotateTransportKeys(shouldRotate1, 1000);
+			will(returnValue(rotated1));
 			// Encode the tags (3 sets per contact)
 			for (long i = 0; i < REORDERING_WINDOW_SIZE; i++) {
 				exactly(6).of(transportCrypto).encodeTag(
@@ -90,8 +103,10 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 				will(new EncodeTagAction());
 			}
 			// Save the keys that were rotated
-			oneOf(db).updateTransportKeys(txn,
-					Collections.singletonMap(contactId, rotated));
+			oneOf(db).updateTransportKeys(txn, asList(
+					new KeySet(keySetId, contactId, rotated),
+					new KeySet(keySetId2, null, rotated1))
+			);
 			// Schedule key rotation at the start of the next rotation period
 			oneOf(scheduler).schedule(with(any(Runnable.class)),
 					with(rotationPeriodLength - 1), with(MILLISECONDS));
@@ -101,18 +116,19 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 				db, transportCrypto, dbExecutor, scheduler, clock, transportId,
 				maxLatency);
 		transportKeyManager.start(txn);
+		assertTrue(transportKeyManager.canSendOutgoingStreams(contactId));
 	}
 
 	@Test
 	public void testKeysAreRotatedWhenAddingContact() throws Exception {
 		boolean alice = random.nextBoolean();
-		TransportKeys transportKeys = createTransportKeys(999, 0);
-		TransportKeys rotated = createTransportKeys(1000, 0);
+		TransportKeys transportKeys = createTransportKeys(999, 0, true);
+		TransportKeys rotated = createTransportKeys(1000, 0, true);
 		Transaction txn = new Transaction(null, false);
 
 		context.checking(new Expectations() {{
 			oneOf(transportCrypto).deriveTransportKeys(transportId, masterKey,
-					999, alice);
+					999, alice, true);
 			will(returnValue(transportKeys));
 			// Get the current time (1 ms after start of rotation period 1000)
 			oneOf(clock).currentTimeMillis();
@@ -129,6 +145,7 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 			}
 			// Save the keys
 			oneOf(db).addTransportKeys(txn, contactId, rotated);
+			will(returnValue(keySetId));
 		}});
 
 		TransportKeyManager transportKeyManager = new TransportKeyManagerImpl(
@@ -138,6 +155,39 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 		long timestamp = rotationPeriodLength * 1000 - 1;
 		transportKeyManager.addContact(txn, contactId, masterKey, timestamp,
 				alice);
+		assertTrue(transportKeyManager.canSendOutgoingStreams(contactId));
+	}
+
+	@Test
+	public void testKeysAreRotatedWhenAddingUnboundKeys() throws Exception {
+		boolean alice = random.nextBoolean();
+		TransportKeys transportKeys = createTransportKeys(999, 0, false);
+		TransportKeys rotated = createTransportKeys(1000, 0, false);
+		Transaction txn = new Transaction(null, false);
+
+		context.checking(new Expectations() {{
+			oneOf(transportCrypto).deriveTransportKeys(transportId, masterKey,
+					999, alice, false);
+			will(returnValue(transportKeys));
+			// Get the current time (1 ms after start of rotation period 1000)
+			oneOf(clock).currentTimeMillis();
+			will(returnValue(rotationPeriodLength * 1000 + 1));
+			// Rotate the transport keys
+			oneOf(transportCrypto).rotateTransportKeys(transportKeys, 1000);
+			will(returnValue(rotated));
+			// Save the keys
+			oneOf(db).addTransportKeys(txn, null, rotated);
+			will(returnValue(keySetId));
+		}});
+
+		TransportKeyManager transportKeyManager = new TransportKeyManagerImpl(
+				db, transportCrypto, dbExecutor, scheduler, clock, transportId,
+				maxLatency);
+		// The timestamp is 1 ms before the start of rotation period 1000
+		long timestamp = rotationPeriodLength * 1000 - 1;
+		assertEquals(keySetId, transportKeyManager.addUnboundKeys(txn,
+				masterKey, timestamp, alice));
+		assertFalse(transportKeyManager.canSendOutgoingStreams(contactId));
 	}
 
 	@Test
@@ -149,6 +199,7 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 				db, transportCrypto, dbExecutor, scheduler, clock, transportId,
 				maxLatency);
 		assertNull(transportKeyManager.getStreamContext(txn, contactId));
+		assertFalse(transportKeyManager.canSendOutgoingStreams(contactId));
 	}
 
 	@Test
@@ -157,29 +208,10 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 		boolean alice = random.nextBoolean();
 		// The stream counter has been exhausted
 		TransportKeys transportKeys = createTransportKeys(1000,
-				MAX_32_BIT_UNSIGNED + 1);
+				MAX_32_BIT_UNSIGNED + 1, true);
 		Transaction txn = new Transaction(null, false);
 
-		context.checking(new Expectations() {{
-			oneOf(transportCrypto).deriveTransportKeys(transportId, masterKey,
-					1000, alice);
-			will(returnValue(transportKeys));
-			// Get the current time (the start of rotation period 1000)
-			oneOf(clock).currentTimeMillis();
-			will(returnValue(rotationPeriodLength * 1000));
-			// Encode the tags (3 sets)
-			for (long i = 0; i < REORDERING_WINDOW_SIZE; i++) {
-				exactly(3).of(transportCrypto).encodeTag(
-						with(any(byte[].class)), with(tagKey),
-						with(PROTOCOL_VERSION), with(i));
-				will(new EncodeTagAction());
-			}
-			// Rotate the transport keys (the keys are unaffected)
-			oneOf(transportCrypto).rotateTransportKeys(transportKeys, 1000);
-			will(returnValue(transportKeys));
-			// Save the keys
-			oneOf(db).addTransportKeys(txn, contactId, transportKeys);
-		}});
+		expectAddContactNoRotation(alice, transportKeys, txn);
 
 		TransportKeyManager transportKeyManager = new TransportKeyManagerImpl(
 				db, transportCrypto, dbExecutor, scheduler, clock, transportId,
@@ -188,6 +220,7 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 		long timestamp = rotationPeriodLength * 1000;
 		transportKeyManager.addContact(txn, contactId, masterKey, timestamp,
 				alice);
+		assertFalse(transportKeyManager.canSendOutgoingStreams(contactId));
 		assertNull(transportKeyManager.getStreamContext(txn, contactId));
 	}
 
@@ -196,30 +229,14 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 		boolean alice = random.nextBoolean();
 		// The stream counter can be used one more time before being exhausted
 		TransportKeys transportKeys = createTransportKeys(1000,
-				MAX_32_BIT_UNSIGNED);
+				MAX_32_BIT_UNSIGNED, true);
 		Transaction txn = new Transaction(null, false);
 
+		expectAddContactNoRotation(alice, transportKeys, txn);
+
 		context.checking(new Expectations() {{
-			oneOf(transportCrypto).deriveTransportKeys(transportId, masterKey,
-					1000, alice);
-			will(returnValue(transportKeys));
-			// Get the current time (the start of rotation period 1000)
-			oneOf(clock).currentTimeMillis();
-			will(returnValue(rotationPeriodLength * 1000));
-			// Encode the tags (3 sets)
-			for (long i = 0; i < REORDERING_WINDOW_SIZE; i++) {
-				exactly(3).of(transportCrypto).encodeTag(
-						with(any(byte[].class)), with(tagKey),
-						with(PROTOCOL_VERSION), with(i));
-				will(new EncodeTagAction());
-			}
-			// Rotate the transport keys (the keys are unaffected)
-			oneOf(transportCrypto).rotateTransportKeys(transportKeys, 1000);
-			will(returnValue(transportKeys));
-			// Save the keys
-			oneOf(db).addTransportKeys(txn, contactId, transportKeys);
 			// Increment the stream counter
-			oneOf(db).incrementStreamCounter(txn, contactId, transportId, 1000);
+			oneOf(db).incrementStreamCounter(txn, transportId, keySetId);
 		}});
 
 		TransportKeyManager transportKeyManager = new TransportKeyManagerImpl(
@@ -230,6 +247,7 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 		transportKeyManager.addContact(txn, contactId, masterKey, timestamp,
 				alice);
 		// The first request should return a stream context
+		assertTrue(transportKeyManager.canSendOutgoingStreams(contactId));
 		StreamContext ctx = transportKeyManager.getStreamContext(txn,
 				contactId);
 		assertNotNull(ctx);
@@ -239,6 +257,7 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 		assertEquals(headerKey, ctx.getHeaderKey());
 		assertEquals(MAX_32_BIT_UNSIGNED, ctx.getStreamNumber());
 		// The second request should return null, the counter is exhausted
+		assertFalse(transportKeyManager.canSendOutgoingStreams(contactId));
 		assertNull(transportKeyManager.getStreamContext(txn, contactId));
 	}
 
@@ -246,29 +265,10 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 	public void testIncomingStreamContextIsNullIfTagIsNotFound()
 			throws Exception {
 		boolean alice = random.nextBoolean();
-		TransportKeys transportKeys = createTransportKeys(1000, 0);
+		TransportKeys transportKeys = createTransportKeys(1000, 0, true);
 		Transaction txn = new Transaction(null, false);
 
-		context.checking(new Expectations() {{
-			oneOf(transportCrypto).deriveTransportKeys(transportId, masterKey,
-					1000, alice);
-			will(returnValue(transportKeys));
-			// Get the current time (the start of rotation period 1000)
-			oneOf(clock).currentTimeMillis();
-			will(returnValue(rotationPeriodLength * 1000));
-			// Encode the tags (3 sets)
-			for (long i = 0; i < REORDERING_WINDOW_SIZE; i++) {
-				exactly(3).of(transportCrypto).encodeTag(
-						with(any(byte[].class)), with(tagKey),
-						with(PROTOCOL_VERSION), with(i));
-				will(new EncodeTagAction());
-			}
-			// Rotate the transport keys (the keys are unaffected)
-			oneOf(transportCrypto).rotateTransportKeys(transportKeys, 1000);
-			will(returnValue(transportKeys));
-			// Save the keys
-			oneOf(db).addTransportKeys(txn, contactId, transportKeys);
-		}});
+		expectAddContactNoRotation(alice, transportKeys, txn);
 
 		TransportKeyManager transportKeyManager = new TransportKeyManagerImpl(
 				db, transportCrypto, dbExecutor, scheduler, clock, transportId,
@@ -277,6 +277,8 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 		long timestamp = rotationPeriodLength * 1000;
 		transportKeyManager.addContact(txn, contactId, masterKey, timestamp,
 				alice);
+		assertTrue(transportKeyManager.canSendOutgoingStreams(contactId));
+		// The tag should not be recognised
 		assertNull(transportKeyManager.getStreamContext(txn,
 				new byte[TAG_LENGTH]));
 	}
@@ -284,14 +286,15 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 	@Test
 	public void testTagIsNotRecognisedTwice() throws Exception {
 		boolean alice = random.nextBoolean();
-		TransportKeys transportKeys = createTransportKeys(1000, 0);
+		TransportKeys transportKeys = createTransportKeys(1000, 0, true);
+		Transaction txn = new Transaction(null, false);
+
 		// Keep a copy of the tags
 		List<byte[]> tags = new ArrayList<>();
-		Transaction txn = new Transaction(null, false);
 
 		context.checking(new Expectations() {{
 			oneOf(transportCrypto).deriveTransportKeys(transportId, masterKey,
-					1000, alice);
+					1000, alice, true);
 			will(returnValue(transportKeys));
 			// Get the current time (the start of rotation period 1000)
 			oneOf(clock).currentTimeMillis();
@@ -308,13 +311,14 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 			will(returnValue(transportKeys));
 			// Save the keys
 			oneOf(db).addTransportKeys(txn, contactId, transportKeys);
+			will(returnValue(keySetId));
 			// Encode a new tag after sliding the window
 			oneOf(transportCrypto).encodeTag(with(any(byte[].class)),
 					with(tagKey), with(PROTOCOL_VERSION),
 					with((long) REORDERING_WINDOW_SIZE));
 			will(new EncodeTagAction(tags));
 			// Save the reordering window (previous rotation period, base 1)
-			oneOf(db).setReorderingWindow(txn, contactId, transportId, 999,
+			oneOf(db).setReorderingWindow(txn, keySetId, transportId, 999,
 					1, new byte[REORDERING_WINDOW_SIZE / 8]);
 		}});
 
@@ -325,6 +329,7 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 		long timestamp = rotationPeriodLength * 1000;
 		transportKeyManager.addContact(txn, contactId, masterKey, timestamp,
 				alice);
+		assertTrue(transportKeyManager.canSendOutgoingStreams(contactId));
 		// Use the first tag (previous rotation period, stream number 0)
 		assertEquals(REORDERING_WINDOW_SIZE * 3, tags.size());
 		byte[] tag = tags.get(0);
@@ -344,10 +349,10 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 
 	@Test
 	public void testKeysAreRotatedToCurrentPeriod() throws Exception {
-		TransportKeys transportKeys = createTransportKeys(1000, 0);
-		Map<ContactId, TransportKeys> loaded =
-				Collections.singletonMap(contactId, transportKeys);
-		TransportKeys rotated = createTransportKeys(1001, 0);
+		TransportKeys transportKeys = createTransportKeys(1000, 0, true);
+		Collection<KeySet> loaded =
+				singletonList(new KeySet(keySetId, contactId, transportKeys));
+		TransportKeys rotated = createTransportKeys(1001, 0, true);
 		Transaction txn = new Transaction(null, false);
 		Transaction txn1 = new Transaction(null, false);
 
@@ -393,7 +398,7 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 			}
 			// Save the keys that were rotated
 			oneOf(db).updateTransportKeys(txn1,
-					Collections.singletonMap(contactId, rotated));
+					singletonList(new KeySet(keySetId, contactId, rotated)));
 			// Schedule key rotation at the start of the next rotation period
 			oneOf(scheduler).schedule(with(any(Runnable.class)),
 					with(rotationPeriodLength), with(MILLISECONDS));
@@ -406,10 +411,197 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 				db, transportCrypto, dbExecutor, scheduler, clock, transportId,
 				maxLatency);
 		transportKeyManager.start(txn);
+		assertTrue(transportKeyManager.canSendOutgoingStreams(contactId));
+	}
+
+	@Test
+	public void testBindingAndActivatingKeys() throws Exception {
+		boolean alice = random.nextBoolean();
+		TransportKeys transportKeys = createTransportKeys(1000, 0, false);
+		Transaction txn = new Transaction(null, false);
+
+		expectAddUnboundKeysNoRotation(alice, transportKeys, txn);
+
+		context.checking(new Expectations() {{
+			// When the keys are bound, encode the tags (3 sets)
+			for (long i = 0; i < REORDERING_WINDOW_SIZE; i++) {
+				exactly(3).of(transportCrypto).encodeTag(
+						with(any(byte[].class)), with(tagKey),
+						with(PROTOCOL_VERSION), with(i));
+				will(new EncodeTagAction());
+			}
+			// Save the key binding
+			oneOf(db).bindTransportKeys(txn, contactId, transportId, keySetId);
+			// Activate the keys
+			oneOf(db).setTransportKeysActive(txn, transportId, keySetId);
+			// Increment the stream counter
+			oneOf(db).incrementStreamCounter(txn, transportId, keySetId);
+		}});
+
+		TransportKeyManager transportKeyManager = new TransportKeyManagerImpl(
+				db, transportCrypto, dbExecutor, scheduler, clock, transportId,
+				maxLatency);
+		// The timestamp is at the start of rotation period 1000
+		long timestamp = rotationPeriodLength * 1000;
+		assertEquals(keySetId, transportKeyManager.addUnboundKeys(txn,
+				masterKey, timestamp, alice));
+		// The keys are unbound so no stream context should be returned
+		assertFalse(transportKeyManager.canSendOutgoingStreams(contactId));
+		assertNull(transportKeyManager.getStreamContext(txn, contactId));
+		transportKeyManager.bindKeys(txn, contactId, keySetId);
+		// The keys are inactive so no stream context should be returned
+		assertFalse(transportKeyManager.canSendOutgoingStreams(contactId));
+		assertNull(transportKeyManager.getStreamContext(txn, contactId));
+		transportKeyManager.activateKeys(txn, keySetId);
+		// The keys are active so a stream context should be returned
+		assertTrue(transportKeyManager.canSendOutgoingStreams(contactId));
+		StreamContext ctx = transportKeyManager.getStreamContext(txn,
+				contactId);
+		assertNotNull(ctx);
+		assertEquals(contactId, ctx.getContactId());
+		assertEquals(transportId, ctx.getTransportId());
+		assertEquals(tagKey, ctx.getTagKey());
+		assertEquals(headerKey, ctx.getHeaderKey());
+		assertEquals(0L, ctx.getStreamNumber());
+	}
+
+	@Test
+	public void testRecognisingTagActivatesOutgoingKeys() throws Exception {
+		boolean alice = random.nextBoolean();
+		TransportKeys transportKeys = createTransportKeys(1000, 0, false);
+		Transaction txn = new Transaction(null, false);
+
+		// Keep a copy of the tags
+		List<byte[]> tags = new ArrayList<>();
+
+		expectAddUnboundKeysNoRotation(alice, transportKeys, txn);
+
+		context.checking(new Expectations() {{
+			// When the keys are bound, encode the tags (3 sets)
+			for (long i = 0; i < REORDERING_WINDOW_SIZE; i++) {
+				exactly(3).of(transportCrypto).encodeTag(
+						with(any(byte[].class)), with(tagKey),
+						with(PROTOCOL_VERSION), with(i));
+				will(new EncodeTagAction(tags));
+			}
+			// Save the key binding
+			oneOf(db).bindTransportKeys(txn, contactId, transportId, keySetId);
+			// Encode a new tag after sliding the window
+			oneOf(transportCrypto).encodeTag(with(any(byte[].class)),
+					with(tagKey), with(PROTOCOL_VERSION),
+					with((long) REORDERING_WINDOW_SIZE));
+			will(new EncodeTagAction(tags));
+			// Save the reordering window (previous rotation period, base 1)
+			oneOf(db).setReorderingWindow(txn, keySetId, transportId, 999,
+					1, new byte[REORDERING_WINDOW_SIZE / 8]);
+			// Activate the keys
+			oneOf(db).setTransportKeysActive(txn, transportId, keySetId);
+			// Increment the stream counter
+			oneOf(db).incrementStreamCounter(txn, transportId, keySetId);
+		}});
+
+		TransportKeyManager transportKeyManager = new TransportKeyManagerImpl(
+				db, transportCrypto, dbExecutor, scheduler, clock, transportId,
+				maxLatency);
+		// The timestamp is at the start of rotation period 1000
+		long timestamp = rotationPeriodLength * 1000;
+		assertEquals(keySetId, transportKeyManager.addUnboundKeys(txn,
+				masterKey, timestamp, alice));
+		transportKeyManager.bindKeys(txn, contactId, keySetId);
+		// The keys are inactive so no stream context should be returned
+		assertFalse(transportKeyManager.canSendOutgoingStreams(contactId));
+		assertNull(transportKeyManager.getStreamContext(txn, contactId));
+		// Recognising an incoming tag should activate the outgoing keys
+		assertEquals(REORDERING_WINDOW_SIZE * 3, tags.size());
+		byte[] tag = tags.get(0);
+		StreamContext ctx = transportKeyManager.getStreamContext(txn, tag);
+		assertNotNull(ctx);
+		assertEquals(contactId, ctx.getContactId());
+		assertEquals(transportId, ctx.getTransportId());
+		assertEquals(tagKey, ctx.getTagKey());
+		assertEquals(headerKey, ctx.getHeaderKey());
+		assertEquals(0L, ctx.getStreamNumber());
+		// The keys are active so a stream context should be returned
+		assertTrue(transportKeyManager.canSendOutgoingStreams(contactId));
+		ctx = transportKeyManager.getStreamContext(txn, contactId);
+		assertNotNull(ctx);
+		assertEquals(contactId, ctx.getContactId());
+		assertEquals(transportId, ctx.getTransportId());
+		assertEquals(tagKey, ctx.getTagKey());
+		assertEquals(headerKey, ctx.getHeaderKey());
+		assertEquals(0L, ctx.getStreamNumber());
+	}
+
+	@Test
+	public void testRemovingUnboundKeys() throws Exception {
+		boolean alice = random.nextBoolean();
+		TransportKeys transportKeys = createTransportKeys(1000, 0, false);
+		Transaction txn = new Transaction(null, false);
+
+		expectAddUnboundKeysNoRotation(alice, transportKeys, txn);
+
+		context.checking(new Expectations() {{
+			// Remove the unbound keys
+			oneOf(db).removeTransportKeys(txn, transportId, keySetId);
+		}});
+
+		TransportKeyManager transportKeyManager = new TransportKeyManagerImpl(
+				db, transportCrypto, dbExecutor, scheduler, clock, transportId,
+				maxLatency);
+		// The timestamp is at the start of rotation period 1000
+		long timestamp = rotationPeriodLength * 1000;
+		assertEquals(keySetId, transportKeyManager.addUnboundKeys(txn,
+				masterKey, timestamp, alice));
+		assertFalse(transportKeyManager.canSendOutgoingStreams(contactId));
+		transportKeyManager.removeKeys(txn, keySetId);
+		assertFalse(transportKeyManager.canSendOutgoingStreams(contactId));
+	}
+
+	private void expectAddContactNoRotation(boolean alice,
+			TransportKeys transportKeys, Transaction txn) throws Exception {
+		context.checking(new Expectations() {{
+			oneOf(transportCrypto).deriveTransportKeys(transportId, masterKey,
+					1000, alice, true);
+			will(returnValue(transportKeys));
+			// Get the current time (the start of rotation period 1000)
+			oneOf(clock).currentTimeMillis();
+			will(returnValue(rotationPeriodLength * 1000));
+			// Encode the tags (3 sets)
+			for (long i = 0; i < REORDERING_WINDOW_SIZE; i++) {
+				exactly(3).of(transportCrypto).encodeTag(
+						with(any(byte[].class)), with(tagKey),
+						with(PROTOCOL_VERSION), with(i));
+				will(new EncodeTagAction());
+			}
+			// Rotate the transport keys (the keys are unaffected)
+			oneOf(transportCrypto).rotateTransportKeys(transportKeys, 1000);
+			will(returnValue(transportKeys));
+			// Save the keys
+			oneOf(db).addTransportKeys(txn, contactId, transportKeys);
+			will(returnValue(keySetId));
+		}});
+	}
+
+	private void expectAddUnboundKeysNoRotation(boolean alice,
+			TransportKeys transportKeys, Transaction txn) throws Exception {
+		context.checking(new Expectations() {{
+			oneOf(transportCrypto).deriveTransportKeys(transportId, masterKey,
+					1000, alice, false);
+			will(returnValue(transportKeys));
+			// Get the current time (the start of rotation period 1000)
+			oneOf(clock).currentTimeMillis();
+			will(returnValue(rotationPeriodLength * 1000));
+			// Rotate the transport keys (the keys are unaffected)
+			oneOf(transportCrypto).rotateTransportKeys(transportKeys, 1000);
+			will(returnValue(transportKeys));
+			// Save the unbound keys
+			oneOf(db).addTransportKeys(txn, null, transportKeys);
+			will(returnValue(keySetId));
+		}});
 	}
 
 	private TransportKeys createTransportKeys(long rotationPeriod,
-			long streamCounter) {
+			long streamCounter, boolean active) {
 		IncomingKeys inPrev = new IncomingKeys(tagKey, headerKey,
 				rotationPeriod - 1);
 		IncomingKeys inCurr = new IncomingKeys(tagKey, headerKey,
@@ -417,7 +609,7 @@ public class TransportKeyManagerImplTest extends BrambleMockTestCase {
 		IncomingKeys inNext = new IncomingKeys(tagKey, headerKey,
 				rotationPeriod + 1);
 		OutgoingKeys outCurr = new OutgoingKeys(tagKey, headerKey,
-				rotationPeriod, streamCounter);
+				rotationPeriod, streamCounter, active);
 		return new TransportKeys(transportId, inPrev, inCurr, inNext, outCurr);
 	}
 

bramble-j2se/src/main/java/org/briarproject/bramble/plugin/modem/ModemPlugin.java

@@ -177,7 +177,7 @@ class ModemPlugin implements DuplexPlugin, Modem.Callback {
 
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
-			byte[] commitment, BdfList descriptor, long timeout) {
+			byte[] commitment, BdfList descriptor) {
 		throw new UnsupportedOperationException();
 	}
 

briar-android/.tx/config

@@ -1,6 +1,6 @@
 [main]
 host = https://www.transifex.com
-lang_map = pt_BR: pt-rBR, fr_FR: fr, nb_NO: nb, zh-Hans: zh-rCN
+lang_map = pt_BR: pt-rBR, nb_NO: nb, zh-Hans: zh-rCN
 
 [briar.stringsxml-5]
 file_filter = src/main/res/values-<lang>/strings.xml

briar-android/src/main/AndroidManifest.xml

@@ -77,6 +77,11 @@
 			</intent-filter>
 		</activity>
 
+		<activity
+			android:name=".android.login.OpenDatabaseActivity"
+			android:label="@string/app_name"
+			android:launchMode="singleTop"/>
+
 		<activity
 			android:name="org.briarproject.briar.android.navdrawer.NavDrawerActivity"
 			android:theme="@style/BriarTheme.NoActionBar"
@@ -347,6 +352,16 @@
 				/>
 		</activity>
 
+		<activity
+			android:name="org.briarproject.briar.android.test.TestDataActivity"
+			android:label="Create test data"
+			android:parentActivityName="org.briarproject.briar.android.settings.SettingsActivity">
+			<meta-data
+				android:name="android.support.PARENT_ACTIVITY"
+				android:value="org.briarproject.briar.android.settings.SettingsActivity"
+				/>
+		</activity>
+
 		<activity
 			android:name="org.briarproject.briar.android.panic.PanicPreferencesActivity"
 			android:label="@string/panic_setting"
@@ -369,7 +384,12 @@
 		</activity>
 
 		<activity
-			android:name="org.briarproject.briar.android.panic.ExitActivity"
+			android:name="org.briarproject.briar.android.logout.ExitActivity"
+			android:theme="@android:style/Theme.NoDisplay">
+		</activity>
+
+		<activity
+			android:name=".android.logout.HideUiActivity"
 			android:theme="@android:style/Theme.NoDisplay">
 		</activity>
 

briar-android/src/main/java/org/briarproject/briar/android/AndroidNotificationManagerImpl.java

@@ -11,6 +11,7 @@ import android.net.Uri;
 import android.support.annotation.StringRes;
 import android.support.annotation.UiThread;
 import android.support.v4.app.TaskStackBuilder;
+import android.support.v4.content.ContextCompat;
 
 import org.briarproject.bramble.api.Multiset;
 import org.briarproject.bramble.api.contact.ContactId;
@@ -61,6 +62,7 @@ import javax.inject.Inject;
 import static android.app.Notification.DEFAULT_LIGHTS;
 import static android.app.Notification.DEFAULT_SOUND;
 import static android.app.Notification.DEFAULT_VIBRATE;
+import static android.app.Notification.VISIBILITY_SECRET;
 import static android.app.NotificationManager.IMPORTANCE_DEFAULT;
 import static android.content.Context.NOTIFICATION_SERVICE;
 import static android.content.Intent.FLAG_ACTIVITY_CLEAR_TOP;
@@ -89,12 +91,6 @@ class AndroidNotificationManagerImpl implements AndroidNotificationManager,
 	private static final int BLOG_POST_NOTIFICATION_ID = 6;
 	private static final int INTRODUCTION_SUCCESS_NOTIFICATION_ID = 7;
 
-	// Channel IDs
-	private static final String CONTACT_CHANNEL_ID = "contacts";
-	private static final String GROUP_CHANNEL_ID = "groups";
-	private static final String FORUM_CHANNEL_ID = "forums";
-	private static final String BLOG_CHANNEL_ID = "blogs";
-
 	private static final long SOUND_DELAY = TimeUnit.SECONDS.toMillis(2);
 
 	private static final Logger LOG =
@@ -170,9 +166,15 @@ class AndroidNotificationManagerImpl implements AndroidNotificationManager,
 	@TargetApi(26)
 	private void createNotificationChannel(String channelId,
 			@StringRes int name) {
-		notificationManager.createNotificationChannel(
+		NotificationChannel nc =
 				new NotificationChannel(channelId, appContext.getString(name),
-						IMPORTANCE_DEFAULT));
+						IMPORTANCE_DEFAULT);
+		nc.setLockscreenVisibility(VISIBILITY_SECRET);
+		nc.enableVibration(true);
+		nc.enableLights(true);
+		nc.setLightColor(
+				ContextCompat.getColor(appContext, R.color.briar_green_light));
+		notificationManager.createNotificationChannel(nc);
 	}
 
 	@Override

briar-android/src/main/java/org/briarproject/briar/android/AppModule.java

@@ -94,6 +94,7 @@ public class AppModule {
 
 			@Override
 			public boolean databaseExists() {
+				// FIXME should not run on UiThread #620
 				if (!dir.isDirectory()) return false;
 				File[] files = dir.listFiles();
 				return files != null && files.length > 0;

briar-android/src/main/java/org/briarproject/briar/android/BriarService.java

@@ -4,8 +4,11 @@ import android.app.NotificationChannel;
 import android.app.NotificationManager;
 import android.app.PendingIntent;
 import android.app.Service;
+import android.content.BroadcastReceiver;
 import android.content.ComponentName;
+import android.content.Context;
 import android.content.Intent;
+import android.content.IntentFilter;
 import android.content.ServiceConnection;
 import android.os.Binder;
 import android.os.IBinder;
@@ -17,19 +20,26 @@ import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult;
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.briar.R;
+import org.briarproject.briar.android.logout.HideUiActivity;
 import org.briarproject.briar.android.navdrawer.NavDrawerActivity;
+import org.briarproject.briar.android.splash.SplashScreenActivity;
 
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.logging.Logger;
 
+import javax.annotation.Nullable;
 import javax.inject.Inject;
 
 import static android.app.NotificationManager.IMPORTANCE_DEFAULT;
 import static android.app.NotificationManager.IMPORTANCE_NONE;
 import static android.app.PendingIntent.FLAG_UPDATE_CURRENT;
+import static android.content.Intent.ACTION_SHUTDOWN;
+import static android.content.Intent.FLAG_ACTIVITY_CLEAR_TASK;
 import static android.content.Intent.FLAG_ACTIVITY_CLEAR_TOP;
+import static android.content.Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS;
 import static android.content.Intent.FLAG_ACTIVITY_NEW_TASK;
+import static android.content.Intent.FLAG_ACTIVITY_NO_ANIMATION;
 import static android.os.Build.VERSION.SDK_INT;
 import static android.support.v4.app.NotificationCompat.CATEGORY_SERVICE;
 import static android.support.v4.app.NotificationCompat.PRIORITY_MIN;
@@ -61,6 +71,9 @@ public class BriarService extends Service {
 	private final AtomicBoolean created = new AtomicBoolean(false);
 	private final Binder binder = new BriarBinder();
 
+	@Nullable
+	private BroadcastReceiver receiver = null;
+
 	@Inject
 	protected DatabaseConfig databaseConfig;
 	// Fields that are accessed from background threads must be volatile
@@ -88,6 +101,7 @@ public class BriarService extends Service {
 			stopSelf();
 			return;
 		}
+
 		// Create notification channels
 		if (SDK_INT >= 26) {
 			NotificationManager nm = (NotificationManager)
@@ -139,6 +153,19 @@ public class BriarService extends Service {
 				stopSelf();
 			}
 		}).start();
+		// Register for device shutdown broadcasts
+		receiver = new BroadcastReceiver() {
+			@Override
+			public void onReceive(Context context, Intent intent) {
+				LOG.info("Device is shutting down");
+				shutdownFromBackground();
+			}
+		};
+		IntentFilter filter = new IntentFilter();
+		filter.addAction(ACTION_SHUTDOWN);
+		filter.addAction("android.intent.action.QUICKBOOT_POWEROFF");
+		filter.addAction("com.htc.intent.action.QUICKBOOT_POWEROFF");
+		registerReceiver(receiver, filter);
 	}
 
 	private void showStartupFailureNotification(StartResult result) {
@@ -183,6 +210,7 @@ public class BriarService extends Service {
 		super.onDestroy();
 		LOG.info("Destroyed");
 		stopForeground(true);
+		if (receiver != null) unregisterReceiver(receiver);
 		// Stop the services in a background thread
 		new Thread(() -> {
 			if (started) lifecycleManager.stopServices();
@@ -193,7 +221,48 @@ public class BriarService extends Service {
 	public void onLowMemory() {
 		super.onLowMemory();
 		LOG.warning("Memory is low");
-		// FIXME: Work out what to do about it
+		shutdownFromBackground();
+		showLowMemoryShutdownNotification();
+	}
+
+	private void shutdownFromBackground() {
+		// Stop the service
+		stopSelf();
+		// Hide the UI
+		Intent i = new Intent(this, HideUiActivity.class);
+		i.addFlags(FLAG_ACTIVITY_NEW_TASK
+				| FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS
+				| FLAG_ACTIVITY_NO_ANIMATION
+				| FLAG_ACTIVITY_CLEAR_TASK);
+		startActivity(i);
+		// Wait for shutdown to complete, then exit
+		new Thread(() -> {
+			try {
+				if (started) lifecycleManager.waitForShutdown();
+			} catch (InterruptedException e) {
+				LOG.info("Interrupted while waiting for shutdown");
+			}
+			LOG.info("Exiting");
+			System.exit(0);
+		}).start();
+	}
+
+	private void showLowMemoryShutdownNotification() {
+		androidExecutor.runOnUiThread(() -> {
+			NotificationCompat.Builder b = new NotificationCompat.Builder(
+					BriarService.this, FAILURE_CHANNEL_ID);
+			b.setSmallIcon(android.R.drawable.stat_notify_error);
+			b.setContentTitle(getText(
+					R.string.low_memory_shutdown_notification_title));
+			b.setContentText(getText(
+					R.string.low_memory_shutdown_notification_text));
+			Intent i = new Intent(this, SplashScreenActivity.class);
+			b.setContentIntent(PendingIntent.getActivity(this, 0, i, 0));
+			b.setAutoCancel(true);
+			Object o = getSystemService(NOTIFICATION_SERVICE);
+			NotificationManager nm = (NotificationManager) o;
+			nm.notify(FAILURE_NOTIFICATION_ID, b.build());
+		});
 	}
 
 	/**

briar-android/src/main/java/org/briarproject/briar/android/StartupFailureActivity.java

@@ -3,29 +3,31 @@ package org.briarproject.briar.android;
 import android.app.NotificationManager;
 import android.content.Intent;
 import android.os.Bundle;
-import android.widget.TextView;
 
 import org.briarproject.briar.R;
 import org.briarproject.briar.android.activity.ActivityComponent;
 import org.briarproject.briar.android.activity.BaseActivity;
+import org.briarproject.briar.android.fragment.BaseFragment.BaseFragmentListener;
+import org.briarproject.briar.android.fragment.ErrorFragment;
 
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult;
 import static org.briarproject.briar.android.BriarService.EXTRA_NOTIFICATION_ID;
 import static org.briarproject.briar.android.BriarService.EXTRA_START_RESULT;
 
-public class StartupFailureActivity extends BaseActivity {
+public class StartupFailureActivity extends BaseActivity implements
+		BaseFragmentListener {
 
 	@Override
 	public void onCreate(Bundle state) {
 		super.onCreate(state);
 
-		setContentView(R.layout.activity_startup_failure);
+		setContentView(R.layout.activity_fragment_container);
 		handleIntent(getIntent());
 	}
 
 	@Override
 	public void injectActivity(ActivityComponent component) {
-
+		component.inject(this);
 	}
 
 	private void handleIntent(Intent i) {
@@ -41,12 +43,31 @@ public class StartupFailureActivity extends BaseActivity {
 		}
 
 		// show proper error message
-		TextView view = findViewById(R.id.errorView);
-		if (result.equals(StartResult.DB_ERROR)) {
-			view.setText(getText(R.string.startup_failed_db_error));
-		} else if (result.equals(StartResult.SERVICE_ERROR)) {
-			view.setText(getText(R.string.startup_failed_service_error));
+		String errorMsg;
+		switch (result) {
+			case DATA_TOO_OLD_ERROR:
+				errorMsg = getString(R.string.startup_failed_db_error);
+				break;
+			case DATA_TOO_NEW_ERROR:
+				errorMsg =
+						getString(R.string.startup_failed_data_too_new_error);
+				break;
+			case DB_ERROR:
+				errorMsg =
+						getString(R.string.startup_failed_data_too_old_error);
+				break;
+			case SERVICE_ERROR:
+				errorMsg = getString(R.string.startup_failed_service_error);
+				break;
+			default:
+				throw new IllegalArgumentException();
 		}
+		showInitialFragment(ErrorFragment.newInstance(errorMsg));
+	}
+
+	@Override
+	public void runOnDbThread(Runnable runnable) {
+		throw new AssertionError("Deprecated and should not be used");
 	}
 
 }

briar-android/src/main/java/org/briarproject/briar/android/activity/ActivityComponent.java

@@ -3,6 +3,7 @@ package org.briarproject.briar.android.activity;
 import android.app.Activity;
 
 import org.briarproject.briar.android.AndroidComponent;
+import org.briarproject.briar.android.StartupFailureActivity;
 import org.briarproject.briar.android.blog.BlogActivity;
 import org.briarproject.briar.android.blog.BlogFragment;
 import org.briarproject.briar.android.blog.BlogModule;
@@ -31,6 +32,7 @@ import org.briarproject.briar.android.keyagreement.ShowQrCodeFragment;
 import org.briarproject.briar.android.login.AuthorNameFragment;
 import org.briarproject.briar.android.login.ChangePasswordActivity;
 import org.briarproject.briar.android.login.DozeFragment;
+import org.briarproject.briar.android.login.OpenDatabaseActivity;
 import org.briarproject.briar.android.login.PasswordActivity;
 import org.briarproject.briar.android.login.PasswordFragment;
 import org.briarproject.briar.android.login.SetupActivity;
@@ -68,6 +70,7 @@ import org.briarproject.briar.android.sharing.ShareForumFragment;
 import org.briarproject.briar.android.sharing.ShareForumMessageFragment;
 import org.briarproject.briar.android.sharing.SharingModule;
 import org.briarproject.briar.android.splash.SplashScreenActivity;
+import org.briarproject.briar.android.test.TestDataActivity;
 
 import dagger.Component;
 
@@ -87,6 +90,8 @@ public interface ActivityComponent {
 
 	void inject(SetupActivity activity);
 
+	void inject(OpenDatabaseActivity activity);
+
 	void inject(NavDrawerActivity activity);
 
 	void inject(PasswordActivity activity);
@@ -143,6 +148,8 @@ public interface ActivityComponent {
 
 	void inject(SettingsActivity activity);
 
+	void inject(TestDataActivity activity);
+
 	void inject(ChangePasswordActivity activity);
 
 	void inject(IntroductionActivity activity);
@@ -151,6 +158,8 @@ public interface ActivityComponent {
 
 	void inject(RssFeedManageActivity activity);
 
+	void inject(StartupFailureActivity activity);
+
 	// Fragments
 	void inject(AuthorNameFragment fragment);
 

briar-android/src/main/java/org/briarproject/briar/android/activity/BriarActivity.java

@@ -16,7 +16,7 @@ import org.briarproject.briar.android.controller.BriarController;
 import org.briarproject.briar.android.controller.DbController;
 import org.briarproject.briar.android.controller.handler.UiResultHandler;
 import org.briarproject.briar.android.login.PasswordActivity;
-import org.briarproject.briar.android.panic.ExitActivity;
+import org.briarproject.briar.android.logout.ExitActivity;
 
 import java.util.logging.Logger;