Remove local author from contacts.

Bump schema version to match migrations

See merge request briar/briar!1084

bramble-android/build.gradle

@@ -11,8 +11,8 @@ android {
 	defaultConfig {
 		minSdkVersion 14
 		targetSdkVersion 26
-		versionCode 10105
-		versionName "1.1.5"
+		versionCode 10106
+		versionName "1.1.6"
 		consumerProguardFiles 'proguard-rules.txt'
 
 		testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
@@ -30,8 +30,8 @@ configurations {
 
 dependencies {
 	implementation project(path: ':bramble-core', configuration: 'default')
-	tor 'org.briarproject:tor-android:0.3.4.8@zip'
-	tor 'org.briarproject:obfs4proxy-android:0.0.7@zip'
+	tor 'org.briarproject:tor-android:0.3.5.8@zip'
+	tor 'org.briarproject:obfs4proxy-android:0.0.9@zip'
 
 	annotationProcessor 'com.google.dagger:dagger-compiler:2.19'
 

bramble-android/src/main/java/org/briarproject/bramble/account/AndroidAccountManager.java

@@ -9,22 +9,23 @@ import org.briarproject.bramble.api.account.AccountManager;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.identity.IdentityManager;
+import org.briarproject.bramble.util.IoUtils;
 
 import java.io.File;
+import java.util.HashSet;
+import java.util.Set;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;
 
-import static java.util.logging.Logger.getLogger;
-import static org.briarproject.bramble.util.IoUtils.deleteFileOrDir;
+import static android.os.Build.VERSION.SDK_INT;
 
 class AndroidAccountManager extends AccountManagerImpl
 		implements AccountManager {
 
 	private static final Logger LOG =
-			getLogger(AndroidAccountManager.class.getName());
+			Logger.getLogger(AndroidAccountManager.class.getName());
 
 	private static final String PREF_DB_KEY = "key";
 
@@ -40,7 +41,7 @@ class AndroidAccountManager extends AccountManagerImpl
 		appContext = app.getApplicationContext();
 	}
 
-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	@Override
 	@Nullable
 	protected String loadEncryptedDatabaseKey() {
@@ -50,7 +51,7 @@ class AndroidAccountManager extends AccountManagerImpl
 		return key;
 	}
 
-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	@Nullable
 	private String getDatabaseKeyFromPreferences() {
 		String key = prefs.getString(PREF_DB_KEY, null);
@@ -59,7 +60,7 @@ class AndroidAccountManager extends AccountManagerImpl
 		return key;
 	}
 
-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	private void migrateDatabaseKeyToFile(String key) {
 		if (storeEncryptedDatabaseKey(key)) {
 			if (prefs.edit().remove(PREF_DB_KEY).commit())
@@ -84,7 +85,7 @@ class AndroidAccountManager extends AccountManagerImpl
 		return PreferenceManager.getDefaultSharedPreferences(appContext);
 	}
 
-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	private void deleteAppData(SharedPreferences... clear) {
 		// Clear and commit shared preferences
 		for (SharedPreferences prefs : clear) {
@@ -92,20 +93,42 @@ class AndroidAccountManager extends AccountManagerImpl
 				LOG.warning("Could not clear shared preferences");
 		}
 		// Delete files, except lib and shared_prefs directories
+		Set<File> files = new HashSet<>();
 		File dataDir = new File(appContext.getApplicationInfo().dataDir);
-		File[] children = dataDir.listFiles();
-		if (children == null) {
+		@Nullable
+		File[] fileArray = dataDir.listFiles();
+		if (fileArray == null) {
 			LOG.warning("Could not list files in app data dir");
 		} else {
-			for (File child : children) {
-				String name = child.getName();
+			for (File file : fileArray) {
+				String name = file.getName();
 				if (!name.equals("lib") && !name.equals("shared_prefs")) {
-					deleteFileOrDir(child);
+					files.add(file);
 				}
 			}
 		}
+		files.add(appContext.getFilesDir());
+		files.add(appContext.getCacheDir());
+		addIfNotNull(files, appContext.getExternalCacheDir());
+		if (SDK_INT >= 19) {
+			for (File file : appContext.getExternalCacheDirs()) {
+				addIfNotNull(files, file);
+			}
+		}
+		if (SDK_INT >= 21) {
+			for (File file : appContext.getExternalMediaDirs()) {
+				addIfNotNull(files, file);
+			}
+		}
+		for (File file : files) {
+			IoUtils.deleteFileOrDir(file);
+		}
 		// Recreate the cache dir as some OpenGL drivers expect it to exist
-		if (!new File(dataDir, "cache").mkdir())
+		if (!new File(dataDir, "cache").mkdirs())
 			LOG.warning("Could not recreate cache dir");
 	}
+
+	private void addIfNotNull(Set<File> files, @Nullable File file) {
+		if (file != null) files.add(file);
+	}
 }

bramble-android/src/main/java/org/briarproject/bramble/network/AndroidNetworkManager.java

@@ -13,7 +13,8 @@ import org.briarproject.bramble.api.lifecycle.Service;
 import org.briarproject.bramble.api.network.NetworkManager;
 import org.briarproject.bramble.api.network.NetworkStatus;
 import org.briarproject.bramble.api.network.event.NetworkStatusEvent;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.system.Scheduler;
 
 import java.util.concurrent.Future;
@@ -33,17 +34,16 @@ import static android.net.ConnectivityManager.CONNECTIVITY_ACTION;
 import static android.net.ConnectivityManager.TYPE_WIFI;
 import static android.os.Build.VERSION.SDK_INT;
 import static android.os.PowerManager.ACTION_DEVICE_IDLE_MODE_CHANGED;
-import static java.util.Objects.requireNonNull;
 import static java.util.concurrent.TimeUnit.MINUTES;
 import static java.util.concurrent.TimeUnit.SECONDS;
 import static java.util.logging.Level.INFO;
-import static java.util.logging.Logger.getLogger;
 
-@NotNullByDefault
+@MethodsNotNullByDefault
+@ParametersNotNullByDefault
 class AndroidNetworkManager implements NetworkManager, Service {
 
 	private static final Logger LOG =
-			getLogger(AndroidNetworkManager.class.getName());
+			Logger.getLogger(AndroidNetworkManager.class.getName());
 
 	// See android.net.wifi.WifiManager
 	private static final String WIFI_AP_STATE_CHANGED_ACTION =
@@ -56,7 +56,6 @@ class AndroidNetworkManager implements NetworkManager, Service {
 			new AtomicReference<>();
 	private final AtomicBoolean used = new AtomicBoolean(false);
 
-	@Nullable
 	private volatile BroadcastReceiver networkStateReceiver = null;
 
 	@Inject
@@ -90,8 +89,9 @@ class AndroidNetworkManager implements NetworkManager, Service {
 
 	@Override
 	public NetworkStatus getNetworkStatus() {
-		ConnectivityManager cm = (ConnectivityManager) requireNonNull(
-				appContext.getSystemService(CONNECTIVITY_SERVICE));
+		ConnectivityManager cm = (ConnectivityManager)
+				appContext.getSystemService(CONNECTIVITY_SERVICE);
+		if (cm == null) throw new AssertionError();
 		NetworkInfo net = cm.getActiveNetworkInfo();
 		boolean connected = net != null && net.isConnected();
 		boolean wifi = connected && net.getType() == TYPE_WIFI;

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPlugin.java

@@ -24,6 +24,7 @@ import java.io.IOException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.UUID;
 import java.util.concurrent.BlockingQueue;
@@ -47,11 +48,9 @@ import static android.bluetooth.BluetoothAdapter.STATE_OFF;
 import static android.bluetooth.BluetoothAdapter.STATE_ON;
 import static android.bluetooth.BluetoothDevice.ACTION_FOUND;
 import static android.bluetooth.BluetoothDevice.EXTRA_DEVICE;
-import static java.util.Collections.shuffle;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
 
 @MethodsNotNullByDefault
@@ -59,7 +58,7 @@ import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
 class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 
 	private static final Logger LOG =
-			getLogger(AndroidBluetoothPlugin.class.getName());
+			Logger.getLogger(AndroidBluetoothPlugin.class.getName());
 
 	private static final int MAX_DISCOVERY_MS = 10_000;
 
@@ -260,7 +259,7 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 			appContext.unregisterReceiver(receiver);
 		}
 		// Shuffle the addresses so we don't always try the same one first
-		shuffle(addresses);
+		Collections.shuffle(addresses);
 		return addresses;
 	}
 

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPlugin.java

@@ -32,19 +32,17 @@ import static android.net.ConnectivityManager.TYPE_WIFI;
 import static android.os.Build.VERSION.SDK_INT;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.singletonList;
-import static java.util.Objects.requireNonNull;
-import static java.util.logging.Logger.getLogger;
 
 @NotNullByDefault
 class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 
-	private static final Logger LOG =
-			getLogger(AndroidLanTcpPlugin.class.getName());
-
 	private static final byte[] WIFI_AP_ADDRESS_BYTES =
 			{(byte) 192, (byte) 168, 43, 1};
 	private static final InetAddress WIFI_AP_ADDRESS;
 
+	private static final Logger LOG =
+			Logger.getLogger(AndroidLanTcpPlugin.class.getName());
+
 	static {
 		try {
 			WIFI_AP_ADDRESS = InetAddress.getByAddress(WIFI_AP_ADDRESS_BYTES);
@@ -68,8 +66,10 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 		// Don't execute more than one connection status check at a time
 		connectionStatusExecutor =
 				new PoliteExecutor("AndroidLanTcpPlugin", ioExecutor, 1);
-		connectivityManager = (ConnectivityManager) requireNonNull(
-				appContext.getSystemService(CONNECTIVITY_SERVICE));
+		ConnectivityManager connectivityManager = (ConnectivityManager)
+				appContext.getSystemService(CONNECTIVITY_SERVICE);
+		if (connectivityManager == null) throw new AssertionError();
+		this.connectivityManager = connectivityManager;
 		wifiManager = (WifiManager) appContext.getApplicationContext()
 				.getSystemService(WIFI_SERVICE);
 		socketFactory = SocketFactory.getDefault();

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPlugin.java

@@ -8,7 +8,8 @@ import android.os.PowerManager;
 
 import org.briarproject.bramble.api.battery.BatteryManager;
 import org.briarproject.bramble.api.network.NetworkManager;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.system.Clock;
@@ -25,15 +26,12 @@ import javax.net.SocketFactory;
 import static android.content.Context.MODE_PRIVATE;
 import static android.content.Context.POWER_SERVICE;
 import static android.os.PowerManager.PARTIAL_WAKE_LOCK;
-import static java.util.Objects.requireNonNull;
 import static java.util.concurrent.TimeUnit.MINUTES;
 
-@NotNullByDefault
+@MethodsNotNullByDefault
+@ParametersNotNullByDefault
 class AndroidTorPlugin extends TorPlugin {
 
-	// This tag may prevent Huawei's power manager from killing us
-	private static final String WAKE_LOCK_TAG = "LocationManagerService";
-
 	private final Context appContext;
 	private final RenewableWakeLock wakeLock;
 
@@ -51,9 +49,10 @@ class AndroidTorPlugin extends TorPlugin {
 				appContext.getDir("tor", MODE_PRIVATE));
 		this.appContext = appContext;
 		PowerManager pm = (PowerManager)
-				requireNonNull(appContext.getSystemService(POWER_SERVICE));
+				appContext.getSystemService(POWER_SERVICE);
+		if (pm == null) throw new AssertionError();
 		wakeLock = new RenewableWakeLock(pm, scheduler, PARTIAL_WAKE_LOCK,
-				WAKE_LOCK_TAG, 1, MINUTES);
+				getWakeLockTag(), 1, MINUTES);
 	}
 
 	@Override
@@ -85,4 +84,17 @@ class AndroidTorPlugin extends TorPlugin {
 		super.stop();
 		wakeLock.release();
 	}
+
+	private String getWakeLockTag() {
+		PackageManager pm = appContext.getPackageManager();
+		for (PackageInfo info : pm.getInstalledPackages(0)) {
+			String name = info.packageName.toLowerCase();
+			if (name.startsWith("com.huawei.powergenie")) {
+				return "LocationManagerService";
+			} else if (name.startsWith("com.evenwell.powermonitor")) {
+				return "AudioIn";
+			}
+		}
+		return getClass().getSimpleName();
+	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPluginFactory.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.plugin.tor;
 
 import android.content.Context;
+import android.os.Build;
 
 import org.briarproject.bramble.api.battery.BatteryManager;
 import org.briarproject.bramble.api.event.EventBus;
@@ -25,15 +26,12 @@ import java.util.logging.Logger;
 import javax.annotation.concurrent.Immutable;
 import javax.net.SocketFactory;
 
-import static android.os.Build.VERSION.SDK_INT;
-import static java.util.logging.Logger.getLogger;
-
 @Immutable
 @NotNullByDefault
 public class AndroidTorPluginFactory implements DuplexPluginFactory {
 
 	private static final Logger LOG =
-			getLogger(AndroidTorPluginFactory.class.getName());
+			Logger.getLogger(AndroidTorPluginFactory.class.getName());
 
 	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
 	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
@@ -104,7 +102,7 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 			return null;
 		}
 		// Use position-independent executable for SDK >= 16
-		if (SDK_INT >= 16) architecture += "_pie";
+		if (Build.VERSION.SDK_INT >= 16) architecture += "_pie";
 
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidLocationUtils.java

@@ -15,13 +15,12 @@ import java.util.logging.Logger;
 import javax.inject.Inject;
 
 import static android.content.Context.TELEPHONY_SERVICE;
-import static java.util.logging.Logger.getLogger;
 
 @NotNullByDefault
 class AndroidLocationUtils implements LocationUtils {
 
 	private static final Logger LOG =
-			getLogger(AndroidLocationUtils.class.getName());
+			Logger.getLogger(AndroidLocationUtils.class.getName());
 
 	private final Context appContext;
 
@@ -60,14 +59,14 @@ class AndroidLocationUtils implements LocationUtils {
 	}
 
 	private String getCountryFromPhoneNetwork() {
-		TelephonyManager tm = (TelephonyManager)
-				appContext.getSystemService(TELEPHONY_SERVICE);
-		return tm == null ? "" : tm.getNetworkCountryIso();
+		Object o = appContext.getSystemService(TELEPHONY_SERVICE);
+		TelephonyManager tm = (TelephonyManager) o;
+		return tm.getNetworkCountryIso();
 	}
 
 	private String getCountryFromSimCard() {
-		TelephonyManager tm = (TelephonyManager)
-				appContext.getSystemService(TELEPHONY_SERVICE);
-		return tm == null ? "" : tm.getSimCountryIso();
+		Object o = appContext.getSystemService(TELEPHONY_SERVICE);
+		TelephonyManager tm = (TelephonyManager) o;
+		return tm.getSimCountryIso();
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSecureRandomProvider.java

@@ -8,6 +8,7 @@ import android.content.ContentResolver;
 import android.content.Context;
 import android.net.wifi.WifiConfiguration;
 import android.net.wifi.WifiManager;
+import android.os.Build;
 import android.os.Parcel;
 import android.os.StrictMode;
 import android.provider.Settings;
@@ -22,9 +23,6 @@ import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
 import static android.content.Context.WIFI_SERVICE;
-import static android.os.Build.FINGERPRINT;
-import static android.os.Build.SERIAL;
-import static android.os.Build.VERSION.SDK_INT;
 import static android.provider.Settings.Secure.ANDROID_ID;
 
 @Immutable
@@ -47,8 +45,8 @@ class AndroidSecureRandomProvider extends UnixSecureRandomProvider {
 		out.writeInt(android.os.Process.myPid());
 		out.writeInt(android.os.Process.myTid());
 		out.writeInt(android.os.Process.myUid());
-		if (FINGERPRINT != null) out.writeUTF(FINGERPRINT);
-		if (SERIAL != null) out.writeUTF(SERIAL);
+		if (Build.FINGERPRINT != null) out.writeUTF(Build.FINGERPRINT);
+		if (Build.SERIAL != null) out.writeUTF(Build.SERIAL);
 		ContentResolver contentResolver = appContext.getContentResolver();
 		String id = Settings.Secure.getString(contentResolver, ANDROID_ID);
 		if (id != null) out.writeUTF(id);
@@ -76,13 +74,15 @@ class AndroidSecureRandomProvider extends UnixSecureRandomProvider {
 		// Silence strict mode
 		StrictMode.ThreadPolicy tp = StrictMode.allowThreadDiskWrites();
 		super.writeSeed();
-		if (SDK_INT >= 16 && SDK_INT <= 18) applyOpenSslFix();
+		if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT <= 18)
+			applyOpenSslFix();
 		StrictMode.setThreadPolicy(tp);
 	}
 
 	// Based on https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
 	private void applyOpenSslFix() {
-		byte[] seed = new UnixSecureRandomSpi().engineGenerateSeed(SEED_LENGTH);
+		byte[] seed = new UnixSecureRandomSpi().engineGenerateSeed(
+				SEED_LENGTH);
 		try {
 			// Seed the OpenSSL PRNG
 			Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto")

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSystemModule.java

@@ -1,10 +1,13 @@
 package org.briarproject.bramble.system;
 
+import org.briarproject.bramble.api.event.EventExecutor;
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.bramble.api.system.LocationUtils;
 import org.briarproject.bramble.api.system.ResourceProvider;
 import org.briarproject.bramble.api.system.SecureRandomProvider;
 
+import java.util.concurrent.Executor;
+
 import javax.inject.Singleton;
 
 import dagger.Module;
@@ -32,6 +35,13 @@ public class AndroidSystemModule {
 		return androidExecutor;
 	}
 
+	@Provides
+	@Singleton
+	@EventExecutor
+	Executor provideEventExecutor(AndroidExecutor androidExecutor) {
+		return androidExecutor::runOnUiThread;
+	}
+
 	@Provides
 	@Singleton
 	ResourceProvider provideResourceProvider(AndroidResourceProvider provider) {

bramble-android/src/main/java/org/briarproject/bramble/util/AndroidUtils.java

@@ -3,20 +3,17 @@ package org.briarproject.bramble.util;
 import android.annotation.SuppressLint;
 import android.bluetooth.BluetoothAdapter;
 import android.content.Context;
+import android.os.Build;
 import android.provider.Settings;
 
 import java.io.File;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 
 import static android.content.Context.MODE_PRIVATE;
-import static android.os.Build.CPU_ABI;
-import static android.os.Build.CPU_ABI2;
-import static android.os.Build.SUPPORTED_ABIS;
 import static android.os.Build.VERSION.SDK_INT;
-import static java.util.Arrays.asList;
-import static org.briarproject.bramble.util.StringUtils.isNullOrEmpty;
 
 public class AndroidUtils {
 
@@ -25,13 +22,14 @@ public class AndroidUtils {
 
 	private static final String STORED_REPORTS = "dev-reports";
 
+	@SuppressWarnings("deprecation")
 	public static Collection<String> getSupportedArchitectures() {
 		List<String> abis = new ArrayList<>();
 		if (SDK_INT >= 21) {
-			abis.addAll(asList(SUPPORTED_ABIS));
+			abis.addAll(Arrays.asList(Build.SUPPORTED_ABIS));
 		} else {
-			abis.add(CPU_ABI);
-			if (CPU_ABI2 != null) abis.add(CPU_ABI2);
+			abis.add(Build.CPU_ABI);
+			if (Build.CPU_ABI2 != null) abis.add(Build.CPU_ABI2);
 		}
 		return abis;
 	}
@@ -51,7 +49,7 @@ public class AndroidUtils {
 	}
 
 	private static boolean isValidBluetoothAddress(String address) {
-		return !isNullOrEmpty(address)
+		return !StringUtils.isNullOrEmpty(address)
 				&& BluetoothAdapter.checkBluetoothAddress(address)
 				&& !address.equals(FAKE_BLUETOOTH_ADDRESS);
 	}

bramble-android/src/main/java/org/briarproject/bramble/util/RenewableWakeLock.java

@@ -10,19 +10,17 @@ import java.util.concurrent.TimeUnit;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
-import static java.util.logging.Logger.getLogger;
 
 @ThreadSafe
 @NotNullByDefault
 public class RenewableWakeLock {
 
 	private static final Logger LOG =
-			getLogger(RenewableWakeLock.class.getName());
+			Logger.getLogger(RenewableWakeLock.class.getName());
 
 	/**
 	 * Automatically release the lock this many milliseconds after it's due
@@ -38,12 +36,10 @@ public class RenewableWakeLock {
 	private final Runnable renewTask;
 
 	private final Object lock = new Object();
-	@GuardedBy("lock")
 	@Nullable
-	private PowerManager.WakeLock wakeLock;
-	@GuardedBy("lock")
+	private PowerManager.WakeLock wakeLock; // Locking: lock
 	@Nullable
-	private ScheduledFuture future;
+	private ScheduledFuture future; // Locking: lock
 
 	public RenewableWakeLock(PowerManager powerManager,
 			ScheduledExecutorService scheduler, int levelAndFlags, String tag,

bramble-android/src/test/java/org/briarproject/bramble/account/AndroidAccountManagerTest.java

@@ -112,6 +112,8 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 		// Other directories should be deleted
 		File potatoDir = new File(testDir, ".potato");
 		File potatoFile = new File(potatoDir, "file");
+		File filesDir = new File(testDir, "filesDir");
+		File externalCacheDir = new File(testDir, "externalCacheDir");
 
 		context.checking(new Expectations() {{
 			oneOf(prefs).edit();
@@ -128,6 +130,12 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 			will(returnValue(true));
 			oneOf(app).getApplicationInfo();
 			will(returnValue(applicationInfo));
+			oneOf(app).getFilesDir();
+			will(returnValue(filesDir));
+			oneOf(app).getCacheDir();
+			will(returnValue(cacheDir));
+			oneOf(app).getExternalCacheDir();
+			will(returnValue(externalCacheDir));
 		}});
 
 		assertTrue(dbDir.mkdirs());
@@ -140,6 +148,8 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 		assertTrue(cacheFile.createNewFile());
 		assertTrue(potatoDir.mkdirs());
 		assertTrue(potatoFile.createNewFile());
+		assertTrue(filesDir.mkdirs());
+		assertTrue(externalCacheDir.mkdirs());
 
 		accountManager.deleteAccount();
 
@@ -153,6 +163,8 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 		assertFalse(cacheFile.exists());
 		assertFalse(potatoDir.exists());
 		assertFalse(potatoFile.exists());
+		assertFalse(filesDir.exists());
+		assertFalse(externalCacheDir.exists());
 	}
 
 	@After

bramble-android/witness.gradle

@@ -1,46 +1,44 @@
 dependencyVerification {
     verify = [
         'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
-        'com.android.tools.analytics-library:protos:26.2.1:protos-26.2.1.jar:2f371f5b1f551e85ab08be4d6a2873471b3d44afd1ebf6aa3298f3b796bf691f',
-        'com.android.tools.analytics-library:shared:26.2.1:shared-26.2.1.jar:4c1e4e705fa4d45f23aaea230557f6508155012d9c296337787c1d7b26a97f5a',
-        'com.android.tools.analytics-library:tracker:26.2.1:tracker-26.2.1.jar:4a624ecc976539f755ddb0bb8dfc2dd3d08326cfec59a098dbd70f701ca7fb75',
-        'com.android.tools.build:aapt2:3.2.1-4818971:aapt2-3.2.1-4818971-linux.jar:f431b6f96c91a2c155144b091a9c97d9805c589fe8efc9c930b6cd346cb60a1e',
-        'com.android.tools.build:apksig:3.2.1:apksig-3.2.1.jar:2b46f2feffea66037aab29e4261b2433c190194a6ef97b958511eb157f2ccba5',
-        'com.android.tools.build:apkzlib:3.2.1:apkzlib-3.2.1.jar:c39ad0313905932431fe81c8899c2cf39a4d92ad6c4edcaa4b25432f461452aa',
-        'com.android.tools.build:builder-model:3.2.1:builder-model-3.2.1.jar:a9f68e6abcec122f9cb5ad352d3f05a3eb03acbcdca95e4d25c16310c2c965ff',
-        'com.android.tools.build:builder-test-api:3.2.1:builder-test-api-3.2.1.jar:533ac6c2b5884bb54967a33791f2628dfdfac7981af39417a333b43d4379b6be',
-        'com.android.tools.build:builder:3.2.1:builder-3.2.1.jar:aedcbfd115dbe91d09b4113e66ef50589b558d0aa3b2f133b1d867c9b87fae83',
-        'com.android.tools.build:gradle-api:3.2.1:gradle-api-3.2.1.jar:57cf0ac5ac1dca8afdb3f62b94265e776e7dcfa641cc3844fb53a05193de208d',
-        'com.android.tools.build:manifest-merger:26.2.1:manifest-merger-26.2.1.jar:8830573263361035d38cfdcb51e2db94029c93865b21334f5fbf8a27984281a6',
-        'com.android.tools.ddms:ddmlib:26.2.1:ddmlib-26.2.1.jar:a4bf0a29a19980bf27269465cc782064656750b77c26728f82f9e148b705218b',
-        'com.android.tools.external.com-intellij:intellij-core:26.2.1:intellij-core-26.2.1.jar:4925ad1892c2687cb1a63427d440ef519c8c59215fefe0dc5d541d5d411fcafe',
-        'com.android.tools.external.com-intellij:kotlin-compiler:26.2.1:kotlin-compiler-26.2.1.jar:daa064fd708f340ee25fb9823c4c74104ac77f1370b76d907eb9ae6daec0a2ae',
-        'com.android.tools.external.org-jetbrains:uast:26.2.1:uast-26.2.1.jar:f10f7258d2ab9189562cc0f9ad838c0378fdba439229173390a99de02ebac75b',
-        'com.android.tools.layoutlib:layoutlib-api:26.2.1:layoutlib-api-26.2.1.jar:ddbf4fca123733fa011595b1cc1f4ac2937ed327b60990711fafc33c775c2ade',
-        'com.android.tools.lint:lint-api:26.2.1:lint-api-26.2.1.jar:3b57e739de567b98bc9ab56c2c0ee66fc026b4adf5843e8f9804ca0666a6f66e',
-        'com.android.tools.lint:lint-checks:26.2.1:lint-checks-26.2.1.jar:c86f4cc9aaee722ee4ad70062f7b5af91e9b041914af27adc09f545ab0fb3bc6',
-        'com.android.tools.lint:lint-gradle-api:26.2.1:lint-gradle-api-26.2.1.jar:2283e7af32e301565f2a797e531f0fc8c648077d457afb3ffdddbee638976c2f',
-        'com.android.tools.lint:lint-gradle:26.2.1:lint-gradle-26.2.1.jar:8fd90b2f3ec788cbb9801c07ab3e1ea2255aa31a6093157d7ea0ff13d0315ecb',
-        'com.android.tools.lint:lint-kotlin:26.2.1:lint-kotlin-26.2.1.jar:7a6a5d2b18f69cf1b900d857c2632b4c683713c533295933b8b759f8cab4a877',
-        'com.android.tools.lint:lint:26.2.1:lint-26.2.1.jar:7848b82ae988b90dee259ae7c7e86e05cbf52db6cd21c8bbd38ce7df08f3f8c5',
-        'com.android.tools:annotations:26.2.1:annotations-26.2.1.jar:7391c6a1e080174b96e64ceb078dadd31ce4d8a2d2fee0ec65be202126f90f24',
-        'com.android.tools:common:26.2.1:common-26.2.1.jar:a50aab2d6411ff68f4004a87c7e93d87d8e980a0ec3b352246549897ea2d78e5',
-        'com.android.tools:dvlib:26.2.1:dvlib-26.2.1.jar:72a83bf2839b1df9b1fbf67ba45d1bfb9f966cd774da4320c762b2be8f1688aa',
-        'com.android.tools:repository:26.2.1:repository-26.2.1.jar:fa74dae09103faef703df38550ad8fa244c5b6d1bf90d6198be932292b3d9cc1',
-        'com.android.tools:sdk-common:26.2.1:sdk-common-26.2.1.jar:759d4b292ca69a35cf961fca377b54158fc6c88108978006999442e80a011cf4',
-        'com.android.tools:sdklib:26.2.1:sdklib-26.2.1.jar:248df7ad5eac4aeb6f96c394c76760de4b7b89ac056e54d0c21a739368b91b45',
+        'com.android.tools.analytics-library:protos:26.3.2:protos-26.3.2.jar:50238fb4298b297217b184b9cd93c14f83536fcee829eb0ca850bdb5b53251f0',
+        'com.android.tools.analytics-library:shared:26.3.2:shared-26.3.2.jar:ddd80dcf21905018b7c0583ba72b7282f446084d4952422609a09fbf8237ef71',
+        'com.android.tools.analytics-library:tracker:26.3.2:tracker-26.3.2.jar:28c575d2d1af003e96d7b375a668ee10b2673a2dd0f6438750aa8c3b42e7d0ad',
+        'com.android.tools.build:apksig:3.3.2:apksig-3.3.2.jar:84c4aaa20127c6c1fe6bdd334b3f5df71f54ad080be9029c8a10f43b6a908acd',
+        'com.android.tools.build:apkzlib:3.3.2:apkzlib-3.3.2.jar:d34e523278e5dff565eba3ef3c089d515b2b5cc7b47dc77e2f3465e5e47176ac',
+        'com.android.tools.build:builder-model:3.3.2:builder-model-3.3.2.jar:055e3db0ecee9e06b9f024034999a29cd92cb1885207b37542126bd8bcc57f46',
+        'com.android.tools.build:builder-test-api:3.3.2:builder-test-api-3.3.2.jar:0b2e4cd7615bbcad14a3c91fe45ae26693508d06e40ba06c5968b8bc24416618',
+        'com.android.tools.build:builder:3.3.2:builder-3.3.2.jar:65649704da7aef0487235fd326f0f2e99ed5cf958e80f204496e6e08a42bd9f5',
+        'com.android.tools.build:gradle-api:3.3.2:gradle-api-3.3.2.jar:3cbd47e41bb70330dd72ec2c9fe51e6173554b484a03829b5a2de9e00841e040',
+        'com.android.tools.build:manifest-merger:26.3.2:manifest-merger-26.3.2.jar:05c4a6d8b02fb9f08744876477d0a68547c03a8a9069b1f086684fa04af97c33',
+        'com.android.tools.ddms:ddmlib:26.3.2:ddmlib-26.3.2.jar:d248da8a563d6e46d2c7ebbf371a4877e00510f4ca763c0bb272d5a281bf8b85',
+        'com.android.tools.external.com-intellij:intellij-core:26.3.2:intellij-core-26.3.2.jar:6c5ecc968230e9f4dcd0fef28885379feace1f0cd8130de6f61d649c86139bf3',
+        'com.android.tools.external.com-intellij:kotlin-compiler:26.3.2:kotlin-compiler-26.3.2.jar:1007d9b07ccb49cd8eaf30fda10ed4681d4714f2f9ab2ecda39b4e539cc51bbe',
+        'com.android.tools.external.org-jetbrains:uast:26.3.2:uast-26.3.2.jar:5d1833e562ea4f38a89708dfde695f0a162cbd39d003d3dde818c3fdc2b05317',
+        'com.android.tools.layoutlib:layoutlib-api:26.3.2:layoutlib-api-26.3.2.jar:d7e61e874ab95f5c350dd38b6a95b5c9dbe0083a02001884264cdb390cb255b8',
+        'com.android.tools.lint:lint-api:26.3.2:lint-api-26.3.2.jar:5867dfd7fb4a4e161a816a5d29d045f9b542d34594c00a1efec46fb4cd0e1033',
+        'com.android.tools.lint:lint-checks:26.3.2:lint-checks-26.3.2.jar:4b163b9c93790d2771e92ba8de58a0d9e0671ffcf2ccef3cf496efd442e27517',
+        'com.android.tools.lint:lint-gradle-api:26.3.2:lint-gradle-api-26.3.2.jar:54cb282e0c054f9bed3f51302ce08b003c8ab7961dfd5a4f6de26c23cc23062f',
+        'com.android.tools.lint:lint-gradle:26.3.2:lint-gradle-26.3.2.jar:bb139615f4ce97d42cc394b9389b49b76a6eb85be6785a5d272991543b519013',
+        'com.android.tools.lint:lint:26.3.2:lint-26.3.2.jar:ef7b369f8a56a92ccb0f4c1c357666b9339e4a711a9d84747d446441746cfe4e',
+        'com.android.tools:annotations:26.3.2:annotations-26.3.2.jar:5bcce8e98b6a2f5ccf13ebcefd8f734e0b35f8b19e456575665631442ce1f7a1',
+        'com.android.tools:common:26.3.2:common-26.3.2.jar:d9f8e7f0669e9a701568e3db6a87c89cf12d8fa6811c9991e969f950215ecfac',
+        'com.android.tools:dvlib:26.3.2:dvlib-26.3.2.jar:d84aad56161c7773579303d69714ded6897c64c6ddfd7d456e453231e4dfe811',
+        'com.android.tools:repository:26.3.2:repository-26.3.2.jar:da611eeb06e9ab8750d25b9e2901e10db8e5ec6304eb4c8b7103d39e0921ea40',
+        'com.android.tools:sdk-common:26.3.2:sdk-common-26.3.2.jar:82823a3bf25e64fac33a286490f0cf5ac50c2cdb3c540149b030896bb44bf96c',
+        'com.android.tools:sdklib:26.3.2:sdklib-26.3.2.jar:424d15492af67321900963238646d27495ab60de2a5b19e6a416963bc5d6932b',
         'com.google.code.findbugs:jsr305:1.3.9:jsr305-1.3.9.jar:905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed',
+        'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
         'com.google.code.gson:gson:2.8.0:gson-2.8.0.jar:c6221763bd79c4f1c3dc7f750b5f29a0bb38b367b81314c4f71896e340c40825',
         'com.google.dagger:dagger-compiler:2.19:dagger-compiler-2.19.jar:27a4b202a2de908182edb261f8c0a264e08e5e4733d7514bc7fbf0d31da5c0fc',
         'com.google.dagger:dagger-producers:2.19:dagger-producers-2.19.jar:a17663abe0fc38b676026950907d4c5f5e2bf338375415861eaff6e3bdb0b768',
         'com.google.dagger:dagger-spi:2.19:dagger-spi-2.19.jar:e7a6379d82c841f6aac2866948ad1eed716528707814602842a8d844ce04e2e1',
         'com.google.dagger:dagger:2.19:dagger-2.19.jar:514b6f1e0727c6572e1d65cb27e4ae668b7aeaeb93a29515182965265b609939',
-        'com.google.errorprone:error_prone_annotations:2.0.18:error_prone_annotations-2.0.18.jar:cb4cfad870bf563a07199f3ebea5763f0dec440fcda0b318640b1feaa788656b',
         'com.google.errorprone:error_prone_annotations:2.1.3:error_prone_annotations-2.1.3.jar:03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8',
         'com.google.errorprone:javac-shaded:9-dev-r4023-3:javac-shaded-9-dev-r4023-3.jar:65bfccf60986c47fbc17c9ebab0be626afc41741e0a6ec7109e0768817a36f30',
         'com.google.googlejavaformat:google-java-format:1.5:google-java-format-1.5.jar:aa19ad7850fb85178aa22f2fddb163b84d6ce4d0035872f30d4408195ca1144e',
-        'com.google.guava:guava:23.0:guava-23.0.jar:7baa80df284117e5b945b19b98d367a85ea7b7801bd358ff657946c3bd1b6596',
         'com.google.guava:guava:25.0-jre:guava-25.0-jre.jar:3fd4341776428c7e0e5c18a7c10de129475b69ab9d30aeafbb5c277bb6074fa9',
+        'com.google.guava:guava:26.0-jre:guava-26.0-jre.jar:a0e9cabad665bc20bcd2b01f108e5fc03f756e13aea80abaadb9f407033bea2c',
         'com.google.j2objc:j2objc-annotations:1.1:j2objc-annotations-1.1.jar:40ceb7157feb263949e0f503fe5f71689333a621021aa20ce0d0acee3badaa0f',
         'com.google.jimfs:jimfs:1.1:jimfs-1.1.jar:c4828e28d7c0a930af9387510b3bada7daa5c04d7c25a75c7b8b081f1c257ddd',
         'com.google.protobuf:protobuf-java:3.4.0:protobuf-java-3.4.0.jar:dce7e66b32456a1b1198da0caff3a8acb71548658391e798c79369241e6490a4',
@@ -68,21 +66,22 @@ dependencyVerification {
         'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8',
         'org.bouncycastle:bcpkix-jdk15on:1.56:bcpkix-jdk15on-1.56.jar:7043dee4e9e7175e93e0b36f45b1ec1ecb893c5f755667e8b916eb8dd201c6ca',
         'org.bouncycastle:bcprov-jdk15on:1.56:bcprov-jdk15on-1.56.jar:963e1ee14f808ffb99897d848ddcdb28fa91ddda867eb18d303e82728f878349',
-        'org.briarproject:obfs4proxy-android:0.0.7:obfs4proxy-android-0.0.7.zip:abdfb5d889d848de9bf214f9276abbf454808a505b870819eccc9a9e985bf617',
-        'org.briarproject:tor-android:0.3.4.8:tor-android-0.3.4.8.zip:989a0352d9d8d8172cd6c2137654e165e5d2beb10ed1211bab3814e224ad1926',
+        'org.briarproject:obfs4proxy-android:0.0.9:obfs4proxy-android-0.0.9.zip:9b7e9181535ea8d8bbe8ae6338e08cf4c5fc1e357a779393e0ce49586d459ae0',
+        'org.briarproject:tor-android:0.3.5.8:tor-android-0.3.5.8.zip:42a13a6f185be1a62f42e3f30ce66a3c099ac5ec890a65e7593111b65b44a54a',
         'org.checkerframework:checker-compat-qual:2.5.3:checker-compat-qual-2.5.3.jar:d76b9afea61c7c082908023f0cbc1427fab9abd2df915c8b8a3e7a509bccbc6d',
-        'org.codehaus.groovy:groovy-all:2.4.12:groovy-all-2.4.12.jar:6a56af4bd48903d56bec62821876cadefafd007360cc6bd0d8f7aa8d72b38be4',
+        'org.checkerframework:checker-qual:2.5.2:checker-qual-2.5.2.jar:64b02691c8b9d4e7700f8ee2e742dce7ea2c6e81e662b7522c9ee3bf568c040a',
+        'org.codehaus.groovy:groovy-all:2.4.15:groovy-all-2.4.15.jar:51d6c4e71782e85674239189499854359d380fb75e1a703756e3aaa5b98a5af0',
         'org.codehaus.mojo:animal-sniffer-annotations:1.14:animal-sniffer-annotations-1.14.jar:2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d',
         'org.glassfish.jaxb:jaxb-core:2.2.11:jaxb-core-2.2.11.jar:37bcaee8ebb04362c8352a5bf6221b86967ecdab5164c696b10b9a2bb587b2aa',
         'org.glassfish.jaxb:jaxb-runtime:2.2.11:jaxb-runtime-2.2.11.jar:a874f2351cfba8e2946be3002d10c18a6da8f21b52ba2acf52f2b85d5520ed70',
         'org.glassfish.jaxb:txw2:2.2.11:txw2-2.2.11.jar:272a3ccad45a4511351920cd2a8633c53cab8d5220c7a92954da5526bb5eafea',
         'org.hamcrest:hamcrest-core:1.3:hamcrest-core-1.3.jar:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9',
         'org.hamcrest:hamcrest-library:1.3:hamcrest-library-1.3.jar:711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c',
-        'org.jetbrains.kotlin:kotlin-reflect:1.2.0:kotlin-reflect-1.2.0.jar:4f48a872bad6e4d9c053f4ad610d11e4012ad7e58dc19a03dd5eb811f36069dd',
-        'org.jetbrains.kotlin:kotlin-stdlib-common:1.2.71:kotlin-stdlib-common-1.2.71.jar:63999687ff2fce8a592dd180ffbbf8f1d21c26b4044c55cdc74ff3cf3b3cf328',
-        'org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.2.71:kotlin-stdlib-jdk7-1.2.71.jar:b136bd61b240e07d4d92ce00d3bd1dbf584400a7bf5f220c2f3cd22446858082',
-        'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.2.71:kotlin-stdlib-jdk8-1.2.71.jar:ac3c8abf47790b64b4f7e2509a53f0c145e061ac1612a597520535d199946ea9',
-        'org.jetbrains.kotlin:kotlin-stdlib:1.2.71:kotlin-stdlib-1.2.71.jar:4c895c270b87f5fec2a2796e1d89c15407ee821de961527c28588bb46afbc68b',
+        'org.jetbrains.kotlin:kotlin-reflect:1.3.21:kotlin-reflect-1.3.21.jar:a3065c822633191e0a3e3ee12a29bec234fc4b2864a6bb87ef48cce3e9e0c26a',
+        'org.jetbrains.kotlin:kotlin-stdlib-common:1.3.21:kotlin-stdlib-common-1.3.21.jar:cea61f7b611895e64f58569a9757fc0ab0d582f107211e1930e0ce2a0add52a7',
+        'org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.21:kotlin-stdlib-jdk7-1.3.21.jar:a87875604fd42140da6938ae4d35ee61081f4482536efc6d2615b8b626a198af',
+        'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.3.21:kotlin-stdlib-jdk8-1.3.21.jar:5823ed66ac122a1c55442ebca5a209a843ccd87f562edc31a787f3d2e47f74d4',
+        'org.jetbrains.kotlin:kotlin-stdlib:1.3.21:kotlin-stdlib-1.3.21.jar:38ba2370d9f06f50433e06b2ca775b94473c2e2785f410926079ab793c72b034',
         'org.jetbrains.trove4j:trove4j:20160824:trove4j-20160824.jar:1917871c8deb468307a584680c87a44572f5a8b0b98c6d397fc0f5f86596dbe7',
         'org.jetbrains:annotations:13.0:annotations-13.0.jar:ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478',
         'org.jmock:jmock-junit4:2.8.2:jmock-junit4-2.8.2.jar:f7ee4df4f7bd7b7f1cafad3b99eb74d579f109d5992ff625347352edb55e674c',

bramble-api/src/main/java/org/briarproject/bramble/api/Bytes.java

@@ -1,14 +1,13 @@
 package org.briarproject.bramble.api;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.util.StringUtils;
 
 import java.util.Arrays;
 import java.util.Comparator;
 
 import javax.annotation.concurrent.ThreadSafe;
 
-import static org.briarproject.bramble.util.StringUtils.toHexString;
-
 /**
  * A wrapper around a byte array, to allow it to be stored in maps etc.
  */
@@ -57,7 +56,8 @@ public class Bytes implements Comparable<Bytes> {
 
 	@Override
 	public String toString() {
-		return getClass().getSimpleName() + "(" + toHexString(getBytes()) + ")";
+		return getClass().getSimpleName() +
+				"(" + StringUtils.toHexString(getBytes()) + ")";
 	}
 
 	public static class BytesComparator implements Comparator<Bytes> {

bramble-api/src/main/java/org/briarproject/bramble/api/Multiset.java

@@ -2,6 +2,7 @@ package org.briarproject.bramble.api;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.NoSuchElementException;
@@ -9,8 +10,6 @@ import java.util.Set;
 
 import javax.annotation.concurrent.NotThreadSafe;
 
-import static java.util.Collections.unmodifiableSet;
-
 @NotThreadSafe
 @NotNullByDefault
 public class Multiset<T> {
@@ -97,6 +96,6 @@ public class Multiset<T> {
 	 * is unmodifiable.
 	 */
 	public Set<T> keySet() {
-		return unmodifiableSet(map.keySet());
+		return Collections.unmodifiableSet(map.keySet());
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/client/BdfMessageContext.java

@@ -5,11 +5,10 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.MessageId;
 
 import java.util.Collection;
+import java.util.Collections;
 
 import javax.annotation.concurrent.Immutable;
 
-import static java.util.Collections.emptyList;
-
 @Immutable
 @NotNullByDefault
 public class BdfMessageContext {
@@ -24,7 +23,7 @@ public class BdfMessageContext {
 	}
 
 	public BdfMessageContext(BdfDictionary dictionary) {
-		this(dictionary, emptyList());
+		this(dictionary, Collections.emptyList());
 	}
 
 	public BdfDictionary getDictionary() {

bramble-api/src/main/java/org/briarproject/bramble/api/client/BdfMessageValidator.java

@@ -16,7 +16,6 @@ import java.util.logging.Logger;
 
 import javax.annotation.concurrent.Immutable;
 
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.api.transport.TransportConstants.MAX_CLOCK_DIFFERENCE;
 
 @Immutable
@@ -24,7 +23,7 @@ import static org.briarproject.bramble.api.transport.TransportConstants.MAX_CLOC
 public abstract class BdfMessageValidator implements MessageValidator {
 
 	protected static final Logger LOG =
-			getLogger(BdfMessageValidator.class.getName());
+			Logger.getLogger(BdfMessageValidator.class.getName());
 
 	protected final ClientHelper clientHelper;
 	protected final MetadataEncoder metadataEncoder;

bramble-api/src/main/java/org/briarproject/bramble/api/client/ContactGroupFactory.java

@@ -18,11 +18,10 @@ public interface ContactGroupFactory {
 	 * Creates a group for the given client to share with the given contact.
 	 */
 	Group createContactGroup(ClientId clientId, int majorVersion,
-			Contact contact);
+			Contact contact, AuthorId local);
 
 	/**
-	 * Creates a group for the given client to share between the given authors
-	 * identified by their AuthorIds.
+	 * Creates a group for the given client to share between the given authors.
 	 */
 	Group createContactGroup(ClientId clientId, int majorVersion,
 			AuthorId authorId1, AuthorId authorId2);

bramble-api/src/main/java/org/briarproject/bramble/api/contact/Contact.java

@@ -1,13 +1,13 @@
 package org.briarproject.bramble.api.contact;
 
 import org.briarproject.bramble.api.identity.Author;
-import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
+import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
 import static org.briarproject.bramble.util.StringUtils.toUtf8;
 
 @Immutable
@@ -16,24 +16,28 @@ public class Contact {
 
 	private final ContactId id;
 	private final Author author;
-	private final AuthorId localAuthorId;
 	@Nullable
 	private final String alias;
-	private final boolean verified, active;
+	@Nullable
+	private final byte[] handshakePublicKey;
+	private final boolean verified;
 
-	public Contact(ContactId id, Author author, AuthorId localAuthorId,
-			@Nullable String alias, boolean verified, boolean active) {
+	public Contact(ContactId id, Author author, @Nullable String alias,
+			@Nullable byte[] handshakePublicKey, boolean verified) {
 		if (alias != null) {
 			int aliasLength = toUtf8(alias).length;
 			if (aliasLength == 0 || aliasLength > MAX_AUTHOR_NAME_LENGTH)
 				throw new IllegalArgumentException();
 		}
+		if (handshakePublicKey != null && (handshakePublicKey.length == 0 ||
+				handshakePublicKey.length > MAX_PUBLIC_KEY_LENGTH)) {
+			throw new IllegalArgumentException();
+		}
 		this.id = id;
 		this.author = author;
-		this.localAuthorId = localAuthorId;
 		this.alias = alias;
+		this.handshakePublicKey = handshakePublicKey;
 		this.verified = verified;
-		this.active = active;
 	}
 
 	public ContactId getId() {
@@ -44,21 +48,18 @@ public class Contact {
 		return author;
 	}
 
-	public AuthorId getLocalAuthorId() {
-		return localAuthorId;
-	}
-
 	@Nullable
 	public String getAlias() {
 		return alias;
 	}
 
-	public boolean isVerified() {
-		return verified;
+	@Nullable
+	public byte[] getHandshakePublicKey() {
+		return handshakePublicKey;
 	}
 
-	public boolean isActive() {
-		return active;
+	public boolean isVerified() {
+		return verified;
 	}
 
 	@Override

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactExchangeListener.java

@@ -1,20 +0,0 @@
-package org.briarproject.bramble.api.contact;
-
-import org.briarproject.bramble.api.identity.Author;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-@NotNullByDefault
-public interface ContactExchangeListener {
-
-	void contactExchangeSucceeded(Author remoteAuthor);
-
-	/**
-	 * The exchange failed because the contact already exists.
-	 */
-	void duplicateContact(Author remoteAuthor);
-
-	/**
-	 * A general failure.
-	 */
-	void contactExchangeFailed();
-}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactExchangeTask.java

@@ -18,31 +18,30 @@ public interface ContactExchangeTask {
 	byte PROTOCOL_VERSION = 1;
 
 	/**
-	 * Label for deriving Alice's header key from the master secret.
+	 * Label for deriving Alice's header key from the master key.
 	 */
 	String ALICE_KEY_LABEL =
 			"org.briarproject.bramble.contact/ALICE_HEADER_KEY";
 
 	/**
-	 * Label for deriving Bob's header key from the master secret.
+	 * Label for deriving Bob's header key from the master key.
 	 */
 	String BOB_KEY_LABEL = "org.briarproject.bramble.contact/BOB_HEADER_KEY";
 
 	/**
-	 * Label for deriving Alice's key binding nonce from the master secret.
+	 * Label for deriving Alice's key binding nonce from the master key.
 	 */
 	String ALICE_NONCE_LABEL = "org.briarproject.bramble.contact/ALICE_NONCE";
 
 	/**
-	 * Label for deriving Bob's key binding nonce from the master secret.
+	 * Label for deriving Bob's key binding nonce from the master key.
 	 */
 	String BOB_NONCE_LABEL = "org.briarproject.bramble.contact/BOB_NONCE";
 
 	/**
 	 * Exchanges contact information with a remote peer.
 	 */
-	void startExchange(ContactExchangeListener listener,
-			LocalAuthor localAuthor, SecretKey masterSecret,
+	void startExchange(LocalAuthor localAuthor, SecretKey masterKey,
 			DuplexTransportConnection conn, TransportId transportId,
 			boolean alice);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactManager.java

@@ -13,8 +13,6 @@ import java.util.Collection;
 
 import javax.annotation.Nullable;
 
-import static org.briarproject.bramble.api.contact.PendingContact.PendingContactState.FAILED;
-
 @NotNullByDefault
 public interface ContactManager {
 
@@ -26,34 +24,31 @@ public interface ContactManager {
 	void registerContactHook(ContactHook hook);
 
 	/**
-	 * Stores a contact associated with the given local and remote pseudonyms,
-	 * derives and stores transport keys for each transport, and returns an ID
-	 * for the contact.
+	 * Stores a contact with the given pseudonym, derives and stores transport
+	 * keys for each transport, and returns an ID for the contact.
 	 *
 	 * @param alice true if the local party is Alice
 	 */
-	ContactId addContact(Transaction txn, Author remote, AuthorId local,
-			SecretKey master, long timestamp, boolean alice, boolean verified,
-			boolean active) throws DbException;
-
-	/**
-	 * Stores a contact associated with the given local and remote pseudonyms
-	 * and returns an ID for the contact.
-	 */
-	ContactId addContact(Transaction txn, Author remote, AuthorId local,
-			boolean verified, boolean active) throws DbException;
-
-	/**
-	 * Stores a contact associated with the given local and remote pseudonyms,
-	 * derives and stores transport keys for each transport, and returns an ID
-	 * for the contact.
-	 *
-	 * @param alice true if the local party is Alice
-	 */
-	ContactId addContact(Author remote, AuthorId local, SecretKey master,
+	ContactId addContact(Transaction txn, Author a, SecretKey rootKey,
 			long timestamp, boolean alice, boolean verified, boolean active)
 			throws DbException;
 
+	/**
+	 * Stores a contact with the given pseudonym and returns an ID for the
+	 * contact.
+	 */
+	ContactId addContact(Transaction txn, Author a, boolean verified)
+			throws DbException;
+
+	/**
+	 * Stores a contact with the given pseudonym, derives and stores transport
+	 * keys for each transport, and returns an ID for the contact.
+	 *
+	 * @param alice true if the local party is Alice
+	 */
+	ContactId addContact(Author a, SecretKey rootKey, long timestamp,
+			boolean alice, boolean verified, boolean active) throws DbException;
+
 	/**
 	 * Returns the static link that needs to be sent to the contact to be added.
 	 */
@@ -79,7 +74,8 @@ public interface ContactManager {
 	Collection<PendingContact> getPendingContacts();
 
 	/**
-	 * Removes a {@link PendingContact} that is in state {@link FAILED}.
+	 * Removes a {@link PendingContact} that is in state
+	 * {@link PendingContactState FAILED}.
 	 */
 	void removePendingContact(PendingContact pendingContact);
 
@@ -89,27 +85,19 @@ public interface ContactManager {
 	Contact getContact(ContactId c) throws DbException;
 
 	/**
-	 * Returns the contact with the given remoteAuthorId
-	 * that was added by the LocalAuthor with the given localAuthorId
-	 *
-	 * @throws org.briarproject.bramble.api.db.NoSuchContactException
+	 * Returns the contact with the given ID.
 	 */
-	Contact getContact(AuthorId remoteAuthorId, AuthorId localAuthorId)
-			throws DbException;
+	Contact getContact(AuthorId a) throws DbException;
 
 	/**
-	 * Returns the contact with the given remoteAuthorId
-	 * that was added by the LocalAuthor with the given localAuthorId
-	 *
-	 * @throws org.briarproject.bramble.api.db.NoSuchContactException
+	 * Returns the contact with the given ID.
 	 */
-	Contact getContact(Transaction txn, AuthorId remoteAuthorId,
-			AuthorId localAuthorId) throws DbException;
+	Contact getContact(Transaction txn, AuthorId a) throws DbException;
 
 	/**
 	 * Returns all active contacts.
 	 */
-	Collection<Contact> getActiveContacts() throws DbException;
+	Collection<Contact> getContacts() throws DbException;
 
 	/**
 	 * Removes a contact and all associated state.
@@ -121,12 +109,6 @@ public interface ContactManager {
 	 */
 	void removeContact(Transaction txn, ContactId c) throws DbException;
 
-	/**
-	 * Marks a contact as active or inactive.
-	 */
-	void setContactActive(Transaction txn, ContactId c, boolean active)
-			throws DbException;
-
 	/**
 	 * Sets an alias name for the contact or unsets it if alias is null.
 	 */
@@ -140,16 +122,14 @@ public interface ContactManager {
 			throws DbException;
 
 	/**
-	 * Return true if a contact with this name and public key already exists
+	 * Returns true if a contact with this pseudonym already exists.
 	 */
-	boolean contactExists(Transaction txn, AuthorId remoteAuthorId,
-			AuthorId localAuthorId) throws DbException;
+	boolean contactExists(Transaction txn, AuthorId a) throws DbException;
 
 	/**
-	 * Return true if a contact with this name and public key already exists
+	 * Returns true if a contact with this pseudonym already exists.
 	 */
-	boolean contactExists(AuthorId remoteAuthorId, AuthorId localAuthorId)
-			throws DbException;
+	boolean contactExists(AuthorId a) throws DbException;
 
 	/**
 	 * Returns the {@link AuthorInfo} for the given author.

bramble-api/src/main/java/org/briarproject/bramble/api/contact/PendingContact.java

@@ -8,26 +8,29 @@ import javax.annotation.concurrent.Immutable;
 @NotNullByDefault
 public class PendingContact {
 
-	public enum PendingContactState {
-		WAITING_FOR_CONNECTION,
-		CONNECTED,
-		ADDING_CONTACT,
-		FAILED
-	}
-
 	private final PendingContactId id;
+	private final byte[] publicKey;
 	private final String alias;
 	private final PendingContactState state;
 	private final long timestamp;
 
-	public PendingContact(PendingContactId id, String alias,
-			PendingContactState state, long timestamp) {
+	public PendingContact(PendingContactId id, byte[] publicKey,
+			String alias, PendingContactState state, long timestamp) {
 		this.id = id;
+		this.publicKey = publicKey;
 		this.alias = alias;
 		this.state = state;
 		this.timestamp = timestamp;
 	}
 
+	public PendingContactId getId() {
+		return id;
+	}
+
+	public byte[] getPublicKey() {
+		return publicKey;
+	}
+
 	public String getAlias() {
 		return alias;
 	}
@@ -50,5 +53,4 @@ public class PendingContact {
 		return o instanceof PendingContact &&
 				id.equals(((PendingContact) o).id);
 	}
-
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/PendingContactId.java

@@ -1,11 +1,25 @@
 package org.briarproject.bramble.api.contact;
 
 import org.briarproject.bramble.api.UniqueId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
+import javax.annotation.concurrent.ThreadSafe;
+
+/**
+ * Type-safe wrapper for a byte array that uniquely identifies a
+ * {@link PendingContact}.
+ */
+@ThreadSafe
+@NotNullByDefault
 public class PendingContactId extends UniqueId {
 
 	public PendingContactId(byte[] id) {
 		super(id);
 	}
 
+
+	@Override
+	public boolean equals(Object o) {
+		return o instanceof PendingContactId && super.equals(o);
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/PendingContactState.java

@@ -0,0 +1,30 @@
+package org.briarproject.bramble.api.contact;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+@Immutable
+@NotNullByDefault
+public enum PendingContactState {
+
+	WAITING_FOR_CONNECTION(0),
+	CONNECTED(1),
+	ADDING_CONTACT(2),
+	FAILED(3);
+
+	private final int value;
+
+	PendingContactState(int value) {
+		this.value = value;
+	}
+
+	public int getValue() {
+		return value;
+	}
+
+	public static PendingContactState fromValue(int value) {
+		for (PendingContactState s : values()) if (s.value == value) return s;
+		throw new IllegalArgumentException();
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactAddedEvent.java

@@ -14,18 +14,12 @@ import javax.annotation.concurrent.Immutable;
 public class ContactAddedEvent extends Event {
 
 	private final ContactId contactId;
-	private final boolean active;
 
-	public ContactAddedEvent(ContactId contactId, boolean active) {
+	public ContactAddedEvent(ContactId contactId) {
 		this.contactId = contactId;
-		this.active = active;
 	}
 
 	public ContactId getContactId() {
 		return contactId;
 	}
-
-	public boolean isActive() {
-		return active;
-	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactExchangeFailedEvent.java

@@ -0,0 +1,32 @@
+package org.briarproject.bramble.api.contact.event;
+
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.identity.Author;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.Nullable;
+
+@NotNullByDefault
+public class ContactExchangeFailedEvent extends Event {
+
+	@Nullable
+	private final Author duplicateRemoteAuthor;
+
+	public ContactExchangeFailedEvent(@Nullable Author duplicateRemoteAuthor) {
+		this.duplicateRemoteAuthor = duplicateRemoteAuthor;
+	}
+
+	public ContactExchangeFailedEvent() {
+		this(null);
+	}
+
+	@Nullable
+	public Author getDuplicateRemoteAuthor() {
+		return duplicateRemoteAuthor;
+	}
+
+	public boolean wasDuplicateContact() {
+		return duplicateRemoteAuthor != null;
+	}
+
+}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactExchangeSucceededEvent.java

@@ -0,0 +1,20 @@
+package org.briarproject.bramble.api.contact.event;
+
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.identity.Author;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+public class ContactExchangeSucceededEvent extends Event {
+
+	private final Author remoteAuthor;
+
+	public ContactExchangeSucceededEvent(Author remoteAuthor) {
+		this.remoteAuthor = remoteAuthor;
+	}
+
+	public Author getRemoteAuthor() {
+		return remoteAuthor;
+	}
+
+}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactStatusChangedEvent.java

@@ -1,31 +0,0 @@
-package org.briarproject.bramble.api.contact.event;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that is broadcast when a contact is marked active or inactive.
- */
-@Immutable
-@NotNullByDefault
-public class ContactStatusChangedEvent extends Event {
-
-	private final ContactId contactId;
-	private final boolean active;
-
-	public ContactStatusChangedEvent(ContactId contactId, boolean active) {
-		this.contactId = contactId;
-		this.active = active;
-	}
-
-	public ContactId getContactId() {
-		return contactId;
-	}
-
-	public boolean isActive() {
-		return active;
-	}
-}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/PendingContactStateChangedEvent.java

@@ -1,7 +1,7 @@
 package org.briarproject.bramble.api.contact.event;
 
-import org.briarproject.bramble.api.contact.PendingContact.PendingContactState;
 import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.contact.PendingContactState;
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyAgreementCrypto.java

@@ -2,7 +2,7 @@ package org.briarproject.bramble.api.crypto;
 
 /**
  * Crypto operations for the key agreement protocol - see
- * https://code.briarproject.org/akwizgran/briar-spec/blob/master/protocols/BQP.md
+ * https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BQP.md
  */
 public interface KeyAgreementCrypto {
 

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java

@@ -1,29 +1,45 @@
 package org.briarproject.bramble.api.crypto;
 
 import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.transport.HandshakeKeys;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
 /**
  * Crypto operations for the transport security protocol - see
- * https://code.briarproject.org/akwizgran/briar-spec/blob/master/protocols/BTP.md
+ * https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md
  */
 public interface TransportCrypto {
 
 	/**
 	 * Derives initial transport keys for the given transport in the given
-	 * rotation period from the given master secret.
+	 * time period from the given root key.
 	 *
 	 * @param alice whether the keys are for use by Alice or Bob.
 	 * @param active whether the keys are usable for outgoing streams.
 	 */
-	TransportKeys deriveTransportKeys(TransportId t, SecretKey master,
-			long rotationPeriod, boolean alice, boolean active);
+	TransportKeys deriveTransportKeys(TransportId t, SecretKey rootKey,
+			long timePeriod, boolean alice, boolean active);
 
 	/**
-	 * Rotates the given transport keys to the given rotation period. If the
-	 * keys are for the given period or any later period they are not rotated.
+	 * Rotates the given transport keys to the given time period. If the keys
+	 * are for the given period or any later period they are not rotated.
 	 */
-	TransportKeys rotateTransportKeys(TransportKeys k, long rotationPeriod);
+	TransportKeys rotateTransportKeys(TransportKeys k, long timePeriod);
+
+	/**
+	 * Derives handshake keys for the given transport in the given time period
+	 * from the given root key.
+	 *
+	 * @param alice whether the keys are for use by Alice or Bob.
+	 */
+	HandshakeKeys deriveHandshakeKeys(TransportId t, SecretKey rootKey,
+			long timePeriod, boolean alice);
+
+	/**
+	 * Updates the given handshake keys to the given time period. If the keys
+	 * are for the given period or any later period they are not updated.
+	 */
+	HandshakeKeys updateHandshakeKeys(HandshakeKeys k, long timePeriod);
 
 	/**
 	 * Encodes the pseudo-random tag that is used to recognise a stream.

bramble-api/src/main/java/org/briarproject/bramble/api/data/BdfDictionary.java

@@ -4,6 +4,7 @@ import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.FormatException;
 
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.TreeMap;
 
 import javax.annotation.Nullable;
@@ -23,9 +24,9 @@ public class BdfDictionary extends TreeMap<String, Object> {
 	 * );
 	 * </pre>
 	 */
-	public static BdfDictionary of(BdfEntry... entries) {
+	public static BdfDictionary of(Entry<String, ?>... entries) {
 		BdfDictionary d = new BdfDictionary();
-		for (BdfEntry e : entries) d.put(e.getKey(), e.getValue());
+		for (Entry<String, ?> e : entries) d.put(e.getKey(), e.getValue());
 		return d;
 	}
 

bramble-api/src/main/java/org/briarproject/bramble/api/data/BdfList.java

@@ -4,12 +4,12 @@ import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.FormatException;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.NotThreadSafe;
 
-import static java.util.Arrays.asList;
 import static org.briarproject.bramble.api.data.BdfDictionary.NULL_VALUE;
 
 @NotThreadSafe
@@ -22,7 +22,7 @@ public class BdfList extends ArrayList<Object> {
 	 * </pre>
 	 */
 	public static BdfList of(Object... items) {
-		return new BdfList(asList(items));
+		return new BdfList(Arrays.asList(items));
 	}
 
 	public BdfList() {
@@ -33,7 +33,6 @@ public class BdfList extends ArrayList<Object> {
 		super(items);
 	}
 
-	@SuppressWarnings("BooleanMethodIsAlwaysInverted")
 	private boolean isInRange(int index) {
 		return index >= 0 && index < size();
 	}

bramble-api/src/main/java/org/briarproject/bramble/api/db/CommitAction.java

@@ -0,0 +1,20 @@
+package org.briarproject.bramble.api.db;
+
+import org.briarproject.bramble.api.event.EventExecutor;
+
+/**
+ * An action that's taken when a {@link Transaction} is committed.
+ */
+public interface CommitAction {
+
+	void accept(Visitor visitor);
+
+	interface Visitor {
+
+		@EventExecutor
+		void visit(EventAction a);
+
+		@EventExecutor
+		void visit(TaskAction a);
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java

@@ -2,6 +2,8 @@ package org.briarproject.bramble.api.db;
 
 import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContact;
+import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
@@ -20,8 +22,11 @@ import org.briarproject.bramble.api.sync.MessageStatus;
 import org.briarproject.bramble.api.sync.Offer;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.api.sync.validation.MessageState;
-import org.briarproject.bramble.api.transport.KeySet;
-import org.briarproject.bramble.api.transport.KeySetId;
+import org.briarproject.bramble.api.transport.HandshakeKeySet;
+import org.briarproject.bramble.api.transport.HandshakeKeySetId;
+import org.briarproject.bramble.api.transport.HandshakeKeys;
+import org.briarproject.bramble.api.transport.TransportKeySet;
+import org.briarproject.bramble.api.transport.TransportKeySetId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
 import java.util.Collection;
@@ -97,17 +102,31 @@ public interface DatabaseComponent {
 			NullableDbCallable<R, E> task) throws DbException, E;
 
 	/**
-	 * Stores a contact associated with the given local and remote pseudonyms,
-	 * and returns an ID for the contact.
+	 * Stores a contact with the given pseudonym and returns an ID for the
+	 * contact.
 	 */
-	ContactId addContact(Transaction txn, Author remote, AuthorId local,
-			boolean verified, boolean active) throws DbException;
+	ContactId addContact(Transaction txn, Author a, boolean verified)
+			throws DbException;
 
 	/**
 	 * Stores a group.
 	 */
 	void addGroup(Transaction txn, Group g) throws DbException;
 
+	/**
+	 * Stores the given handshake keys for the given contact and returns a
+	 * key set ID.
+	 */
+	HandshakeKeySetId addHandshakeKeys(Transaction txn, ContactId c,
+			HandshakeKeys k) throws DbException;
+
+	/**
+	 * Stores the given handshake keys for the given pending contact and
+	 * returns a key set ID.
+	 */
+	HandshakeKeySetId addHandshakeKeys(Transaction txn, PendingContactId p,
+			HandshakeKeys k) throws DbException;
+
 	/**
 	 * Stores a local pseudonym.
 	 */
@@ -119,6 +138,12 @@ public interface DatabaseComponent {
 	void addLocalMessage(Transaction txn, Message m, Metadata meta,
 			boolean shared) throws DbException;
 
+	/**
+	 * Stores a pending contact.
+	 */
+	void addPendingContact(Transaction txn, PendingContact p)
+			throws DbException;
+
 	/**
 	 * Stores a transport.
 	 */
@@ -129,27 +154,39 @@ public interface DatabaseComponent {
 	 * Stores the given transport keys for the given contact and returns a
 	 * key set ID.
 	 */
-	KeySetId addTransportKeys(Transaction txn, ContactId c,
+	TransportKeySetId addTransportKeys(Transaction txn, ContactId c,
 			TransportKeys k) throws DbException;
 
 	/**
-	 * Returns true if the database contains the given contact for the given
-	 * local pseudonym.
+	 * Returns true if the database contains the given contact.
+	 * <p/>
+	 * Read-only.
 	 */
-	boolean containsContact(Transaction txn, AuthorId remote, AuthorId local)
-			throws DbException;
+	boolean containsContact(Transaction txn, AuthorId a) throws DbException;
 
 	/**
 	 * Returns true if the database contains the given group.
+	 * <p/>
+	 * Read-only.
 	 */
 	boolean containsGroup(Transaction txn, GroupId g) throws DbException;
 
 	/**
 	 * Returns true if the database contains the given local author.
+	 * <p/>
+	 * Read-only.
 	 */
 	boolean containsLocalAuthor(Transaction txn, AuthorId local)
 			throws DbException;
 
+	/**
+	 * Returns true if the database contains the given pending contact.
+	 * <p/>
+	 * Read-only.
+	 */
+	boolean containsPendingContact(Transaction txn, PendingContactId p)
+			throws DbException;
+
 	/**
 	 * Deletes the message with the given ID. Unlike
 	 * {@link #removeMessage(Transaction, MessageId)}, the message ID,
@@ -215,6 +252,13 @@ public interface DatabaseComponent {
 	 */
 	Contact getContact(Transaction txn, ContactId c) throws DbException;
 
+	/**
+	 * Returns the contact with the given author ID.
+	 * <p/>
+	 * Read-only.
+	 */
+	Contact getContact(Transaction txn, AuthorId a) throws DbException;
+
 	/**
 	 * Returns all contacts.
 	 * <p/>
@@ -222,22 +266,6 @@ public interface DatabaseComponent {
 	 */
 	Collection<Contact> getContacts(Transaction txn) throws DbException;
 
-	/**
-	 * Returns a possibly empty collection of contacts with the given author ID.
-	 * <p/>
-	 * Read-only.
-	 */
-	Collection<Contact> getContactsByAuthorId(Transaction txn, AuthorId remote)
-			throws DbException;
-
-	/**
-	 * Returns all contacts associated with the given local pseudonym.
-	 * <p/>
-	 * Read-only.
-	 */
-	Collection<ContactId> getContacts(Transaction txn, AuthorId a)
-			throws DbException;
-
 	/**
 	 * Returns the group with the given ID.
 	 * <p/>
@@ -269,6 +297,14 @@ public interface DatabaseComponent {
 	Visibility getGroupVisibility(Transaction txn, ContactId c, GroupId g)
 			throws DbException;
 
+	/**
+	 * Returns all handshake keys for the given transport.
+	 * <p/>
+	 * Read-only.
+	 */
+	Collection<HandshakeKeySet> getHandshakeKeys(Transaction txn, TransportId t)
+			throws DbException;
+
 	/**
 	 * Returns the local pseudonym with the given ID.
 	 * <p/>
@@ -417,6 +453,14 @@ public interface DatabaseComponent {
 	 */
 	long getNextSendTime(Transaction txn, ContactId c) throws DbException;
 
+	/**
+	 * Returns all pending contacts.
+	 * <p/>
+	 * Read-only.
+	 */
+	Collection<PendingContact> getPendingContacts(Transaction txn)
+			throws DbException;
+
 	/**
 	 * Returns all settings in the given namespace.
 	 * <p/>
@@ -429,14 +473,20 @@ public interface DatabaseComponent {
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<KeySet> getTransportKeys(Transaction txn, TransportId t)
+	Collection<TransportKeySet> getTransportKeys(Transaction txn, TransportId t)
 			throws DbException;
 
+	/**
+	 * Increments the outgoing stream counter for the given handshake keys.
+	 */
+	void incrementStreamCounter(Transaction txn, TransportId t,
+			HandshakeKeySetId k) throws DbException;
+
 	/**
 	 * Increments the outgoing stream counter for the given transport keys.
 	 */
-	void incrementStreamCounter(Transaction txn, TransportId t, KeySetId k)
-			throws DbException;
+	void incrementStreamCounter(Transaction txn, TransportId t,
+			TransportKeySetId k) throws DbException;
 
 	/**
 	 * Merges the given metadata with the existing metadata for the given
@@ -491,6 +541,12 @@ public interface DatabaseComponent {
 	 */
 	void removeGroup(Transaction txn, Group g) throws DbException;
 
+	/**
+	 * Removes the given handshake keys from the database.
+	 */
+	void removeHandshakeKeys(Transaction txn, TransportId t,
+			HandshakeKeySetId k) throws DbException;
+
 	/**
 	 * Removes a local pseudonym (and all associated state) from the database.
 	 */
@@ -501,6 +557,12 @@ public interface DatabaseComponent {
 	 */
 	void removeMessage(Transaction txn, MessageId m) throws DbException;
 
+	/**
+	 * Removes a pending contact (and all associated state) from the database.
+	 */
+	void removePendingContact(Transaction txn, PendingContactId p)
+			throws DbException;
+
 	/**
 	 * Removes a transport (and all associated state) from the database.
 	 */
@@ -509,20 +571,14 @@ public interface DatabaseComponent {
 	/**
 	 * Removes the given transport keys from the database.
 	 */
-	void removeTransportKeys(Transaction txn, TransportId t, KeySetId k)
-			throws DbException;
+	void removeTransportKeys(Transaction txn, TransportId t,
+			TransportKeySetId k) throws DbException;
 
 	/**
 	 * Marks the given contact as verified.
 	 */
 	void setContactVerified(Transaction txn, ContactId c) throws DbException;
 
-	/**
-	 * Marks the given contact as active or inactive.
-	 */
-	void setContactActive(Transaction txn, ContactId c, boolean active)
-			throws DbException;
-
 	/**
 	 * Sets an alias name for the contact or unsets it if alias is null.
 	 */
@@ -553,21 +609,36 @@ public interface DatabaseComponent {
 			Collection<MessageId> dependencies) throws DbException;
 
 	/**
-	 * Sets the reordering window for the given key set and transport in the
-	 * given rotation period.
+	 * Sets the reordering window for the given transport key set in the given
+	 * time period.
 	 */
-	void setReorderingWindow(Transaction txn, KeySetId k, TransportId t,
-			long rotationPeriod, long base, byte[] bitmap) throws DbException;
+	void setReorderingWindow(Transaction txn, TransportKeySetId k,
+			TransportId t, long timePeriod, long base, byte[] bitmap)
+			throws DbException;
+
+	/**
+	 * Sets the reordering window for the given handshake key set in the given
+	 * time period.
+	 */
+	void setReorderingWindow(Transaction txn, HandshakeKeySetId k,
+			TransportId t, long timePeriod, long base, byte[] bitmap)
+			throws DbException;
 
 	/**
 	 * Marks the given transport keys as usable for outgoing streams.
 	 */
-	void setTransportKeysActive(Transaction txn, TransportId t, KeySetId k)
+	void setTransportKeysActive(Transaction txn, TransportId t,
+			TransportKeySetId k) throws DbException;
+
+	/**
+	 * Stores the given handshake keys, deleting any keys they have replaced.
+	 */
+	void updateHandshakeKeys(Transaction txn, Collection<HandshakeKeySet> keys)
 			throws DbException;
 
 	/**
 	 * Stores the given transport keys, deleting any keys they have replaced.
 	 */
-	void updateTransportKeys(Transaction txn, Collection<KeySet> keys)
+	void updateTransportKeys(Transaction txn, Collection<TransportKeySet> keys)
 			throws DbException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseConfig.java

@@ -10,6 +10,4 @@ public interface DatabaseConfig {
 	File getDatabaseDirectory();
 
 	File getDatabaseKeyDirectory();
-
-	long getMaxSize();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/db/EventAction.java

@@ -0,0 +1,24 @@
+package org.briarproject.bramble.api.db;
+
+import org.briarproject.bramble.api.event.Event;
+
+/**
+ * A {@link CommitAction} that broadcasts an event.
+ */
+public class EventAction implements CommitAction {
+
+	private final Event event;
+
+	EventAction(Event event) {
+		this.event = event;
+	}
+
+	public Event getEvent() {
+		return event;
+	}
+
+	@Override
+	public void accept(Visitor visitor) {
+		visitor.visit(this);
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/db/NoSuchPendingContactException.java

@@ -0,0 +1,9 @@
+package org.briarproject.bramble.api.db;
+
+/**
+ * Thrown when a database operation is attempted for a pending contact that is
+ * not in the database. This exception may occur due to concurrent updates and
+ * does not indicate a database error.
+ */
+public class NoSuchPendingContactException extends DbException {
+}

bramble-api/src/main/java/org/briarproject/bramble/api/db/PendingContactExistsException.java

@@ -0,0 +1,9 @@
+package org.briarproject.bramble.api.db;
+
+/**
+ * Thrown when a duplicate pending contact is added to the database. This
+ * exception may occur due to concurrent updates and does not indicate a
+ * database error.
+ */
+public class PendingContactExistsException extends DbException {
+}

bramble-api/src/main/java/org/briarproject/bramble/api/db/TaskAction.java

@@ -0,0 +1,24 @@
+package org.briarproject.bramble.api.db;
+
+import org.briarproject.bramble.api.event.EventExecutor;
+
+/**
+ * A {@link CommitAction} that submits a task to the {@link EventExecutor}.
+ */
+public class TaskAction implements CommitAction {
+
+	private final Runnable task;
+
+	TaskAction(Runnable task) {
+		this.task = task;
+	}
+
+	public Runnable getTask() {
+		return task;
+	}
+
+	@Override
+	public void accept(Visitor visitor) {
+		visitor.visit(this);
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/db/Transaction.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.api.db;
 
 import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.event.EventExecutor;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -18,7 +19,7 @@ public class Transaction {
 	private final Object txn;
 	private final boolean readOnly;
 
-	private List<Event> events = null;
+	private List<CommitAction> actions = null;
 	private boolean committed = false;
 
 	public Transaction(Object txn, boolean readOnly) {
@@ -43,19 +44,27 @@ public class Transaction {
 
 	/**
 	 * Attaches an event to be broadcast when the transaction has been
-	 * committed.
+	 * committed. The event will be broadcast on the {@link EventExecutor}.
 	 */
 	public void attach(Event e) {
-		if (events == null) events = new ArrayList<>();
-		events.add(e);
+		if (actions == null) actions = new ArrayList<>();
+		actions.add(new EventAction(e));
 	}
 
 	/**
-	 * Returns any events attached to the transaction.
+	 * Attaches a task to be executed when the transaction has been
+	 * committed. The task will be run on the {@link EventExecutor}.
 	 */
-	public List<Event> getEvents() {
-		if (events == null) return emptyList();
-		return events;
+	public void attach(Runnable r) {
+		if (actions == null) actions = new ArrayList<>();
+		actions.add(new TaskAction(r));
+	}
+
+	/**
+	 * Returns any actions attached to the transaction.
+	 */
+	public List<CommitAction> getActions() {
+		return actions == null ? emptyList() : actions;
 	}
 
 	/**

bramble-api/src/main/java/org/briarproject/bramble/api/event/EventBus.java

@@ -16,7 +16,8 @@ public interface EventBus {
 	void removeListener(EventListener l);
 
 	/**
-	 * Notifies all listeners of an event.
+	 * Asynchronously notifies all listeners of an event. Listeners are
+	 * notified on the {@link EventExecutor}.
 	 */
 	void broadcast(Event e);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/event/EventExecutor.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.api.event;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import javax.inject.Qualifier;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * Annotation for injecting the executor for broadcasting events and running
+ * tasks that need to run in a defined order with respect to events. Also used
+ * for annotating methods that should run on the event executor.
+ * <p>
+ * The contract of this executor is that tasks are run in the order they're
+ * submitted, tasks are not run concurrently, and submitting a task will never
+ * block. Tasks must not block. Tasks submitted during shutdown are discarded.
+ */
+@Qualifier
+@Target({FIELD, METHOD, PARAMETER})
+@Retention(RUNTIME)
+public @interface EventExecutor {
+}

bramble-api/src/main/java/org/briarproject/bramble/api/event/EventListener.java

@@ -12,5 +12,6 @@ public interface EventListener {
 	 * Called when an event is broadcast. Implementations of this method must
 	 * not block.
 	 */
+	@EventExecutor
 	void eventOccurred(Event e);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java

@@ -2,12 +2,12 @@ package org.briarproject.bramble.api.identity;
 
 import org.briarproject.bramble.api.Nameable;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.util.StringUtils;
 
 import javax.annotation.concurrent.Immutable;
 
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
-import static org.briarproject.bramble.util.StringUtils.toUtf8;
 
 /**
  * A pseudonym for a user.
@@ -28,7 +28,7 @@ public class Author implements Nameable {
 
 	public Author(AuthorId id, int formatVersion, String name,
 			byte[] publicKey) {
-		int nameLength = toUtf8(name).length;
+		int nameLength = StringUtils.toUtf8(name).length;
 		if (nameLength == 0 || nameLength > MAX_AUTHOR_NAME_LENGTH)
 			throw new IllegalArgumentException();
 		if (publicKey.length == 0 || publicKey.length > MAX_PUBLIC_KEY_LENGTH)

bramble-api/src/main/java/org/briarproject/bramble/api/identity/LocalAuthor.java

@@ -2,8 +2,11 @@ package org.briarproject.bramble.api.identity;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
+import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
+import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
+
 /**
  * A pseudonym for the local user.
  */
@@ -12,6 +15,8 @@ import javax.annotation.concurrent.Immutable;
 public class LocalAuthor extends Author {
 
 	private final byte[] privateKey;
+	@Nullable
+	private final byte[] handshakePublicKey, handshakePrivateKey;
 	private final long created;
 
 	public LocalAuthor(AuthorId id, int formatVersion, String name,
@@ -19,6 +24,22 @@ public class LocalAuthor extends Author {
 		super(id, formatVersion, name, publicKey);
 		this.privateKey = privateKey;
 		this.created = created;
+		handshakePublicKey = null;
+		handshakePrivateKey = null;
+	}
+
+	public LocalAuthor(AuthorId id, int formatVersion, String name,
+			byte[] publicKey, byte[] privateKey, byte[] handshakePublicKey,
+			byte[] handshakePrivateKey, long created) {
+		super(id, formatVersion, name, publicKey);
+		if (handshakePublicKey.length == 0 ||
+				handshakePublicKey.length > MAX_PUBLIC_KEY_LENGTH) {
+			throw new IllegalArgumentException();
+		}
+		this.privateKey = privateKey;
+		this.handshakePublicKey = handshakePublicKey;
+		this.handshakePrivateKey = handshakePrivateKey;
+		this.created = created;
 	}
 
 	/**
@@ -28,6 +49,22 @@ public class LocalAuthor extends Author {
 		return privateKey;
 	}
 
+	/**
+	 * Returns the public key used for handshaking, or null if no key exists.
+	 */
+	@Nullable
+	public byte[] getHandshakePublicKey() {
+		return handshakePublicKey;
+	}
+
+	/**
+	 * Returns the private key used for handshaking, or null if no key exists.
+	 */
+	@Nullable
+	public byte[] getHandshakePrivateKey() {
+		return handshakePrivateKey;
+	}
+
 	/**
 	 * Returns the time the pseudonym was created, in milliseconds since the
 	 * Unix epoch.

bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementConstants.java

@@ -40,8 +40,8 @@ public interface KeyAgreementConstants {
 			"org.briarproject.bramble.keyagreement/SHARED_SECRET";
 
 	/**
-	 * Label for deriving the master secret.
+	 * Label for deriving the master key.
 	 */
-	String MASTER_SECRET_LABEL =
+	String MASTER_KEY_LABEL =
 			"org.briarproject.bramble.keyagreement/MASTER_SECRET";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TransportId.java

@@ -1,6 +1,6 @@
 package org.briarproject.bramble.api.plugin;
 
-import static org.briarproject.bramble.util.StringUtils.toUtf8;
+import org.briarproject.bramble.util.StringUtils;
 
 /**
  * Type-safe wrapper for a namespaced string that uniquely identifies a
@@ -11,12 +11,12 @@ public class TransportId {
 	/**
 	 * The maximum length of a transport identifier in UTF-8 bytes.
 	 */
-	public static final int MAX_TRANSPORT_ID_LENGTH = 100;
+	public static int MAX_TRANSPORT_ID_LENGTH = 100;
 
 	private final String id;
 
 	public TransportId(String id) {
-		int length = toUtf8(id).length;
+		int length = StringUtils.toUtf8(id).length;
 		if (length == 0 || length > MAX_TRANSPORT_ID_LENGTH)
 			throw new IllegalArgumentException();
 		this.id = id;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/ClientId.java

@@ -1,11 +1,10 @@
 package org.briarproject.bramble.api.sync;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.util.StringUtils;
 
 import javax.annotation.concurrent.Immutable;
 
-import static org.briarproject.bramble.util.StringUtils.toUtf8;
-
 /**
  * Type-safe wrapper for a namespaced string that uniquely identifies a sync
  * client.
@@ -17,12 +16,12 @@ public class ClientId implements Comparable<ClientId> {
 	/**
 	 * The maximum length of a client identifier in UTF-8 bytes.
 	 */
-	public static final int MAX_CLIENT_ID_LENGTH = 100;
+	public static int MAX_CLIENT_ID_LENGTH = 100;
 
 	private final String id;
 
 	public ClientId(String id) {
-		int length = toUtf8(id).length;
+		int length = StringUtils.toUtf8(id).length;
 		if (length == 0 || length > MAX_CLIENT_ID_LENGTH)
 			throw new IllegalArgumentException();
 		this.id = id;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/MessageContext.java

@@ -4,11 +4,10 @@ import org.briarproject.bramble.api.db.Metadata;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import java.util.Collection;
+import java.util.Collections;
 
 import javax.annotation.concurrent.Immutable;
 
-import static java.util.Collections.emptyList;
-
 @Immutable
 @NotNullByDefault
 public class MessageContext {
@@ -23,7 +22,7 @@ public class MessageContext {
 	}
 
 	public MessageContext(Metadata metadata) {
-		this(metadata, emptyList());
+		this(metadata, Collections.emptyList());
 	}
 
 	public Metadata getMetadata() {

bramble-api/src/main/java/org/briarproject/bramble/api/transport/AbstractTransportKeys.java

@@ -0,0 +1,57 @@
+package org.briarproject.bramble.api.transport;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * Abstract superclass for {@link TransportKeys} and {@link HandshakeKeys}.
+ */
+@Immutable
+@NotNullByDefault
+public abstract class AbstractTransportKeys {
+
+	private final TransportId transportId;
+	private final IncomingKeys inPrev, inCurr, inNext;
+	private final OutgoingKeys outCurr;
+
+	AbstractTransportKeys(TransportId transportId, IncomingKeys inPrev,
+			IncomingKeys inCurr, IncomingKeys inNext, OutgoingKeys outCurr) {
+		if (inPrev.getTimePeriod() != outCurr.getTimePeriod() - 1)
+			throw new IllegalArgumentException();
+		if (inCurr.getTimePeriod() != outCurr.getTimePeriod())
+			throw new IllegalArgumentException();
+		if (inNext.getTimePeriod() != outCurr.getTimePeriod() + 1)
+			throw new IllegalArgumentException();
+		this.transportId = transportId;
+		this.inPrev = inPrev;
+		this.inCurr = inCurr;
+		this.inNext = inNext;
+		this.outCurr = outCurr;
+	}
+
+	public TransportId getTransportId() {
+		return transportId;
+	}
+
+	public IncomingKeys getPreviousIncomingKeys() {
+		return inPrev;
+	}
+
+	public IncomingKeys getCurrentIncomingKeys() {
+		return inCurr;
+	}
+
+	public IncomingKeys getNextIncomingKeys() {
+		return inNext;
+	}
+
+	public OutgoingKeys getCurrentOutgoingKeys() {
+		return outCurr;
+	}
+
+	public long getTimePeriod() {
+		return outCurr.getTimePeriod();
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/HandshakeKeySet.java

@@ -0,0 +1,70 @@
+package org.briarproject.bramble.api.transport;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * A set of keys for handshaking with a given contact or pending contact over a
+ * given transport. Unlike a {@link TransportKeySet} these keys do not provide
+ * forward secrecy.
+ */
+@Immutable
+@NotNullByDefault
+public class HandshakeKeySet {
+
+	private final HandshakeKeySetId keySetId;
+	@Nullable
+	private final ContactId contactId;
+	@Nullable
+	private final PendingContactId pendingContactId;
+	private final HandshakeKeys keys;
+
+	public HandshakeKeySet(HandshakeKeySetId keySetId, ContactId contactId,
+			HandshakeKeys keys) {
+		this.keySetId = keySetId;
+		this.contactId = contactId;
+		this.keys = keys;
+		pendingContactId = null;
+	}
+
+	public HandshakeKeySet(HandshakeKeySetId keySetId,
+			PendingContactId pendingContactId, HandshakeKeys keys) {
+		this.keySetId = keySetId;
+		this.pendingContactId = pendingContactId;
+		this.keys = keys;
+		contactId = null;
+	}
+
+	public HandshakeKeySetId getKeySetId() {
+		return keySetId;
+	}
+
+	@Nullable
+	public ContactId getContactId() {
+		return contactId;
+	}
+
+	@Nullable
+	public PendingContactId getPendingContactId() {
+		return pendingContactId;
+	}
+
+	public HandshakeKeys getKeys() {
+		return keys;
+	}
+
+	@Override
+	public int hashCode() {
+		return keySetId.hashCode();
+	}
+
+	@Override
+	public boolean equals(Object o) {
+		return o instanceof HandshakeKeySet &&
+				keySetId.equals(((HandshakeKeySet) o).keySetId);
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/HandshakeKeySetId.java

@@ -0,0 +1,36 @@
+package org.briarproject.bramble.api.transport;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * Type-safe wrapper for an integer that uniquely identifies a
+ * {@link HandshakeKeySet set of handshake keys} within the scope of the local
+ * device.
+ */
+@Immutable
+@NotNullByDefault
+public class HandshakeKeySetId {
+
+	private final int id;
+
+	public HandshakeKeySetId(int id) {
+		this.id = id;
+	}
+
+	public int getInt() {
+		return id;
+	}
+
+	@Override
+	public int hashCode() {
+		return id;
+	}
+
+	@Override
+	public boolean equals(Object o) {
+		return o instanceof HandshakeKeySetId &&
+				id == ((HandshakeKeySetId) o).id;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/HandshakeKeys.java

@@ -0,0 +1,36 @@
+package org.briarproject.bramble.api.transport;
+
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * Keys for handshaking with a given contact or pending contact over a given
+ * transport. Unlike {@link TransportKeys} these keys do not provide forward
+ * secrecy.
+ */
+@Immutable
+@NotNullByDefault
+public class HandshakeKeys extends AbstractTransportKeys {
+
+	private final SecretKey rootKey;
+	private final boolean alice;
+
+	public HandshakeKeys(TransportId transportId, IncomingKeys inPrev,
+			IncomingKeys inCurr, IncomingKeys inNext, OutgoingKeys outCurr,
+			SecretKey rootKey, boolean alice) {
+		super(transportId, inPrev, inCurr, inNext, outCurr);
+		this.rootKey = rootKey;
+		this.alice = alice;
+	}
+
+	public SecretKey getRootKey() {
+		return rootKey;
+	}
+
+	public boolean isAlice() {
+		return alice;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/IncomingKeys.java

@@ -1,30 +1,35 @@
 package org.briarproject.bramble.api.transport;
 
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
 
 import static org.briarproject.bramble.api.transport.TransportConstants.REORDERING_WINDOW_SIZE;
 
 /**
  * Contains transport keys for receiving streams from a given contact over a
- * given transport in a given rotation period.
+ * given transport in a given time period.
  */
+@Immutable
+@NotNullByDefault
 public class IncomingKeys {
 
 	private final SecretKey tagKey, headerKey;
-	private final long rotationPeriod, windowBase;
+	private final long timePeriod, windowBase;
 	private final byte[] windowBitmap;
 
 	public IncomingKeys(SecretKey tagKey, SecretKey headerKey,
-			long rotationPeriod) {
-		this(tagKey, headerKey, rotationPeriod, 0,
+			long timePeriod) {
+		this(tagKey, headerKey, timePeriod, 0,
 				new byte[REORDERING_WINDOW_SIZE / 8]);
 	}
 
 	public IncomingKeys(SecretKey tagKey, SecretKey headerKey,
-			long rotationPeriod, long windowBase, byte[] windowBitmap) {
+			long timePeriod, long windowBase, byte[] windowBitmap) {
 		this.tagKey = tagKey;
 		this.headerKey = headerKey;
-		this.rotationPeriod = rotationPeriod;
+		this.timePeriod = timePeriod;
 		this.windowBase = windowBase;
 		this.windowBitmap = windowBitmap;
 	}
@@ -37,8 +42,8 @@ public class IncomingKeys {
 		return headerKey;
 	}
 
-	public long getRotationPeriod() {
-		return rotationPeriod;
+	public long getTimePeriod() {
+		return timePeriod;
 	}
 
 	public long getWindowBase() {

bramble-api/src/main/java/org/briarproject/bramble/api/transport/KeyManager.java

@@ -27,14 +27,14 @@ public interface KeyManager {
 	 * @param alice true if the local party is Alice
 	 * @param active whether the derived keys can be used for outgoing streams
 	 */
-	Map<TransportId, KeySetId> addContact(Transaction txn, ContactId c,
-			SecretKey master, long timestamp, boolean alice, boolean active)
+	Map<TransportId, TransportKeySetId> addContact(Transaction txn, ContactId c,
+			SecretKey rootKey, long timestamp, boolean alice, boolean active)
 			throws DbException;
 
 	/**
 	 * Marks the given transport keys as usable for outgoing streams.
 	 */
-	void activateKeys(Transaction txn, Map<TransportId, KeySetId> keys)
+	void activateKeys(Transaction txn, Map<TransportId, TransportKeySetId> keys)
 			throws DbException;
 
 	/**

bramble-api/src/main/java/org/briarproject/bramble/api/transport/KeySet.java

@@ -1,47 +0,0 @@
-package org.briarproject.bramble.api.transport;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * A set of transport keys for communicating with a contact.
- */
-@Immutable
-@NotNullByDefault
-public class KeySet {
-
-	private final KeySetId keySetId;
-	private final ContactId contactId;
-	private final TransportKeys transportKeys;
-
-	public KeySet(KeySetId keySetId, ContactId contactId,
-			TransportKeys transportKeys) {
-		this.keySetId = keySetId;
-		this.contactId = contactId;
-		this.transportKeys = transportKeys;
-	}
-
-	public KeySetId getKeySetId() {
-		return keySetId;
-	}
-
-	public ContactId getContactId() {
-		return contactId;
-	}
-
-	public TransportKeys getTransportKeys() {
-		return transportKeys;
-	}
-
-	@Override
-	public int hashCode() {
-		return keySetId.hashCode();
-	}
-
-	@Override
-	public boolean equals(Object o) {
-		return o instanceof KeySet && keySetId.equals(((KeySet) o).keySetId);
-	}
-}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/OutgoingKeys.java

@@ -1,27 +1,32 @@
 package org.briarproject.bramble.api.transport;
 
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
 
 /**
  * Contains transport keys for sending streams to a given contact over a given
- * transport in a given rotation period.
+ * transport in a given time period.
  */
+@Immutable
+@NotNullByDefault
 public class OutgoingKeys {
 
 	private final SecretKey tagKey, headerKey;
-	private final long rotationPeriod, streamCounter;
+	private final long timePeriod, streamCounter;
 	private final boolean active;
 
 	public OutgoingKeys(SecretKey tagKey, SecretKey headerKey,
-			long rotationPeriod, boolean active) {
-		this(tagKey, headerKey, rotationPeriod, 0, active);
+			long timePeriod, boolean active) {
+		this(tagKey, headerKey, timePeriod, 0, active);
 	}
 
 	public OutgoingKeys(SecretKey tagKey, SecretKey headerKey,
-			long rotationPeriod, long streamCounter, boolean active) {
+			long timePeriod, long streamCounter, boolean active) {
 		this.tagKey = tagKey;
 		this.headerKey = headerKey;
-		this.rotationPeriod = rotationPeriod;
+		this.timePeriod = timePeriod;
 		this.streamCounter = streamCounter;
 		this.active = active;
 	}
@@ -34,8 +39,8 @@ public class OutgoingKeys {
 		return headerKey;
 	}
 
-	public long getRotationPeriod() {
-		return rotationPeriod;
+	public long getTimePeriod() {
+		return timePeriod;
 	}
 
 	public long getStreamCounter() {

bramble-api/src/main/java/org/briarproject/bramble/api/transport/StreamContext.java

@@ -2,8 +2,13 @@ package org.briarproject.bramble.api.transport;
 
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportId;
 
+import javax.annotation.concurrent.Immutable;
+
+@Immutable
+@NotNullByDefault
 public class StreamContext {
 
 	private final ContactId contactId;

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java

@@ -82,30 +82,58 @@ public interface TransportConstants {
 	int REORDERING_WINDOW_SIZE = 32;
 
 	/**
-	 * Label for deriving Alice's initial tag key from the master secret.
+	 * Label for deriving Alice's initial tag key from the root key in
+	 * rotation mode.
 	 */
 	String ALICE_TAG_LABEL = "org.briarproject.bramble.transport/ALICE_TAG_KEY";
 
 	/**
-	 * Label for deriving Bob's initial tag key from the master secret.
+	 * Label for deriving Bob's initial tag key from the root key in rotation
+	 * mode.
 	 */
 	String BOB_TAG_LABEL = "org.briarproject.bramble.transport/BOB_TAG_KEY";
 
 	/**
-	 * Label for deriving Alice's initial header key from the master secret.
+	 * Label for deriving Alice's initial header key from the root key in
+	 * rotation mode.
 	 */
 	String ALICE_HEADER_LABEL =
 			"org.briarproject.bramble.transport/ALICE_HEADER_KEY";
 
 	/**
-	 * Label for deriving Bob's initial header key from the master secret.
+	 * Label for deriving Bob's initial header key from the root key in
+	 * rotation mode.
 	 */
 	String BOB_HEADER_LABEL =
 			"org.briarproject.bramble.transport/BOB_HEADER_KEY";
 
 	/**
-	 * Label for deriving the next period's key in key rotation.
+	 * Label for deriving the next period's key in rotation mode.
 	 */
 	String ROTATE_LABEL = "org.briarproject.bramble.transport/ROTATE";
 
+	/**
+	 * Label for deriving Alice's tag key from the root key in handshake mode.
+	 */
+	String ALICE_HANDSHAKE_TAG_LABEL =
+			"org.briarproject.bramble.transport/ALICE_HANDSHAKE_TAG_KEY";
+
+	/**
+	 * Label for deriving Bob's tag key from the root key in handshake mode.
+	 */
+	String BOB_HANDSHAKE_TAG_LABEL =
+			"org.briarproject.bramble.transport/BOB_HANDSHAKE_TAG_KEY";
+
+	/**
+	 * Label for deriving Alice's header key from the root key in handshake
+	 * mode.
+	 */
+	String ALICE_HANDSHAKE_HEADER_LABEL =
+			"org.briarproject.bramble.transport/ALICE_HANDSHAKE_HEADER_KEY";
+
+	/**
+	 * Label for deriving Bob's header key from the root key in handshake mode.
+	 */
+	String BOB_HANDSHAKE_HEADER_LABEL =
+			"org.briarproject.bramble.transport/BOB_HANDSHAKE_HEADER_KEY";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportKeySet.java

@@ -0,0 +1,49 @@
+package org.briarproject.bramble.api.transport;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * A set of keys for communicating with a given contact over a given transport.
+ * Unlike a {@link HandshakeKeySet} these keys provide forward secrecy.
+ */
+@Immutable
+@NotNullByDefault
+public class TransportKeySet {
+
+	private final TransportKeySetId keySetId;
+	private final ContactId contactId;
+	private final TransportKeys keys;
+
+	public TransportKeySet(TransportKeySetId keySetId, ContactId contactId,
+			TransportKeys keys) {
+		this.keySetId = keySetId;
+		this.contactId = contactId;
+		this.keys = keys;
+	}
+
+	public TransportKeySetId getKeySetId() {
+		return keySetId;
+	}
+
+	public ContactId getContactId() {
+		return contactId;
+	}
+
+	public TransportKeys getKeys() {
+		return keys;
+	}
+
+	@Override
+	public int hashCode() {
+		return keySetId.hashCode();
+	}
+
+	@Override
+	public boolean equals(Object o) {
+		return o instanceof TransportKeySet &&
+				keySetId.equals(((TransportKeySet) o).keySetId);
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportKeySetId.java

@@ -5,18 +5,19 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import javax.annotation.concurrent.Immutable;
 
 /**
- * Type-safe wrapper for an integer that uniquely identifies a set of transport
- * keys within the scope of the local device.
+ * Type-safe wrapper for an integer that uniquely identifies a
+ * {@link TransportKeySet set of transport keys} within the scope of the local
+ * device.
  * <p/>
  * Key sets created on a given device must have increasing identifiers.
  */
 @Immutable
 @NotNullByDefault
-public class KeySetId {
+public class TransportKeySetId {
 
 	private final int id;
 
-	public KeySetId(int id) {
+	public TransportKeySetId(int id) {
 		this.id = id;
 	}
 
@@ -31,6 +32,7 @@ public class KeySetId {
 
 	@Override
 	public boolean equals(Object o) {
-		return o instanceof KeySetId && id == ((KeySetId) o).id;
+		return o instanceof TransportKeySetId &&
+				id == ((TransportKeySetId) o).id;
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportKeys.java

@@ -1,52 +1,20 @@
 package org.briarproject.bramble.api.transport;
 
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportId;
 
-/**
- * Keys for communicating with a given contact over a given transport.
- */
-public class TransportKeys {
+import javax.annotation.concurrent.Immutable;
 
-	private final TransportId transportId;
-	private final IncomingKeys inPrev, inCurr, inNext;
-	private final OutgoingKeys outCurr;
+/**
+ * Keys for communicating with a given contact over a given transport. Unlike
+ * {@link HandshakeKeys} these keys provide forward secrecy.
+ */
+@Immutable
+@NotNullByDefault
+public class TransportKeys extends AbstractTransportKeys {
 
 	public TransportKeys(TransportId transportId, IncomingKeys inPrev,
 			IncomingKeys inCurr, IncomingKeys inNext, OutgoingKeys outCurr) {
-		if (inPrev.getRotationPeriod() != inCurr.getRotationPeriod() - 1)
-			throw new IllegalArgumentException();
-		if (inNext.getRotationPeriod() != inCurr.getRotationPeriod() + 1)
-			throw new IllegalArgumentException();
-		if (outCurr.getRotationPeriod() != inCurr.getRotationPeriod())
-			throw new IllegalArgumentException();
-		this.transportId = transportId;
-		this.inPrev = inPrev;
-		this.inCurr = inCurr;
-		this.inNext = inNext;
-		this.outCurr = outCurr;
-	}
-
-	public TransportId getTransportId() {
-		return transportId;
-	}
-
-	public IncomingKeys getPreviousIncomingKeys() {
-		return inPrev;
-	}
-
-	public IncomingKeys getCurrentIncomingKeys() {
-		return inCurr;
-	}
-
-	public IncomingKeys getNextIncomingKeys() {
-		return inNext;
-	}
-
-	public OutgoingKeys getCurrentOutgoingKeys() {
-		return outCurr;
-	}
-
-	public long getRotationPeriod() {
-		return outCurr.getRotationPeriod();
+		super(transportId, inPrev, inCurr, inNext, outCurr);
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/util/IoUtils.java

@@ -16,13 +16,12 @@ import java.util.logging.Logger;
 import javax.annotation.Nullable;
 
 import static java.util.logging.Level.WARNING;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.util.LogUtils.logException;
 
 @NotNullByDefault
 public class IoUtils {
 
-	private static final Logger LOG = getLogger(IoUtils.class.getName());
+	private static final Logger LOG = Logger.getLogger(IoUtils.class.getName());
 
 	public static void deleteFileOrDir(File f) {
 		if (f.isFile()) {

bramble-api/src/main/java/org/briarproject/bramble/util/ValidationUtils.java

@@ -7,15 +7,13 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import javax.annotation.Nullable;
 
-import static org.briarproject.bramble.util.StringUtils.toUtf8;
-
 @NotNullByDefault
 public class ValidationUtils {
 
 	public static void checkLength(@Nullable String s, int minLength,
 			int maxLength) throws FormatException {
 		if (s != null) {
-			int length = toUtf8(s).length;
+			int length = StringUtils.toUtf8(s).length;
 			if (length < minLength) throw new FormatException();
 			if (length > maxLength) throw new FormatException();
 		}
@@ -23,7 +21,7 @@ public class ValidationUtils {
 
 	public static void checkLength(@Nullable String s, int length)
 			throws FormatException {
-		if (s != null && toUtf8(s).length != length)
+		if (s != null && StringUtils.toUtf8(s).length != length)
 			throw new FormatException();
 	}
 

bramble-api/src/test/java/org/briarproject/bramble/api/data/BdfDictionaryTest.java

@@ -8,7 +8,6 @@ import java.util.Collections;
 import java.util.Iterator;
 import java.util.Map.Entry;
 
-import static java.util.Collections.singletonMap;
 import static org.briarproject.bramble.api.data.BdfDictionary.NULL_VALUE;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
@@ -20,15 +19,15 @@ public class BdfDictionaryTest extends BrambleTestCase {
 	public void testConstructors() {
 		assertEquals(Collections.<String, Object>emptyMap(),
 				new BdfDictionary());
-		assertEquals(singletonMap("foo", NULL_VALUE),
-				new BdfDictionary(singletonMap("foo", NULL_VALUE)));
+		assertEquals(Collections.singletonMap("foo", NULL_VALUE),
+				new BdfDictionary(Collections.singletonMap("foo", NULL_VALUE)));
 	}
 
 	@Test
 	public void testFactoryMethod() {
 		assertEquals(Collections.<String, Object>emptyMap(),
 				BdfDictionary.of());
-		assertEquals(singletonMap("foo", NULL_VALUE),
+		assertEquals(Collections.singletonMap("foo", NULL_VALUE),
 				BdfDictionary.of(new BdfEntry("foo", NULL_VALUE)));
 	}
 
@@ -68,7 +67,7 @@ public class BdfDictionaryTest extends BrambleTestCase {
 	}
 
 	@Test
-	public void testKeySetIteratorIsOrderedByKeys() {
+	public void testKeySetIteratorIsOrderedByKeys() throws Exception {
 		BdfDictionary d = new BdfDictionary();
 		d.put("a", 1);
 		d.put("d", 4);
@@ -87,7 +86,7 @@ public class BdfDictionaryTest extends BrambleTestCase {
 	}
 
 	@Test
-	public void testValuesIteratorIsOrderedByKeys() {
+	public void testValuesIteratorIsOrderedByKeys() throws Exception {
 		BdfDictionary d = new BdfDictionary();
 		d.put("a", 1);
 		d.put("d", 4);
@@ -106,7 +105,7 @@ public class BdfDictionaryTest extends BrambleTestCase {
 	}
 
 	@Test
-	public void testEntrySetIteratorIsOrderedByKeys() {
+	public void testEntrySetIteratorIsOrderedByKeys() throws Exception {
 		BdfDictionary d = new BdfDictionary();
 		d.put("a", 1);
 		d.put("d", 4);

bramble-api/src/test/java/org/briarproject/bramble/api/data/BdfListTest.java

@@ -5,31 +5,26 @@ import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.test.BrambleTestCase;
 import org.junit.Test;
 
-import java.util.Random;
+import java.util.Arrays;
+import java.util.Collections;
 
-import static java.util.Arrays.asList;
-import static java.util.Collections.emptyList;
 import static org.briarproject.bramble.api.data.BdfDictionary.NULL_VALUE;
-import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
-import static org.briarproject.bramble.util.StringUtils.getRandomString;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 
 public class BdfListTest extends BrambleTestCase {
 
-	private final Random random = new Random();
-
 	@Test
 	public void testConstructors() {
-		assertEquals(emptyList(), new BdfList());
-		assertEquals(asList(1, 2, NULL_VALUE),
-				new BdfList(asList(1, 2, NULL_VALUE)));
+		assertEquals(Collections.emptyList(), new BdfList());
+		assertEquals(Arrays.asList(1, 2, NULL_VALUE),
+				new BdfList(Arrays.asList(1, 2, NULL_VALUE)));
 	}
 
 	@Test
 	public void testFactoryMethod() {
-		assertEquals(emptyList(), BdfList.of());
-		assertEquals(asList(1, 2, NULL_VALUE),
+		assertEquals(Collections.emptyList(), BdfList.of());
+		assertEquals(Arrays.asList(1, 2, NULL_VALUE),
 				BdfList.of(1, 2, NULL_VALUE));
 	}
 
@@ -69,21 +64,22 @@ public class BdfListTest extends BrambleTestCase {
 	}
 
 	@Test
-	public void testIndexOutOfBoundsReturnsDefaultValue() {
+	@SuppressWarnings("ConstantConditions")
+	public void testIndexOutOfBoundsReturnsDefaultValue() throws Exception {
 		BdfList list = BdfList.of(1, 2, 3);
-		boolean defaultBoolean = random.nextBoolean();
+		boolean defaultBoolean = true;
 		assertEquals(defaultBoolean, list.getBoolean(-1, defaultBoolean));
 		assertEquals(defaultBoolean, list.getBoolean(3, defaultBoolean));
-		Long defaultLong = random.nextLong();
+		Long defaultLong = 123L;
 		assertEquals(defaultLong, list.getLong(-1, defaultLong));
 		assertEquals(defaultLong, list.getLong(3, defaultLong));
-		Double defaultDouble = random.nextDouble();
+		Double defaultDouble = 1.23;
 		assertEquals(defaultDouble, list.getDouble(-1, defaultDouble));
 		assertEquals(defaultDouble, list.getDouble(3, defaultDouble));
-		String defaultString = getRandomString(123);
+		String defaultString = "123";
 		assertEquals(defaultString, list.getString(-1, defaultString));
 		assertEquals(defaultString, list.getString(3, defaultString));
-		byte[] defaultBytes = getRandomBytes(123);
+		byte[] defaultBytes = new byte[] {1, 2, 3};
 		assertArrayEquals(defaultBytes, list.getRaw(-1, defaultBytes));
 		assertArrayEquals(defaultBytes, list.getRaw(3, defaultBytes));
 		BdfList defaultList = BdfList.of(1, 2, 3);
@@ -99,17 +95,18 @@ public class BdfListTest extends BrambleTestCase {
 	}
 
 	@Test
-	public void testWrongTypeReturnsDefaultValue() {
+	@SuppressWarnings("ConstantConditions")
+	public void testWrongTypeReturnsDefaultValue() throws Exception {
 		BdfList list = BdfList.of(1, 2, 3, true);
-		boolean defaultBoolean = random.nextBoolean();
+		boolean defaultBoolean = true;
 		assertEquals(defaultBoolean, list.getBoolean(0, defaultBoolean));
-		Long defaultLong = random.nextLong();
+		Long defaultLong = 123L;
 		assertEquals(defaultLong, list.getLong(3, defaultLong));
-		Double defaultDouble = random.nextDouble();
+		Double defaultDouble = 1.23;
 		assertEquals(defaultDouble, list.getDouble(0, defaultDouble));
-		String defaultString = getRandomString(123);
+		String defaultString = "123";
 		assertEquals(defaultString, list.getString(0, defaultString));
-		byte[] defaultBytes = getRandomBytes(123);
+		byte[] defaultBytes = new byte[] {1, 2, 3};
 		assertArrayEquals(defaultBytes, list.getRaw(0, defaultBytes));
 		BdfList defaultList = BdfList.of(1, 2, 3);
 		assertEquals(defaultList, list.getList(0, defaultList));

bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java

@@ -1,6 +1,10 @@
 package org.briarproject.bramble.test;
 
 import org.briarproject.bramble.api.UniqueId;
+import org.briarproject.bramble.api.contact.Contact;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContact;
+import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
@@ -12,10 +16,12 @@ import org.briarproject.bramble.api.sync.Group;
 import org.briarproject.bramble.api.sync.GroupId;
 import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.MessageId;
+import org.briarproject.bramble.util.IoUtils;
 
 import java.io.File;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -23,7 +29,7 @@ import java.util.Random;
 import java.util.concurrent.atomic.AtomicInteger;
 
 import static java.util.Arrays.asList;
-import static java.util.Collections.sort;
+import static org.briarproject.bramble.api.contact.PendingContactState.WAITING_FOR_CONNECTION;
 import static org.briarproject.bramble.api.identity.Author.FORMAT_VERSION;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
@@ -32,7 +38,6 @@ import static org.briarproject.bramble.api.properties.TransportPropertyConstants
 import static org.briarproject.bramble.api.sync.ClientId.MAX_CLIENT_ID_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
-import static org.briarproject.bramble.util.IoUtils.deleteFileOrDir;
 import static org.briarproject.bramble.util.StringUtils.getRandomString;
 
 public class TestUtils {
@@ -41,6 +46,7 @@ public class TestUtils {
 			new AtomicInteger((int) (Math.random() * 1000 * 1000));
 	private static final Random random = new Random();
 	private static final long timestamp = System.currentTimeMillis();
+	private static final AtomicInteger nextContactId = new AtomicInteger(1);
 
 	public static File getTestDirectory() {
 		int name = nextTestDir.getAndIncrement();
@@ -48,10 +54,8 @@ public class TestUtils {
 	}
 
 	public static void deleteTestDirectory(File testDir) {
-		deleteFileOrDir(testDir);
-		// Delete parent directory only if it's empty
-		//noinspection ResultOfMethodCallIgnored
-		testDir.getParentFile().delete();
+		IoUtils.deleteFileOrDir(testDir);
+		testDir.getParentFile().delete(); // Delete if empty
 	}
 
 	public static byte[] getRandomBytes(int length) {
@@ -142,12 +146,41 @@ public class TestUtils {
 		return new Message(id, groupId, timestamp, body);
 	}
 
+	public static PendingContact getPendingContact() {
+		return getPendingContact(1 + random.nextInt(MAX_AUTHOR_NAME_LENGTH));
+	}
+
+	public static PendingContact getPendingContact(int nameLength) {
+		PendingContactId id = new PendingContactId(getRandomId());
+		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
+		String alias = getRandomString(nameLength);
+		return new PendingContact(id, publicKey, alias, WAITING_FOR_CONNECTION,
+				timestamp);
+	}
+
+	public static ContactId getContactId() {
+		return new ContactId(nextContactId.getAndIncrement());
+	}
+
+	public static Contact getContact() {
+		return getContact(getAuthor(), random.nextBoolean());
+	}
+
+	public static Contact getContact(Author a, boolean verified) {
+		return getContact(getContactId(), a, verified);
+	}
+
+	public static Contact getContact(ContactId c, Author a, boolean verified) {
+		return new Contact(c, a, getRandomString(MAX_AUTHOR_NAME_LENGTH),
+				getRandomBytes(MAX_PUBLIC_KEY_LENGTH), verified);
+	}
+
 	public static double getMedian(Collection<? extends Number> samples) {
 		int size = samples.size();
 		if (size == 0) throw new IllegalArgumentException();
 		List<Double> sorted = new ArrayList<>(size);
 		for (Number n : samples) sorted.add(n.doubleValue());
-		sort(sorted);
+		Collections.sort(sorted);
 		if (size % 2 == 1) return sorted.get(size / 2);
 		double low = sorted.get(size / 2 - 1), high = sorted.get(size / 2);
 		return (low + high) / 2;

bramble-core/src/main/java/org/briarproject/bramble/PoliteExecutor.java

@@ -10,7 +10,6 @@ import java.util.logging.Logger;
 import javax.annotation.concurrent.GuardedBy;
 
 import static java.util.logging.Level.FINE;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.util.LogUtils.now;
 
 /**
@@ -43,7 +42,7 @@ public class PoliteExecutor implements Executor {
 			int maxConcurrentTasks) {
 		this.delegate = delegate;
 		this.maxConcurrentTasks = maxConcurrentTasks;
-		log = getLogger(tag);
+		log = Logger.getLogger(tag);
 	}
 
 	@Override

bramble-core/src/main/java/org/briarproject/bramble/TimeLoggingExecutor.java

@@ -9,7 +9,6 @@ import java.util.concurrent.TimeUnit;
 import java.util.logging.Logger;
 
 import static java.util.logging.Level.FINE;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.util.LogUtils.now;
 
 @NotNullByDefault
@@ -23,7 +22,7 @@ public class TimeLoggingExecutor extends ThreadPoolExecutor {
 			RejectedExecutionHandler handler) {
 		super(corePoolSize, maxPoolSize, keepAliveTime, unit, workQueue,
 				handler);
-		log = getLogger(tag);
+		log = Logger.getLogger(tag);
 	}
 
 	@Override

bramble-core/src/main/java/org/briarproject/bramble/account/AccountManagerImpl.java

@@ -6,7 +6,9 @@ import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.identity.IdentityManager;
 import org.briarproject.bramble.api.identity.LocalAuthor;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
+import org.briarproject.bramble.util.IoUtils;
 
 import java.io.BufferedReader;
 import java.io.File;
@@ -17,21 +19,19 @@ import java.io.InputStreamReader;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;
 
 import static java.util.logging.Level.WARNING;
-import static java.util.logging.Logger.getLogger;
-import static org.briarproject.bramble.util.IoUtils.deleteFileOrDir;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.StringUtils.fromHexString;
 import static org.briarproject.bramble.util.StringUtils.toHexString;
 
-@NotNullByDefault
+@MethodsNotNullByDefault
+@ParametersNotNullByDefault
 class AccountManagerImpl implements AccountManager {
 
 	private static final Logger LOG =
-			getLogger(AccountManagerImpl.class.getName());
+			Logger.getLogger(AccountManagerImpl.class.getName());
 
 	private static final String DB_KEY_FILENAME = "db.key";
 	private static final String DB_KEY_BACKUP_FILENAME = "db.key.bak";
@@ -68,7 +68,7 @@ class AccountManagerImpl implements AccountManager {
 		return databaseKey;
 	}
 
-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	@Nullable
 	protected String loadEncryptedDatabaseKey() {
 		String key = readDbKeyFromFile(dbKeyFile);
@@ -83,7 +83,7 @@ class AccountManagerImpl implements AccountManager {
 		return key;
 	}
 
-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	@Nullable
 	private String readDbKeyFromFile(File f) {
 		if (!f.exists()) {
@@ -102,8 +102,8 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	@GuardedBy("stateChangeLock")
-	boolean storeEncryptedDatabaseKey(String hex) {
+	// Locking: stateChangeLock
+	protected boolean storeEncryptedDatabaseKey(String hex) {
 		LOG.info("Storing database key in file");
 		// Create the directory if necessary
 		if (databaseConfig.getDatabaseKeyDirectory().mkdirs())
@@ -140,7 +140,7 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	private void writeDbKeyToFile(String key, File f) throws IOException {
 		FileOutputStream out = new FileOutputStream(f);
 		out.write(key.getBytes("UTF-8"));
@@ -170,7 +170,7 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	private boolean encryptAndStoreDatabaseKey(SecretKey key, String password) {
 		byte[] plaintext = key.getBytes();
 		byte[] ciphertext = crypto.encryptWithPassword(plaintext, password);
@@ -181,8 +181,8 @@ class AccountManagerImpl implements AccountManager {
 	public void deleteAccount() {
 		synchronized (stateChangeLock) {
 			LOG.info("Deleting account");
-			deleteFileOrDir(databaseConfig.getDatabaseKeyDirectory());
-			deleteFileOrDir(databaseConfig.getDatabaseDirectory());
+			IoUtils.deleteFileOrDir(databaseConfig.getDatabaseKeyDirectory());
+			IoUtils.deleteFileOrDir(databaseConfig.getDatabaseDirectory());
 			databaseKey = null;
 		}
 	}
@@ -197,7 +197,7 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	@GuardedBy("stateChangeLock")
+	// Locking: stateChangeLock
 	@Nullable
 	private SecretKey loadAndDecryptDatabaseKey(String password) {
 		String hex = loadEncryptedDatabaseKey();

bramble-core/src/main/java/org/briarproject/bramble/client/ContactGroupFactoryImpl.java

@@ -39,8 +39,7 @@ class ContactGroupFactoryImpl implements ContactGroupFactory {
 
 	@Override
 	public Group createContactGroup(ClientId clientId, int majorVersion,
-			Contact contact) {
-		AuthorId local = contact.getLocalAuthorId();
+			Contact contact, AuthorId local) {
 		AuthorId remote = contact.getAuthor().getId();
 		byte[] descriptor = createGroupDescriptor(local, remote);
 		return groupFactory.createGroup(clientId, majorVersion, descriptor);

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java

@@ -2,10 +2,11 @@ package org.briarproject.bramble.contact;
 
 import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.client.ClientHelper;
-import org.briarproject.bramble.api.contact.ContactExchangeListener;
 import org.briarproject.bramble.api.contact.ContactExchangeTask;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.ContactManager;
+import org.briarproject.bramble.api.contact.event.ContactExchangeFailedEvent;
+import org.briarproject.bramble.api.contact.event.ContactExchangeSucceededEvent;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.data.BdfDictionary;
@@ -13,6 +14,7 @@ import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.db.ContactExistsException;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.LocalAuthor;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
@@ -43,7 +45,6 @@ import java.util.logging.Logger;
 import javax.inject.Inject;
 
 import static java.util.logging.Level.WARNING;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.api.contact.RecordTypes.CONTACT_INFO;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
 import static org.briarproject.bramble.util.LogUtils.logException;
@@ -55,7 +56,7 @@ import static org.briarproject.bramble.util.ValidationUtils.checkSize;
 class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 
 	private static final Logger LOG =
-			getLogger(ContactExchangeTaskImpl.class.getName());
+			Logger.getLogger(ContactExchangeTaskImpl.class.getName());
 
 	private static final String SIGNING_LABEL_EXCHANGE =
 			"org.briarproject.briar.contact/EXCHANGE";
@@ -64,6 +65,7 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 	private final ClientHelper clientHelper;
 	private final RecordReaderFactory recordReaderFactory;
 	private final RecordWriterFactory recordWriterFactory;
+	private final EventBus eventBus;
 	private final Clock clock;
 	private final ConnectionManager connectionManager;
 	private final ContactManager contactManager;
@@ -72,18 +74,18 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 	private final StreamReaderFactory streamReaderFactory;
 	private final StreamWriterFactory streamWriterFactory;
 
-	private volatile ContactExchangeListener listener;
 	private volatile LocalAuthor localAuthor;
 	private volatile DuplexTransportConnection conn;
 	private volatile TransportId transportId;
-	private volatile SecretKey masterSecret;
+	private volatile SecretKey masterKey;
 	private volatile boolean alice;
 
 	@Inject
 	ContactExchangeTaskImpl(DatabaseComponent db, ClientHelper clientHelper,
 			RecordReaderFactory recordReaderFactory,
-			RecordWriterFactory recordWriterFactory, Clock clock,
-			ConnectionManager connectionManager, ContactManager contactManager,
+			RecordWriterFactory recordWriterFactory, EventBus eventBus,
+			Clock clock, ConnectionManager connectionManager,
+			ContactManager contactManager,
 			TransportPropertyManager transportPropertyManager,
 			CryptoComponent crypto, StreamReaderFactory streamReaderFactory,
 			StreamWriterFactory streamWriterFactory) {
@@ -91,6 +93,7 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		this.clientHelper = clientHelper;
 		this.recordReaderFactory = recordReaderFactory;
 		this.recordWriterFactory = recordWriterFactory;
+		this.eventBus = eventBus;
 		this.clock = clock;
 		this.connectionManager = connectionManager;
 		this.contactManager = contactManager;
@@ -101,15 +104,13 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 	}
 
 	@Override
-	public void startExchange(ContactExchangeListener listener,
-			LocalAuthor localAuthor, SecretKey masterSecret,
+	public void startExchange(LocalAuthor localAuthor, SecretKey masterKey,
 			DuplexTransportConnection conn, TransportId transportId,
 			boolean alice) {
-		this.listener = listener;
 		this.localAuthor = localAuthor;
 		this.conn = conn;
 		this.transportId = transportId;
-		this.masterSecret = masterSecret;
+		this.masterKey = masterKey;
 		this.alice = alice;
 		start();
 	}
@@ -124,8 +125,8 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 			out = conn.getWriter().getOutputStream();
 		} catch (IOException e) {
 			logException(LOG, WARNING, e);
-			listener.contactExchangeFailed();
 			tryToClose(conn);
+			eventBus.broadcast(new ContactExchangeFailedEvent());
 			return;
 		}
 
@@ -135,15 +136,15 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 			localProperties = transportPropertyManager.getLocalProperties();
 		} catch (DbException e) {
 			logException(LOG, WARNING, e);
-			listener.contactExchangeFailed();
+			eventBus.broadcast(new ContactExchangeFailedEvent());
 			tryToClose(conn);
 			return;
 		}
 
 		// Derive the header keys for the transport streams
-		SecretKey aliceHeaderKey = crypto.deriveKey(ALICE_KEY_LABEL,
-				masterSecret, new byte[] {PROTOCOL_VERSION});
-		SecretKey bobHeaderKey = crypto.deriveKey(BOB_KEY_LABEL, masterSecret,
+		SecretKey aliceHeaderKey = crypto.deriveKey(ALICE_KEY_LABEL, masterKey,
+				new byte[] {PROTOCOL_VERSION});
+		SecretKey bobHeaderKey = crypto.deriveKey(BOB_KEY_LABEL, masterKey,
 				new byte[] {PROTOCOL_VERSION});
 
 		// Create the readers
@@ -162,9 +163,9 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 						.createRecordWriter(streamWriter.getOutputStream());
 
 		// Derive the nonces to be signed
-		byte[] aliceNonce = crypto.mac(ALICE_NONCE_LABEL, masterSecret,
+		byte[] aliceNonce = crypto.mac(ALICE_NONCE_LABEL, masterKey,
 				new byte[] {PROTOCOL_VERSION});
-		byte[] bobNonce = crypto.mac(BOB_NONCE_LABEL, masterSecret,
+		byte[] bobNonce = crypto.mac(BOB_NONCE_LABEL, masterKey,
 				new byte[] {PROTOCOL_VERSION});
 		byte[] localNonce = alice ? aliceNonce : bobNonce;
 		byte[] remoteNonce = alice ? bobNonce : aliceNonce;
@@ -191,14 +192,13 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 			streamWriter.sendEndOfStream();
 			// Skip any remaining records from the incoming stream
 			try {
-				//noinspection InfiniteLoopStatement
 				while (true) recordReader.readRecord();
 			} catch (EOFException expected) {
 				LOG.info("End of stream");
 			}
 		} catch (IOException e) {
 			logException(LOG, WARNING, e);
-			listener.contactExchangeFailed();
+			eventBus.broadcast(new ContactExchangeFailedEvent());
 			tryToClose(conn);
 			return;
 		}
@@ -206,7 +206,7 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		// Verify the contact's signature
 		if (!verify(remoteInfo.author, remoteNonce, remoteInfo.signature)) {
 			LOG.warning("Invalid signature");
-			listener.contactExchangeFailed();
+			eventBus.broadcast(new ContactExchangeFailedEvent());
 			tryToClose(conn);
 			return;
 		}
@@ -223,15 +223,17 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 					conn);
 			// Pseudonym exchange succeeded
 			LOG.info("Pseudonym exchange succeeded");
-			listener.contactExchangeSucceeded(remoteInfo.author);
+			eventBus.broadcast(
+					new ContactExchangeSucceededEvent(remoteInfo.author));
 		} catch (ContactExistsException e) {
 			logException(LOG, WARNING, e);
 			tryToClose(conn);
-			listener.duplicateContact(remoteInfo.author);
+			eventBus.broadcast(
+					new ContactExchangeFailedEvent(remoteInfo.author));
 		} catch (DbException e) {
 			logException(LOG, WARNING, e);
 			tryToClose(conn);
-			listener.contactExchangeFailed();
+			eventBus.broadcast(new ContactExchangeFailedEvent());
 		}
 	}
 
@@ -291,8 +293,7 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 			throws DbException {
 		return db.transactionWithResult(false, txn -> {
 			ContactId contactId = contactManager.addContact(txn, remoteAuthor,
-					localAuthor.getId(), masterSecret, timestamp, alice,
-					true, true);
+					masterKey, timestamp, alice, true, true);
 			transportPropertyManager.addRemoteProperties(txn, contactId,
 					remoteProperties);
 			return contactId;

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactManagerImpl.java

@@ -8,7 +8,6 @@ import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.db.NoSuchContactException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
@@ -18,7 +17,6 @@ import org.briarproject.bramble.api.identity.LocalAuthor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.transport.KeyManager;
 
-import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Random;
@@ -30,8 +28,9 @@ import javax.annotation.concurrent.ThreadSafe;
 import javax.inject.Inject;
 
 import static java.util.Collections.emptyList;
-import static org.briarproject.bramble.api.contact.PendingContact.PendingContactState.WAITING_FOR_CONNECTION;
+import static org.briarproject.bramble.api.contact.PendingContactState.WAITING_FOR_CONNECTION;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
+import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
 import static org.briarproject.bramble.api.identity.AuthorInfo.Status.OURSELVES;
 import static org.briarproject.bramble.api.identity.AuthorInfo.Status.UNKNOWN;
 import static org.briarproject.bramble.api.identity.AuthorInfo.Status.UNVERIFIED;
@@ -68,31 +67,31 @@ class ContactManagerImpl implements ContactManager {
 	}
 
 	@Override
-	public ContactId addContact(Transaction txn, Author remote, AuthorId local,
-			SecretKey master, long timestamp, boolean alice, boolean verified,
-			boolean active) throws DbException {
-		ContactId c = db.addContact(txn, remote, local, verified, active);
-		keyManager.addContact(txn, c, master, timestamp, alice, active);
-		Contact contact = db.getContact(txn, c);
-		for (ContactHook hook : hooks) hook.addingContact(txn, contact);
-		return c;
-	}
-
-	@Override
-	public ContactId addContact(Transaction txn, Author remote, AuthorId local,
-			boolean verified, boolean active) throws DbException {
-		ContactId c = db.addContact(txn, remote, local, verified, active);
-		Contact contact = db.getContact(txn, c);
-		for (ContactHook hook : hooks) hook.addingContact(txn, contact);
-		return c;
-	}
-
-	@Override
-	public ContactId addContact(Author remote, AuthorId local, SecretKey master,
+	public ContactId addContact(Transaction txn, Author a, SecretKey rootKey,
 			long timestamp, boolean alice, boolean verified, boolean active)
 			throws DbException {
+		ContactId c = db.addContact(txn, a, verified);
+		keyManager.addContact(txn, c, rootKey, timestamp, alice, active);
+		Contact contact = db.getContact(txn, c);
+		for (ContactHook hook : hooks) hook.addingContact(txn, contact);
+		return c;
+	}
+
+	@Override
+	public ContactId addContact(Transaction txn, Author a, boolean verified)
+			throws DbException {
+		ContactId c = db.addContact(txn, a, verified);
+		Contact contact = db.getContact(txn, c);
+		for (ContactHook hook : hooks) hook.addingContact(txn, contact);
+		return c;
+	}
+
+	@Override
+	public ContactId addContact(Author a, SecretKey rootKey, long timestamp,
+			boolean alice, boolean verified, boolean active)
+			throws DbException {
 		return db.transactionWithResult(false, txn ->
-				addContact(txn, remote, local, master, timestamp, alice,
+				addContact(txn, a, rootKey, timestamp, alice,
 						verified, active));
 	}
 
@@ -123,8 +122,8 @@ class ContactManagerImpl implements ContactManager {
 	public PendingContact addRemoteContactRequest(String link, String alias) {
 		// TODO replace with real implementation
 		PendingContactId id = new PendingContactId(link.getBytes());
-		return new PendingContact(id, alias, WAITING_FOR_CONNECTION,
-				System.currentTimeMillis());
+		return new PendingContact(id, new byte[MAX_PUBLIC_KEY_LENGTH], alias,
+				WAITING_FOR_CONNECTION, System.currentTimeMillis());
 	}
 
 	@Override
@@ -144,32 +143,18 @@ class ContactManagerImpl implements ContactManager {
 	}
 
 	@Override
-	public Contact getContact(AuthorId remoteAuthorId, AuthorId localAuthorId)
-			throws DbException {
-		return db.transactionWithResult(true, txn ->
-				getContact(txn, remoteAuthorId, localAuthorId));
+	public Contact getContact(AuthorId a) throws DbException {
+		return db.transactionWithResult(true, txn -> getContact(txn, a));
 	}
 
 	@Override
-	public Contact getContact(Transaction txn, AuthorId remoteAuthorId,
-			AuthorId localAuthorId) throws DbException {
-		Collection<Contact> contacts =
-				db.getContactsByAuthorId(txn, remoteAuthorId);
-		for (Contact c : contacts) {
-			if (c.getLocalAuthorId().equals(localAuthorId)) {
-				return c;
-			}
-		}
-		throw new NoSuchContactException();
+	public Contact getContact(Transaction txn, AuthorId a) throws DbException {
+		return db.getContact(txn, a);
 	}
 
 	@Override
-	public Collection<Contact> getActiveContacts() throws DbException {
-		Collection<Contact> contacts =
-				db.transactionWithResult(true, db::getContacts);
-		List<Contact> active = new ArrayList<>(contacts.size());
-		for (Contact c : contacts) if (c.isActive()) active.add(c);
-		return active;
+	public Collection<Contact> getContacts() throws DbException {
+		return db.transactionWithResult(true, db::getContacts);
 	}
 
 	@Override
@@ -177,12 +162,6 @@ class ContactManagerImpl implements ContactManager {
 		db.transaction(false, txn -> removeContact(txn, c));
 	}
 
-	@Override
-	public void setContactActive(Transaction txn, ContactId c, boolean active)
-			throws DbException {
-		db.setContactActive(txn, c, active);
-	}
-
 	@Override
 	public void setContactAlias(Transaction txn, ContactId c,
 			@Nullable String alias) throws DbException {
@@ -201,16 +180,14 @@ class ContactManagerImpl implements ContactManager {
 	}
 
 	@Override
-	public boolean contactExists(Transaction txn, AuthorId remoteAuthorId,
-			AuthorId localAuthorId) throws DbException {
-		return db.containsContact(txn, remoteAuthorId, localAuthorId);
+	public boolean contactExists(Transaction txn, AuthorId a)
+			throws DbException {
+		return db.containsContact(txn, a);
 	}
 
 	@Override
-	public boolean contactExists(AuthorId remoteAuthorId,
-			AuthorId localAuthorId) throws DbException {
-		return db.transactionWithResult(true, txn ->
-				contactExists(txn, remoteAuthorId, localAuthorId));
+	public boolean contactExists(AuthorId a) throws DbException {
+		return db.transactionWithResult(true, txn -> contactExists(txn, a));
 	}
 
 	@Override
@@ -232,12 +209,12 @@ class ContactManagerImpl implements ContactManager {
 		LocalAuthor localAuthor = identityManager.getLocalAuthor(txn);
 		if (localAuthor.getId().equals(authorId))
 			return new AuthorInfo(OURSELVES);
-		Collection<Contact> contacts = db.getContactsByAuthorId(txn, authorId);
-		if (contacts.isEmpty()) return new AuthorInfo(UNKNOWN);
-		if (contacts.size() > 1) throw new AssertionError();
-		Contact c = contacts.iterator().next();
-		if (c.isVerified()) return new AuthorInfo(VERIFIED, c.getAlias());
-		else return new AuthorInfo(UNVERIFIED, c.getAlias());
+		if (db.containsContact(txn, authorId)) {
+			Contact c = db.getContact(txn, authorId);
+			if (c.isVerified()) return new AuthorInfo(VERIFIED, c.getAlias());
+			else return new AuthorInfo(UNVERIFIED, c.getAlias());
+		}
+		return new AuthorInfo(UNKNOWN);
 	}
 
 }

bramble-core/src/main/java/org/briarproject/bramble/crypto/AsciiArmour.java

@@ -2,20 +2,18 @@ package org.briarproject.bramble.crypto;
 
 import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import static org.briarproject.bramble.util.StringUtils.fromHexString;
-import static org.briarproject.bramble.util.StringUtils.toHexString;
+import org.briarproject.bramble.util.StringUtils;
 
 @NotNullByDefault
 class AsciiArmour {
 
 	static String wrap(byte[] b, int lineLength) {
-		String wrapped = toHexString(b);
+		String wrapped = StringUtils.toHexString(b);
 		StringBuilder s = new StringBuilder();
 		int length = wrapped.length();
 		for (int i = 0; i < length; i += lineLength) {
 			int end = Math.min(i + lineLength, length);
-			s.append(wrapped, i, end);
+			s.append(wrapped.substring(i, end));
 			s.append("\r\n");
 		}
 		return s.toString();
@@ -23,7 +21,7 @@ class AsciiArmour {
 
 	static byte[] unwrap(String s) throws FormatException {
 		try {
-			return fromHexString(s.replaceAll("[^0-9a-fA-F]", ""));
+			return StringUtils.fromHexString(s.replaceAll("[^0-9a-fA-F]", ""));
 		} catch (IllegalArgumentException e) {
 			throw new FormatException();
 		}

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java

@@ -12,6 +12,8 @@ import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.system.SecureRandomProvider;
+import org.briarproject.bramble.util.ByteUtils;
+import org.briarproject.bramble.util.StringUtils;
 import org.spongycastle.crypto.CryptoException;
 import org.spongycastle.crypto.Digest;
 import org.spongycastle.crypto.digests.Blake2bDigest;
@@ -28,21 +30,16 @@ import java.util.logging.Logger;
 import javax.annotation.Nullable;
 import javax.inject.Inject;
 
-import static java.lang.System.arraycopy;
 import static java.util.logging.Level.INFO;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
-import static org.briarproject.bramble.util.ByteUtils.readUint32;
-import static org.briarproject.bramble.util.ByteUtils.writeUint32;
 import static org.briarproject.bramble.util.LogUtils.logDuration;
 import static org.briarproject.bramble.util.LogUtils.now;
-import static org.briarproject.bramble.util.StringUtils.toUtf8;
 
 @NotNullByDefault
 class CryptoComponentImpl implements CryptoComponent {
 
 	private static final Logger LOG =
-			getLogger(CryptoComponentImpl.class.getName());
+			Logger.getLogger(CryptoComponentImpl.class.getName());
 
 	private static final int SIGNATURE_KEY_PAIR_BITS = 256;
 	private static final int STORAGE_IV_BYTES = 24; // 196 bits
@@ -191,7 +188,7 @@ class CryptoComponentImpl implements CryptoComponent {
 		PrivateKey ourPriv = ourKeyPair.getPrivate();
 		byte[][] hashInputs = new byte[inputs.length + 1][];
 		hashInputs[0] = performRawKeyAgreement(ourPriv, theirPublicKey);
-		arraycopy(inputs, 0, hashInputs, 1, inputs.length);
+		System.arraycopy(inputs, 0, hashInputs, 1, inputs.length);
 		byte[] hash = hash(label, hashInputs);
 		if (hash.length != SecretKey.LENGTH) throw new IllegalStateException();
 		return new SecretKey(hash);
@@ -219,26 +216,26 @@ class CryptoComponentImpl implements CryptoComponent {
 
 	private void updateSignature(Signature signature, String label,
 			byte[] toSign) throws GeneralSecurityException {
-		byte[] labelBytes = toUtf8(label);
+		byte[] labelBytes = StringUtils.toUtf8(label);
 		byte[] length = new byte[INT_32_BYTES];
-		writeUint32(labelBytes.length, length, 0);
+		ByteUtils.writeUint32(labelBytes.length, length, 0);
 		signature.update(length);
 		signature.update(labelBytes);
-		writeUint32(toSign.length, length, 0);
+		ByteUtils.writeUint32(toSign.length, length, 0);
 		signature.update(length);
 		signature.update(toSign);
 	}
 
 	@Override
 	public byte[] hash(String label, byte[]... inputs) {
-		byte[] labelBytes = toUtf8(label);
+		byte[] labelBytes = StringUtils.toUtf8(label);
 		Digest digest = new Blake2bDigest(256);
 		byte[] length = new byte[INT_32_BYTES];
-		writeUint32(labelBytes.length, length, 0);
+		ByteUtils.writeUint32(labelBytes.length, length, 0);
 		digest.update(length, 0, length.length);
 		digest.update(labelBytes, 0, labelBytes.length);
 		for (byte[] input : inputs) {
-			writeUint32(input.length, length, 0);
+			ByteUtils.writeUint32(input.length, length, 0);
 			digest.update(length, 0, length.length);
 			digest.update(input, 0, input.length);
 		}
@@ -249,14 +246,14 @@ class CryptoComponentImpl implements CryptoComponent {
 
 	@Override
 	public byte[] mac(String label, SecretKey macKey, byte[]... inputs) {
-		byte[] labelBytes = toUtf8(label);
+		byte[] labelBytes = StringUtils.toUtf8(label);
 		Digest mac = new Blake2bDigest(macKey.getBytes(), 32, null, null);
 		byte[] length = new byte[INT_32_BYTES];
-		writeUint32(labelBytes.length, length, 0);
+		ByteUtils.writeUint32(labelBytes.length, length, 0);
 		mac.update(length, 0, length.length);
 		mac.update(labelBytes, 0, labelBytes.length);
 		for (byte[] input : inputs) {
-			writeUint32(input.length, length, 0);
+			ByteUtils.writeUint32(input.length, length, 0);
 			mac.update(length, 0, length.length);
 			mac.update(input, 0, input.length);
 		}
@@ -300,13 +297,13 @@ class CryptoComponentImpl implements CryptoComponent {
 		output[outputOff] = PBKDF_FORMAT_SCRYPT;
 		outputOff++;
 		// Salt
-		arraycopy(salt, 0, output, outputOff, salt.length);
+		System.arraycopy(salt, 0, output, outputOff, salt.length);
 		outputOff += salt.length;
 		// Cost parameter
-		writeUint32(cost, output, outputOff);
+		ByteUtils.writeUint32(cost, output, outputOff);
 		outputOff += INT_32_BYTES;
 		// IV
-		arraycopy(iv, 0, output, outputOff, iv.length);
+		System.arraycopy(iv, 0, output, outputOff, iv.length);
 		outputOff += iv.length;
 		// Initialise the cipher and encrypt the plaintext
 		try {
@@ -336,16 +333,16 @@ class CryptoComponentImpl implements CryptoComponent {
 			return null; // Unknown format
 		// Salt
 		byte[] salt = new byte[PBKDF_SALT_BYTES];
-		arraycopy(input, inputOff, salt, 0, salt.length);
+		System.arraycopy(input, inputOff, salt, 0, salt.length);
 		inputOff += salt.length;
 		// Cost parameter
-		long cost = readUint32(input, inputOff);
+		long cost = ByteUtils.readUint32(input, inputOff);
 		inputOff += INT_32_BYTES;
 		if (cost < 2 || cost > Integer.MAX_VALUE)
 			return null; // Invalid cost parameter
 		// IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
-		arraycopy(input, inputOff, iv, 0, iv.length);
+		System.arraycopy(input, inputOff, iv, 0, iv.length);
 		inputOff += iv.length;
 		// Derive the key from the password
 		SecretKey key = passwordBasedKdf.deriveKey(password, salt, (int) cost);

bramble-core/src/main/java/org/briarproject/bramble/crypto/Curve25519KeyParser.java

@@ -7,8 +7,6 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import java.security.GeneralSecurityException;
 
-import static java.lang.System.arraycopy;
-
 @NotNullByDefault
 class Curve25519KeyParser implements KeyParser {
 
@@ -28,7 +26,7 @@ class Curve25519KeyParser implements KeyParser {
 
 	static byte[] clamp(byte[] b) {
 		byte[] clamped = new byte[32];
-		arraycopy(b, 0, clamped, 0, 32);
+		System.arraycopy(b, 0, clamped, 0, 32);
 		clamped[0] &= 248;
 		clamped[31] &= 127;
 		clamped[31] |= 64;

bramble-core/src/main/java/org/briarproject/bramble/crypto/FrameEncoder.java

@@ -1,15 +1,13 @@
 package org.briarproject.bramble.crypto;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.util.ByteUtils;
 
 import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_HEADER_PLAINTEXT_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_NONCE_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
 import static org.briarproject.bramble.util.ByteUtils.INT_16_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
-import static org.briarproject.bramble.util.ByteUtils.readUint16;
-import static org.briarproject.bramble.util.ByteUtils.writeUint16;
-import static org.briarproject.bramble.util.ByteUtils.writeUint64;
 
 @NotNullByDefault
 class FrameEncoder {
@@ -18,7 +16,7 @@ class FrameEncoder {
 		if (dest.length < FRAME_NONCE_LENGTH)
 			throw new IllegalArgumentException();
 		if (frameNumber < 0) throw new IllegalArgumentException();
-		writeUint64(frameNumber, dest, 0);
+		ByteUtils.writeUint64(frameNumber, dest, 0);
 		if (header) dest[0] |= 0x80;
 		for (int i = INT_64_BYTES; i < FRAME_NONCE_LENGTH; i++) dest[i] = 0;
 	}
@@ -31,8 +29,8 @@ class FrameEncoder {
 		if (paddingLength < 0) throw new IllegalArgumentException();
 		if (payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
 			throw new IllegalArgumentException();
-		writeUint16(payloadLength, dest, 0);
-		writeUint16(paddingLength, dest, INT_16_BYTES);
+		ByteUtils.writeUint16(payloadLength, dest, 0);
+		ByteUtils.writeUint16(paddingLength, dest, INT_16_BYTES);
 		if (finalFrame) dest[0] |= 0x80;
 	}
 
@@ -45,12 +43,12 @@ class FrameEncoder {
 	static int getPayloadLength(byte[] header) {
 		if (header.length < FRAME_HEADER_PLAINTEXT_LENGTH)
 			throw new IllegalArgumentException();
-		return readUint16(header, 0) & 0x7FFF;
+		return ByteUtils.readUint16(header, 0) & 0x7FFF;
 	}
 
 	static int getPaddingLength(byte[] header) {
 		if (header.length < FRAME_HEADER_PLAINTEXT_LENGTH)
 			throw new IllegalArgumentException();
-		return readUint16(header, INT_16_BYTES);
+		return ByteUtils.readUint16(header, INT_16_BYTES);
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/crypto/KeyAgreementCryptoImpl.java

@@ -8,7 +8,6 @@ import org.briarproject.bramble.api.crypto.SecretKey;
 
 import javax.inject.Inject;
 
-import static java.lang.System.arraycopy;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.COMMIT_LENGTH;
 
 class KeyAgreementCryptoImpl implements KeyAgreementCrypto {
@@ -25,7 +24,7 @@ class KeyAgreementCryptoImpl implements KeyAgreementCrypto {
 		byte[] hash = crypto.hash(COMMIT_LABEL, publicKey.getEncoded());
 		// The output is the first COMMIT_LENGTH bytes of the hash
 		byte[] commitment = new byte[COMMIT_LENGTH];
-		arraycopy(hash, 0, commitment, 0, COMMIT_LENGTH);
+		System.arraycopy(hash, 0, commitment, 0, COMMIT_LENGTH);
 		return commitment;
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/crypto/MessageEncrypter.java

@@ -5,6 +5,7 @@ import org.briarproject.bramble.api.crypto.KeyParser;
 import org.briarproject.bramble.api.crypto.PrivateKey;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.util.StringUtils;
 import org.spongycastle.asn1.teletrust.TeleTrusTNamedCurves;
 import org.spongycastle.asn1.x9.X9ECParameters;
 import org.spongycastle.crypto.AsymmetricCipherKeyPair;
@@ -44,9 +45,6 @@ import java.util.Scanner;
 
 import javax.annotation.concurrent.Immutable;
 
-import static org.briarproject.bramble.util.StringUtils.fromHexString;
-import static org.briarproject.bramble.util.StringUtils.toHexString;
-
 @Immutable
 @NotNullByDefault
 public class MessageEncrypter {
@@ -159,7 +157,6 @@ public class MessageEncrypter {
 			printUsage();
 			System.exit(1);
 		}
-		//noinspection IfCanBeSwitch
 		if (args[0].equals("generate")) {
 			if (args.length != 3) {
 				printUsage();
@@ -213,11 +210,11 @@ public class MessageEncrypter {
 		MessageEncrypter encrypter = new MessageEncrypter(random);
 		KeyPair keyPair = encrypter.generateKeyPair();
 		PrintStream out = new PrintStream(new FileOutputStream(publicKeyFile));
-		out.print(toHexString(keyPair.getPublic().getEncoded()));
+		out.print(StringUtils.toHexString(keyPair.getPublic().getEncoded()));
 		out.flush();
 		out.close();
 		out = new PrintStream(new FileOutputStream(privateKeyFile));
-		out.print(toHexString(keyPair.getPrivate().getEncoded()));
+		out.print(StringUtils.toHexString(keyPair.getPrivate().getEncoded()));
 		out.flush();
 		out.close();
 	}
@@ -226,7 +223,7 @@ public class MessageEncrypter {
 		SecureRandom random = new SecureRandom();
 		MessageEncrypter encrypter = new MessageEncrypter(random);
 		InputStream in = new FileInputStream(publicKeyFile);
-		byte[] keyBytes = fromHexString(readFully(in).trim());
+		byte[] keyBytes = StringUtils.fromHexString(readFully(in).trim());
 		PublicKey publicKey =
 				encrypter.getKeyParser().parsePublicKey(keyBytes);
 		String message = readFully(System.in);
@@ -239,7 +236,7 @@ public class MessageEncrypter {
 		SecureRandom random = new SecureRandom();
 		MessageEncrypter encrypter = new MessageEncrypter(random);
 		InputStream in = new FileInputStream(privateKeyFile);
-		byte[] keyBytes = fromHexString(readFully(in).trim());
+		byte[] keyBytes = StringUtils.fromHexString(readFully(in).trim());
 		PrivateKey privateKey =
 				encrypter.getKeyParser().parsePrivateKey(keyBytes);
 		byte[] ciphertext = AsciiArmour.unwrap(readFully(System.in));

bramble-core/src/main/java/org/briarproject/bramble/crypto/ScryptKdf.java

@@ -2,6 +2,7 @@ package org.briarproject.bramble.crypto;
 
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.system.Clock;
+import org.briarproject.bramble.util.StringUtils;
 import org.spongycastle.crypto.generators.SCrypt;
 
 import java.util.logging.Logger;
@@ -9,14 +10,13 @@ import java.util.logging.Logger;
 import javax.inject.Inject;
 
 import static java.util.logging.Level.INFO;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.util.LogUtils.logDuration;
 import static org.briarproject.bramble.util.LogUtils.now;
-import static org.briarproject.bramble.util.StringUtils.toUtf8;
 
 class ScryptKdf implements PasswordBasedKdf {
 
-	private static final Logger LOG = getLogger(ScryptKdf.class.getName());
+	private static final Logger LOG =
+			Logger.getLogger(ScryptKdf.class.getName());
 
 	private static final int MIN_COST = 256; // Min parameter N
 	private static final int MAX_COST = 1024 * 1024; // Max parameter N
@@ -53,7 +53,7 @@ class ScryptKdf implements PasswordBasedKdf {
 	@Override
 	public SecretKey deriveKey(String password, byte[] salt, int cost) {
 		long start = now();
-		byte[] passwordBytes = toUtf8(password);
+		byte[] passwordBytes = StringUtils.toUtf8(password);
 		SecretKey k = new SecretKey(SCrypt.generate(passwordBytes, salt, cost,
 				BLOCK_SIZE, PARALLELIZATION, SecretKey.LENGTH));
 		logDuration(LOG, "Deriving key from password", start);

bramble-core/src/main/java/org/briarproject/bramble/crypto/Sec1KeyParser.java

@@ -16,8 +16,6 @@ import java.util.logging.Logger;
 
 import javax.annotation.concurrent.Immutable;
 
-import static java.lang.System.arraycopy;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.util.LogUtils.logDuration;
 import static org.briarproject.bramble.util.LogUtils.now;
 
@@ -30,7 +28,8 @@ import static org.briarproject.bramble.util.LogUtils.now;
 @NotNullByDefault
 class Sec1KeyParser implements KeyParser {
 
-	private static final Logger LOG = getLogger(Sec1KeyParser.class.getName());
+	private static final Logger LOG =
+			Logger.getLogger(Sec1KeyParser.class.getName());
 
 	private final ECDomainParameters params;
 	private final BigInteger modulus;
@@ -57,12 +56,12 @@ class Sec1KeyParser implements KeyParser {
 		if (encodedKey[0] != 4) throw new GeneralSecurityException();
 		// The x co-ordinate must be >= 0 and < p
 		byte[] xBytes = new byte[bytesPerInt];
-		arraycopy(encodedKey, 1, xBytes, 0, bytesPerInt);
+		System.arraycopy(encodedKey, 1, xBytes, 0, bytesPerInt);
 		BigInteger x = new BigInteger(1, xBytes); // Positive signum
 		if (x.compareTo(modulus) >= 0) throw new GeneralSecurityException();
 		// The y co-ordinate must be >= 0 and < p
 		byte[] yBytes = new byte[bytesPerInt];
-		arraycopy(encodedKey, 1 + bytesPerInt, yBytes, 0, bytesPerInt);
+		System.arraycopy(encodedKey, 1 + bytesPerInt, yBytes, 0, bytesPerInt);
 		BigInteger y = new BigInteger(1, yBytes); // Positive signum
 		if (y.compareTo(modulus) >= 0) throw new GeneralSecurityException();
 		// Verify that y^2 == x^3 + ax + b (mod p)

bramble-core/src/main/java/org/briarproject/bramble/crypto/Sec1Utils.java

@@ -2,8 +2,6 @@ package org.briarproject.bramble.crypto;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
-import static java.lang.System.arraycopy;
-
 @NotNullByDefault
 class Sec1Utils {
 
@@ -12,10 +10,10 @@ class Sec1Utils {
 		if (src.length < destLen) {
 			int padding = destLen - src.length;
 			for (int i = destOff; i < destOff + padding; i++) dest[i] = 0;
-			arraycopy(src, 0, dest, destOff + padding, src.length);
+			System.arraycopy(src, 0, dest, destOff + padding, src.length);
 		} else {
 			int srcOff = src.length - destLen;
-			arraycopy(src, srcOff, dest, destOff, destLen);
+			System.arraycopy(src, srcOff, dest, destOff, destLen);
 		}
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamDecrypterImpl.java

@@ -4,6 +4,7 @@ import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.crypto.StreamDecrypter;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.util.ByteUtils;
 
 import java.io.EOFException;
 import java.io.IOException;
@@ -13,7 +14,6 @@ import java.security.GeneralSecurityException;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.NotThreadSafe;
 
-import static java.lang.System.arraycopy;
 import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_HEADER_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_HEADER_PLAINTEXT_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_NONCE_LENGTH;
@@ -26,8 +26,6 @@ import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_H
 import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_PLAINTEXT_LENGTH;
 import static org.briarproject.bramble.util.ByteUtils.INT_16_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
-import static org.briarproject.bramble.util.ByteUtils.readUint16;
-import static org.briarproject.bramble.util.ByteUtils.readUint64;
 
 @NotThreadSafe
 @NotNullByDefault
@@ -132,7 +130,7 @@ class StreamDecrypterImpl implements StreamDecrypter {
 		}
 		// Extract the nonce
 		byte[] streamHeaderNonce = new byte[STREAM_HEADER_NONCE_LENGTH];
-		arraycopy(streamHeaderCiphertext, 0, streamHeaderNonce, 0,
+		System.arraycopy(streamHeaderCiphertext, 0, streamHeaderNonce, 0,
 				STREAM_HEADER_NONCE_LENGTH);
 		// Decrypt and authenticate the stream header
 		try {
@@ -147,16 +145,17 @@ class StreamDecrypterImpl implements StreamDecrypter {
 			throw new FormatException();
 		}
 		// Check the protocol version
-		int receivedProtocolVersion = readUint16(streamHeaderPlaintext, 0);
+		int receivedProtocolVersion =
+				ByteUtils.readUint16(streamHeaderPlaintext, 0);
 		if (receivedProtocolVersion != PROTOCOL_VERSION)
 			throw new FormatException();
 		// Check the stream number
-		long receivedStreamNumber = readUint64(streamHeaderPlaintext,
+		long receivedStreamNumber = ByteUtils.readUint64(streamHeaderPlaintext,
 				INT_16_BYTES);
 		if (receivedStreamNumber != streamNumber) throw new FormatException();
 		// Extract the frame key
 		byte[] frameKeyBytes = new byte[SecretKey.LENGTH];
-		arraycopy(streamHeaderPlaintext, INT_16_BYTES + INT_64_BYTES,
+		System.arraycopy(streamHeaderPlaintext, INT_16_BYTES + INT_64_BYTES,
 				frameKeyBytes, 0, SecretKey.LENGTH);
 		frameKey = new SecretKey(frameKeyBytes);
 	}

bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamEncrypterImpl.java

@@ -3,6 +3,7 @@ package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.crypto.StreamEncrypter;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.util.ByteUtils;
 
 import java.io.IOException;
 import java.io.OutputStream;
@@ -11,7 +12,6 @@ import java.security.GeneralSecurityException;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.NotThreadSafe;
 
-import static java.lang.System.arraycopy;
 import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_HEADER_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_HEADER_PLAINTEXT_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_NONCE_LENGTH;
@@ -24,8 +24,6 @@ import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_H
 import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_PLAINTEXT_LENGTH;
 import static org.briarproject.bramble.util.ByteUtils.INT_16_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
-import static org.briarproject.bramble.util.ByteUtils.writeUint16;
-import static org.briarproject.bramble.util.ByteUtils.writeUint64;
 
 @NotThreadSafe
 @NotNullByDefault
@@ -90,7 +88,7 @@ class StreamEncrypterImpl implements StreamEncrypter {
 			throw new RuntimeException(badCipher);
 		}
 		// Combine the payload and padding
-		arraycopy(payload, 0, framePlaintext, 0, payloadLength);
+		System.arraycopy(payload, 0, framePlaintext, 0, payloadLength);
 		for (int i = 0; i < paddingLength; i++)
 			framePlaintext[payloadLength + i] = 0;
 		// Encrypt and authenticate the payload and padding
@@ -120,12 +118,13 @@ class StreamEncrypterImpl implements StreamEncrypter {
 	private void writeStreamHeader() throws IOException {
 		// The header contains the protocol version, stream number and frame key
 		byte[] streamHeaderPlaintext = new byte[STREAM_HEADER_PLAINTEXT_LENGTH];
-		writeUint16(PROTOCOL_VERSION, streamHeaderPlaintext, 0);
-		writeUint64(streamNumber, streamHeaderPlaintext, INT_16_BYTES);
-		arraycopy(frameKey.getBytes(), 0, streamHeaderPlaintext,
+		ByteUtils.writeUint16(PROTOCOL_VERSION, streamHeaderPlaintext, 0);
+		ByteUtils.writeUint64(streamNumber, streamHeaderPlaintext,
+				INT_16_BYTES);
+		System.arraycopy(frameKey.getBytes(), 0, streamHeaderPlaintext,
 				INT_16_BYTES + INT_64_BYTES, SecretKey.LENGTH);
 		byte[] streamHeaderCiphertext = new byte[STREAM_HEADER_LENGTH];
-		arraycopy(streamHeaderNonce, 0, streamHeaderCiphertext, 0,
+		System.arraycopy(streamHeaderNonce, 0, streamHeaderCiphertext, 0,
 				STREAM_HEADER_NONCE_LENGTH);
 		// Encrypt and authenticate the stream header key
 		try {

bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java

@@ -4,6 +4,7 @@ import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.transport.HandshakeKeys;
 import org.briarproject.bramble.api.transport.IncomingKeys;
 import org.briarproject.bramble.api.transport.OutgoingKeys;
 import org.briarproject.bramble.api.transport.TransportKeys;
@@ -13,8 +14,12 @@ import org.spongycastle.crypto.digests.Blake2bDigest;
 import javax.inject.Inject;
 
 import static java.lang.System.arraycopy;
+import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_HANDSHAKE_HEADER_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_HANDSHAKE_TAG_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_HEADER_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_TAG_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.BOB_HANDSHAKE_HEADER_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.BOB_HANDSHAKE_TAG_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.BOB_HEADER_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.BOB_TAG_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.ROTATE_LABEL;
@@ -38,45 +43,44 @@ class TransportCryptoImpl implements TransportCrypto {
 
 	@Override
 	public TransportKeys deriveTransportKeys(TransportId t,
-			SecretKey master, long rotationPeriod, boolean alice,
+			SecretKey rootKey, long timePeriod, boolean weAreAlice,
 			boolean active) {
-		// Keys for the previous period are derived from the master secret
-		SecretKey inTagPrev = deriveTagKey(master, t, !alice);
-		SecretKey inHeaderPrev = deriveHeaderKey(master, t, !alice);
-		SecretKey outTagPrev = deriveTagKey(master, t, alice);
-		SecretKey outHeaderPrev = deriveHeaderKey(master, t, alice);
+		// Keys for the previous period are derived from the root key
+		SecretKey inTagPrev = deriveTagKey(rootKey, t, !weAreAlice);
+		SecretKey inHeaderPrev = deriveHeaderKey(rootKey, t, !weAreAlice);
+		SecretKey outTagPrev = deriveTagKey(rootKey, t, weAreAlice);
+		SecretKey outHeaderPrev = deriveHeaderKey(rootKey, t, weAreAlice);
 		// Derive the keys for the current and next periods
-		SecretKey inTagCurr = rotateKey(inTagPrev, rotationPeriod);
-		SecretKey inHeaderCurr = rotateKey(inHeaderPrev, rotationPeriod);
-		SecretKey inTagNext = rotateKey(inTagCurr, rotationPeriod + 1);
-		SecretKey inHeaderNext = rotateKey(inHeaderCurr, rotationPeriod + 1);
-		SecretKey outTagCurr = rotateKey(outTagPrev, rotationPeriod);
-		SecretKey outHeaderCurr = rotateKey(outHeaderPrev, rotationPeriod);
+		SecretKey inTagCurr = rotateKey(inTagPrev, timePeriod);
+		SecretKey inHeaderCurr = rotateKey(inHeaderPrev, timePeriod);
+		SecretKey inTagNext = rotateKey(inTagCurr, timePeriod + 1);
+		SecretKey inHeaderNext = rotateKey(inHeaderCurr, timePeriod + 1);
+		SecretKey outTagCurr = rotateKey(outTagPrev, timePeriod);
+		SecretKey outHeaderCurr = rotateKey(outHeaderPrev, timePeriod);
 		// Initialise the reordering windows and stream counters
 		IncomingKeys inPrev = new IncomingKeys(inTagPrev, inHeaderPrev,
-				rotationPeriod - 1);
+				timePeriod - 1);
 		IncomingKeys inCurr = new IncomingKeys(inTagCurr, inHeaderCurr,
-				rotationPeriod);
+				timePeriod);
 		IncomingKeys inNext = new IncomingKeys(inTagNext, inHeaderNext,
-				rotationPeriod + 1);
+				timePeriod + 1);
 		OutgoingKeys outCurr = new OutgoingKeys(outTagCurr, outHeaderCurr,
-				rotationPeriod, active);
+				timePeriod, active);
 		// Collect and return the keys
 		return new TransportKeys(t, inPrev, inCurr, inNext, outCurr);
 	}
 
 	@Override
-	public TransportKeys rotateTransportKeys(TransportKeys k,
-			long rotationPeriod) {
-		if (k.getRotationPeriod() >= rotationPeriod) return k;
+	public TransportKeys rotateTransportKeys(TransportKeys k, long timePeriod) {
+		if (k.getTimePeriod() >= timePeriod) return k;
 		IncomingKeys inPrev = k.getPreviousIncomingKeys();
 		IncomingKeys inCurr = k.getCurrentIncomingKeys();
 		IncomingKeys inNext = k.getNextIncomingKeys();
 		OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
-		long startPeriod = outCurr.getRotationPeriod();
+		long startPeriod = outCurr.getTimePeriod();
 		boolean active = outCurr.isActive();
 		// Rotate the keys
-		for (long p = startPeriod + 1; p <= rotationPeriod; p++) {
+		for (long p = startPeriod + 1; p <= timePeriod; p++) {
 			inPrev = inCurr;
 			inCurr = inNext;
 			SecretKey inNextTag = rotateKey(inNext.getTagKey(), p + 1);
@@ -91,24 +95,117 @@ class TransportCryptoImpl implements TransportCrypto {
 				outCurr);
 	}
 
-	private SecretKey rotateKey(SecretKey k, long rotationPeriod) {
+	private SecretKey rotateKey(SecretKey k, long timePeriod) {
 		byte[] period = new byte[INT_64_BYTES];
-		writeUint64(rotationPeriod, period, 0);
+		writeUint64(timePeriod, period, 0);
 		return crypto.deriveKey(ROTATE_LABEL, k, period);
 	}
 
-	private SecretKey deriveTagKey(SecretKey master, TransportId t,
-			boolean alice) {
-		String label = alice ? ALICE_TAG_LABEL : BOB_TAG_LABEL;
+	private SecretKey deriveTagKey(SecretKey rootKey, TransportId t,
+			boolean keyBelongsToAlice) {
+		String label = keyBelongsToAlice ? ALICE_TAG_LABEL : BOB_TAG_LABEL;
 		byte[] id = toUtf8(t.getString());
-		return crypto.deriveKey(label, master, id);
+		return crypto.deriveKey(label, rootKey, id);
 	}
 
-	private SecretKey deriveHeaderKey(SecretKey master, TransportId t,
-			boolean alice) {
-		String label = alice ? ALICE_HEADER_LABEL : BOB_HEADER_LABEL;
+	private SecretKey deriveHeaderKey(SecretKey rootKey, TransportId t,
+			boolean keyBelongsToAlice) {
+		String label = keyBelongsToAlice ? ALICE_HEADER_LABEL :
+				BOB_HEADER_LABEL;
 		byte[] id = toUtf8(t.getString());
-		return crypto.deriveKey(label, master, id);
+		return crypto.deriveKey(label, rootKey, id);
+	}
+
+	@Override
+	public HandshakeKeys deriveHandshakeKeys(TransportId t, SecretKey rootKey,
+			long timePeriod, boolean weAreAlice) {
+		if (timePeriod < 1) throw new IllegalArgumentException();
+		IncomingKeys inPrev = deriveIncomingHandshakeKeys(t, rootKey,
+				weAreAlice, timePeriod - 1);
+		IncomingKeys inCurr = deriveIncomingHandshakeKeys(t, rootKey,
+				weAreAlice, timePeriod);
+		IncomingKeys inNext = deriveIncomingHandshakeKeys(t, rootKey,
+				weAreAlice, timePeriod + 1);
+		OutgoingKeys outCurr = deriveOutgoingHandshakeKeys(t, rootKey,
+				weAreAlice, timePeriod);
+		return new HandshakeKeys(t, inPrev, inCurr, inNext, outCurr, rootKey,
+				weAreAlice);
+	}
+
+	private IncomingKeys deriveIncomingHandshakeKeys(TransportId t,
+			SecretKey rootKey, boolean weAreAlice, long timePeriod) {
+		SecretKey tag = deriveHandshakeTagKey(t, rootKey, !weAreAlice,
+				timePeriod);
+		SecretKey header = deriveHandshakeHeaderKey(t, rootKey, !weAreAlice,
+				timePeriod);
+		return new IncomingKeys(tag, header, timePeriod);
+	}
+
+	private OutgoingKeys deriveOutgoingHandshakeKeys(TransportId t,
+			SecretKey rootKey, boolean weAreAlice, long timePeriod) {
+		SecretKey tag = deriveHandshakeTagKey(t, rootKey, weAreAlice,
+				timePeriod);
+		SecretKey header = deriveHandshakeHeaderKey(t, rootKey, weAreAlice,
+				timePeriod);
+		return new OutgoingKeys(tag, header, timePeriod, true);
+	}
+
+	private SecretKey deriveHandshakeTagKey(TransportId t, SecretKey rootKey,
+			boolean keyBelongsToAlice, long timePeriod) {
+		String label = keyBelongsToAlice ? ALICE_HANDSHAKE_TAG_LABEL :
+				BOB_HANDSHAKE_TAG_LABEL;
+		byte[] id = toUtf8(t.getString());
+		byte[] period = new byte[INT_64_BYTES];
+		writeUint64(timePeriod, period, 0);
+		return crypto.deriveKey(label, rootKey, id, period);
+	}
+
+	private SecretKey deriveHandshakeHeaderKey(TransportId t, SecretKey rootKey,
+			boolean keyBelongsToAlice, long timePeriod) {
+		String label = keyBelongsToAlice ? ALICE_HANDSHAKE_HEADER_LABEL :
+				BOB_HANDSHAKE_HEADER_LABEL;
+		byte[] id = toUtf8(t.getString());
+		byte[] period = new byte[INT_64_BYTES];
+		writeUint64(timePeriod, period, 0);
+		return crypto.deriveKey(label, rootKey, id, period);
+	}
+
+	@Override
+	public HandshakeKeys updateHandshakeKeys(HandshakeKeys k, long timePeriod) {
+		long elapsed = timePeriod - k.getTimePeriod();
+		TransportId t = k.getTransportId();
+		SecretKey rootKey = k.getRootKey();
+		boolean weAreAlice = k.isAlice();
+		if (elapsed <= 0) {
+			// The keys are for the given period or later - don't update them
+			return k;
+		} else if (elapsed == 1) {
+			// The keys are one period old - shift by one period, keeping the
+			// reordering windows for keys we retain
+			IncomingKeys inPrev = k.getCurrentIncomingKeys();
+			IncomingKeys inCurr = k.getNextIncomingKeys();
+			IncomingKeys inNext = deriveIncomingHandshakeKeys(t, rootKey,
+					weAreAlice, timePeriod + 1);
+			OutgoingKeys outCurr = deriveOutgoingHandshakeKeys(t, rootKey,
+					weAreAlice, timePeriod);
+			return new HandshakeKeys(t, inPrev, inCurr, inNext, outCurr,
+					rootKey, weAreAlice);
+		} else if (elapsed == 2) {
+			// The keys are two periods old - shift by two periods, keeping
+			// the reordering windows for keys we retain
+			IncomingKeys inPrev = k.getNextIncomingKeys();
+			IncomingKeys inCurr = deriveIncomingHandshakeKeys(t, rootKey,
+					weAreAlice, timePeriod);
+			IncomingKeys inNext = deriveIncomingHandshakeKeys(t, rootKey,
+					weAreAlice, timePeriod + 1);
+			OutgoingKeys outCurr = deriveOutgoingHandshakeKeys(t, rootKey,
+					weAreAlice, timePeriod);
+			return new HandshakeKeys(t, inPrev, inCurr, inNext, outCurr,
+					rootKey, weAreAlice);
+		} else {
+			// The keys are more than two periods old - derive fresh keys
+			return deriveHandshakeKeys(t, rootKey, timePeriod, weAreAlice);
+		}
 	}
 
 	@Override

bramble-core/src/main/java/org/briarproject/bramble/db/Database.java

@@ -2,9 +2,13 @@ package org.briarproject.bramble.db;
 
 import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContact;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.contact.PendingContactState;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DataTooNewException;
 import org.briarproject.bramble.api.db.DataTooOldException;
+import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.MessageDeletedException;
 import org.briarproject.bramble.api.db.Metadata;
@@ -23,8 +27,11 @@ import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.api.sync.MessageStatus;
 import org.briarproject.bramble.api.sync.validation.MessageState;
-import org.briarproject.bramble.api.transport.KeySet;
-import org.briarproject.bramble.api.transport.KeySetId;
+import org.briarproject.bramble.api.transport.HandshakeKeySet;
+import org.briarproject.bramble.api.transport.HandshakeKeySetId;
+import org.briarproject.bramble.api.transport.HandshakeKeys;
+import org.briarproject.bramble.api.transport.TransportKeySet;
+import org.briarproject.bramble.api.transport.TransportKeySetId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
 import java.util.Collection;
@@ -33,11 +40,14 @@ import java.util.Map;
 import javax.annotation.Nullable;
 
 /**
- * A low-level interface to the database (DatabaseComponent provides a
- * high-level interface). Most operations take a transaction argument, which is
- * obtained by calling {@link #startTransaction()}. Every transaction must be
- * terminated by calling either {@link #abortTransaction(Object) abortTransaction(T)} or
- * {@link #commitTransaction(Object) commitTransaction(T)}, even if an exception is thrown.
+ * A low-level interface to the database ({@link DatabaseComponent} provides a
+ * high-level interface).
+ * <p/>
+ * Most operations take a transaction argument, which is obtained by calling
+ * {@link #startTransaction()}. Every transaction must be terminated by calling
+ * either {@link #abortTransaction(Object) abortTransaction(T)} or
+ * {@link #commitTransaction(Object) commitTransaction(T)}, even if an
+ * exception is thrown.
  */
 @NotNullByDefault
 interface Database<T> {
@@ -77,11 +87,10 @@ interface Database<T> {
 	void commitTransaction(T txn) throws DbException;
 
 	/**
-	 * Stores a contact associated with the given local and remote pseudonyms,
-	 * and returns an ID for the contact.
+	 * Stores a contact with the given pseudonym and returns an ID for the
+	 * contact.
 	 */
-	ContactId addContact(T txn, Author remote, AuthorId local, boolean verified,
-			boolean active) throws DbException;
+	ContactId addContact(T txn, Author a, boolean verified) throws DbException;
 
 	/**
 	 * Stores a group.
@@ -95,6 +104,20 @@ interface Database<T> {
 	void addGroupVisibility(T txn, ContactId c, GroupId g, boolean shared)
 			throws DbException;
 
+	/**
+	 * Stores the given handshake keys for the given contact and returns a
+	 * key set ID.
+	 */
+	HandshakeKeySetId addHandshakeKeys(T txn, ContactId c, HandshakeKeys k)
+			throws DbException;
+
+	/**
+	 * Stores the given handshake keys for the given pending contact and
+	 * returns a key set ID.
+	 */
+	HandshakeKeySetId addHandshakeKeys(T txn, PendingContactId p,
+			HandshakeKeys k) throws DbException;
+
 	/**
 	 * Stores a local pseudonym.
 	 */
@@ -121,6 +144,11 @@ interface Database<T> {
 	 */
 	void addOfferedMessage(T txn, ContactId c, MessageId m) throws DbException;
 
+	/**
+	 * Stores a pending contact.
+	 */
+	void addPendingContact(T txn, PendingContact p) throws DbException;
+
 	/**
 	 * Stores a transport.
 	 */
@@ -131,17 +159,15 @@ interface Database<T> {
 	 * Stores the given transport keys for the given contact and returns a
 	 * key set ID.
 	 */
-	KeySetId addTransportKeys(T txn, ContactId c, TransportKeys k)
+	TransportKeySetId addTransportKeys(T txn, ContactId c, TransportKeys k)
 			throws DbException;
 
 	/**
-	 * Returns true if the database contains the given contact for the given
-	 * local pseudonym.
+	 * Returns true if the database contains the given contact.
 	 * <p/>
 	 * Read-only.
 	 */
-	boolean containsContact(T txn, AuthorId remote, AuthorId local)
-			throws DbException;
+	boolean containsContact(T txn, AuthorId a) throws DbException;
 
 	/**
 	 * Returns true if the database contains the given contact.
@@ -171,6 +197,14 @@ interface Database<T> {
 	 */
 	boolean containsMessage(T txn, MessageId m) throws DbException;
 
+	/**
+	 * Returns true if the database contains the given pending contact.
+	 * <p/>
+	 * Read-only.
+	 */
+	boolean containsPendingContact(T txn, PendingContactId p)
+			throws DbException;
+
 	/**
 	 * Returns true if the database contains the given transport.
 	 * <p/>
@@ -215,6 +249,13 @@ interface Database<T> {
 	 */
 	Contact getContact(T txn, ContactId c) throws DbException;
 
+	/**
+	 * Returns the contact with the given author ID.
+	 * <p/>
+	 * Read-only.
+	 */
+	Contact getContact(T txn, AuthorId a) throws DbException;
+
 	/**
 	 * Returns all contacts.
 	 * <p/>
@@ -222,28 +263,6 @@ interface Database<T> {
 	 */
 	Collection<Contact> getContacts(T txn) throws DbException;
 
-	/**
-	 * Returns a possibly empty collection of contacts with the given author ID.
-	 * <p/>
-	 * Read-only.
-	 */
-	Collection<Contact> getContactsByAuthorId(T txn, AuthorId remote)
-			throws DbException;
-
-	/**
-	 * Returns all contacts associated with the given local pseudonym.
-	 * <p/>
-	 * Read-only.
-	 */
-	Collection<ContactId> getContacts(T txn, AuthorId a) throws DbException;
-
-	/**
-	 * Returns the amount of free storage space available to the database, in
-	 * bytes. This is based on the minimum of the space available on the device
-	 * where the database is stored and the database's configured size.
-	 */
-	long getFreeSpace();
-
 	/**
 	 * Returns the group with the given ID.
 	 * <p/>
@@ -284,6 +303,14 @@ interface Database<T> {
 	Map<ContactId, Boolean> getGroupVisibility(T txn, GroupId g)
 			throws DbException;
 
+	/**
+	 * Returns all handshake keys for the given transport.
+	 * <p/>
+	 * Read-only.
+	 */
+	Collection<HandshakeKeySet> getHandshakeKeys(T txn, TransportId t)
+			throws DbException;
+
 	/**
 	 * Returns the local pseudonym with the given ID.
 	 * <p/>
@@ -474,6 +501,13 @@ interface Database<T> {
 	 */
 	long getNextSendTime(T txn, ContactId c) throws DbException;
 
+	/**
+	 * Returns all pending contacts.
+	 * <p/>
+	 * Read-only.
+	 */
+	Collection<PendingContact> getPendingContacts(T txn) throws DbException;
+
 	/**
 	 * Returns the IDs of some messages that are eligible to be sent to the
 	 * given contact and have been requested by the contact, up to the given
@@ -496,13 +530,19 @@ interface Database<T> {
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<KeySet> getTransportKeys(T txn, TransportId t)
+	Collection<TransportKeySet> getTransportKeys(T txn, TransportId t)
+			throws DbException;
+
+	/**
+	 * Increments the outgoing stream counter for the given handshake keys.
+	 */
+	void incrementStreamCounter(T txn, TransportId t, HandshakeKeySetId k)
 			throws DbException;
 
 	/**
 	 * Increments the outgoing stream counter for the given transport keys.
 	 */
-	void incrementStreamCounter(T txn, TransportId t, KeySetId k)
+	void incrementStreamCounter(T txn, TransportId t, TransportKeySetId k)
 			throws DbException;
 
 	/**
@@ -571,6 +611,12 @@ interface Database<T> {
 	void removeGroupVisibility(T txn, ContactId c, GroupId g)
 			throws DbException;
 
+	/**
+	 * Removes the given handshake keys from the database.
+	 */
+	void removeHandshakeKeys(T txn, TransportId t, HandshakeKeySetId k)
+			throws DbException;
+
 	/**
 	 * Removes a local pseudonym (and all associated state) from the database.
 	 */
@@ -588,6 +634,11 @@ interface Database<T> {
 	void removeOfferedMessages(T txn, ContactId c,
 			Collection<MessageId> requested) throws DbException;
 
+	/**
+	 * Removes a pending contact (and all associated state) from the database.
+	 */
+	void removePendingContact(T txn, PendingContactId p) throws DbException;
+
 	/**
 	 * Removes a transport (and all associated state) from the database.
 	 */
@@ -596,7 +647,7 @@ interface Database<T> {
 	/**
 	 * Removes the given transport keys from the database.
 	 */
-	void removeTransportKeys(T txn, TransportId t, KeySetId k)
+	void removeTransportKeys(T txn, TransportId t, TransportKeySetId k)
 			throws DbException;
 
 	/**
@@ -610,12 +661,6 @@ interface Database<T> {
 	 */
 	void setContactVerified(T txn, ContactId c) throws DbException;
 
-	/**
-	 * Marks the given contact as active or inactive.
-	 */
-	void setContactActive(T txn, ContactId c, boolean active)
-			throws DbException;
-
 	/**
 	 * Sets an alias name for a contact.
 	 */
@@ -641,16 +686,29 @@ interface Database<T> {
 			throws DbException;
 
 	/**
-	 * Sets the reordering window for the given key set and transport in the
-	 * given rotation period.
+	 * Sets the state of the given pending contact.
 	 */
-	void setReorderingWindow(T txn, KeySetId k, TransportId t,
-			long rotationPeriod, long base, byte[] bitmap) throws DbException;
+	void setPendingContactState(T txn, PendingContactId p,
+			PendingContactState state) throws DbException;
+
+	/**
+	 * Sets the reordering window for the given transport key set in the given
+	 * time period.
+	 */
+	void setReorderingWindow(T txn, TransportKeySetId k, TransportId t,
+			long timePeriod, long base, byte[] bitmap) throws DbException;
+
+	/**
+	 * Sets the reordering window for the given handshake key set in the given
+	 * time period.
+	 */
+	void setReorderingWindow(T txn, HandshakeKeySetId k, TransportId t,
+			long timePeriod, long base, byte[] bitmap) throws DbException;
 
 	/**
 	 * Marks the given transport keys as usable for outgoing streams.
 	 */
-	void setTransportKeysActive(T txn, TransportId t, KeySetId k)
+	void setTransportKeysActive(T txn, TransportId t, TransportKeySetId k)
 			throws DbException;
 
 	/**
@@ -661,8 +719,13 @@ interface Database<T> {
 	void updateExpiryTimeAndEta(T txn, ContactId c, MessageId m, int maxLatency)
 			throws DbException;
 
+	/**
+	 * Updates the given handshake keys.
+	 */
+	void updateHandshakeKeys(T txn, HandshakeKeySet ks) throws DbException;
+
 	/**
 	 * Updates the given transport keys following key rotation.
 	 */
-	void updateTransportKeys(T txn, KeySet ks) throws DbException;
+	void updateTransportKeys(T txn, TransportKeySet ks) throws DbException;
 }

bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseComponentImpl.java

@@ -2,27 +2,34 @@ package org.briarproject.bramble.db;
 
 import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContact;
+import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.contact.event.ContactAddedEvent;
 import org.briarproject.bramble.api.contact.event.ContactRemovedEvent;
-import org.briarproject.bramble.api.contact.event.ContactStatusChangedEvent;
 import org.briarproject.bramble.api.contact.event.ContactVerifiedEvent;
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.db.CommitAction;
+import org.briarproject.bramble.api.db.CommitAction.Visitor;
 import org.briarproject.bramble.api.db.ContactExistsException;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbCallable;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.DbRunnable;
+import org.briarproject.bramble.api.db.EventAction;
 import org.briarproject.bramble.api.db.Metadata;
 import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.db.NoSuchContactException;
 import org.briarproject.bramble.api.db.NoSuchGroupException;
 import org.briarproject.bramble.api.db.NoSuchLocalAuthorException;
 import org.briarproject.bramble.api.db.NoSuchMessageException;
+import org.briarproject.bramble.api.db.NoSuchPendingContactException;
 import org.briarproject.bramble.api.db.NoSuchTransportException;
 import org.briarproject.bramble.api.db.NullableDbCallable;
+import org.briarproject.bramble.api.db.PendingContactExistsException;
+import org.briarproject.bramble.api.db.TaskAction;
 import org.briarproject.bramble.api.db.Transaction;
-import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.event.EventExecutor;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.identity.LocalAuthor;
@@ -55,14 +62,19 @@ import org.briarproject.bramble.api.sync.event.MessageToRequestEvent;
 import org.briarproject.bramble.api.sync.event.MessagesAckedEvent;
 import org.briarproject.bramble.api.sync.event.MessagesSentEvent;
 import org.briarproject.bramble.api.sync.validation.MessageState;
-import org.briarproject.bramble.api.transport.KeySet;
-import org.briarproject.bramble.api.transport.KeySetId;
+import org.briarproject.bramble.api.transport.HandshakeKeySet;
+import org.briarproject.bramble.api.transport.HandshakeKeySetId;
+import org.briarproject.bramble.api.transport.HandshakeKeys;
+import org.briarproject.bramble.api.transport.TransportKeySet;
+import org.briarproject.bramble.api.transport.TransportKeySetId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.Executor;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 import java.util.logging.Logger;
@@ -71,9 +83,7 @@ import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
 import javax.inject.Inject;
 
-import static java.util.Collections.singletonList;
 import static java.util.logging.Level.WARNING;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.api.sync.Group.Visibility.INVISIBLE;
 import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
 import static org.briarproject.bramble.api.sync.validation.MessageState.DELIVERED;
@@ -88,30 +98,34 @@ import static org.briarproject.bramble.util.LogUtils.now;
 class DatabaseComponentImpl<T> implements DatabaseComponent {
 
 	private static final Logger LOG =
-			getLogger(DatabaseComponentImpl.class.getName());
+			Logger.getLogger(DatabaseComponentImpl.class.getName());
 
 	private final Database<T> db;
 	private final Class<T> txnClass;
 	private final EventBus eventBus;
-	private final ShutdownManager shutdown;
+	private final Executor eventExecutor;
+	private final ShutdownManager shutdownManager;
 	private final AtomicBoolean closed = new AtomicBoolean(false);
 	private final ReentrantReadWriteLock lock =
 			new ReentrantReadWriteLock(true);
+	private final Visitor visitor = new CommitActionVisitor();
 
 	@Inject
 	DatabaseComponentImpl(Database<T> db, Class<T> txnClass, EventBus eventBus,
-			ShutdownManager shutdown) {
+			@EventExecutor Executor eventExecutor,
+			ShutdownManager shutdownManager) {
 		this.db = db;
 		this.txnClass = txnClass;
 		this.eventBus = eventBus;
-		this.shutdown = shutdown;
+		this.eventExecutor = eventExecutor;
+		this.shutdownManager = shutdownManager;
 	}
 
 	@Override
 	public boolean open(SecretKey key, @Nullable MigrationListener listener)
 			throws DbException {
 		boolean reopened = db.open(key, listener);
-		shutdown.addShutdownHook(() -> {
+		shutdownManager.addShutdownHook(() -> {
 			try {
 				close();
 			} catch (DbException e) {
@@ -161,13 +175,16 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	public void endTransaction(Transaction transaction) {
 		try {
 			T txn = txnClass.cast(transaction.unbox());
-			if (!transaction.isCommitted()) db.abortTransaction(txn);
+			if (transaction.isCommitted()) {
+				for (CommitAction a : transaction.getActions())
+					a.accept(visitor);
+			} else {
+				db.abortTransaction(txn);
+			}
 		} finally {
 			if (transaction.isReadOnly()) lock.readLock().unlock();
 			else lock.writeLock().unlock();
 		}
-		if (transaction.isCommitted())
-			for (Event e : transaction.getEvents()) eventBus.broadcast(e);
 	}
 
 	@Override
@@ -215,20 +232,16 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public ContactId addContact(Transaction transaction, Author remote,
-			AuthorId local, boolean verified, boolean active)
-			throws DbException {
+	public ContactId addContact(Transaction transaction, Author a,
+			boolean verified) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
-		if (!db.containsLocalAuthor(txn, local))
-			throw new NoSuchLocalAuthorException();
-		if (db.containsLocalAuthor(txn, remote.getId()))
+		if (db.containsLocalAuthor(txn, a.getId()))
 			throw new ContactExistsException();
-		if (db.containsContact(txn, remote.getId(), local))
+		if (db.containsContact(txn, a.getId()))
 			throw new ContactExistsException();
-		ContactId c = db.addContact(txn, remote, local, verified, active);
-		transaction.attach(new ContactAddedEvent(c, active));
-		if (active) transaction.attach(new ContactStatusChangedEvent(c, true));
+		ContactId c = db.addContact(txn, a, verified);
+		transaction.attach(new ContactAddedEvent(c));
 		return c;
 	}
 
@@ -242,6 +255,30 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		}
 	}
 
+	@Override
+	public HandshakeKeySetId addHandshakeKeys(Transaction transaction,
+			ContactId c, HandshakeKeys k) throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		if (!db.containsContact(txn, c))
+			throw new NoSuchContactException();
+		if (!db.containsTransport(txn, k.getTransportId()))
+			throw new NoSuchTransportException();
+		return db.addHandshakeKeys(txn, c, k);
+	}
+
+	@Override
+	public HandshakeKeySetId addHandshakeKeys(Transaction transaction,
+			PendingContactId p, HandshakeKeys k) throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		if (!db.containsPendingContact(txn, p))
+			throw new NoSuchPendingContactException();
+		if (!db.containsTransport(txn, k.getTransportId()))
+			throw new NoSuchTransportException();
+		return db.addHandshakeKeys(txn, p, k);
+	}
+
 	@Override
 	public void addLocalAuthor(Transaction transaction, LocalAuthor a)
 			throws DbException {
@@ -270,6 +307,16 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		db.mergeMessageMetadata(txn, m.getId(), meta);
 	}
 
+	@Override
+	public void addPendingContact(Transaction transaction, PendingContact p)
+			throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		if (db.containsPendingContact(txn, p.getId()))
+			throw new PendingContactExistsException();
+		db.addPendingContact(txn, p);
+	}
+
 	@Override
 	public void addTransport(Transaction transaction, TransportId t,
 			int maxLatency) throws DbException {
@@ -280,8 +327,8 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public KeySetId addTransportKeys(Transaction transaction, ContactId c,
-			TransportKeys k) throws DbException {
+	public TransportKeySetId addTransportKeys(Transaction transaction,
+			ContactId c, TransportKeys k) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
 		if (!db.containsContact(txn, c))
@@ -292,12 +339,10 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public boolean containsContact(Transaction transaction, AuthorId remote,
-			AuthorId local) throws DbException {
+	public boolean containsContact(Transaction transaction, AuthorId a)
+			throws DbException {
 		T txn = unbox(transaction);
-		if (!db.containsLocalAuthor(txn, local))
-			throw new NoSuchLocalAuthorException();
-		return db.containsContact(txn, remote, local);
+		return db.containsContact(txn, a);
 	}
 
 	@Override
@@ -314,6 +359,13 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		return db.containsLocalAuthor(txn, local);
 	}
 
+	@Override
+	public boolean containsPendingContact(Transaction transaction,
+			PendingContactId p) throws DbException {
+		T txn = unbox(transaction);
+		return db.containsPendingContact(txn, p);
+	}
+
 	@Override
 	public void deleteMessage(Transaction transaction, MessageId m)
 			throws DbException {
@@ -430,6 +482,15 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		return db.getContact(txn, c);
 	}
 
+	@Override
+	public Contact getContact(Transaction transaction, AuthorId a)
+			throws DbException {
+		T txn = unbox(transaction);
+		if (!db.containsContact(txn, a))
+			throw new NoSuchContactException();
+		return db.getContact(txn, a);
+	}
+
 	@Override
 	public Collection<Contact> getContacts(Transaction transaction)
 			throws DbException {
@@ -437,22 +498,6 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		return db.getContacts(txn);
 	}
 
-	@Override
-	public Collection<Contact> getContactsByAuthorId(Transaction transaction,
-			AuthorId remote) throws DbException {
-		T txn = unbox(transaction);
-		return db.getContactsByAuthorId(txn, remote);
-	}
-
-	@Override
-	public Collection<ContactId> getContacts(Transaction transaction,
-			AuthorId a) throws DbException {
-		T txn = unbox(transaction);
-		if (!db.containsLocalAuthor(txn, a))
-			throw new NoSuchLocalAuthorException();
-		return db.getContacts(txn, a);
-	}
-
 	@Override
 	public Group getGroup(Transaction transaction, GroupId g)
 			throws DbException {
@@ -487,6 +532,15 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		return db.getGroupVisibility(txn, c, g);
 	}
 
+	@Override
+	public Collection<HandshakeKeySet> getHandshakeKeys(Transaction transaction,
+			TransportId t) throws DbException {
+		T txn = unbox(transaction);
+		if (!db.containsTransport(txn, t))
+			throw new NoSuchTransportException();
+		return db.getHandshakeKeys(txn, t);
+	}
+
 	@Override
 	public LocalAuthor getLocalAuthor(Transaction transaction, AuthorId a)
 			throws DbException {
@@ -644,6 +698,13 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		return db.getNextSendTime(txn, c);
 	}
 
+	@Override
+	public Collection<PendingContact> getPendingContacts(
+			Transaction transaction) throws DbException {
+		T txn = unbox(transaction);
+		return db.getPendingContacts(txn);
+	}
+
 	@Override
 	public Settings getSettings(Transaction transaction, String namespace)
 			throws DbException {
@@ -652,7 +713,7 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public Collection<KeySet> getTransportKeys(Transaction transaction,
+	public Collection<TransportKeySet> getTransportKeys(Transaction transaction,
 			TransportId t) throws DbException {
 		T txn = unbox(transaction);
 		if (!db.containsTransport(txn, t))
@@ -662,7 +723,17 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 
 	@Override
 	public void incrementStreamCounter(Transaction transaction, TransportId t,
-			KeySetId k) throws DbException {
+			HandshakeKeySetId k) throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		if (!db.containsTransport(txn, t))
+			throw new NoSuchTransportException();
+		db.incrementStreamCounter(txn, t, k);
+	}
+
+	@Override
+	public void incrementStreamCounter(Transaction transaction, TransportId t,
+			TransportKeySetId k) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
 		if (!db.containsTransport(txn, t))
@@ -811,6 +882,16 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		transaction.attach(new GroupVisibilityUpdatedEvent(affected));
 	}
 
+	@Override
+	public void removeHandshakeKeys(Transaction transaction,
+			TransportId t, HandshakeKeySetId k) throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		if (!db.containsTransport(txn, t))
+			throw new NoSuchTransportException();
+		db.removeHandshakeKeys(txn, t, k);
+	}
+
 	@Override
 	public void removeLocalAuthor(Transaction transaction, AuthorId a)
 			throws DbException {
@@ -833,6 +914,16 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		db.removeMessage(txn, m);
 	}
 
+	@Override
+	public void removePendingContact(Transaction transaction,
+			PendingContactId p) throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		if (!db.containsPendingContact(txn, p))
+			throw new NoSuchPendingContactException();
+		db.removePendingContact(txn, p);
+	}
+
 	@Override
 	public void removeTransport(Transaction transaction, TransportId t)
 			throws DbException {
@@ -845,7 +936,7 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 
 	@Override
 	public void removeTransportKeys(Transaction transaction,
-			TransportId t, KeySetId k) throws DbException {
+			TransportId t, TransportKeySetId k) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
 		if (!db.containsTransport(txn, t))
@@ -864,17 +955,6 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		transaction.attach(new ContactVerifiedEvent(c));
 	}
 
-	@Override
-	public void setContactActive(Transaction transaction, ContactId c,
-			boolean active) throws DbException {
-		if (transaction.isReadOnly()) throw new IllegalArgumentException();
-		T txn = unbox(transaction);
-		if (!db.containsContact(txn, c))
-			throw new NoSuchContactException();
-		db.setContactActive(txn, c, active);
-		transaction.attach(new ContactStatusChangedEvent(c, active));
-	}
-
 	@Override
 	public void setContactAlias(Transaction transaction, ContactId c,
 			@Nullable String alias) throws DbException {
@@ -899,7 +979,7 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		if (old == INVISIBLE) db.addGroupVisibility(txn, c, g, v == SHARED);
 		else if (v == INVISIBLE) db.removeGroupVisibility(txn, c, g);
 		else db.setGroupVisibility(txn, c, g, v == SHARED);
-		List<ContactId> affected = singletonList(c);
+		List<ContactId> affected = Collections.singletonList(c);
 		transaction.attach(new GroupVisibilityUpdatedEvent(affected));
 	}
 
@@ -944,19 +1024,30 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public void setReorderingWindow(Transaction transaction, KeySetId k,
-			TransportId t, long rotationPeriod, long base, byte[] bitmap)
-			throws DbException {
+	public void setReorderingWindow(Transaction transaction,
+			TransportKeySetId k, TransportId t, long timePeriod, long base,
+			byte[] bitmap) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
 		if (!db.containsTransport(txn, t))
 			throw new NoSuchTransportException();
-		db.setReorderingWindow(txn, k, t, rotationPeriod, base, bitmap);
+		db.setReorderingWindow(txn, k, t, timePeriod, base, bitmap);
+	}
+
+	@Override
+	public void setReorderingWindow(Transaction transaction,
+			HandshakeKeySetId k, TransportId t, long timePeriod, long base,
+			byte[] bitmap) throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		if (!db.containsTransport(txn, t))
+			throw new NoSuchTransportException();
+		db.setReorderingWindow(txn, k, t, timePeriod, base, bitmap);
 	}
 
 	@Override
 	public void setTransportKeysActive(Transaction transaction, TransportId t,
-			KeySetId k) throws DbException {
+			TransportKeySetId k) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
 		if (!db.containsTransport(txn, t))
@@ -965,14 +1056,39 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public void updateTransportKeys(Transaction transaction,
-			Collection<KeySet> keys) throws DbException {
+	public void updateHandshakeKeys(Transaction transaction,
+			Collection<HandshakeKeySet> keys) throws DbException {
 		if (transaction.isReadOnly()) throw new IllegalArgumentException();
 		T txn = unbox(transaction);
-		for (KeySet ks : keys) {
-			TransportId t = ks.getTransportKeys().getTransportId();
+		for (HandshakeKeySet ks : keys) {
+			TransportId t = ks.getKeys().getTransportId();
+			if (db.containsTransport(txn, t))
+				db.updateHandshakeKeys(txn, ks);
+		}
+	}
+
+	@Override
+	public void updateTransportKeys(Transaction transaction,
+			Collection<TransportKeySet> keys) throws DbException {
+		if (transaction.isReadOnly()) throw new IllegalArgumentException();
+		T txn = unbox(transaction);
+		for (TransportKeySet ks : keys) {
+			TransportId t = ks.getKeys().getTransportId();
 			if (db.containsTransport(txn, t))
 				db.updateTransportKeys(txn, ks);
 		}
 	}
+
+	private class CommitActionVisitor implements Visitor {
+
+		@Override
+		public void visit(EventAction a) {
+			eventBus.broadcast(a.getEvent());
+		}
+
+		@Override
+		public void visit(TaskAction a) {
+			eventExecutor.execute(a.getTask());
+		}
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseModule.java

@@ -3,11 +3,13 @@ package org.briarproject.bramble.db;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.event.EventExecutor;
 import org.briarproject.bramble.api.lifecycle.ShutdownManager;
 import org.briarproject.bramble.api.sync.MessageFactory;
 import org.briarproject.bramble.api.system.Clock;
 
 import java.sql.Connection;
+import java.util.concurrent.Executor;
 
 import javax.inject.Singleton;
 
@@ -27,8 +29,9 @@ public class DatabaseModule {
 	@Provides
 	@Singleton
 	DatabaseComponent provideDatabaseComponent(Database<Connection> db,
-			EventBus eventBus, ShutdownManager shutdown) {
+			EventBus eventBus, @EventExecutor Executor eventExecutor,
+			ShutdownManager shutdownManager) {
 		return new DatabaseComponentImpl<>(db, Connection.class, eventBus,
-				shutdown);
+				eventExecutor, shutdownManager);
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/db/H2Database.java

@@ -7,6 +7,7 @@ import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.MessageFactory;
 import org.briarproject.bramble.api.system.Clock;
+import org.briarproject.bramble.util.StringUtils;
 
 import java.io.File;
 import java.sql.Connection;
@@ -22,7 +23,6 @@ import javax.inject.Inject;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
-import static org.briarproject.bramble.util.StringUtils.toHexString;
 
 /**
  * Contains all the H2-specific code for the database.
@@ -76,30 +76,6 @@ class H2Database extends JdbcDatabase {
 		}
 	}
 
-	@Override
-	public long getFreeSpace() {
-		File dir = config.getDatabaseDirectory();
-		long maxSize = config.getMaxSize();
-		long free = dir.getFreeSpace();
-		long used = getDiskSpace(dir);
-		long quota = maxSize - used;
-		return Math.min(free, quota);
-	}
-
-	private long getDiskSpace(File f) {
-		if (f.isDirectory()) {
-			long total = 0;
-			File[] children = f.listFiles();
-			if (children != null)
-				for (File child : children) total += getDiskSpace(child);
-			return total;
-		} else if (f.isFile()) {
-			return f.length();
-		} else {
-			return 0;
-		}
-	}
-
 	@Override
 	protected Connection createConnection() throws SQLException {
 		SecretKey key = this.key;
@@ -107,7 +83,7 @@ class H2Database extends JdbcDatabase {
 		Properties props = new Properties();
 		props.setProperty("user", "user");
 		// Separate the file password from the user password with a space
-		String hex = toHexString(key.getBytes());
+		String hex = StringUtils.toHexString(key.getBytes());
 		props.put("password", hex + " password");
 		return DriverManager.getConnection(getUrl(), props);
 	}

bramble-core/src/main/java/org/briarproject/bramble/db/HyperSqlDatabase.java

@@ -7,6 +7,7 @@ import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.MessageFactory;
 import org.briarproject.bramble.api.system.Clock;
+import org.briarproject.bramble.util.StringUtils;
 
 import java.io.File;
 import java.sql.Connection;
@@ -21,7 +22,6 @@ import javax.inject.Inject;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
-import static org.briarproject.bramble.util.StringUtils.toHexString;
 
 /**
  * Contains all the HSQLDB-specific code for the database.
@@ -86,35 +86,11 @@ class HyperSqlDatabase extends JdbcDatabase {
 		}
 	}
 
-	@Override
-	public long getFreeSpace() {
-		File dir = config.getDatabaseDirectory();
-		long maxSize = config.getMaxSize();
-		long free = dir.getFreeSpace();
-		long used = getDiskSpace(dir);
-		long quota = maxSize - used;
-		return Math.min(free, quota);
-	}
-
-	private long getDiskSpace(File f) {
-		if (f.isDirectory()) {
-			long total = 0;
-			File[] children = f.listFiles();
-			if (children != null)
-				for (File child : children) total += getDiskSpace(child);
-			return total;
-		} else if (f.isFile()) {
-			return f.length();
-		} else {
-			return 0;
-		}
-	}
-
 	@Override
 	protected Connection createConnection() throws SQLException {
 		SecretKey key = this.key;
 		if (key == null) throw new IllegalStateException();
-		String hex = toHexString(key.getBytes());
+		String hex = StringUtils.toHexString(key.getBytes());
 		return DriverManager.getConnection(url + ";crypt_key=" + hex);
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/db/Migration38_39.java

@@ -8,12 +8,12 @@ import java.sql.Statement;
 import java.util.logging.Logger;
 
 import static java.util.logging.Level.WARNING;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
 
 class Migration38_39 implements Migration<Connection> {
 
-	private static final Logger LOG = getLogger(Migration38_39.class.getName());
+	private static final Logger LOG =
+			Logger.getLogger(Migration38_39.class.getName());
 
 	@Override
 	public int getStartVersion() {

bramble-core/src/main/java/org/briarproject/bramble/db/Migration39_40.java

@@ -8,12 +8,12 @@ import java.sql.Statement;
 import java.util.logging.Logger;
 
 import static java.util.logging.Level.WARNING;
-import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
 
 class Migration39_40 implements Migration<Connection> {
 
-	private static final Logger LOG = getLogger(Migration39_40.class.getName());
+	private static final Logger LOG =
+			Logger.getLogger(Migration39_40.class.getName());
 
 	@Override
 	public int getStartVersion() {

bramble-core/src/main/java/org/briarproject/bramble/db/Migration41_42.java

@@ -0,0 +1,97 @@
+package org.briarproject.bramble.db;
+
+import org.briarproject.bramble.api.db.DbException;
+
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.logging.Logger;
+
+import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
+
+class Migration41_42 implements Migration<Connection> {
+
+	private static final Logger LOG = getLogger(Migration41_42.class.getName());
+
+	private final DatabaseTypes dbTypes;
+
+	Migration41_42(DatabaseTypes dbTypes) {
+		this.dbTypes = dbTypes;
+	}
+
+	@Override
+	public int getStartVersion() {
+		return 41;
+	}
+
+	@Override
+	public int getEndVersion() {
+		return 42;
+	}
+
+	@Override
+	public void migrate(Connection txn) throws DbException {
+		Statement s = null;
+		try {
+			s = txn.createStatement();
+			s.execute("ALTER TABLE outgoingKeys"
+					+ " ALTER COLUMN rotationPeriod"
+					+ " RENAME TO timePeriod");
+			s.execute("ALTER TABLE incomingKeys"
+					+ " ALTER COLUMN rotationPeriod"
+					+ " RENAME TO timePeriod");
+			s.execute("ALTER TABLE incomingKeys"
+					+ " DROP COLUMN contactId");
+			s.execute(dbTypes.replaceTypes("CREATE TABLE pendingContacts"
+					+ " (pendingContactId _HASH NOT NULL,"
+					+ " publicKey _BINARY NOT NULL,"
+					+ " alias _STRING NOT NULL,"
+					+ " state INT NOT NULL,"
+					+ " timestamp BIGINT NOT NULL,"
+					+ " PRIMARY KEY (pendingContactId))"));
+			s.execute(dbTypes.replaceTypes("CREATE TABLE outgoingHandshakeKeys"
+					+ " (transportId _STRING NOT NULL,"
+					+ " keySetId _COUNTER,"
+					+ " timePeriod BIGINT NOT NULL,"
+					+ " contactId INT," // Null if contact is pending
+					+ " pendingContactId _HASH," // Null if not pending
+					+ " rootKey _SECRET NOT NULL,"
+					+ " alice BOOLEAN NOT NULL,"
+					+ " tagKey _SECRET NOT NULL,"
+					+ " headerKey _SECRET NOT NULL,"
+					+ " stream BIGINT NOT NULL,"
+					+ " PRIMARY KEY (transportId, keySetId),"
+					+ " FOREIGN KEY (transportId)"
+					+ " REFERENCES transports (transportId)"
+					+ " ON DELETE CASCADE,"
+					+ " UNIQUE (keySetId),"
+					+ " FOREIGN KEY (contactId)"
+					+ " REFERENCES contacts (contactId)"
+					+ " ON DELETE CASCADE,"
+					+ " FOREIGN KEY (pendingContactId)"
+					+ " REFERENCES pendingContacts (pendingContactId)"
+					+ " ON DELETE CASCADE)"));
+			s.execute(dbTypes.replaceTypes("CREATE TABLE incomingHandshakeKeys"
+					+ " (transportId _STRING NOT NULL,"
+					+ " keySetId INT NOT NULL,"
+					+ " timePeriod BIGINT NOT NULL,"
+					+ " tagKey _SECRET NOT NULL,"
+					+ " headerKey _SECRET NOT NULL,"
+					+ " base BIGINT NOT NULL,"
+					+ " bitmap _BINARY NOT NULL,"
+					+ " periodOffset INT NOT NULL,"
+					+ " PRIMARY KEY (transportId, keySetId, periodOffset),"
+					+ " FOREIGN KEY (transportId)"
+					+ " REFERENCES transports (transportId)"
+					+ " ON DELETE CASCADE,"
+					+ " FOREIGN KEY (keySetId)"
+					+ " REFERENCES outgoingHandshakeKeys (keySetId)"
+					+ " ON DELETE CASCADE)"));
+		} catch (SQLException e) {
+			tryToClose(s, LOG, WARNING);
+			throw new DbException(e);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/db/Migration42_43.java

@@ -0,0 +1,52 @@
+package org.briarproject.bramble.db;
+
+import org.briarproject.bramble.api.db.DbException;
+
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.logging.Logger;
+
+import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
+
+class Migration42_43 implements Migration<Connection> {
+
+	private static final Logger LOG = getLogger(Migration42_43.class.getName());
+
+	private final DatabaseTypes dbTypes;
+
+	Migration42_43(DatabaseTypes dbTypes) {
+		this.dbTypes = dbTypes;
+	}
+
+	@Override
+	public int getStartVersion() {
+		return 42;
+	}
+
+	@Override
+	public int getEndVersion() {
+		return 43;
+	}
+
+	@Override
+	public void migrate(Connection txn) throws DbException {
+		Statement s = null;
+		try {
+			s = txn.createStatement();
+			s.execute(dbTypes.replaceTypes("ALTER TABLE localAuthors"
+					+ " ADD COLUMN handshakePublicKey _BINARY"));
+			s.execute(dbTypes.replaceTypes("ALTER TABLE localAuthors"
+					+ " ADD COLUMN handshakePrivateKey _BINARY"));
+			s.execute(dbTypes.replaceTypes("ALTER TABLE contacts"
+					+ " ADD COLUMN handshakePublicKey _BINARY"));
+			s.execute("ALTER TABLE contacts"
+					+ " DROP COLUMN active");
+		} catch (SQLException e) {
+			tryToClose(s, LOG, WARNING);
+			throw new DbException(e);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/db/Migration43_44.java

@@ -0,0 +1,40 @@
+package org.briarproject.bramble.db;
+
+import org.briarproject.bramble.api.db.DbException;
+
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.logging.Logger;
+
+import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
+
+class Migration43_44 implements Migration<Connection> {
+
+	private static final Logger LOG = getLogger(Migration43_44.class.getName());
+
+	@Override
+	public int getStartVersion() {
+		return 43;
+	}
+
+	@Override
+	public int getEndVersion() {
+		return 44;
+	}
+
+	@Override
+	public void migrate(Connection txn) throws DbException {
+		Statement s = null;
+		try {
+			s = txn.createStatement();
+			s.execute("ALTER TABLE contacts"
+					+ " DROP COLUMN localAuthorId");
+		} catch (SQLException e) {
+			tryToClose(s, LOG, WARNING);
+			throw new DbException(e);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/event/DefaultEventExecutorModule.java

@@ -0,0 +1,32 @@
+package org.briarproject.bramble.event;
+
+import org.briarproject.bramble.api.event.EventExecutor;
+
+import java.util.concurrent.Executor;
+
+import javax.inject.Singleton;
+
+import dagger.Module;
+import dagger.Provides;
+
+import static java.util.concurrent.Executors.newSingleThreadExecutor;
+
+/**
+ * Default implementation of {@link EventExecutor} that uses a dedicated thread
+ * to notify listeners of events. Applications may prefer to supply an
+ * implementation that uses an existing thread, such as the UI thread.
+ */
+@Module
+public class DefaultEventExecutorModule {
+
+	@Provides
+	@Singleton
+	@EventExecutor
+	Executor provideEventExecutor() {
+		return newSingleThreadExecutor(r -> {
+			Thread t = new Thread(r);
+			t.setDaemon(true);
+			return t;
+		});
+	}
+}