Write any records in the queue before ending session.

This maintains compatibility with older peers that don't know about
priorities or transport preferences and will try to replace any
connections we close.

bramble-android/build.gradle

@@ -38,7 +38,7 @@ configurations {
 
 dependencies {
 	implementation project(path: ':bramble-core', configuration: 'default')
-	tor 'org.briarproject:tor-android:0.3.5.9@zip'
+	tor 'org.briarproject:tor-android:0.3.5.10@zip'
 	tor 'org.briarproject:obfs4proxy-android:0.0.11-2@zip'
 
 	annotationProcessor 'com.google.dagger:dagger-compiler:2.24'

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPlugin.java

@@ -9,6 +9,7 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
 
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
@@ -76,11 +77,12 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 	private volatile BluetoothAdapter adapter = null;
 
 	AndroidBluetoothPlugin(BluetoothConnectionLimiter connectionLimiter,
-			Executor ioExecutor, AndroidExecutor androidExecutor,
+			TimeoutMonitor timeoutMonitor, Executor ioExecutor,
-			Context appContext, SecureRandom secureRandom, Clock clock,
+			SecureRandom secureRandom, AndroidExecutor androidExecutor,
-			Backoff backoff, PluginCallback callback, int maxLatency) {
+			Context appContext, Clock clock, Backoff backoff,
-		super(connectionLimiter, ioExecutor, secureRandom, backoff, callback,
+			PluginCallback callback, int maxLatency, int maxIdleTime) {
-				maxLatency);
+		super(connectionLimiter, timeoutMonitor, ioExecutor, secureRandom,
+				backoff, callback, maxLatency, maxIdleTime);
 		this.androidExecutor = androidExecutor;
 		this.appContext = appContext;
 		this.clock = clock;
@@ -172,9 +174,10 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 		return wrapSocket(ss.accept());
 	}
 
-	private DuplexTransportConnection wrapSocket(BluetoothSocket s) {
+	private DuplexTransportConnection wrapSocket(BluetoothSocket s)
-		return new AndroidBluetoothTransportConnection(this,
+			throws IOException {
-				connectionLimiter, s);
+		return new AndroidBluetoothTransportConnection(this, connectionLimiter,
+				timeoutMonitor, s);
 	}
 
 	@Override

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPluginFactory.java

@@ -3,6 +3,7 @@ package org.briarproject.bramble.plugin.bluetooth;
 import android.content.Context;
 
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
@@ -25,6 +26,7 @@ import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
 public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 
 	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
+	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
 	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
 	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;
@@ -35,18 +37,20 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 	private final SecureRandom secureRandom;
 	private final EventBus eventBus;
 	private final Clock clock;
+	private final TimeoutMonitor timeoutMonitor;
 	private final BackoffFactory backoffFactory;
 
 	public AndroidBluetoothPluginFactory(Executor ioExecutor,
 			AndroidExecutor androidExecutor, Context appContext,
 			SecureRandom secureRandom, EventBus eventBus, Clock clock,
-			BackoffFactory backoffFactory) {
+			TimeoutMonitor timeoutMonitor, BackoffFactory backoffFactory) {
 		this.ioExecutor = ioExecutor;
 		this.androidExecutor = androidExecutor;
 		this.appContext = appContext;
 		this.secureRandom = secureRandom;
 		this.eventBus = eventBus;
 		this.clock = clock;
+		this.timeoutMonitor = timeoutMonitor;
 		this.backoffFactory = backoffFactory;
 	}
 
@@ -67,8 +71,9 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		AndroidBluetoothPlugin plugin = new AndroidBluetoothPlugin(
-				connectionLimiter, ioExecutor, androidExecutor, appContext,
+				connectionLimiter, timeoutMonitor, ioExecutor, secureRandom,
-				secureRandom, clock, backoff, callback, MAX_LATENCY);
+				androidExecutor, appContext, clock, backoff,
+				callback, MAX_LATENCY, MAX_IDLE_TIME);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothTransportConnection.java

@@ -2,6 +2,7 @@ package org.briarproject.bramble.plugin.bluetooth;
 
 import android.bluetooth.BluetoothSocket;
 
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.duplex.AbstractDuplexTransportConnection;
@@ -10,24 +11,33 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
+import static org.briarproject.bramble.util.AndroidUtils.isValidBluetoothAddress;
+
 @NotNullByDefault
 class AndroidBluetoothTransportConnection
 		extends AbstractDuplexTransportConnection {
 
-	private final BluetoothConnectionLimiter connectionManager;
+	private final BluetoothConnectionLimiter connectionLimiter;
 	private final BluetoothSocket socket;
+	private final InputStream in;
 
 	AndroidBluetoothTransportConnection(Plugin plugin,
-			BluetoothConnectionLimiter connectionManager,
+			BluetoothConnectionLimiter connectionLimiter,
-			BluetoothSocket socket) {
+			TimeoutMonitor timeoutMonitor, BluetoothSocket socket)
+			throws IOException {
 		super(plugin);
-		this.connectionManager = connectionManager;
+		this.connectionLimiter = connectionLimiter;
 		this.socket = socket;
+		in = timeoutMonitor.createTimeoutInputStream(
+				socket.getInputStream(), plugin.getMaxIdleTime() * 2);
+		String address = socket.getRemoteDevice().getAddress();
+		if (isValidBluetoothAddress(address)) remote.put(PROP_ADDRESS, address);
 	}
 
 	@Override
-	protected InputStream getInputStream() throws IOException {
+	protected InputStream getInputStream() {
-		return socket.getInputStream();
+		return in;
 	}
 
 	@Override
@@ -40,7 +50,7 @@ class AndroidBluetoothTransportConnection
 		try {
 			socket.close();
 		} finally {
-			connectionManager.connectionClosed(this);
+			connectionLimiter.connectionClosed(this);
 		}
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPlugin.java

@@ -136,7 +136,7 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 	private void updateConnectionStatus() {
 		connectionStatusExecutor.execute(() -> {
 			if (!running) return;
-			List<InetAddress> addrs = getLocalInetAddresses();
+			List<InetAddress> addrs = getUsableLocalInetAddresses();
 			if (addrs.contains(WIFI_AP_ADDRESS)
 					|| addrs.contains(WIFI_DIRECT_AP_ADDRESS)) {
 				LOG.info("Providing wifi hotspot");

bramble-android/src/main/java/org/briarproject/bramble/util/AndroidUtils.java

@@ -71,7 +71,7 @@ public class AndroidUtils {
 		return new Pair<>("", "");
 	}
 
-	private static boolean isValidBluetoothAddress(@Nullable String address) {
+	public static boolean isValidBluetoothAddress(@Nullable String address) {
 		return !StringUtils.isNullOrEmpty(address)
 				&& BluetoothAdapter.checkBluetoothAddress(address)
 				&& !address.equals(FAKE_BLUETOOTH_ADDRESS);

bramble-android/witness.gradle

@@ -70,7 +70,7 @@ dependencyVerification {
         'org.bouncycastle:bcpkix-jdk15on:1.56:bcpkix-jdk15on-1.56.jar:7043dee4e9e7175e93e0b36f45b1ec1ecb893c5f755667e8b916eb8dd201c6ca',
         'org.bouncycastle:bcprov-jdk15on:1.56:bcprov-jdk15on-1.56.jar:963e1ee14f808ffb99897d848ddcdb28fa91ddda867eb18d303e82728f878349',
         'org.briarproject:obfs4proxy-android:0.0.11-2:obfs4proxy-android-0.0.11-2.zip:57e55cbe87aa2aac210fdbb6cd8cdeafe15f825406a08ebf77a8b787aa2c6a8a',
-        'org.briarproject:tor-android:0.3.5.9:tor-android-0.3.5.9.zip:853b0440feccd6904bd03e6b2de53a62ebcde1d58068beeadc447a7dff950bc8',
+        'org.briarproject:tor-android:0.3.5.10:tor-android-0.3.5.10.zip:edd83bf557fcff2105eaa0bdb3f607a6852ebe7360920929ae3039dd5f4774c5',
         'org.checkerframework:checker-compat-qual:2.5.3:checker-compat-qual-2.5.3.jar:d76b9afea61c7c082908023f0cbc1427fab9abd2df915c8b8a3e7a509bccbc6d',
         'org.checkerframework:checker-qual:2.5.2:checker-qual-2.5.2.jar:64b02691c8b9d4e7700f8ee2e742dce7ea2c6e81e662b7522c9ee3bf568c040a',
         'org.codehaus.groovy:groovy-all:2.4.15:groovy-all-2.4.15.jar:51d6c4e71782e85674239189499854359d380fb75e1a703756e3aaa5b98a5af0',

bramble-api/src/main/java/org/briarproject/bramble/api/account/AccountManager.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.api.account;
 
+import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.identity.IdentityManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@@ -13,7 +14,8 @@ public interface AccountManager {
 	 * Returns true if the manager has the database key. This will be false
 	 * before {@link #createAccount(String, String)} or {@link #signIn(String)}
 	 * has been called, and true after {@link #createAccount(String, String)}
-	 * or {@link #signIn(String)} has returned true, until the process exits.
+	 * or {@link #signIn(String)} has returned true, until
+	 * {@link #deleteAccount()} is called or the process exits.
 	 */
 	boolean hasDatabaseKey();
 
@@ -22,25 +24,22 @@ public interface AccountManager {
 	 * before {@link #createAccount(String, String)} or {@link #signIn(String)}
 	 * has been called, and non-null after
 	 * {@link #createAccount(String, String)} or {@link #signIn(String)} has
-	 * returned true, until the process exits.
+	 * returned true, until {@link #deleteAccount()} is called or the process
+	 * exits.
 	 */
 	@Nullable
 	SecretKey getDatabaseKey();
 
 	/**
-	 * Returns true if the encrypted database key can be loaded from disk, and
+	 * Returns true if the encrypted database key can be loaded from disk.
-	 * the database directory exists and is a directory.
 	 */
 	boolean accountExists();
 
 	/**
 	 * Creates an identity with the given name and registers it with the
 	 * {@link IdentityManager}. Creates a database key, encrypts it with the
-	 * given password and stores it on disk.
+	 * given password and stores it on disk. {@link #accountExists()} will
-	 * <p/>
+	 * return true after this method returns true.
-	 * This method does not create the database directory, so
-	 * {@link #accountExists()} will continue to return false until the
-	 * database directory is created.
 	 */
 	boolean createAccount(String name, String password);
 
@@ -54,17 +53,19 @@ public interface AccountManager {
 	 * Loads the encrypted database key from disk and decrypts it with the
 	 * given password.
 	 *
-	 * @return true if the database key was successfully loaded and decrypted.
+	 * @throws DecryptionException If the database key could not be loaded and
+	 * decrypted.
 	 */
-	boolean signIn(String password);
+	void signIn(String password) throws DecryptionException;
 
 	/**
 	 * Loads the encrypted database key from disk, decrypts it with the old
 	 * password, encrypts it with the new password, and stores it on disk,
 	 * replacing the old key.
 	 *
-	 * @return true if the database key was successfully loaded, re-encrypted
+	 * @throws DecryptionException If the database key could not be loaded and
-	 * and stored.
+	 * decrypted.
 	 */
-	boolean changePassword(String oldPassword, String newPassword);
+	void changePassword(String oldPassword, String newPassword)
+			throws DecryptionException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/connection/ConnectionManager.java

@@ -1,8 +1,11 @@
-package org.briarproject.bramble.api.plugin;
+package org.briarproject.bramble.api.connection;
 
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 
 @NotNullByDefault

bramble-api/src/main/java/org/briarproject/bramble/api/connection/ConnectionRegistry.java

@@ -1,14 +1,17 @@
-package org.briarproject.bramble.api.plugin;
+package org.briarproject.bramble.api.connection;
 
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.PluginConfig;
+import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
 import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
 import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
 import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
 import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
 import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
+import org.briarproject.bramble.api.sync.Priority;
 
 import java.util.Collection;
 
@@ -20,25 +23,57 @@ public interface ConnectionRegistry {
 
 	/**
 	 * Registers a connection with the given contact over the given transport.
+	 * <p>
 	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
 	 * {@link ContactConnectedEvent} if this is the only connection with the
 	 * contact.
 	 */
-	void registerConnection(ContactId c, TransportId t, boolean incoming);
+	void registerConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, boolean incoming);
 
 	/**
 	 * Unregisters a connection with the given contact over the given transport.
+	 * <p>
 	 * Broadcasts {@link ConnectionClosedEvent}. Also broadcasts
 	 * {@link ContactDisconnectedEvent} if this is the only connection with
 	 * the contact.
 	 */
-	void unregisterConnection(ContactId c, TransportId t, boolean incoming);
+	void unregisterConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, boolean incoming, boolean exception);
+
+	/**
+	 * Sets the {@link Priority priority} of a connection that was previously
+	 * registered via {@link #registerConnection(ContactId, TransportId,
+	 * InterruptibleConnection, boolean)}.
+	 * <p>
+	 * If the registry has any "better" connections with the given contact, the
+	 * given connection will be interrupted. If the registry has any "worse"
+	 * connections with the given contact, those connections will be
+	 * interrupted.
+	 * <p>
+	 * Connection A is considered "better" than connection B if both
+	 * connections have had their priorities set, and either A's transport is
+	 * {@link PluginConfig#getTransportPreferences() preferred} to B's, or
+	 * they use the same transport and A has higher {@link Priority priority}
+	 * than B.
+	 * <p>
+	 * For backward compatibility, connections without priorities are not
+	 * considered better or worse than other connections.
+	 */
+	void setPriority(ContactId c, TransportId t, InterruptibleConnection conn,
+			Priority priority);
 
 	/**
 	 * Returns any contacts that are connected via the given transport.
 	 */
 	Collection<ContactId> getConnectedContacts(TransportId t);
 
+	/**
+	 * Returns any contacts that are connected via the given transport or any
+	 * {@link PluginConfig#getTransportPreferences() better} transport.
+	 */
+	Collection<ContactId> getConnectedOrBetterContacts(TransportId t);
+
 	/**
 	 * Returns true if the given contact is connected via the given transport.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/connection/InterruptibleConnection.java

@@ -0,0 +1,19 @@
+package org.briarproject.bramble.api.connection;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * A duplex sync connection that can be closed by interrupting its outgoing
+ * sync session.
+ */
+@NotNullByDefault
+public interface InterruptibleConnection {
+
+	/**
+	 * Interrupts the connection's outgoing sync session. If the underlying
+	 * transport connection is alive and the remote peer is cooperative, this
+	 * should result in both sync sessions ending and the connection being
+	 * cleanly closed.
+	 */
+	void interruptOutgoingSession();
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java

@@ -142,16 +142,17 @@ public interface CryptoComponent {
 	/**
 	 * Decrypts and authenticates the given ciphertext that has been read from
 	 * storage. The encryption and authentication keys are derived from the
-	 * given password. Returns null if the ciphertext cannot be decrypted and
+	 * given password.
-	 * authenticated (for example, if the password is wrong).
 	 *
 	 * @param keyStrengthener Used to strengthen the password-based key. If
 	 * null, or if strengthening was not used when encrypting the ciphertext,
 	 * the password-based key will not be strengthened
+	 * @throws DecryptionException If the ciphertext cannot be decrypted and
+	 * authenticated (for example, if the password is wrong).
 	 */
-	@Nullable
 	byte[] decryptWithPassword(byte[] ciphertext, String password,
-			@Nullable KeyStrengthener keyStrengthener);
+			@Nullable KeyStrengthener keyStrengthener)
+			throws DecryptionException;
 
 	/**
 	 * Returns true if the given ciphertext was encrypted using a strengthened

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/DecryptionException.java

@@ -0,0 +1,17 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+public class DecryptionException extends Exception {
+
+	private final DecryptionResult result;
+
+	public DecryptionException(DecryptionResult result) {
+		this.result = result;
+	}
+
+	public DecryptionResult getDecryptionResult() {
+		return result;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/DecryptionResult.java

@@ -0,0 +1,29 @@
+package org.briarproject.bramble.api.crypto;
+
+/**
+ * The result of a password-based decryption operation.
+ */
+public enum DecryptionResult {
+
+	/**
+	 * Decryption succeeded.
+	 */
+	SUCCESS,
+
+	/**
+	 * Decryption failed because the format of the ciphertext was invalid.
+	 */
+	INVALID_CIPHERTEXT,
+
+	/**
+	 * Decryption failed because the {@link KeyStrengthener} used for
+	 * encryption was not available for decryption.
+	 */
+	KEY_STRENGTHENER_ERROR,
+
+	/**
+	 * Decryption failed because the password used for decryption did not match
+	 * the password used for encryption.
+	 */
+	INVALID_PASSWORD
+}

bramble-api/src/main/java/org/briarproject/bramble/api/io/TimeoutMonitor.java

@@ -0,0 +1,15 @@
+package org.briarproject.bramble.api.io;
+
+import java.io.InputStream;
+
+public interface TimeoutMonitor {
+
+	/**
+	 * Returns an {@link InputStream} that wraps the given stream and allows
+	 * read timeouts to be detected.
+	 *
+	 * @param timeoutMs The read timeout in milliseconds. Timeouts will be
+	 * detected eventually but are not guaranteed to be detected immediately.
+	 */
+	InputStream createTimeoutInputStream(InputStream in, long timeoutMs);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginConfig.java

@@ -5,6 +5,8 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 
 import java.util.Collection;
+import java.util.List;
+import java.util.Map;
 
 @NotNullByDefault
 public interface PluginConfig {
@@ -14,4 +16,11 @@ public interface PluginConfig {
 	Collection<SimplexPluginFactory> getSimplexFactories();
 
 	boolean shouldPoll();
+
+	/**
+	 * Returns a map representing transport preferences. For each entry in the
+	 * map, connections via the transports identified by the value are
+	 * preferred to connections via the transport identified by the key.
+	 */
+	Map<TransportId, List<TransportId>> getTransportPreferences();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/AbstractDuplexTransportConnection.java

@@ -4,6 +4,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.properties.TransportProperties;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -14,6 +15,8 @@ import java.util.concurrent.atomic.AtomicBoolean;
 public abstract class AbstractDuplexTransportConnection
 		implements DuplexTransportConnection {
 
+	protected final TransportProperties remote = new TransportProperties();
+
 	private final Plugin plugin;
 	private final Reader reader;
 	private final Writer writer;
@@ -44,6 +47,11 @@ public abstract class AbstractDuplexTransportConnection
 		return writer;
 	}
 
+	@Override
+	public TransportProperties getRemoteProperties() {
+		return remote;
+	}
+
 	private class Reader implements TransportConnectionReader {
 
 		@Override

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexTransportConnection.java

@@ -3,6 +3,7 @@ package org.briarproject.bramble.api.plugin.duplex;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.properties.TransportProperties;
 
 /**
  * An interface for reading and writing data over a duplex transport. The
@@ -23,4 +24,10 @@ public interface DuplexTransportConnection {
 	 * for writing to the connection.
 	 */
 	TransportConnectionWriter getWriter();
+
+	/**
+	 * Returns a possibly empty set of {@link TransportProperties} describing
+	 * the remote peer.
+	 */
+	TransportProperties getRemoteProperties();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/ConnectionClosedEvent.java

@@ -13,13 +13,14 @@ public class ConnectionClosedEvent extends Event {
 
 	private final ContactId contactId;
 	private final TransportId transportId;
-	private final boolean incoming;
+	private final boolean incoming, exception;
 
 	public ConnectionClosedEvent(ContactId contactId, TransportId transportId,
-			boolean incoming) {
+			boolean incoming, boolean exception) {
 		this.contactId = contactId;
 		this.transportId = transportId;
 		this.incoming = incoming;
+		this.exception = exception;
 	}
 
 	public ContactId getContactId() {
@@ -33,4 +34,8 @@ public class ConnectionClosedEvent extends Event {
 	public boolean isIncoming() {
 		return incoming;
 	}
+
+	public boolean isException() {
+		return exception;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyConstants.java

@@ -11,4 +11,28 @@ public interface TransportPropertyConstants {
 	 * The maximum length of a property's key or value in UTF-8 bytes.
 	 */
 	int MAX_PROPERTY_LENGTH = 100;
+
+	/**
+	 * Message metadata key for the transport ID of a local or remote update,
+	 * as a BDF string.
+	 */
+	String MSG_KEY_TRANSPORT_ID = "transportId";
+
+	/**
+	 * Message metadata key for the version number of a local or remote update,
+	 * as a BDF long.
+	 */
+	String MSG_KEY_VERSION = "version";
+
+	/**
+	 * Message metadata key for whether an update is local or remote, as a BDF
+	 * boolean.
+	 */
+	String MSG_KEY_LOCAL = "local";
+
+	/**
+	 * Group metadata key for any discovered transport properties of the
+	 * contact, as a BDF dictionary.
+	 */
+	String GROUP_KEY_DISCOVERED = "discovered";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyManager.java

@@ -34,6 +34,14 @@ public interface TransportPropertyManager {
 	void addRemoteProperties(Transaction txn, ContactId c,
 			Map<TransportId, TransportProperties> props) throws DbException;
 
+	/**
+	 * Stores the given properties discovered from an incoming transport
+	 * connection. They will be overridden by any properties received while
+	 * adding the contact or synced from the contact.
+	 */
+	void addRemotePropertiesFromConnection(ContactId c, TransportId t,
+			TransportProperties props) throws DbException;
+
 	/**
 	 * Returns the local transport properties for all transports.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Priority.java

@@ -0,0 +1,23 @@
+package org.briarproject.bramble.api.sync;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * A record containing a nonce for choosing between redundant sessions.
+ */
+@Immutable
+@NotNullByDefault
+public class Priority {
+
+	private final byte[] nonce;
+
+	public Priority(byte[] nonce) {
+		this.nonce = nonce;
+	}
+
+	public byte[] getNonce() {
+		return nonce;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/PriorityHandler.java

@@ -0,0 +1,13 @@
+package org.briarproject.bramble.api.sync;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * An interface for handling a {@link Priority} record received by an
+ * incoming {@link SyncSession}.
+ */
+@NotNullByDefault
+public interface PriorityHandler {
+
+	void handle(Priority p);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordTypes.java

@@ -10,4 +10,5 @@ public interface RecordTypes {
 	byte OFFER = 2;
 	byte REQUEST = 3;
 	byte VERSIONS = 4;
+	byte PRIORITY = 5;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncConstants.java

@@ -49,4 +49,10 @@ public interface SyncConstants {
 	 * simultaneously.
 	 */
 	int MAX_SUPPORTED_VERSIONS = 10;
+
+	/**
+	 * The length of the priority nonce used for choosing between redundant
+	 * connections.
+	 */
+	int PRIORITY_NONCE_BYTES = 16;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordReader.java

@@ -28,4 +28,8 @@ public interface SyncRecordReader {
 	boolean hasVersions() throws IOException;
 
 	Versions readVersions() throws IOException;
+
+	boolean hasPriority() throws IOException;
+
+	Priority readPriority() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordWriter.java

@@ -17,5 +17,7 @@ public interface SyncRecordWriter {
 
 	void writeVersions(Versions v) throws IOException;
 
+	void writePriority(Priority p) throws IOException;
+
 	void flush() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncSessionFactory.java

@@ -6,14 +6,18 @@ import org.briarproject.bramble.api.transport.StreamWriter;
 
 import java.io.InputStream;
 
+import javax.annotation.Nullable;
+
 @NotNullByDefault
 public interface SyncSessionFactory {
 
-	SyncSession createIncomingSession(ContactId c, InputStream in);
+	SyncSession createIncomingSession(ContactId c, InputStream in,
+			PriorityHandler handler);
 
 	SyncSession createSimplexOutgoingSession(ContactId c, int maxLatency,
 			StreamWriter streamWriter);
 
 	SyncSession createDuplexOutgoingSession(ContactId c, int maxLatency,
-			int maxIdleTime, StreamWriter streamWriter);
+			int maxIdleTime, StreamWriter streamWriter,
+			@Nullable Priority priority);
 }

bramble-api/src/main/java/org/briarproject/bramble/util/IoUtils.java

@@ -117,4 +117,10 @@ public class IoUtils {
 			throw new IOException(e);
 		}
 	}
+
+	public static boolean isNonEmptyDirectory(File f) {
+		if (!f.isDirectory()) return false;
+		File[] children = f.listFiles();
+		return children != null && children.length > 0;
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreModule.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble;
 
 import org.briarproject.bramble.client.ClientModule;
+import org.briarproject.bramble.connection.ConnectionModule;
 import org.briarproject.bramble.contact.ContactModule;
 import org.briarproject.bramble.crypto.CryptoExecutorModule;
 import org.briarproject.bramble.crypto.CryptoModule;
@@ -9,6 +10,7 @@ import org.briarproject.bramble.db.DatabaseExecutorModule;
 import org.briarproject.bramble.db.DatabaseModule;
 import org.briarproject.bramble.event.EventModule;
 import org.briarproject.bramble.identity.IdentityModule;
+import org.briarproject.bramble.io.IoModule;
 import org.briarproject.bramble.keyagreement.KeyAgreementModule;
 import org.briarproject.bramble.lifecycle.LifecycleModule;
 import org.briarproject.bramble.plugin.PluginModule;
@@ -27,6 +29,7 @@ import dagger.Module;
 
 @Module(includes = {
 		ClientModule.class,
+		ConnectionModule.class,
 		ContactModule.class,
 		CryptoModule.class,
 		CryptoExecutorModule.class,
@@ -35,6 +38,7 @@ import dagger.Module;
 		DatabaseExecutorModule.class,
 		EventModule.class,
 		IdentityModule.class,
+		IoModule.class,
 		KeyAgreementModule.class,
 		LifecycleModule.class,
 		PluginModule.class,

bramble-core/src/main/java/org/briarproject/bramble/account/AccountManagerImpl.java

@@ -2,6 +2,7 @@ package org.briarproject.bramble.account;
 
 import org.briarproject.bramble.api.account.AccountManager;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
@@ -17,6 +18,7 @@ import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.nio.charset.Charset;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
@@ -24,6 +26,7 @@ import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;
 
 import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_CIPHERTEXT;
 import static org.briarproject.bramble.util.LogUtils.logException;
 import static org.briarproject.bramble.util.StringUtils.fromHexString;
 import static org.briarproject.bramble.util.StringUtils.toHexString;
@@ -95,7 +98,7 @@ class AccountManagerImpl implements AccountManager {
 		}
 		try {
 			BufferedReader reader = new BufferedReader(new InputStreamReader(
-					new FileInputStream(f), "UTF-8"));
+					new FileInputStream(f), Charset.forName("UTF-8")));
 			String key = reader.readLine();
 			reader.close();
 			return key;
@@ -147,7 +150,7 @@ class AccountManagerImpl implements AccountManager {
 	@GuardedBy("stateChangeLock")
 	private void writeDbKeyToFile(String key, File f) throws IOException {
 		FileOutputStream out = new FileOutputStream(f);
-		out.write(key.getBytes("UTF-8"));
+		out.write(key.getBytes(Charset.forName("UTF-8")));
 		out.flush();
 		out.close();
 	}
@@ -155,8 +158,7 @@ class AccountManagerImpl implements AccountManager {
 	@Override
 	public boolean accountExists() {
 		synchronized (stateChangeLock) {
-			return loadEncryptedDatabaseKey() != null
+			return loadEncryptedDatabaseKey() != null;
-					&& databaseConfig.getDatabaseDirectory().isDirectory();
 		}
 	}
 
@@ -193,31 +195,24 @@ class AccountManagerImpl implements AccountManager {
 	}
 
 	@Override
-	public boolean signIn(String password) {
+	public void signIn(String password) throws DecryptionException {
 		synchronized (stateChangeLock) {
-			SecretKey key = loadAndDecryptDatabaseKey(password);
+			databaseKey = loadAndDecryptDatabaseKey(password);
-			if (key == null) return false;
-			databaseKey = key;
-			return true;
 		}
 	}
 
 	@GuardedBy("stateChangeLock")
-	@Nullable
+	private SecretKey loadAndDecryptDatabaseKey(String password)
-	private SecretKey loadAndDecryptDatabaseKey(String password) {
+			throws DecryptionException {
 		String hex = loadEncryptedDatabaseKey();
 		if (hex == null) {
 			LOG.warning("Failed to load encrypted database key");
-			return null;
+			throw new DecryptionException(INVALID_CIPHERTEXT);
 		}
 		byte[] ciphertext = fromHexString(hex);
 		KeyStrengthener keyStrengthener = databaseConfig.getKeyStrengthener();
 		byte[] plaintext = crypto.decryptWithPassword(ciphertext, password,
 				keyStrengthener);
-		if (plaintext == null) {
-			LOG.info("Failed to decrypt database key");
-			return null;
-		}
 		SecretKey key = new SecretKey(plaintext);
 		// If the DB key was encrypted with a weak key and a key strengthener
 		// is now available, re-encrypt the DB key with a strengthened key
@@ -230,10 +225,11 @@ class AccountManagerImpl implements AccountManager {
 	}
 
 	@Override
-	public boolean changePassword(String oldPassword, String newPassword) {
+	public void changePassword(String oldPassword, String newPassword)
+			throws DecryptionException {
 		synchronized (stateChangeLock) {
 			SecretKey key = loadAndDecryptDatabaseKey(oldPassword);
-			return key != null && encryptAndStoreDatabaseKey(key, newPassword);
+			encryptAndStoreDatabaseKey(key, newPassword);
 		}
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/connection/Connection.java

@@ -0,0 +1,79 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+
+import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
+import static org.briarproject.bramble.util.IoUtils.read;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+abstract class Connection {
+
+	protected static final Logger LOG = getLogger(Connection.class.getName());
+
+	final KeyManager keyManager;
+	final ConnectionRegistry connectionRegistry;
+	final StreamReaderFactory streamReaderFactory;
+	final StreamWriterFactory streamWriterFactory;
+
+	Connection(KeyManager keyManager, ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory) {
+		this.keyManager = keyManager;
+		this.connectionRegistry = connectionRegistry;
+		this.streamReaderFactory = streamReaderFactory;
+		this.streamWriterFactory = streamWriterFactory;
+	}
+
+	@Nullable
+	StreamContext recogniseTag(TransportConnectionReader reader,
+			TransportId transportId) {
+		StreamContext ctx;
+		try {
+			byte[] tag = readTag(reader.getInputStream());
+			return keyManager.getStreamContext(transportId, tag);
+		} catch (IOException | DbException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
+	}
+
+	private byte[] readTag(InputStream in) throws IOException {
+		byte[] tag = new byte[TAG_LENGTH];
+		read(in, tag);
+		return tag;
+	}
+
+	void disposeOnError(TransportConnectionReader reader, boolean recognised) {
+		try {
+			reader.dispose(true, recognised);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+		}
+	}
+
+	void disposeOnError(TransportConnectionWriter writer) {
+		try {
+			writer.dispose(true);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionManagerImpl.java

@@ -0,0 +1,114 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.security.SecureRandom;
+import java.util.concurrent.Executor;
+
+import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
+
+@Immutable
+@NotNullByDefault
+class ConnectionManagerImpl implements ConnectionManager {
+
+	private final Executor ioExecutor;
+	private final KeyManager keyManager;
+	private final StreamReaderFactory streamReaderFactory;
+	private final StreamWriterFactory streamWriterFactory;
+	private final SyncSessionFactory syncSessionFactory;
+	private final HandshakeManager handshakeManager;
+	private final ContactExchangeManager contactExchangeManager;
+	private final ConnectionRegistry connectionRegistry;
+	private final TransportPropertyManager transportPropertyManager;
+	private final SecureRandom secureRandom;
+
+	@Inject
+	ConnectionManagerImpl(@IoExecutor Executor ioExecutor,
+			KeyManager keyManager, StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionRegistry connectionRegistry,
+			TransportPropertyManager transportPropertyManager,
+			SecureRandom secureRandom) {
+		this.ioExecutor = ioExecutor;
+		this.keyManager = keyManager;
+		this.streamReaderFactory = streamReaderFactory;
+		this.streamWriterFactory = streamWriterFactory;
+		this.syncSessionFactory = syncSessionFactory;
+		this.handshakeManager = handshakeManager;
+		this.contactExchangeManager = contactExchangeManager;
+		this.connectionRegistry = connectionRegistry;
+		this.transportPropertyManager = transportPropertyManager;
+		this.secureRandom = secureRandom;
+	}
+
+
+	@Override
+	public void manageIncomingConnection(TransportId t,
+			TransportConnectionReader r) {
+		ioExecutor.execute(new IncomingSimplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, t, r));
+	}
+
+	@Override
+	public void manageIncomingConnection(TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new IncomingDuplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, ioExecutor,
+				t, d));
+	}
+
+	@Override
+	public void manageIncomingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new IncomingHandshakeConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				handshakeManager, contactExchangeManager, this, p, t, d));
+	}
+
+	@Override
+	public void manageOutgoingConnection(ContactId c, TransportId t,
+			TransportConnectionWriter w) {
+		ioExecutor.execute(new OutgoingSimplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, c, t, w));
+	}
+
+	@Override
+	public void manageOutgoingConnection(ContactId c, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new OutgoingDuplexSyncConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				syncSessionFactory, transportPropertyManager, ioExecutor,
+				secureRandom, c, t, d));
+	}
+
+	@Override
+	public void manageOutgoingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d) {
+		ioExecutor.execute(new OutgoingHandshakeConnection(keyManager,
+				connectionRegistry, streamReaderFactory, streamWriterFactory,
+				handshakeManager, contactExchangeManager, this, p, t, d));
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionModule.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+
+import javax.inject.Singleton;
+
+import dagger.Module;
+import dagger.Provides;
+
+@Module
+public class ConnectionModule {
+
+	@Provides
+	ConnectionManager provideConnectionManager(
+			ConnectionManagerImpl connectionManager) {
+		return connectionManager;
+	}
+
+	@Provides
+	@Singleton
+	ConnectionRegistry provideConnectionRegistry(
+			ConnectionRegistryImpl connectionRegistry) {
+		return connectionRegistry;
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/ConnectionRegistryImpl.java

@@ -0,0 +1,270 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.connection.InterruptibleConnection;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.PluginConfig;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
+import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
+import org.briarproject.bramble.api.sync.Priority;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+import javax.annotation.concurrent.ThreadSafe;
+import javax.inject.Inject;
+
+import static java.util.Collections.emptyList;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Logger.getLogger;
+
+@ThreadSafe
+@NotNullByDefault
+class ConnectionRegistryImpl implements ConnectionRegistry {
+
+	private static final Logger LOG =
+			getLogger(ConnectionRegistryImpl.class.getName());
+
+	private final EventBus eventBus;
+	private final Map<TransportId, List<TransportId>> transportPrefs;
+
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private final Map<ContactId, List<ConnectionRecord>> contactConnections;
+	@GuardedBy("lock")
+	private final Set<PendingContactId> connectedPendingContacts;
+
+	@Inject
+	ConnectionRegistryImpl(EventBus eventBus, PluginConfig pluginConfig) {
+		this.eventBus = eventBus;
+		transportPrefs = pluginConfig.getTransportPreferences();
+		contactConnections = new HashMap<>();
+		connectedPendingContacts = new HashSet<>();
+	}
+
+	@Override
+	public void registerConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, boolean incoming) {
+		if (LOG.isLoggable(INFO)) {
+			if (incoming) LOG.info("Incoming connection registered: " + t);
+			else LOG.info("Outgoing connection registered: " + t);
+		}
+		boolean firstConnection;
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null) {
+				recs = new ArrayList<>();
+				contactConnections.put(c, recs);
+			}
+			firstConnection = recs.isEmpty();
+			recs.add(new ConnectionRecord(t, conn));
+		}
+		eventBus.broadcast(new ConnectionOpenedEvent(c, t, incoming));
+		if (firstConnection) {
+			LOG.info("Contact connected");
+			eventBus.broadcast(new ContactConnectedEvent(c));
+		}
+	}
+
+	@Override
+	public void setPriority(ContactId c, TransportId t,
+			InterruptibleConnection conn, Priority priority) {
+		if (LOG.isLoggable(INFO)) LOG.info("Setting connection priority: " + t);
+		List<InterruptibleConnection> toInterrupt;
+		boolean interruptNewConnection = false;
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null) throw new IllegalArgumentException();
+			toInterrupt = new ArrayList<>(recs.size());
+			for (ConnectionRecord rec : recs) {
+				if (rec.conn == conn) {
+					// Store the priority of this connection
+					rec.priority = priority;
+				} else if (rec.priority != null) {
+					int compare = compareConnections(t, priority,
+							rec.transportId, rec.priority);
+					if (compare == -1) {
+						// The old connection is better than the new one
+						interruptNewConnection = true;
+					} else if (compare == 1 && !rec.interrupted) {
+						// The new connection is better than the old one
+						toInterrupt.add(rec.conn);
+						rec.interrupted = true;
+					}
+				}
+			}
+		}
+		if (interruptNewConnection) {
+			LOG.info("Interrupting new connection");
+			conn.interruptOutgoingSession();
+		}
+		for (InterruptibleConnection old : toInterrupt) {
+			LOG.info("Interrupting old connection");
+			old.interruptOutgoingSession();
+		}
+	}
+
+	private int compareConnections(TransportId tA, Priority pA, TransportId tB,
+			Priority pB) {
+		if (getBetterTransports(tA).contains(tB)) return -1;
+		if (getBetterTransports(tB).contains(tA)) return 1;
+		return tA.equals(tB) ? Bytes.compare(pA.getNonce(), pB.getNonce()) : 0;
+	}
+
+	private List<TransportId> getBetterTransports(TransportId t) {
+		List<TransportId> better = transportPrefs.get(t);
+		return better == null ? emptyList() : better;
+	}
+
+	@Override
+	public void unregisterConnection(ContactId c, TransportId t,
+			InterruptibleConnection conn, boolean incoming, boolean exception) {
+		if (LOG.isLoggable(INFO)) {
+			if (incoming) LOG.info("Incoming connection unregistered: " + t);
+			else LOG.info("Outgoing connection unregistered: " + t);
+		}
+		boolean lastConnection;
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null || !recs.remove(new ConnectionRecord(t, conn)))
+				throw new IllegalArgumentException();
+			lastConnection = recs.isEmpty();
+		}
+		eventBus.broadcast(
+				new ConnectionClosedEvent(c, t, incoming, exception));
+		if (lastConnection) {
+			LOG.info("Contact disconnected");
+			eventBus.broadcast(new ContactDisconnectedEvent(c));
+		}
+	}
+
+	@Override
+	public Collection<ContactId> getConnectedContacts(TransportId t) {
+		synchronized (lock) {
+			List<ContactId> contactIds = new ArrayList<>();
+			for (Entry<ContactId, List<ConnectionRecord>> e :
+					contactConnections.entrySet()) {
+				for (ConnectionRecord rec : e.getValue()) {
+					if (rec.transportId.equals(t)) {
+						contactIds.add(e.getKey());
+						break;
+					}
+				}
+			}
+			if (LOG.isLoggable(INFO)) {
+				LOG.info(contactIds.size() + " contacts connected: " + t);
+			}
+			return contactIds;
+		}
+	}
+
+	@Override
+	public Collection<ContactId> getConnectedOrBetterContacts(TransportId t) {
+		synchronized (lock) {
+			List<TransportId> better = getBetterTransports(t);
+			List<ContactId> contactIds = new ArrayList<>();
+			for (Entry<ContactId, List<ConnectionRecord>> e :
+					contactConnections.entrySet()) {
+				for (ConnectionRecord rec : e.getValue()) {
+					if (rec.transportId.equals(t) ||
+							better.contains(rec.transportId)) {
+						contactIds.add(e.getKey());
+						break;
+					}
+				}
+			}
+			if (LOG.isLoggable(INFO)) {
+				LOG.info(contactIds.size()
+						+ " contacts connected or better: " + t);
+			}
+			return contactIds;
+		}
+	}
+
+	@Override
+	public boolean isConnected(ContactId c, TransportId t) {
+		synchronized (lock) {
+			List<ConnectionRecord> recs = contactConnections.get(c);
+			if (recs == null) return false;
+			for (ConnectionRecord rec : recs) {
+				if (rec.transportId.equals(t)) return true;
+			}
+			return false;
+		}
+	}
+
+	@Override
+	public boolean isConnected(ContactId c) {
+		synchronized (lock) {
+			return contactConnections.containsKey(c);
+		}
+	}
+
+	@Override
+	public boolean registerConnection(PendingContactId p) {
+		boolean added;
+		synchronized (lock) {
+			added = connectedPendingContacts.add(p);
+		}
+		if (added) eventBus.broadcast(new RendezvousConnectionOpenedEvent(p));
+		return added;
+	}
+
+	@Override
+	public void unregisterConnection(PendingContactId p, boolean success) {
+		synchronized (lock) {
+			if (!connectedPendingContacts.remove(p))
+				throw new IllegalArgumentException();
+		}
+		eventBus.broadcast(new RendezvousConnectionClosedEvent(p, success));
+	}
+
+	private static class ConnectionRecord {
+
+		private final TransportId transportId;
+		private final InterruptibleConnection conn;
+		@GuardedBy("lock")
+		@Nullable
+		private Priority priority = null;
+		@GuardedBy("lock")
+		private boolean interrupted = false;
+
+		private ConnectionRecord(TransportId transportId,
+				InterruptibleConnection conn) {
+			this.transportId = transportId;
+			this.conn = conn;
+		}
+
+		@Override
+		public boolean equals(Object o) {
+			if (o instanceof ConnectionRecord) {
+				return conn == ((ConnectionRecord) o).conn;
+			} else {
+				return false;
+			}
+		}
+
+		@Override
+		public int hashCode() {
+			return conn.hashCode();
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/DuplexSyncConnection.java

@@ -0,0 +1,104 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.connection.InterruptibleConnection;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.Priority;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.util.concurrent.Executor;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
+
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+
+@NotNullByDefault
+abstract class DuplexSyncConnection extends SyncConnection
+		implements InterruptibleConnection {
+
+	final Executor ioExecutor;
+	final TransportId transportId;
+	final TransportConnectionReader reader;
+	final TransportConnectionWriter writer;
+	final TransportProperties remote;
+
+	private final Object interruptLock = new Object();
+
+	@GuardedBy("interruptLock")
+	@Nullable
+	private SyncSession outgoingSession = null;
+	@GuardedBy("interruptLock")
+	private boolean interruptWaiting = false;
+
+	@Override
+	public void interruptOutgoingSession() {
+		synchronized (interruptLock) {
+			if (outgoingSession == null) interruptWaiting = true;
+			else outgoingSession.interrupt();
+		}
+	}
+
+	void setOutgoingSession(SyncSession outgoingSession) {
+		synchronized (interruptLock) {
+			this.outgoingSession = outgoingSession;
+			if (interruptWaiting) {
+				outgoingSession.interrupt();
+				interruptWaiting = false;
+			}
+		}
+	}
+
+	DuplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			Executor ioExecutor, TransportId transportId,
+			DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager);
+		this.ioExecutor = ioExecutor;
+		this.transportId = transportId;
+		reader = connection.getReader();
+		writer = connection.getWriter();
+		remote = connection.getRemoteProperties();
+	}
+
+	void onReadError(boolean recognised) {
+		disposeOnError(reader, recognised);
+		disposeOnError(writer);
+		interruptOutgoingSession();
+	}
+
+	void onWriteError() {
+		disposeOnError(reader, true);
+		disposeOnError(writer);
+	}
+
+	SyncSession createDuplexOutgoingSession(StreamContext ctx,
+			TransportConnectionWriter w, @Nullable Priority priority)
+			throws IOException {
+		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
+				w.getOutputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory.createDuplexOutgoingSession(c,
+				w.getMaxLatency(), w.getMaxIdleTime(), streamWriter, priority);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/HandshakeConnection.java

@@ -0,0 +1,72 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import javax.annotation.Nullable;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+abstract class HandshakeConnection extends Connection {
+
+	final HandshakeManager handshakeManager;
+	final ContactExchangeManager contactExchangeManager;
+	final ConnectionManager connectionManager;
+	final PendingContactId pendingContactId;
+	final TransportId transportId;
+	final DuplexTransportConnection connection;
+	final TransportConnectionReader reader;
+	final TransportConnectionWriter writer;
+
+	HandshakeConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionManager connectionManager,
+			PendingContactId pendingContactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory);
+		this.handshakeManager = handshakeManager;
+		this.contactExchangeManager = contactExchangeManager;
+		this.connectionManager = connectionManager;
+		this.pendingContactId = pendingContactId;
+		this.transportId = transportId;
+		this.connection = connection;
+		reader = connection.getReader();
+		writer = connection.getWriter();
+	}
+
+	@Nullable
+	StreamContext allocateStreamContext(PendingContactId pendingContactId,
+			TransportId transportId) {
+		try {
+			return keyManager.getStreamContext(pendingContactId, transportId);
+		} catch (DbException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
+	}
+
+	void onError(boolean recognised) {
+		disposeOnError(reader, recognised);
+		disposeOnError(writer);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingDuplexSyncConnection.java

@@ -0,0 +1,107 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.util.concurrent.Executor;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class IncomingDuplexSyncConnection extends DuplexSyncConnection
+		implements Runnable {
+
+	IncomingDuplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			Executor ioExecutor, TransportId transportId,
+			DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager, ioExecutor, transportId, connection);
+	}
+
+	@Override
+	public void run() {
+		// Read and recognise the tag
+		StreamContext ctx = recogniseTag(reader, transportId);
+		if (ctx == null) {
+			LOG.info("Unrecognised tag");
+			onReadError(false);
+			return;
+		}
+		ContactId contactId = ctx.getContactId();
+		if (contactId == null) {
+			LOG.warning("Expected contact tag, got rendezvous tag");
+			onReadError(true);
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Received handshake tag, expected rotation mode");
+			onReadError(true);
+			return;
+		}
+		connectionRegistry.registerConnection(contactId, transportId,
+				this, true);
+		// Start the outgoing session on another thread
+		ioExecutor.execute(() -> runOutgoingSession(contactId));
+		try {
+			// Store any transport properties discovered from the connection
+			transportPropertyManager.addRemotePropertiesFromConnection(
+					contactId, transportId, remote);
+			// Update the connection registry when we receive our priority
+			PriorityHandler handler = p -> connectionRegistry.setPriority(
+					contactId, transportId, this, p);
+			// Create and run the incoming session
+			createIncomingSession(ctx, reader, handler).run();
+			reader.dispose(false, true);
+			interruptOutgoingSession();
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, true, false);
+		} catch (DbException | IOException e) {
+			logException(LOG, WARNING, e);
+			onReadError(true);
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, true, true);
+		}
+	}
+
+	private void runOutgoingSession(ContactId contactId) {
+		// Allocate a stream context
+		StreamContext ctx = allocateStreamContext(contactId, transportId);
+		if (ctx == null) {
+			LOG.warning("Could not allocate stream context");
+			onWriteError();
+			return;
+		}
+		try {
+			// Create and run the outgoing session
+			SyncSession out = createDuplexOutgoingSession(ctx, writer, null);
+			setOutgoingSession(out);
+			out.run();
+			writer.dispose(false);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onWriteError();
+		}
+	}
+}
+

bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingHandshakeConnection.java

@@ -0,0 +1,93 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class IncomingHandshakeConnection extends HandshakeConnection
+		implements Runnable {
+
+	IncomingHandshakeConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionManager connectionManager,
+			PendingContactId pendingContactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, handshakeManager, contactExchangeManager,
+				connectionManager, pendingContactId, transportId, connection);
+	}
+
+	@Override
+	public void run() {
+		// Read and recognise the tag
+		StreamContext ctxIn = recogniseTag(reader, transportId);
+		if (ctxIn == null) {
+			LOG.info("Unrecognised tag");
+			onError(false);
+			return;
+		}
+		PendingContactId inPendingContactId = ctxIn.getPendingContactId();
+		if (inPendingContactId == null) {
+			LOG.warning("Expected rendezvous tag, got contact tag");
+			onError(true);
+			return;
+		}
+		// Allocate the outgoing stream context
+		StreamContext ctxOut =
+				allocateStreamContext(pendingContactId, transportId);
+		if (ctxOut == null) {
+			LOG.warning("Could not allocate stream context");
+			onError(true);
+			return;
+		}
+		// Close the connection if it's redundant
+		if (!connectionRegistry.registerConnection(pendingContactId)) {
+			LOG.info("Redundant rendezvous connection");
+			onError(true);
+			return;
+		}
+		// Handshake and exchange contacts
+		try {
+			InputStream in = streamReaderFactory.createStreamReader(
+					reader.getInputStream(), ctxIn);
+			// Flush the output stream to send the outgoing stream header
+			StreamWriter out = streamWriterFactory.createStreamWriter(
+					writer.getOutputStream(), ctxOut);
+			out.getOutputStream().flush();
+			HandshakeResult result =
+					handshakeManager.handshake(pendingContactId, in, out);
+			contactExchangeManager.exchangeContacts(pendingContactId,
+					connection, result.getMasterKey(), result.isAlice(), false);
+			connectionRegistry.unregisterConnection(pendingContactId, true);
+			// Reuse the connection as a transport connection
+			connectionManager.manageIncomingConnection(transportId, connection);
+		} catch (IOException | DbException e) {
+			logException(LOG, WARNING, e);
+			onError(true);
+			connectionRegistry.unregisterConnection(pendingContactId, false);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/IncomingSimplexSyncConnection.java

@@ -0,0 +1,79 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class IncomingSimplexSyncConnection extends SyncConnection implements Runnable {
+
+	private final TransportId transportId;
+	private final TransportConnectionReader reader;
+
+	IncomingSimplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			TransportId transportId, TransportConnectionReader reader) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager);
+		this.transportId = transportId;
+		this.reader = reader;
+	}
+
+	@Override
+	public void run() {
+		// Read and recognise the tag
+		StreamContext ctx = recogniseTag(reader, transportId);
+		if (ctx == null) {
+			LOG.info("Unrecognised tag");
+			onError(false);
+			return;
+		}
+		ContactId contactId = ctx.getContactId();
+		if (contactId == null) {
+			LOG.warning("Received rendezvous stream, expected contact");
+			onError(true);
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Received handshake tag, expected rotation mode");
+			onError(true);
+			return;
+		}
+		try {
+			// We don't expect to receive a priority for this connection
+			PriorityHandler handler = p ->
+					LOG.info("Ignoring priority for simplex connection");
+			// Create and run the incoming session
+			createIncomingSession(ctx, reader, handler).run();
+			reader.dispose(false, true);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onError(true);
+		}
+	}
+
+	private void onError(boolean recognised) {
+		disposeOnError(reader, recognised);
+	}
+}
+

bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingDuplexSyncConnection.java

@@ -0,0 +1,141 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.Priority;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+import java.util.concurrent.Executor;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.sync.SyncConstants.PRIORITY_NONCE_BYTES;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class OutgoingDuplexSyncConnection extends DuplexSyncConnection
+		implements Runnable {
+
+	private final SecureRandom secureRandom;
+	private final ContactId contactId;
+
+	OutgoingDuplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			Executor ioExecutor, SecureRandom secureRandom, ContactId contactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager, ioExecutor, transportId, connection);
+		this.secureRandom = secureRandom;
+		this.contactId = contactId;
+	}
+
+	@Override
+	public void run() {
+		// Allocate a stream context
+		StreamContext ctx = allocateStreamContext(contactId, transportId);
+		if (ctx == null) {
+			LOG.warning("Could not allocate stream context");
+			onWriteError();
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Cannot use handshake mode stream context");
+			onWriteError();
+			return;
+		}
+		// Start the incoming session on another thread
+		Priority priority = generatePriority();
+		ioExecutor.execute(() -> runIncomingSession(priority));
+		try {
+			// Create and run the outgoing session
+			SyncSession out =
+					createDuplexOutgoingSession(ctx, writer, priority);
+			setOutgoingSession(out);
+			out.run();
+			writer.dispose(false);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onWriteError();
+		}
+	}
+
+	private void runIncomingSession(Priority priority) {
+		// Read and recognise the tag
+		StreamContext ctx = recogniseTag(reader, transportId);
+		// Unrecognised tags are suspicious in this case
+		if (ctx == null) {
+			LOG.warning("Unrecognised tag for returning stream");
+			onReadError();
+			return;
+		}
+		// Check that the stream comes from the expected contact
+		ContactId inContactId = ctx.getContactId();
+		if (inContactId == null) {
+			LOG.warning("Expected contact tag, got rendezvous tag");
+			onReadError();
+			return;
+		}
+		if (!contactId.equals(inContactId)) {
+			LOG.warning("Wrong contact ID for returning stream");
+			onReadError();
+			return;
+		}
+		if (ctx.isHandshakeMode()) {
+			// TODO: Support handshake mode for contacts
+			LOG.warning("Received handshake tag, expected rotation mode");
+			onReadError();
+			return;
+		}
+		connectionRegistry.registerConnection(contactId, transportId,
+				this, false);
+		connectionRegistry.setPriority(contactId, transportId, this, priority);
+		try {
+			// Store any transport properties discovered from the connection
+			transportPropertyManager.addRemotePropertiesFromConnection(
+					contactId, transportId, remote);
+			// We don't expect to receive a priority for this connection
+			PriorityHandler handler = p ->
+					LOG.info("Ignoring priority for outgoing connection");
+			// Create and run the incoming session
+			createIncomingSession(ctx, reader, handler).run();
+			reader.dispose(false, true);
+			interruptOutgoingSession();
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, false, false);
+		} catch (DbException | IOException e) {
+			logException(LOG, WARNING, e);
+			onReadError();
+			connectionRegistry.unregisterConnection(contactId, transportId,
+					this, false, true);
+		}
+	}
+
+	private void onReadError() {
+		// 'Recognised' is always true for outgoing connections
+		onReadError(true);
+	}
+
+	private Priority generatePriority() {
+		byte[] nonce = new byte[PRIORITY_NONCE_BYTES];
+		secureRandom.nextBytes(nonce);
+		return new Priority(nonce);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingHandshakeConnection.java

@@ -0,0 +1,115 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.Contact;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class OutgoingHandshakeConnection extends HandshakeConnection
+		implements Runnable {
+
+	OutgoingHandshakeConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			HandshakeManager handshakeManager,
+			ContactExchangeManager contactExchangeManager,
+			ConnectionManager connectionManager,
+			PendingContactId pendingContactId,
+			TransportId transportId, DuplexTransportConnection connection) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, handshakeManager, contactExchangeManager,
+				connectionManager, pendingContactId, transportId, connection);
+	}
+
+	@Override
+	public void run() {
+		// Allocate the outgoing stream context
+		StreamContext ctxOut =
+				allocateStreamContext(pendingContactId, transportId);
+		if (ctxOut == null) {
+			LOG.warning("Could not allocate stream context");
+			onError();
+			return;
+		}
+		// Flush the output stream to send the outgoing stream header
+		StreamWriter out;
+		try {
+			out = streamWriterFactory.createStreamWriter(
+					writer.getOutputStream(), ctxOut);
+			out.getOutputStream().flush();
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onError();
+			return;
+		}
+		// Read and recognise the tag
+		StreamContext ctxIn = recogniseTag(reader, transportId);
+		// Unrecognised tags are suspicious in this case
+		if (ctxIn == null) {
+			LOG.warning("Unrecognised tag for returning stream");
+			onError();
+			return;
+		}
+		// Check that the stream comes from the expected pending contact
+		PendingContactId inPendingContactId = ctxIn.getPendingContactId();
+		if (inPendingContactId == null) {
+			LOG.warning("Expected rendezvous tag, got contact tag");
+			onError();
+			return;
+		}
+		if (!inPendingContactId.equals(pendingContactId)) {
+			LOG.warning("Wrong pending contact ID for returning stream");
+			onError();
+			return;
+		}
+		// Close the connection if it's redundant
+		if (!connectionRegistry.registerConnection(pendingContactId)) {
+			LOG.info("Redundant rendezvous connection");
+			onError();
+			return;
+		}
+		// Handshake and exchange contacts
+		try {
+			InputStream in = streamReaderFactory.createStreamReader(
+					reader.getInputStream(), ctxIn);
+			HandshakeResult result =
+					handshakeManager.handshake(pendingContactId, in, out);
+			Contact contact = contactExchangeManager.exchangeContacts(
+					pendingContactId, connection, result.getMasterKey(),
+					result.isAlice(), false);
+			connectionRegistry.unregisterConnection(pendingContactId, true);
+			// Reuse the connection as a transport connection
+			connectionManager.manageOutgoingConnection(contact.getId(),
+					transportId, connection);
+		} catch (IOException | DbException e) {
+			logException(LOG, WARNING, e);
+			onError();
+			connectionRegistry.unregisterConnection(pendingContactId, false);
+		}
+	}
+
+	private void onError() {
+		// 'Recognised' is always true for outgoing connections
+		onError(true);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/connection/OutgoingSimplexSyncConnection.java

@@ -0,0 +1,78 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class OutgoingSimplexSyncConnection extends SyncConnection implements Runnable {
+
+	private final ContactId contactId;
+	private final TransportId transportId;
+	private final TransportConnectionWriter writer;
+
+	OutgoingSimplexSyncConnection(KeyManager keyManager,
+			ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager,
+			ContactId contactId, TransportId transportId,
+			TransportConnectionWriter writer) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory, syncSessionFactory,
+				transportPropertyManager);
+		this.contactId = contactId;
+		this.transportId = transportId;
+		this.writer = writer;
+	}
+
+	@Override
+	public void run() {
+		// Allocate a stream context
+		StreamContext ctx = allocateStreamContext(contactId, transportId);
+		if (ctx == null) {
+			LOG.warning("Could not allocate stream context");
+			onError();
+			return;
+		}
+		try {
+			// Create and run the outgoing session
+			createSimplexOutgoingSession(ctx, writer).run();
+			writer.dispose(false);
+		} catch (IOException e) {
+			logException(LOG, WARNING, e);
+			onError();
+		}
+	}
+
+	private void onError() {
+		disposeOnError(writer);
+	}
+
+	private SyncSession createSimplexOutgoingSession(StreamContext ctx,
+			TransportConnectionWriter w) throws IOException {
+		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
+				w.getOutputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory.createSimplexOutgoingSession(c,
+				w.getMaxLatency(), streamWriter);
+	}
+}
+

bramble-core/src/main/java/org/briarproject/bramble/connection/SyncConnection.java

@@ -0,0 +1,64 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.sync.PriorityHandler;
+import org.briarproject.bramble.api.sync.SyncSession;
+import org.briarproject.bramble.api.sync.SyncSessionFactory;
+import org.briarproject.bramble.api.transport.KeyManager;
+import org.briarproject.bramble.api.transport.StreamContext;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.annotation.Nullable;
+
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+@NotNullByDefault
+class SyncConnection extends Connection {
+
+	final SyncSessionFactory syncSessionFactory;
+	final TransportPropertyManager transportPropertyManager;
+
+	SyncConnection(KeyManager keyManager, ConnectionRegistry connectionRegistry,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory,
+			SyncSessionFactory syncSessionFactory,
+			TransportPropertyManager transportPropertyManager) {
+		super(keyManager, connectionRegistry, streamReaderFactory,
+				streamWriterFactory);
+		this.syncSessionFactory = syncSessionFactory;
+		this.transportPropertyManager = transportPropertyManager;
+	}
+
+	@Nullable
+	StreamContext allocateStreamContext(ContactId contactId,
+			TransportId transportId) {
+		try {
+			return keyManager.getStreamContext(contactId, transportId);
+		} catch (DbException e) {
+			logException(LOG, WARNING, e);
+			return null;
+		}
+	}
+
+	SyncSession createIncomingSession(StreamContext ctx,
+			TransportConnectionReader r, PriorityHandler handler)
+			throws IOException {
+		InputStream streamReader = streamReaderFactory.createStreamReader(
+				r.getInputStream(), ctx);
+		ContactId c = requireNonNull(ctx.getContactId());
+		return syncSessionFactory
+				.createIncomingSession(c, streamReader, handler);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java

@@ -7,6 +7,7 @@ import net.i2p.crypto.eddsa.KeyPairGenerator;
 import org.briarproject.bramble.api.crypto.AgreementPrivateKey;
 import org.briarproject.bramble.api.crypto.AgreementPublicKey;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.KeyParser;
 import org.briarproject.bramble.api.crypto.KeyStrengthener;
@@ -39,6 +40,9 @@ import static java.lang.System.arraycopy;
 import static java.util.logging.Level.INFO;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_CIPHERTEXT;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_PASSWORD;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.KEY_STRENGTHENER_ERROR;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
 import static org.briarproject.bramble.util.LogUtils.logDuration;
 import static org.briarproject.bramble.util.LogUtils.now;
@@ -359,16 +363,17 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	@Nullable
 	public byte[] decryptWithPassword(byte[] input, String password,
-			@Nullable KeyStrengthener keyStrengthener) {
+			@Nullable KeyStrengthener keyStrengthener)
+			throws DecryptionException {
 		AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();
 		int macBytes = cipher.getMacBytes();
 		// The input contains the format version, salt, cost parameter, IV,
 		// ciphertext and MAC
 		if (input.length < 1 + PBKDF_SALT_BYTES + INT_32_BYTES
-				+ STORAGE_IV_BYTES + macBytes)
+				+ STORAGE_IV_BYTES + macBytes) {
-			return null; // Invalid input
+			throw new DecryptionException(INVALID_CIPHERTEXT);
+		}
 		int inputOff = 0;
 		// Format version
 		byte formatVersion = input[inputOff];
@@ -376,7 +381,7 @@ class CryptoComponentImpl implements CryptoComponent {
 		// Check whether we support this format version
 		if (formatVersion != PBKDF_FORMAT_SCRYPT &&
 				formatVersion != PBKDF_FORMAT_SCRYPT_STRENGTHENED) {
-			return null;
+			throw new DecryptionException(INVALID_CIPHERTEXT);
 		}
 		// Salt
 		byte[] salt = new byte[PBKDF_SALT_BYTES];
@@ -385,8 +390,9 @@ class CryptoComponentImpl implements CryptoComponent {
 		// Cost parameter
 		long cost = ByteUtils.readUint32(input, inputOff);
 		inputOff += INT_32_BYTES;
-		if (cost < 2 || cost > Integer.MAX_VALUE)
+		if (cost < 2 || cost > Integer.MAX_VALUE) {
-			return null; // Invalid cost parameter
+			throw new DecryptionException(INVALID_CIPHERTEXT);
+		}
 		// IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
 		arraycopy(input, inputOff, iv, 0, iv.length);
@@ -394,8 +400,10 @@ class CryptoComponentImpl implements CryptoComponent {
 		// Derive the decryption key from the password
 		SecretKey key = passwordBasedKdf.deriveKey(password, salt, (int) cost);
 		if (formatVersion == PBKDF_FORMAT_SCRYPT_STRENGTHENED) {
-			if (keyStrengthener == null || !keyStrengthener.isInitialised())
+			if (keyStrengthener == null || !keyStrengthener.isInitialised()) {
-				return null; // Can't derive the same strengthened key
+				// Can't derive the same strengthened key
+				throw new DecryptionException(KEY_STRENGTHENER_ERROR);
+			}
 			key = keyStrengthener.strengthenKey(key);
 		}
 		// Initialise the cipher
@@ -411,7 +419,7 @@ class CryptoComponentImpl implements CryptoComponent {
 			cipher.process(input, inputOff, inputLen, output, 0);
 			return output;
 		} catch (GeneralSecurityException e) {
-			return null; // Invalid ciphertext
+			throw new DecryptionException(INVALID_PASSWORD);
 		}
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/db/H2Database.java

@@ -25,6 +25,7 @@ import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
+import static org.briarproject.bramble.util.IoUtils.isNonEmptyDirectory;
 import static org.briarproject.bramble.util.LogUtils.logFileOrDir;
 
 /**
@@ -69,8 +70,9 @@ class H2Database extends JdbcDatabase {
 			LOG.info("Contents of account directory before opening DB:");
 			logFileOrDir(LOG, INFO, dir.getParentFile());
 		}
-		boolean reopen = !dir.mkdirs();
+		boolean reopen = isNonEmptyDirectory(dir);
 		if (LOG.isLoggable(INFO)) LOG.info("Reopening DB: " + reopen);
+		if (!reopen && dir.mkdirs()) LOG.info("Created database directory");
 		super.open("org.h2.Driver", reopen, key, listener);
 		if (LOG.isLoggable(INFO)) {
 			LOG.info("Contents of account directory after opening DB:");

bramble-core/src/main/java/org/briarproject/bramble/db/HyperSqlDatabase.java

@@ -20,9 +20,11 @@ import java.util.logging.Logger;
 import javax.annotation.Nullable;
 import javax.inject.Inject;
 
+import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.db.JdbcUtils.tryToClose;
+import static org.briarproject.bramble.util.IoUtils.isNonEmptyDirectory;
 
 /**
  * Contains all the HSQLDB-specific code for the database.
@@ -64,7 +66,10 @@ class HyperSqlDatabase extends JdbcDatabase {
 	public boolean open(SecretKey key, @Nullable MigrationListener listener)
 			throws DbException {
 		this.key = key;
-		boolean reopen = !config.getDatabaseDirectory().mkdirs();
+		File dir = config.getDatabaseDirectory();
+		boolean reopen = isNonEmptyDirectory(dir);
+		if (LOG.isLoggable(INFO)) LOG.info("Reopening DB: " + reopen);
+		if (!reopen && dir.mkdirs()) LOG.info("Created database directory");
 		super.open("org.hsqldb.jdbc.JDBCDriver", reopen, key, listener);
 		return reopen;
 	}

bramble-core/src/main/java/org/briarproject/bramble/io/IoModule.java

@@ -0,0 +1,18 @@
+package org.briarproject.bramble.io;
+
+import org.briarproject.bramble.api.io.TimeoutMonitor;
+
+import javax.inject.Singleton;
+
+import dagger.Module;
+import dagger.Provides;
+
+@Module
+public class IoModule {
+
+	@Provides
+	@Singleton
+	TimeoutMonitor provideTimeoutMonitor(TimeoutMonitorImpl timeoutMonitor) {
+		return timeoutMonitor;
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/io/TimeoutInputStream.java

@@ -0,0 +1,104 @@
+package org.briarproject.bramble.io;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.Clock;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.annotation.concurrent.GuardedBy;
+
+@NotNullByDefault
+class TimeoutInputStream extends InputStream {
+
+	private final Clock clock;
+	private final InputStream in;
+	private final long timeoutMs;
+	private final CloseListener listener;
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private long readStartedMs = -1;
+
+	TimeoutInputStream(Clock clock, InputStream in, long timeoutMs,
+			CloseListener listener) {
+		this.clock = clock;
+		this.in = in;
+		this.timeoutMs = timeoutMs;
+		this.listener = listener;
+	}
+
+	@Override
+	public int read() throws IOException {
+		synchronized (lock) {
+			readStartedMs = clock.currentTimeMillis();
+		}
+		int input = in.read();
+		synchronized (lock) {
+			readStartedMs = -1;
+		}
+		return input;
+	}
+
+	@Override
+	public int read(byte[] b) throws IOException {
+		return read(b, 0, b.length);
+	}
+
+	@Override
+	public int read(byte[] b, int off, int len) throws IOException {
+		synchronized (lock) {
+			readStartedMs = clock.currentTimeMillis();
+		}
+		int read = in.read(b, off, len);
+		synchronized (lock) {
+			readStartedMs = -1;
+		}
+		return read;
+	}
+
+	@Override
+	public void close() throws IOException {
+		try {
+			in.close();
+		} finally {
+			listener.onClose(this);
+		}
+	}
+
+	@Override
+	public int available() throws IOException {
+		return in.available();
+	}
+
+	@Override
+	public void mark(int readlimit) {
+		in.mark(readlimit);
+	}
+
+	@Override
+	public boolean markSupported() {
+		return in.markSupported();
+	}
+
+	@Override
+	public void reset() throws IOException {
+		in.reset();
+	}
+
+	@Override
+	public long skip(long n) throws IOException {
+		return in.skip(n);
+	}
+
+	boolean hasTimedOut() {
+		synchronized (lock) {
+			return readStartedMs != -1 &&
+					clock.currentTimeMillis() - readStartedMs > timeoutMs;
+		}
+	}
+
+	interface CloseListener {
+
+		void onClose(TimeoutInputStream closed);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/io/TimeoutMonitorImpl.java

@@ -0,0 +1,96 @@
+package org.briarproject.bramble.io;
+
+import org.briarproject.bramble.api.io.TimeoutMonitor;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
+import org.briarproject.bramble.api.system.Clock;
+import org.briarproject.bramble.api.system.Scheduler;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.Executor;
+import java.util.concurrent.Future;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.logging.Logger;
+
+import javax.annotation.concurrent.GuardedBy;
+import javax.inject.Inject;
+
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static java.util.concurrent.TimeUnit.SECONDS;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.util.LogUtils.logException;
+
+class TimeoutMonitorImpl implements TimeoutMonitor {
+
+	private static final Logger LOG =
+			getLogger(TimeoutMonitorImpl.class.getName());
+
+	private static final long CHECK_INTERVAL_MS = SECONDS.toMillis(10);
+
+	private final ScheduledExecutorService scheduler;
+	private final Executor ioExecutor;
+	private final Clock clock;
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private final List<TimeoutInputStream> streams = new ArrayList<>();
+
+	@GuardedBy("lock")
+	private Future<?> task = null;
+
+	@Inject
+	TimeoutMonitorImpl(@Scheduler ScheduledExecutorService scheduler,
+			@IoExecutor Executor ioExecutor, Clock clock) {
+		this.scheduler = scheduler;
+		this.ioExecutor = ioExecutor;
+		this.clock = clock;
+	}
+
+	@Override
+	public InputStream createTimeoutInputStream(InputStream in,
+			long timeoutMs) {
+		TimeoutInputStream stream = new TimeoutInputStream(clock, in,
+				timeoutMs, this::removeStream);
+		synchronized (lock) {
+			if (streams.isEmpty()) {
+				task = scheduler.scheduleWithFixedDelay(this::checkTimeouts,
+						CHECK_INTERVAL_MS, CHECK_INTERVAL_MS, MILLISECONDS);
+			}
+			streams.add(stream);
+		}
+		return stream;
+	}
+
+	private void removeStream(TimeoutInputStream stream) {
+		Future<?> toCancel = null;
+		synchronized (lock) {
+			if (streams.remove(stream) && streams.isEmpty()) {
+				toCancel = task;
+				task = null;
+			}
+		}
+		if (toCancel != null) toCancel.cancel(false);
+	}
+
+	@Scheduler
+	private void checkTimeouts() {
+		ioExecutor.execute(() -> {
+			List<TimeoutInputStream> snapshot;
+			synchronized (lock) {
+				snapshot = new ArrayList<>(streams);
+			}
+			for (TimeoutInputStream stream : snapshot) {
+				if (stream.hasTimedOut()) {
+					LOG.info("Input stream has timed out");
+					try {
+						stream.close();
+					} catch (IOException e) {
+						logException(LOG, INFO, e);
+					}
+				}
+			}
+		});
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/plugin/ConnectionManagerImpl.java

@@ -1,694 +0,0 @@
-package org.briarproject.bramble.plugin;
-
-import org.briarproject.bramble.api.contact.Contact;
-import org.briarproject.bramble.api.contact.ContactExchangeManager;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.HandshakeManager;
-import org.briarproject.bramble.api.contact.HandshakeManager.HandshakeResult;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.sync.SyncSession;
-import org.briarproject.bramble.api.sync.SyncSessionFactory;
-import org.briarproject.bramble.api.transport.KeyManager;
-import org.briarproject.bramble.api.transport.StreamContext;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriter;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.concurrent.Executor;
-import java.util.logging.Logger;
-
-import javax.annotation.Nullable;
-import javax.inject.Inject;
-
-import static java.util.logging.Level.WARNING;
-import static java.util.logging.Logger.getLogger;
-import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
-import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
-import static org.briarproject.bramble.util.IoUtils.read;
-import static org.briarproject.bramble.util.LogUtils.logException;
-
-@NotNullByDefault
-class ConnectionManagerImpl implements ConnectionManager {
-
-	private static final Logger LOG =
-			getLogger(ConnectionManagerImpl.class.getName());
-
-	private final Executor ioExecutor;
-	private final KeyManager keyManager;
-	private final StreamReaderFactory streamReaderFactory;
-	private final StreamWriterFactory streamWriterFactory;
-	private final SyncSessionFactory syncSessionFactory;
-	private final HandshakeManager handshakeManager;
-	private final ContactExchangeManager contactExchangeManager;
-	private final ConnectionRegistry connectionRegistry;
-
-	@Inject
-	ConnectionManagerImpl(@IoExecutor Executor ioExecutor,
-			KeyManager keyManager, StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory,
-			SyncSessionFactory syncSessionFactory,
-			HandshakeManager handshakeManager,
-			ContactExchangeManager contactExchangeManager,
-			ConnectionRegistry connectionRegistry) {
-		this.ioExecutor = ioExecutor;
-		this.keyManager = keyManager;
-		this.streamReaderFactory = streamReaderFactory;
-		this.streamWriterFactory = streamWriterFactory;
-		this.syncSessionFactory = syncSessionFactory;
-		this.handshakeManager = handshakeManager;
-		this.contactExchangeManager = contactExchangeManager;
-		this.connectionRegistry = connectionRegistry;
-	}
-
-	@Override
-	public void manageIncomingConnection(TransportId t,
-			TransportConnectionReader r) {
-		ioExecutor.execute(new ManageIncomingSimplexConnection(t, r));
-	}
-
-	@Override
-	public void manageIncomingConnection(TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new ManageIncomingDuplexConnection(t, d));
-	}
-
-	@Override
-	public void manageIncomingConnection(PendingContactId p, TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new ManageIncomingHandshakeConnection(p, t, d));
-	}
-
-	@Override
-	public void manageOutgoingConnection(ContactId c, TransportId t,
-			TransportConnectionWriter w) {
-		ioExecutor.execute(new ManageOutgoingSimplexConnection(c, t, w));
-	}
-
-	@Override
-	public void manageOutgoingConnection(ContactId c, TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new ManageOutgoingDuplexConnection(c, t, d));
-	}
-
-	@Override
-	public void manageOutgoingConnection(PendingContactId p, TransportId t,
-			DuplexTransportConnection d) {
-		ioExecutor.execute(new ManageOutgoingHandshakeConnection(p, t, d));
-	}
-
-	private byte[] readTag(InputStream in) throws IOException {
-		byte[] tag = new byte[TAG_LENGTH];
-		read(in, tag);
-		return tag;
-	}
-
-	private SyncSession createIncomingSession(StreamContext ctx,
-			TransportConnectionReader r) throws IOException {
-		InputStream streamReader = streamReaderFactory.createStreamReader(
-				r.getInputStream(), ctx);
-		ContactId c = requireNonNull(ctx.getContactId());
-		return syncSessionFactory.createIncomingSession(c, streamReader);
-	}
-
-	private SyncSession createSimplexOutgoingSession(StreamContext ctx,
-			TransportConnectionWriter w) throws IOException {
-		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
-				w.getOutputStream(), ctx);
-		ContactId c = requireNonNull(ctx.getContactId());
-		return syncSessionFactory.createSimplexOutgoingSession(c,
-				w.getMaxLatency(), streamWriter);
-	}
-
-	private SyncSession createDuplexOutgoingSession(StreamContext ctx,
-			TransportConnectionWriter w) throws IOException {
-		StreamWriter streamWriter = streamWriterFactory.createStreamWriter(
-				w.getOutputStream(), ctx);
-		ContactId c = requireNonNull(ctx.getContactId());
-		return syncSessionFactory.createDuplexOutgoingSession(c,
-				w.getMaxLatency(), w.getMaxIdleTime(), streamWriter);
-	}
-
-	private void disposeOnError(TransportConnectionReader reader,
-			boolean recognised) {
-		try {
-			reader.dispose(true, recognised);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-		}
-	}
-
-	private void disposeOnError(TransportConnectionWriter writer) {
-		try {
-			writer.dispose(true);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-		}
-	}
-
-	private class ManageIncomingSimplexConnection implements Runnable {
-
-		private final TransportId transportId;
-		private final TransportConnectionReader reader;
-
-		private ManageIncomingSimplexConnection(TransportId transportId,
-				TransportConnectionReader reader) {
-			this.transportId = transportId;
-			this.reader = reader;
-		}
-
-		@Override
-		public void run() {
-			// Read and recognise the tag
-			StreamContext ctx;
-			try {
-				byte[] tag = readTag(reader.getInputStream());
-				ctx = keyManager.getStreamContext(transportId, tag);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onError(false);
-				return;
-			}
-			if (ctx == null) {
-				LOG.info("Unrecognised tag");
-				onError(false);
-				return;
-			}
-			ContactId contactId = ctx.getContactId();
-			if (contactId == null) {
-				LOG.warning("Received rendezvous stream, expected contact");
-				onError(true);
-				return;
-			}
-			if (ctx.isHandshakeMode()) {
-				// TODO: Support handshake mode for contacts
-				LOG.warning("Received handshake tag, expected rotation mode");
-				onError(true);
-				return;
-			}
-			connectionRegistry.registerConnection(contactId, transportId, true);
-			try {
-				// Create and run the incoming session
-				createIncomingSession(ctx, reader).run();
-				reader.dispose(false, true);
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onError(true);
-			} finally {
-				connectionRegistry.unregisterConnection(contactId, transportId,
-						true);
-			}
-		}
-
-		private void onError(boolean recognised) {
-			disposeOnError(reader, recognised);
-		}
-	}
-
-	private class ManageOutgoingSimplexConnection implements Runnable {
-
-		private final ContactId contactId;
-		private final TransportId transportId;
-		private final TransportConnectionWriter writer;
-
-		private ManageOutgoingSimplexConnection(ContactId contactId,
-				TransportId transportId, TransportConnectionWriter writer) {
-			this.contactId = contactId;
-			this.transportId = transportId;
-			this.writer = writer;
-		}
-
-		@Override
-		public void run() {
-			// Allocate a stream context
-			StreamContext ctx;
-			try {
-				ctx = keyManager.getStreamContext(contactId, transportId);
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-				onError();
-				return;
-			}
-			if (ctx == null) {
-				LOG.warning("Could not allocate stream context");
-				onError();
-				return;
-			}
-			connectionRegistry.registerConnection(contactId, transportId,
-					false);
-			try {
-				// Create and run the outgoing session
-				createSimplexOutgoingSession(ctx, writer).run();
-				writer.dispose(false);
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onError();
-			} finally {
-				connectionRegistry.unregisterConnection(contactId, transportId,
-						false);
-			}
-		}
-
-		private void onError() {
-			disposeOnError(writer);
-		}
-	}
-
-	private class ManageIncomingDuplexConnection implements Runnable {
-
-		private final TransportId transportId;
-		private final TransportConnectionReader reader;
-		private final TransportConnectionWriter writer;
-
-		@Nullable
-		private volatile SyncSession outgoingSession = null;
-
-		private ManageIncomingDuplexConnection(TransportId transportId,
-				DuplexTransportConnection connection) {
-			this.transportId = transportId;
-			reader = connection.getReader();
-			writer = connection.getWriter();
-		}
-
-		@Override
-		public void run() {
-			// Read and recognise the tag
-			StreamContext ctx;
-			try {
-				byte[] tag = readTag(reader.getInputStream());
-				ctx = keyManager.getStreamContext(transportId, tag);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onReadError(false);
-				return;
-			}
-			if (ctx == null) {
-				LOG.info("Unrecognised tag");
-				onReadError(false);
-				return;
-			}
-			ContactId contactId = ctx.getContactId();
-			if (contactId == null) {
-				LOG.warning("Expected contact tag, got rendezvous tag");
-				onReadError(true);
-				return;
-			}
-			if (ctx.isHandshakeMode()) {
-				// TODO: Support handshake mode for contacts
-				LOG.warning("Received handshake tag, expected rotation mode");
-				onReadError(true);
-				return;
-			}
-			connectionRegistry.registerConnection(contactId, transportId, true);
-			// Start the outgoing session on another thread
-			ioExecutor.execute(() -> runOutgoingSession(contactId));
-			try {
-				// Create and run the incoming session
-				createIncomingSession(ctx, reader).run();
-				reader.dispose(false, true);
-				// Interrupt the outgoing session so it finishes cleanly
-				SyncSession out = outgoingSession;
-				if (out != null) out.interrupt();
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onReadError(true);
-			} finally {
-				connectionRegistry.unregisterConnection(contactId, transportId,
-						true);
-			}
-		}
-
-		private void runOutgoingSession(ContactId contactId) {
-			// Allocate a stream context
-			StreamContext ctx;
-			try {
-				ctx = keyManager.getStreamContext(contactId, transportId);
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-				onWriteError();
-				return;
-			}
-			if (ctx == null) {
-				LOG.warning("Could not allocate stream context");
-				onWriteError();
-				return;
-			}
-			try {
-				// Create and run the outgoing session
-				SyncSession out = createDuplexOutgoingSession(ctx, writer);
-				outgoingSession = out;
-				out.run();
-				writer.dispose(false);
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onWriteError();
-			}
-		}
-
-		private void onReadError(boolean recognised) {
-			disposeOnError(reader, recognised);
-			disposeOnError(writer);
-			// Interrupt the outgoing session so it finishes
-			SyncSession out = outgoingSession;
-			if (out != null) out.interrupt();
-		}
-
-		private void onWriteError() {
-			disposeOnError(reader, true);
-			disposeOnError(writer);
-		}
-	}
-
-	private class ManageOutgoingDuplexConnection implements Runnable {
-
-		private final ContactId contactId;
-		private final TransportId transportId;
-		private final TransportConnectionReader reader;
-		private final TransportConnectionWriter writer;
-
-		@Nullable
-		private volatile SyncSession outgoingSession = null;
-
-		private ManageOutgoingDuplexConnection(ContactId contactId,
-				TransportId transportId, DuplexTransportConnection connection) {
-			this.contactId = contactId;
-			this.transportId = transportId;
-			reader = connection.getReader();
-			writer = connection.getWriter();
-		}
-
-		@Override
-		public void run() {
-			// Allocate a stream context
-			StreamContext ctx;
-			try {
-				ctx = keyManager.getStreamContext(contactId, transportId);
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-				onWriteError();
-				return;
-			}
-			if (ctx == null) {
-				LOG.warning("Could not allocate stream context");
-				onWriteError();
-				return;
-			}
-			if (ctx.isHandshakeMode()) {
-				// TODO: Support handshake mode for contacts
-				LOG.warning("Cannot use handshake mode stream context");
-				onWriteError();
-				return;
-			}
-			// Start the incoming session on another thread
-			ioExecutor.execute(this::runIncomingSession);
-			try {
-				// Create and run the outgoing session
-				SyncSession out = createDuplexOutgoingSession(ctx, writer);
-				outgoingSession = out;
-				out.run();
-				writer.dispose(false);
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onWriteError();
-			}
-		}
-
-		private void runIncomingSession() {
-			// Read and recognise the tag
-			StreamContext ctx;
-			try {
-				byte[] tag = readTag(reader.getInputStream());
-				ctx = keyManager.getStreamContext(transportId, tag);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onReadError();
-				return;
-			}
-			// Unrecognised tags are suspicious in this case
-			if (ctx == null) {
-				LOG.warning("Unrecognised tag for returning stream");
-				onReadError();
-				return;
-			}
-			// Check that the stream comes from the expected contact
-			ContactId inContactId = ctx.getContactId();
-			if (inContactId == null) {
-				LOG.warning("Expected contact tag, got rendezvous tag");
-				onReadError();
-				return;
-			}
-			if (!contactId.equals(inContactId)) {
-				LOG.warning("Wrong contact ID for returning stream");
-				onReadError();
-				return;
-			}
-			if (ctx.isHandshakeMode()) {
-				// TODO: Support handshake mode for contacts
-				LOG.warning("Received handshake tag, expected rotation mode");
-				onReadError();
-				return;
-			}
-			connectionRegistry.registerConnection(contactId, transportId,
-					false);
-			try {
-				// Create and run the incoming session
-				createIncomingSession(ctx, reader).run();
-				reader.dispose(false, true);
-				// Interrupt the outgoing session so it finishes cleanly
-				SyncSession out = outgoingSession;
-				if (out != null) out.interrupt();
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onReadError();
-			} finally {
-				connectionRegistry.unregisterConnection(contactId, transportId,
-						false);
-			}
-		}
-
-		private void onReadError() {
-			// 'Recognised' is always true for outgoing connections
-			disposeOnError(reader, true);
-			disposeOnError(writer);
-			// Interrupt the outgoing session so it finishes
-			SyncSession out = outgoingSession;
-			if (out != null) out.interrupt();
-		}
-
-		private void onWriteError() {
-			disposeOnError(reader, true);
-			disposeOnError(writer);
-		}
-	}
-
-	private class ManageIncomingHandshakeConnection implements Runnable {
-
-		private final PendingContactId pendingContactId;
-		private final TransportId transportId;
-		private final DuplexTransportConnection connection;
-		private final TransportConnectionReader reader;
-		private final TransportConnectionWriter writer;
-
-		private ManageIncomingHandshakeConnection(
-				PendingContactId pendingContactId, TransportId transportId,
-				DuplexTransportConnection connection) {
-			this.pendingContactId = pendingContactId;
-			this.transportId = transportId;
-			this.connection = connection;
-			reader = connection.getReader();
-			writer = connection.getWriter();
-		}
-
-		@Override
-		public void run() {
-			// Read and recognise the tag
-			StreamContext ctxIn;
-			try {
-				byte[] tag = readTag(reader.getInputStream());
-				ctxIn = keyManager.getStreamContext(transportId, tag);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onError(false);
-				return;
-			}
-			if (ctxIn == null) {
-				LOG.info("Unrecognised tag");
-				onError(false);
-				return;
-			}
-			PendingContactId inPendingContactId = ctxIn.getPendingContactId();
-			if (inPendingContactId == null) {
-				LOG.warning("Expected rendezvous tag, got contact tag");
-				onError(true);
-				return;
-			}
-			// Allocate the outgoing stream context
-			StreamContext ctxOut;
-			try {
-				ctxOut = keyManager.getStreamContext(pendingContactId,
-						transportId);
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-				onError(true);
-				return;
-			}
-			if (ctxOut == null) {
-				LOG.warning("Could not allocate stream context");
-				onError(true);
-				return;
-			}
-			// Close the connection if it's redundant
-			if (!connectionRegistry.registerConnection(pendingContactId)) {
-				LOG.info("Redundant rendezvous connection");
-				onError(true);
-				return;
-			}
-			// Handshake and exchange contacts
-			try {
-				InputStream in = streamReaderFactory.createStreamReader(
-						reader.getInputStream(), ctxIn);
-				// Flush the output stream to send the outgoing stream header
-				StreamWriter out = streamWriterFactory.createStreamWriter(
-						writer.getOutputStream(), ctxOut);
-				out.getOutputStream().flush();
-				HandshakeResult result = handshakeManager.handshake(
-						pendingContactId, in, out);
-				Contact contact = contactExchangeManager.exchangeContacts(
-						pendingContactId, connection, result.getMasterKey(),
-						result.isAlice(), false);
-				connectionRegistry.unregisterConnection(pendingContactId, true);
-				// Reuse the connection as a transport connection
-				manageOutgoingConnection(contact.getId(), transportId,
-						connection);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onError(true);
-				connectionRegistry.unregisterConnection(pendingContactId,
-						false);
-			}
-		}
-
-		private void onError(boolean recognised) {
-			disposeOnError(reader, recognised);
-			disposeOnError(writer);
-		}
-	}
-
-	private class ManageOutgoingHandshakeConnection implements Runnable {
-
-		private final PendingContactId pendingContactId;
-		private final TransportId transportId;
-		private final DuplexTransportConnection connection;
-		private final TransportConnectionReader reader;
-		private final TransportConnectionWriter writer;
-
-		private ManageOutgoingHandshakeConnection(
-				PendingContactId pendingContactId, TransportId transportId,
-				DuplexTransportConnection connection) {
-			this.pendingContactId = pendingContactId;
-			this.transportId = transportId;
-			this.connection = connection;
-			reader = connection.getReader();
-			writer = connection.getWriter();
-		}
-
-		@Override
-		public void run() {
-			// Allocate the outgoing stream context
-			StreamContext ctxOut;
-			try {
-				ctxOut = keyManager.getStreamContext(pendingContactId,
-						transportId);
-			} catch (DbException e) {
-				logException(LOG, WARNING, e);
-				onError();
-				return;
-			}
-			if (ctxOut == null) {
-				LOG.warning("Could not allocate stream context");
-				onError();
-				return;
-			}
-			// Flush the output stream to send the outgoing stream header
-			StreamWriter out;
-			try {
-				out = streamWriterFactory.createStreamWriter(
-						writer.getOutputStream(), ctxOut);
-				out.getOutputStream().flush();
-			} catch (IOException e) {
-				logException(LOG, WARNING, e);
-				onError();
-				return;
-			}
-			// Read and recognise the tag
-			StreamContext ctxIn;
-			try {
-				byte[] tag = readTag(reader.getInputStream());
-				ctxIn = keyManager.getStreamContext(transportId, tag);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onError();
-				return;
-			}
-			// Unrecognised tags are suspicious in this case
-			if (ctxIn == null) {
-				LOG.warning("Unrecognised tag for returning stream");
-				onError();
-				return;
-			}
-			// Check that the stream comes from the expected pending contact
-			PendingContactId inPendingContactId = ctxIn.getPendingContactId();
-			if (inPendingContactId == null) {
-				LOG.warning("Expected rendezvous tag, got contact tag");
-				onError();
-				return;
-			}
-			if (!inPendingContactId.equals(pendingContactId)) {
-				LOG.warning("Wrong pending contact ID for returning stream");
-				onError();
-				return;
-			}
-			// Close the connection if it's redundant
-			if (!connectionRegistry.registerConnection(pendingContactId)) {
-				LOG.info("Redundant rendezvous connection");
-				onError();
-				return;
-			}
-			// Handshake and exchange contacts
-			try {
-				InputStream in = streamReaderFactory.createStreamReader(
-						reader.getInputStream(), ctxIn);
-				HandshakeResult result = handshakeManager.handshake(
-						pendingContactId, in, out);
-				Contact contact = contactExchangeManager.exchangeContacts(
-						pendingContactId, connection, result.getMasterKey(),
-						result.isAlice(), false);
-				connectionRegistry.unregisterConnection(pendingContactId, true);
-				// Reuse the connection as a transport connection
-				manageOutgoingConnection(contact.getId(), transportId,
-						connection);
-			} catch (IOException | DbException e) {
-				logException(LOG, WARNING, e);
-				onError();
-				connectionRegistry.unregisterConnection(pendingContactId,
-						false);
-			}
-		}
-
-		private void onError() {
-			// 'Recognised' is always true for outgoing connections
-			disposeOnError(reader, true);
-			disposeOnError(writer);
-		}
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/plugin/ConnectionRegistryImpl.java

@@ -1,150 +0,0 @@
-package org.briarproject.bramble.plugin;
-
-import org.briarproject.bramble.api.Multiset;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.event.EventBus;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
-import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.logging.Logger;
-
-import javax.annotation.concurrent.GuardedBy;
-import javax.annotation.concurrent.ThreadSafe;
-import javax.inject.Inject;
-
-import static java.util.logging.Level.INFO;
-import static java.util.logging.Logger.getLogger;
-
-@ThreadSafe
-@NotNullByDefault
-class ConnectionRegistryImpl implements ConnectionRegistry {
-
-	private static final Logger LOG =
-			getLogger(ConnectionRegistryImpl.class.getName());
-
-	private final EventBus eventBus;
-
-	private final Object lock = new Object();
-	@GuardedBy("lock")
-	private final Map<TransportId, Multiset<ContactId>> contactConnections;
-	@GuardedBy("lock")
-	private final Multiset<ContactId> contactCounts;
-	@GuardedBy("lock")
-	private final Set<PendingContactId> connectedPendingContacts;
-
-	@Inject
-	ConnectionRegistryImpl(EventBus eventBus) {
-		this.eventBus = eventBus;
-		contactConnections = new HashMap<>();
-		contactCounts = new Multiset<>();
-		connectedPendingContacts = new HashSet<>();
-	}
-
-	@Override
-	public void registerConnection(ContactId c, TransportId t,
-			boolean incoming) {
-		if (LOG.isLoggable(INFO)) {
-			if (incoming) LOG.info("Incoming connection registered: " + t);
-			else LOG.info("Outgoing connection registered: " + t);
-		}
-		boolean firstConnection = false;
-		synchronized (lock) {
-			Multiset<ContactId> m = contactConnections.get(t);
-			if (m == null) {
-				m = new Multiset<>();
-				contactConnections.put(t, m);
-			}
-			m.add(c);
-			if (contactCounts.add(c) == 1) firstConnection = true;
-		}
-		eventBus.broadcast(new ConnectionOpenedEvent(c, t, incoming));
-		if (firstConnection) {
-			LOG.info("Contact connected");
-			eventBus.broadcast(new ContactConnectedEvent(c));
-		}
-	}
-
-	@Override
-	public void unregisterConnection(ContactId c, TransportId t,
-			boolean incoming) {
-		if (LOG.isLoggable(INFO)) {
-			if (incoming) LOG.info("Incoming connection unregistered: " + t);
-			else LOG.info("Outgoing connection unregistered: " + t);
-		}
-		boolean lastConnection = false;
-		synchronized (lock) {
-			Multiset<ContactId> m = contactConnections.get(t);
-			if (m == null || !m.contains(c))
-				throw new IllegalArgumentException();
-			m.remove(c);
-			if (contactCounts.remove(c) == 0) lastConnection = true;
-		}
-		eventBus.broadcast(new ConnectionClosedEvent(c, t, incoming));
-		if (lastConnection) {
-			LOG.info("Contact disconnected");
-			eventBus.broadcast(new ContactDisconnectedEvent(c));
-		}
-	}
-
-	@Override
-	public Collection<ContactId> getConnectedContacts(TransportId t) {
-		synchronized (lock) {
-			Multiset<ContactId> m = contactConnections.get(t);
-			if (m == null) return Collections.emptyList();
-			List<ContactId> ids = new ArrayList<>(m.keySet());
-			if (LOG.isLoggable(INFO))
-				LOG.info(ids.size() + " contacts connected: " + t);
-			return ids;
-		}
-	}
-
-	@Override
-	public boolean isConnected(ContactId c, TransportId t) {
-		synchronized (lock) {
-			Multiset<ContactId> m = contactConnections.get(t);
-			return m != null && m.contains(c);
-		}
-	}
-
-	@Override
-	public boolean isConnected(ContactId c) {
-		synchronized (lock) {
-			return contactCounts.contains(c);
-		}
-	}
-
-	@Override
-	public boolean registerConnection(PendingContactId p) {
-		boolean added;
-		synchronized (lock) {
-			added = connectedPendingContacts.add(p);
-		}
-		if (added) eventBus.broadcast(new RendezvousConnectionOpenedEvent(p));
-		return added;
-	}
-
-	@Override
-	public void unregisterConnection(PendingContactId p, boolean success) {
-		synchronized (lock) {
-			if (!connectedPendingContacts.remove(p))
-				throw new IllegalArgumentException();
-		}
-		eventBus.broadcast(new RendezvousConnectionClosedEvent(p, success));
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/plugin/PluginManagerImpl.java

@@ -1,12 +1,12 @@
 package org.briarproject.bramble.plugin;
 
+import org.briarproject.bramble.api.connection.ConnectionManager;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.lifecycle.Service;
 import org.briarproject.bramble.api.lifecycle.ServiceException;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.PluginConfig;

bramble-core/src/main/java/org/briarproject/bramble/plugin/PluginModule.java

@@ -3,8 +3,6 @@ package org.briarproject.bramble.plugin;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.PluginConfig;
 import org.briarproject.bramble.api.plugin.PluginManager;
 
@@ -29,20 +27,6 @@ public class PluginModule {
 		return new BackoffFactoryImpl();
 	}
 
-	@Provides
-	@Singleton
-	ConnectionManager provideConnectionManager(
-			ConnectionManagerImpl connectionManager) {
-		return connectionManager;
-	}
-
-	@Provides
-	@Singleton
-	ConnectionRegistry provideConnectionRegistry(
-			ConnectionRegistryImpl connectionRegistry) {
-		return connectionRegistry;
-	}
-
 	@Provides
 	@Singleton
 	PluginManager providePluginManager(LifecycleManager lifecycleManager,

bramble-core/src/main/java/org/briarproject/bramble/plugin/PollerImpl.java

@@ -1,6 +1,8 @@
 package org.briarproject.bramble.plugin;
 
 import org.briarproject.bramble.api.Pair;
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.event.ContactAddedEvent;
 import org.briarproject.bramble.api.db.DbException;
@@ -9,8 +11,6 @@ import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.ConnectionHandler;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.PluginManager;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
@@ -98,8 +98,8 @@ class PollerImpl implements Poller, EventListener {
 			ConnectionClosedEvent c = (ConnectionClosedEvent) e;
 			// Reschedule polling, the polling interval may have decreased
 			reschedule(c.getTransportId());
-			if (!c.isIncoming()) {
+			// If an outgoing connection failed, try to reconnect
-				// Connect to the disconnected contact
+			if (!c.isIncoming() && c.isException()) {
 				connectToContact(c.getContactId(), c.getTransportId());
 			}
 		} else if (e instanceof ConnectionOpenedEvent) {
@@ -215,7 +215,7 @@ class PollerImpl implements Poller, EventListener {
 			Map<ContactId, TransportProperties> remote =
 					transportPropertyManager.getRemoteProperties(t);
 			Collection<ContactId> connected =
-					connectionRegistry.getConnectedContacts(t);
+					connectionRegistry.getConnectedOrBetterContacts(t);
 			Collection<Pair<TransportProperties, ConnectionHandler>>
 					properties = new ArrayList<>();
 			for (Entry<ContactId, TransportProperties> e : remote.entrySet()) {

bramble-core/src/main/java/org/briarproject/bramble/plugin/bluetooth/BluetoothPlugin.java

@@ -5,6 +5,7 @@ import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventListener;
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementListeningEvent;
@@ -60,12 +61,13 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 			getLogger(BluetoothPlugin.class.getName());
 
 	final BluetoothConnectionLimiter connectionLimiter;
+	final TimeoutMonitor timeoutMonitor;
 
 	private final Executor ioExecutor;
 	private final SecureRandom secureRandom;
 	private final Backoff backoff;
 	private final PluginCallback callback;
-	private final int maxLatency;
+	private final int maxLatency, maxIdleTime;
 	private final AtomicBoolean used = new AtomicBoolean(false);
 
 	private volatile boolean running = false, contactConnections = false;
@@ -105,14 +107,17 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 	abstract DuplexTransportConnection discoverAndConnect(String uuid);
 
 	BluetoothPlugin(BluetoothConnectionLimiter connectionLimiter,
-			Executor ioExecutor, SecureRandom secureRandom,
+			TimeoutMonitor timeoutMonitor, Executor ioExecutor,
-			Backoff backoff, PluginCallback callback, int maxLatency) {
+			SecureRandom secureRandom, Backoff backoff,
+			PluginCallback callback, int maxLatency, int maxIdleTime) {
 		this.connectionLimiter = connectionLimiter;
+		this.timeoutMonitor = timeoutMonitor;
 		this.ioExecutor = ioExecutor;
 		this.secureRandom = secureRandom;
 		this.backoff = backoff;
 		this.callback = callback;
 		this.maxLatency = maxLatency;
+		this.maxIdleTime = maxIdleTime;
 	}
 
 	void onAdapterEnabled() {
@@ -141,8 +146,7 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 
 	@Override
 	public int getMaxIdleTime() {
-		// Bluetooth detects dead connections so we don't need keepalives
+		return maxIdleTime;
-		return Integer.MAX_VALUE;
 	}
 
 	@Override
@@ -227,9 +231,11 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
 				return;
 			}
-			backoff.reset();
+			LOG.info("Connection received");
-			if (connectionLimiter.contactConnectionOpened(conn))
+			if (connectionLimiter.contactConnectionOpened(conn)) {
+				backoff.reset();
 				callback.handleConnection(conn);
+			}
 			if (!running) return;
 		}
 	}
@@ -273,13 +279,10 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		String uuid = p.get(PROP_UUID);
 		if (isNullOrEmpty(uuid)) return;
 		ioExecutor.execute(() -> {
-			if (!isRunning() || !shouldAllowContactConnections()) return;
-			if (!connectionLimiter.canOpenContactConnection()) return;
 			DuplexTransportConnection d = createConnection(p);
 			if (d != null) {
 				backoff.reset();
-				if (connectionLimiter.contactConnectionOpened(d))
+				h.handleConnection(d);
-					h.handleConnection(d);
 			}
 		});
 	}
@@ -325,7 +328,6 @@ abstract class BluetoothPlugin<SS> implements DuplexPlugin, EventListener {
 		if (isNullOrEmpty(uuid)) return null;
 		DuplexTransportConnection conn = connect(address, uuid);
 		if (conn == null) return null;
-		// TODO: Why don't we reset the backoff here?
 		return connectionLimiter.contactConnectionOpened(conn) ? conn : null;
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/properties/TransportPropertyManagerImpl.java

@@ -37,6 +37,11 @@ import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.GROUP_KEY_DISCOVERED;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MSG_KEY_LOCAL;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MSG_KEY_TRANSPORT_ID;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MSG_KEY_VERSION;
+
 @Immutable
 @NotNullByDefault
 class TransportPropertyManagerImpl implements TransportPropertyManager,
@@ -111,10 +116,10 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 		try {
 			// Find the latest update for this transport, if any
 			BdfDictionary d = metadataParser.parse(meta);
-			TransportId t = new TransportId(d.getString("transportId"));
+			TransportId t = new TransportId(d.getString(MSG_KEY_TRANSPORT_ID));
 			LatestUpdate latest = findLatest(txn, m.getGroupId(), t, false);
 			if (latest != null) {
-				if (d.getLong("version") > latest.version) {
+				if (d.getLong(MSG_KEY_VERSION) > latest.version) {
 					// This update is newer - delete the previous update
 					db.deleteMessage(txn, latest.messageId);
 					db.deleteMessageMetadata(txn, latest.messageId);
@@ -140,6 +145,27 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 		}
 	}
 
+	@Override
+	public void addRemotePropertiesFromConnection(ContactId c, TransportId t,
+			TransportProperties props) throws DbException {
+		if (props.isEmpty()) return;
+		try {
+			db.transaction(false, txn -> {
+				Group g = getContactGroup(db.getContact(txn, c));
+				BdfDictionary meta = clientHelper.getGroupMetadataAsDictionary(
+						txn, g.getId());
+				BdfDictionary discovered =
+						meta.getOptionalDictionary(GROUP_KEY_DISCOVERED);
+				if (discovered == null) discovered = new BdfDictionary();
+				discovered.putAll(props);
+				meta.put(GROUP_KEY_DISCOVERED, discovered);
+				clientHelper.mergeGroupMetadata(txn, g.getId(), meta);
+			});
+		} catch (FormatException e) {
+			throw new DbException(e);
+		}
+	}
+
 	@Override
 	public Map<TransportId, TransportProperties> getLocalProperties()
 			throws DbException {
@@ -203,12 +229,26 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 		Group g = getContactGroup(c);
 		try {
 			// Find the latest remote update
+			TransportProperties remote;
 			LatestUpdate latest = findLatest(txn, g.getId(), t, false);
-			if (latest == null) return new TransportProperties();
+			if (latest == null) {
-			// Retrieve and parse the latest remote properties
+				remote = new TransportProperties();
-			BdfList message =
+			} else {
-					clientHelper.getMessageAsList(txn, latest.messageId);
+				// Retrieve and parse the latest remote properties
-			return parseProperties(message);
+				BdfList message =
+						clientHelper.getMessageAsList(txn, latest.messageId);
+				remote = parseProperties(message);
+			}
+			// Merge in any discovered properties
+			BdfDictionary meta =
+					clientHelper.getGroupMetadataAsDictionary(txn, g.getId());
+			BdfDictionary d = meta.getOptionalDictionary(GROUP_KEY_DISCOVERED);
+			if (d == null) return remote;
+			TransportProperties merged =
+					clientHelper.parseAndValidateTransportProperties(d);
+			// Received properties override discovered properties
+			merged.putAll(remote);
+			return merged;
 		} catch (FormatException e) {
 			throw new DbException(e);
 		}
@@ -281,9 +321,9 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 			long now = clock.currentTimeMillis();
 			Message m = clientHelper.createMessage(g, now, body);
 			BdfDictionary meta = new BdfDictionary();
-			meta.put("transportId", t.getString());
+			meta.put(MSG_KEY_TRANSPORT_ID, t.getString());
-			meta.put("version", version);
+			meta.put(MSG_KEY_VERSION, version);
-			meta.put("local", local);
+			meta.put(MSG_KEY_LOCAL, local);
 			clientHelper.addLocalMessage(txn, m, meta, shared, false);
 		} catch (FormatException e) {
 			throw new RuntimeException(e);
@@ -302,8 +342,9 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 				.getMessageMetadataAsDictionary(txn, localGroup.getId());
 		for (Entry<MessageId, BdfDictionary> e : metadata.entrySet()) {
 			BdfDictionary meta = e.getValue();
-			TransportId t = new TransportId(meta.getString("transportId"));
+			TransportId t =
-			long version = meta.getLong("version");
+					new TransportId(meta.getString(MSG_KEY_TRANSPORT_ID));
+			long version = meta.getLong(MSG_KEY_VERSION);
 			latestUpdates.put(t, new LatestUpdate(e.getKey(), version));
 		}
 		return latestUpdates;
@@ -316,9 +357,10 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 				clientHelper.getMessageMetadataAsDictionary(txn, g);
 		for (Entry<MessageId, BdfDictionary> e : metadata.entrySet()) {
 			BdfDictionary meta = e.getValue();
-			if (meta.getString("transportId").equals(t.getString())
+			if (meta.getString(MSG_KEY_TRANSPORT_ID).equals(t.getString())
-					&& meta.getBoolean("local") == local) {
+					&& meta.getBoolean(MSG_KEY_LOCAL) == local) {
-				return new LatestUpdate(e.getKey(), meta.getLong("version"));
+				return new LatestUpdate(e.getKey(),
+						meta.getLong(MSG_KEY_VERSION));
 			}
 		}
 		return null;

bramble-core/src/main/java/org/briarproject/bramble/rendezvous/RendezvousPollerImpl.java

@@ -2,6 +2,7 @@ package org.briarproject.bramble.rendezvous;
 
 import org.briarproject.bramble.PoliteExecutor;
 import org.briarproject.bramble.api.Pair;
+import org.briarproject.bramble.api.connection.ConnectionManager;
 import org.briarproject.bramble.api.contact.PendingContact;
 import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.contact.PendingContactState;
@@ -23,7 +24,6 @@ import org.briarproject.bramble.api.lifecycle.Service;
 import org.briarproject.bramble.api.lifecycle.ServiceException;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.ConnectionHandler;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.PluginManager;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;

bramble-core/src/main/java/org/briarproject/bramble/sync/DuplexOutgoingSession.java

@@ -14,6 +14,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.Offer;
+import org.briarproject.bramble.api.sync.Priority;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.api.sync.SyncRecordWriter;
 import org.briarproject.bramble.api.sync.SyncSession;
@@ -35,6 +36,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicLong;
 import java.util.logging.Logger;
 
+import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
 
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
@@ -74,6 +76,8 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 	private final int maxLatency, maxIdleTime;
 	private final StreamWriter streamWriter;
 	private final SyncRecordWriter recordWriter;
+	@Nullable
+	private final Priority priority;
 	private final BlockingQueue<ThrowingRunnable<IOException>> writerTasks;
 
 	private final AtomicBoolean generateAckQueued = new AtomicBoolean(false);
@@ -88,7 +92,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 	DuplexOutgoingSession(DatabaseComponent db, Executor dbExecutor,
 			EventBus eventBus, Clock clock, ContactId contactId, int maxLatency,
 			int maxIdleTime, StreamWriter streamWriter,
-			SyncRecordWriter recordWriter) {
+			SyncRecordWriter recordWriter, @Nullable Priority priority) {
 		this.db = db;
 		this.dbExecutor = dbExecutor;
 		this.eventBus = eventBus;
@@ -98,6 +102,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		this.maxIdleTime = maxIdleTime;
 		this.streamWriter = streamWriter;
 		this.recordWriter = recordWriter;
+		this.priority = priority;
 		writerTasks = new LinkedBlockingQueue<>();
 	}
 
@@ -108,6 +113,8 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		try {
 			// Send our supported protocol versions
 			recordWriter.writeVersions(new Versions(SUPPORTED_VERSIONS));
+			// Send our connection priority, if this is an outgoing connection
+			if (priority != null) recordWriter.writePriority(priority);
 			// Start a query for each type of record
 			generateAck();
 			generateBatch();
@@ -159,6 +166,9 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 						dataToFlush = true;
 					}
 				}
+				// Write any records that were already in the queue
+				ThrowingRunnable<IOException> task;
+				while ((task = writerTasks.poll()) != null) task.run();
 				streamWriter.sendEndOfStream();
 			} catch (InterruptedException e) {
 				LOG.info("Interrupted while waiting for a record to write");

bramble-core/src/main/java/org/briarproject/bramble/sync/IncomingSession.java

@@ -15,6 +15,8 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.Offer;
+import org.briarproject.bramble.api.sync.Priority;
+import org.briarproject.bramble.api.sync.PriorityHandler;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.api.sync.SyncRecordReader;
 import org.briarproject.bramble.api.sync.SyncSession;
@@ -47,17 +49,19 @@ class IncomingSession implements SyncSession, EventListener {
 	private final EventBus eventBus;
 	private final ContactId contactId;
 	private final SyncRecordReader recordReader;
+	private final PriorityHandler priorityHandler;
 
 	private volatile boolean interrupted = false;
 
 	IncomingSession(DatabaseComponent db, Executor dbExecutor,
 			EventBus eventBus, ContactId contactId,
-			SyncRecordReader recordReader) {
+			SyncRecordReader recordReader, PriorityHandler priorityHandler) {
 		this.db = db;
 		this.dbExecutor = dbExecutor;
 		this.eventBus = eventBus;
 		this.contactId = contactId;
 		this.recordReader = recordReader;
+		this.priorityHandler = priorityHandler;
 	}
 
 	@IoExecutor
@@ -86,6 +90,9 @@ class IncomingSession implements SyncSession, EventListener {
 				} else if (recordReader.hasVersions()) {
 					Versions v = recordReader.readVersions();
 					dbExecutor.execute(new ReceiveVersions(v));
+				} else if (recordReader.hasPriority()) {
+					Priority p = recordReader.readPriority();
+					priorityHandler.handle(p);
 				} else {
 					// unknown records are ignored in RecordReader#eof()
 					throw new FormatException();

bramble-core/src/main/java/org/briarproject/bramble/sync/SimplexOutgoingSession.java

@@ -95,6 +95,9 @@ class SimplexOutgoingSession implements SyncSession, EventListener {
 					if (task == CLOSE) break;
 					task.run();
 				}
+				// Write any records that were already in the queue
+				ThrowingRunnable<IOException> task;
+				while ((task = writerTasks.poll()) != null) task.run();
 				streamWriter.sendEndOfStream();
 			} catch (InterruptedException e) {
 				LOG.info("Interrupted while waiting for a record to write");

bramble-core/src/main/java/org/briarproject/bramble/sync/SyncRecordReaderImpl.java

@@ -11,6 +11,7 @@ import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.MessageFactory;
 import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.api.sync.Offer;
+import org.briarproject.bramble.api.sync.Priority;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.api.sync.SyncRecordReader;
 import org.briarproject.bramble.api.sync.Versions;
@@ -26,10 +27,12 @@ import javax.annotation.concurrent.NotThreadSafe;
 import static org.briarproject.bramble.api.sync.RecordTypes.ACK;
 import static org.briarproject.bramble.api.sync.RecordTypes.MESSAGE;
 import static org.briarproject.bramble.api.sync.RecordTypes.OFFER;
+import static org.briarproject.bramble.api.sync.RecordTypes.PRIORITY;
 import static org.briarproject.bramble.api.sync.RecordTypes.REQUEST;
 import static org.briarproject.bramble.api.sync.RecordTypes.VERSIONS;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_SUPPORTED_VERSIONS;
 import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
+import static org.briarproject.bramble.api.sync.SyncConstants.PRIORITY_NONCE_BYTES;
 import static org.briarproject.bramble.api.sync.SyncConstants.PROTOCOL_VERSION;
 
 @NotThreadSafe
@@ -48,7 +51,7 @@ class SyncRecordReaderImpl implements SyncRecordReader {
 
 	private static boolean isKnownRecordType(byte type) {
 		return type == ACK || type == MESSAGE || type == OFFER ||
-				type == REQUEST || type == VERSIONS;
+				type == REQUEST || type == VERSIONS || type == PRIORITY;
 	}
 
 	private final MessageFactory messageFactory;
@@ -174,4 +177,23 @@ class SyncRecordReaderImpl implements SyncRecordReader {
 		nextRecord = null;
 		return supported;
 	}
+
+	@Override
+	public boolean hasPriority() throws IOException {
+		return !eof() && getNextRecordType() == PRIORITY;
+	}
+
+	@Override
+	public Priority readPriority() throws IOException {
+		if (!hasPriority()) throw new FormatException();
+		return new Priority(readNonce());
+	}
+
+	private byte[] readNonce() throws IOException {
+		if (nextRecord == null) throw new AssertionError();
+		byte[] payload = nextRecord.getPayload();
+		if (payload.length != PRIORITY_NONCE_BYTES) throw new FormatException();
+		nextRecord = null;
+		return payload;
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/sync/SyncRecordWriterImpl.java

@@ -8,6 +8,7 @@ import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.MessageFactory;
 import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.api.sync.Offer;
+import org.briarproject.bramble.api.sync.Priority;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.api.sync.SyncRecordWriter;
 import org.briarproject.bramble.api.sync.Versions;
@@ -20,6 +21,7 @@ import javax.annotation.concurrent.NotThreadSafe;
 import static org.briarproject.bramble.api.sync.RecordTypes.ACK;
 import static org.briarproject.bramble.api.sync.RecordTypes.MESSAGE;
 import static org.briarproject.bramble.api.sync.RecordTypes.OFFER;
+import static org.briarproject.bramble.api.sync.RecordTypes.PRIORITY;
 import static org.briarproject.bramble.api.sync.RecordTypes.REQUEST;
 import static org.briarproject.bramble.api.sync.RecordTypes.VERSIONS;
 import static org.briarproject.bramble.api.sync.SyncConstants.PROTOCOL_VERSION;
@@ -73,6 +75,12 @@ class SyncRecordWriterImpl implements SyncRecordWriter {
 		writeRecord(VERSIONS);
 	}
 
+	@Override
+	public void writePriority(Priority p) throws IOException {
+		writer.writeRecord(
+				new Record(PROTOCOL_VERSION, PRIORITY, p.getNonce()));
+	}
+
 	@Override
 	public void flush() throws IOException {
 		writer.flush();

bramble-core/src/main/java/org/briarproject/bramble/sync/SyncSessionFactoryImpl.java

@@ -5,6 +5,8 @@ import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DatabaseExecutor;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.sync.Priority;
+import org.briarproject.bramble.api.sync.PriorityHandler;
 import org.briarproject.bramble.api.sync.SyncRecordReader;
 import org.briarproject.bramble.api.sync.SyncRecordReaderFactory;
 import org.briarproject.bramble.api.sync.SyncRecordWriter;
@@ -18,6 +20,7 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.util.concurrent.Executor;
 
+import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
@@ -46,10 +49,12 @@ class SyncSessionFactoryImpl implements SyncSessionFactory {
 	}
 
 	@Override
-	public SyncSession createIncomingSession(ContactId c, InputStream in) {
+	public SyncSession createIncomingSession(ContactId c, InputStream in,
+			PriorityHandler handler) {
 		SyncRecordReader recordReader =
 				recordReaderFactory.createRecordReader(in);
-		return new IncomingSession(db, dbExecutor, eventBus, c, recordReader);
+		return new IncomingSession(db, dbExecutor, eventBus, c, recordReader,
+				handler);
 	}
 
 	@Override
@@ -64,11 +69,12 @@ class SyncSessionFactoryImpl implements SyncSessionFactory {
 
 	@Override
 	public SyncSession createDuplexOutgoingSession(ContactId c, int maxLatency,
-			int maxIdleTime, StreamWriter streamWriter) {
+			int maxIdleTime, StreamWriter streamWriter,
+			@Nullable Priority priority) {
 		OutputStream out = streamWriter.getOutputStream();
 		SyncRecordWriter recordWriter =
 				recordWriterFactory.createRecordWriter(out);
 		return new DuplexOutgoingSession(db, dbExecutor, eventBus, clock, c,
-				maxLatency, maxIdleTime, streamWriter, recordWriter);
+				maxLatency, maxIdleTime, streamWriter, recordWriter, priority);
 	}
 }

bramble-core/src/test/java/org/briarproject/bramble/account/AccountManagerImplTest.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.account;
 
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.DecryptionException;
 import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
@@ -19,12 +20,15 @@ import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.nio.charset.Charset;
 
 import javax.annotation.Nullable;
 
 import static junit.framework.Assert.assertFalse;
 import static junit.framework.Assert.assertNull;
 import static junit.framework.Assert.assertTrue;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_CIPHERTEXT;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_PASSWORD;
 import static org.briarproject.bramble.test.TestUtils.deleteTestDirectory;
 import static org.briarproject.bramble.test.TestUtils.getIdentity;
 import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
@@ -35,6 +39,7 @@ import static org.briarproject.bramble.util.StringUtils.toHexString;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
 
 public class AccountManagerImplTest extends BrambleMockTestCase {
 
@@ -83,8 +88,13 @@ public class AccountManagerImplTest extends BrambleMockTestCase {
 	}
 
 	@Test
-	public void testSignInReturnsFalseIfDbKeyCannotBeLoaded() {
+	public void testSignInThrowsExceptionIfDbKeyCannotBeLoaded() {
-		assertFalse(accountManager.signIn(password));
+		try {
+			accountManager.signIn(password);
+			fail();
+		} catch (DecryptionException expected) {
+			assertEquals(INVALID_CIPHERTEXT, expected.getDecryptionResult());
+		}
 		assertFalse(accountManager.hasDatabaseKey());
 
 		assertFalse(keyFile.exists());
@@ -92,11 +102,11 @@ public class AccountManagerImplTest extends BrambleMockTestCase {
 	}
 
 	@Test
-	public void testSignInReturnsFalseIfPasswordIsWrong() throws Exception {
+	public void testSignInThrowsExceptionIfPasswordIsWrong() throws Exception {
 		context.checking(new Expectations() {{
 			oneOf(crypto).decryptWithPassword(encryptedKey, password,
 					keyStrengthener);
-			will(returnValue(null));
+			will(throwException(new DecryptionException(INVALID_PASSWORD)));
 		}});
 
 		storeDatabaseKey(keyFile, encryptedKeyHex);
@@ -105,7 +115,12 @@ public class AccountManagerImplTest extends BrambleMockTestCase {
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyBackupFile));
 
-		assertFalse(accountManager.signIn(password));
+		try {
+			accountManager.signIn(password);
+			fail();
+		} catch (DecryptionException expected) {
+			assertEquals(INVALID_PASSWORD, expected.getDecryptionResult());
+		}
 		assertFalse(accountManager.hasDatabaseKey());
 
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
@@ -128,7 +143,7 @@ public class AccountManagerImplTest extends BrambleMockTestCase {
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyBackupFile));
 
-		assertTrue(accountManager.signIn(password));
+		accountManager.signIn(password);
 		assertTrue(accountManager.hasDatabaseKey());
 		SecretKey decrypted = accountManager.getDatabaseKey();
 		assertNotNull(decrypted);
@@ -157,7 +172,7 @@ public class AccountManagerImplTest extends BrambleMockTestCase {
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyBackupFile));
 
-		assertTrue(accountManager.signIn(password));
+		accountManager.signIn(password);
 		assertTrue(accountManager.hasDatabaseKey());
 		SecretKey decrypted = accountManager.getDatabaseKey();
 		assertNotNull(decrypted);
@@ -239,55 +254,6 @@ public class AccountManagerImplTest extends BrambleMockTestCase {
 		assertFalse(keyBackupFile.exists());
 	}
 
-	@Test
-	public void testAccountExistsReturnsFalseIfDbDirectoryDoesNotExist()
-			throws Exception {
-		storeDatabaseKey(keyFile, encryptedKeyHex);
-		storeDatabaseKey(keyBackupFile, encryptedKeyHex);
-
-		assertFalse(dbDir.exists());
-
-		assertFalse(accountManager.accountExists());
-
-		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
-		assertEquals(encryptedKeyHex, loadDatabaseKey(keyBackupFile));
-		assertFalse(dbDir.exists());
-	}
-
-	@Test
-	public void testAccountExistsReturnsFalseIfDbDirectoryIsNotDirectory()
-			throws Exception {
-		storeDatabaseKey(keyFile, encryptedKeyHex);
-		storeDatabaseKey(keyBackupFile, encryptedKeyHex);
-
-		assertTrue(dbDir.createNewFile());
-		assertFalse(dbDir.isDirectory());
-
-		assertFalse(accountManager.accountExists());
-
-		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
-		assertEquals(encryptedKeyHex, loadDatabaseKey(keyBackupFile));
-		assertTrue(dbDir.exists());
-		assertFalse(dbDir.isDirectory());
-	}
-
-	@Test
-	public void testAccountExistsReturnsTrueIfDbDirectoryIsDirectory()
-			throws Exception {
-		storeDatabaseKey(keyFile, encryptedKeyHex);
-		storeDatabaseKey(keyBackupFile, encryptedKeyHex);
-
-		assertTrue(dbDir.mkdirs());
-		assertTrue(dbDir.isDirectory());
-
-		assertTrue(accountManager.accountExists());
-
-		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
-		assertEquals(encryptedKeyHex, loadDatabaseKey(keyBackupFile));
-		assertTrue(dbDir.exists());
-		assertTrue(dbDir.isDirectory());
-	}
-
 	@Test
 	public void testCreateAccountStoresDbKey() throws Exception {
 		context.checking(new Expectations() {{
@@ -315,26 +281,36 @@ public class AccountManagerImplTest extends BrambleMockTestCase {
 	}
 
 	@Test
-	public void testChangePasswordReturnsFalseIfDbKeyCannotBeLoaded() {
+	public void testChangePasswordThrowsExceptionIfDbKeyCannotBeLoaded() {
-		assertFalse(accountManager.changePassword(password, newPassword));
+		try {
+			accountManager.changePassword(password, newPassword);
+			fail();
+		} catch (DecryptionException expected) {
+			assertEquals(INVALID_CIPHERTEXT, expected.getDecryptionResult());
+		}
 
 		assertFalse(keyFile.exists());
 		assertFalse(keyBackupFile.exists());
 	}
 
 	@Test
-	public void testChangePasswordReturnsFalseIfPasswordIsWrong()
+	public void testChangePasswordThrowsExceptionIfPasswordIsWrong()
 			throws Exception {
 		context.checking(new Expectations() {{
 			oneOf(crypto).decryptWithPassword(encryptedKey, password,
 					keyStrengthener);
-			will(returnValue(null));
+			will(throwException(new DecryptionException(INVALID_PASSWORD)));
 		}});
 
 		storeDatabaseKey(keyFile, encryptedKeyHex);
 		storeDatabaseKey(keyBackupFile, encryptedKeyHex);
 
-		assertFalse(accountManager.changePassword(password, newPassword));
+		try {
+			accountManager.changePassword(password, newPassword);
+			fail();
+		} catch (DecryptionException expected) {
+			assertEquals(INVALID_PASSWORD, expected.getDecryptionResult());
+		}
 
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyFile));
 		assertEquals(encryptedKeyHex, loadDatabaseKey(keyBackupFile));
@@ -357,7 +333,7 @@ public class AccountManagerImplTest extends BrambleMockTestCase {
 		storeDatabaseKey(keyFile, encryptedKeyHex);
 		storeDatabaseKey(keyBackupFile, encryptedKeyHex);
 
-		assertTrue(accountManager.changePassword(password, newPassword));
+		accountManager.changePassword(password, newPassword);
 
 		assertEquals(newEncryptedKeyHex, loadDatabaseKey(keyFile));
 		assertEquals(newEncryptedKeyHex, loadDatabaseKey(keyBackupFile));
@@ -366,7 +342,7 @@ public class AccountManagerImplTest extends BrambleMockTestCase {
 	private void storeDatabaseKey(File f, String hex) throws IOException {
 		f.getParentFile().mkdirs();
 		FileOutputStream out = new FileOutputStream(f);
-		out.write(hex.getBytes("UTF-8"));
+		out.write(hex.getBytes(Charset.forName("UTF-8")));
 		out.flush();
 		out.close();
 	}
@@ -374,7 +350,7 @@ public class AccountManagerImplTest extends BrambleMockTestCase {
 	@Nullable
 	private String loadDatabaseKey(File f) throws IOException {
 		BufferedReader reader = new BufferedReader(new InputStreamReader(
-				new FileInputStream(f), "UTF-8"));
+				new FileInputStream(f), Charset.forName("UTF-8")));
 		String hex = reader.readLine();
 		reader.close();
 		return hex;

bramble-core/src/test/java/org/briarproject/bramble/connection/ConnectionRegistryImplTest.java

@@ -0,0 +1,600 @@
+package org.briarproject.bramble.connection;
+
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
+import org.briarproject.bramble.api.connection.InterruptibleConnection;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.plugin.PluginConfig;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
+import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
+import org.briarproject.bramble.api.sync.Priority;
+import org.briarproject.bramble.test.BrambleMockTestCase;
+import org.jmock.Expectations;
+import org.junit.Test;
+
+import java.util.Collection;
+
+import static java.util.Collections.emptyList;
+import static java.util.Collections.emptyMap;
+import static java.util.Collections.singletonList;
+import static java.util.Collections.singletonMap;
+import static org.briarproject.bramble.test.TestUtils.getContactId;
+import static org.briarproject.bramble.test.TestUtils.getRandomId;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
+import static org.briarproject.bramble.util.StringUtils.fromHexString;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public class ConnectionRegistryImplTest extends BrambleMockTestCase {
+
+	private final EventBus eventBus = context.mock(EventBus.class);
+	private final PluginConfig pluginConfig = context.mock(PluginConfig.class);
+	private final InterruptibleConnection conn1 =
+			context.mock(InterruptibleConnection.class, "conn1");
+	private final InterruptibleConnection conn2 =
+			context.mock(InterruptibleConnection.class, "conn2");
+	private final InterruptibleConnection conn3 =
+			context.mock(InterruptibleConnection.class, "conn3");
+
+	private final ContactId contactId1 = getContactId();
+	private final ContactId contactId2 = getContactId();
+	private final TransportId transportId1 = getTransportId();
+	private final TransportId transportId2 = getTransportId();
+	private final TransportId transportId3 = getTransportId();
+	private final PendingContactId pendingContactId =
+			new PendingContactId(getRandomId());
+
+	private final Priority low =
+			new Priority(fromHexString("00000000000000000000000000000000"));
+	private final Priority high =
+			new Priority(fromHexString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"));
+
+	@Test
+	public void testRegisterMultipleConnections() {
+		context.checking(new Expectations() {{
+			allowing(pluginConfig).getTransportPreferences();
+			will(returnValue(emptyMap()));
+		}});
+
+		ConnectionRegistry c =
+				new ConnectionRegistryImpl(eventBus, pluginConfig);
+
+		// The registry should be empty
+		assertEquals(emptyList(), c.getConnectedContacts(transportId1));
+		assertEquals(emptyList(), c.getConnectedOrBetterContacts(transportId1));
+		assertEquals(emptyList(), c.getConnectedContacts(transportId2));
+		assertEquals(emptyList(), c.getConnectedOrBetterContacts(transportId2));
+		assertEquals(emptyList(), c.getConnectedContacts(transportId3));
+		assertEquals(emptyList(), c.getConnectedOrBetterContacts(transportId3));
+
+		// Check that a registered connection shows up - this should
+		// broadcast a ConnectionOpenedEvent and a ContactConnectedEvent
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+			oneOf(eventBus).broadcast(with(any(ContactConnectedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn1, true);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		// Register another connection with the same contact and transport -
+		// this should broadcast a ConnectionOpenedEvent and lookup should be
+		// unaffected
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn2, true);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		// Unregister one of the connections - this should broadcast a
+		// ConnectionClosedEvent and lookup should be unaffected
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionClosedEvent.class)));
+		}});
+		c.unregisterConnection(contactId1, transportId1, conn1, true, false);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		// Unregister the other connection - this should broadcast a
+		// ConnectionClosedEvent and a ContactDisconnectedEvent
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionClosedEvent.class)));
+			oneOf(eventBus).broadcast(with(any(
+					ContactDisconnectedEvent.class)));
+		}});
+		c.unregisterConnection(contactId1, transportId1, conn2, true, false);
+		context.assertIsSatisfied();
+
+		assertEquals(emptyList(), c.getConnectedContacts(transportId1));
+		assertEquals(emptyList(), c.getConnectedOrBetterContacts(transportId1));
+
+		// Try to unregister the connection again - exception should be thrown
+		try {
+			c.unregisterConnection(contactId1, transportId1, conn2,
+					true, false);
+			fail();
+		} catch (IllegalArgumentException expected) {
+			// Expected
+		}
+	}
+
+	@Test
+	public void testRegisterMultipleContacts() {
+		context.checking(new Expectations() {{
+			allowing(pluginConfig).getTransportPreferences();
+			will(returnValue(emptyMap()));
+		}});
+
+		ConnectionRegistry c =
+				new ConnectionRegistryImpl(eventBus, pluginConfig);
+
+		// Register two contacts with one transport, then one of the contacts
+		// with a second transport - this should broadcast three
+		// ConnectionOpenedEvents and two ContactConnectedEvents
+		context.checking(new Expectations() {{
+			exactly(3).of(eventBus).broadcast(with(any(
+					ConnectionOpenedEvent.class)));
+			exactly(2).of(eventBus).broadcast(with(any(
+					ContactConnectedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn1, true);
+		c.registerConnection(contactId2, transportId1, conn2, true);
+		c.registerConnection(contactId2, transportId2, conn3, true);
+		context.assertIsSatisfied();
+
+		Collection<ContactId> connected = c.getConnectedContacts(transportId1);
+		assertEquals(2, connected.size());
+		assertTrue(connected.contains(contactId1));
+		assertTrue(connected.contains(contactId2));
+
+		connected = c.getConnectedOrBetterContacts(transportId1);
+		assertEquals(2, connected.size());
+		assertTrue(connected.contains(contactId1));
+		assertTrue(connected.contains(contactId2));
+
+		assertEquals(singletonList(contactId2),
+				c.getConnectedContacts(transportId2));
+		assertEquals(singletonList(contactId2),
+				c.getConnectedOrBetterContacts(transportId2));
+	}
+
+	@Test
+	public void testConnectionsAreNotInterruptedUnlessPriorityIsSet() {
+		// Prefer transport 2 to transport 1
+		context.checking(new Expectations() {{
+			allowing(pluginConfig).getTransportPreferences();
+			will(returnValue(
+					singletonMap(transportId1, singletonList(transportId2))));
+		}});
+
+		ConnectionRegistry c =
+				new ConnectionRegistryImpl(eventBus, pluginConfig);
+
+		// Connect via transport 1 (worse than 2) and set priority to low
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+			oneOf(eventBus).broadcast(with(any(ContactConnectedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn1, true);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		assertEquals(emptyList(), c.getConnectedContacts(transportId2));
+		assertEquals(emptyList(), c.getConnectedOrBetterContacts(transportId2));
+
+		// Connect via transport 2 (better than 1) and set priority to high -
+		// the old connection should not be interrupted, despite using a worse
+		// transport, to remain compatible with old peers
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId2, conn2, true);
+		c.setPriority(contactId1, transportId2, conn2, high);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId2));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId2));
+
+		// Connect via transport 3 (no preference) and set priority to high -
+		// again, no interruptions are expected
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId3, conn3, true);
+		c.setPriority(contactId1, transportId3, conn3, high);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId2));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId2));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId3));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId3));
+	}
+
+	@Test
+	public void testNewConnectionIsInterruptedIfOldConnectionUsesBetterTransport() {
+		// Prefer transport 1 to transport 2
+		context.checking(new Expectations() {{
+			allowing(pluginConfig).getTransportPreferences();
+			will(returnValue(
+					singletonMap(transportId2, singletonList(transportId1))));
+		}});
+
+		ConnectionRegistry c =
+				new ConnectionRegistryImpl(eventBus, pluginConfig);
+
+		// Connect via transport 1 (better than 2) and set priority to low
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+			oneOf(eventBus).broadcast(with(any(ContactConnectedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn1, true);
+		c.setPriority(contactId1, transportId1, conn1, low);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		// The contact is not connected via transport 2 but is connected via a
+		// better transport
+		assertEquals(emptyList(), c.getConnectedContacts(transportId2));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId2));
+
+		// Connect via transport 2 (worse than 1) and set priority to high -
+		// the new connection should be interrupted because it uses a worse
+		// transport
+		context.checking(new Expectations() {{
+			oneOf(conn2).interruptOutgoingSession();
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId2, conn2, true);
+		c.setPriority(contactId1, transportId2, conn2, high);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId2));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId2));
+
+		// Connect via transport 3 (no preference) and set priority to low -
+		// no further interruptions
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId3, conn3, true);
+		c.setPriority(contactId1, transportId3, conn3, low);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId2));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId2));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId3));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId3));
+
+		// Unregister the interrupted connection (transport 2)
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionClosedEvent.class)));
+		}});
+		c.unregisterConnection(contactId1, transportId2, conn2, true, false);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		// The contact is not connected via transport 2 but is connected via a
+		// better transport
+		assertEquals(emptyList(), c.getConnectedContacts(transportId2));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId2));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId3));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId3));
+	}
+
+	@Test
+	public void testOldConnectionIsInterruptedIfNewConnectionUsesBetterTransport() {
+		// Prefer transport 2 to transport 1
+		context.checking(new Expectations() {{
+			allowing(pluginConfig).getTransportPreferences();
+			will(returnValue(
+					singletonMap(transportId1, singletonList(transportId2))));
+		}});
+
+		ConnectionRegistry c =
+				new ConnectionRegistryImpl(eventBus, pluginConfig);
+
+		// Connect via transport 1 (worse than 2) and set priority to high
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+			oneOf(eventBus).broadcast(with(any(ContactConnectedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn1, true);
+		c.setPriority(contactId1, transportId1, conn1, high);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		assertEquals(emptyList(), c.getConnectedContacts(transportId2));
+		assertEquals(emptyList(), c.getConnectedOrBetterContacts(transportId2));
+
+		// Connect via transport 2 (better than 1) and set priority to low -
+		// the old connection should be interrupted because it uses a worse
+		// transport
+		context.checking(new Expectations() {{
+			oneOf(conn1).interruptOutgoingSession();
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId2, conn2, true);
+		c.setPriority(contactId1, transportId2, conn2, low);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId2));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId2));
+
+		// Connect via transport 3 (no preference) and set priority to high -
+		// no further interruptions
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId3, conn3, true);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId2));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId2));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId3));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId3));
+
+		// Unregister the interrupted connection (transport 1)
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionClosedEvent.class)));
+		}});
+		c.unregisterConnection(contactId1, transportId1, conn1, true, false);
+		context.assertIsSatisfied();
+
+		// The contact is not connected via transport 1 but is connected via a
+		// better transport
+		assertEquals(emptyList(), c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId2));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId2));
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId3));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId3));
+	}
+
+	@Test
+	public void testNewConnectionIsInterruptedIfOldConnectionHasHigherPriority() {
+		context.checking(new Expectations() {{
+			allowing(pluginConfig).getTransportPreferences();
+			will(returnValue(emptyMap()));
+		}});
+
+		ConnectionRegistry c =
+				new ConnectionRegistryImpl(eventBus, pluginConfig);
+
+		// Register a connection with high priority
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+			oneOf(eventBus).broadcast(with(any(ContactConnectedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn1, true);
+		c.setPriority(contactId1, transportId1, conn1, high);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		// Register another connection via the same transport (no priority yet)
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn2, true);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		// Set the priority of the second connection to low - the second
+		// connection should be interrupted
+		context.checking(new Expectations() {{
+			oneOf(conn2).interruptOutgoingSession();
+		}});
+		c.setPriority(contactId1, transportId1, conn2, low);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		// Register a third connection with low priority - it should also be
+		// interrupted
+		context.checking(new Expectations() {{
+			oneOf(conn3).interruptOutgoingSession();
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn3, true);
+		c.setPriority(contactId1, transportId1, conn3, low);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+	}
+
+	@Test
+	public void testOldConnectionIsInterruptedIfNewConnectionHasHigherPriority() {
+		context.checking(new Expectations() {{
+			allowing(pluginConfig).getTransportPreferences();
+			will(returnValue(emptyMap()));
+		}});
+
+		ConnectionRegistry c =
+				new ConnectionRegistryImpl(eventBus, pluginConfig);
+
+		// Register a connection with low priority
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+			oneOf(eventBus).broadcast(with(any(ContactConnectedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn1, true);
+		c.setPriority(contactId1, transportId1, conn1, low);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		// Register another connection via the same transport (no priority yet)
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
+		}});
+		c.registerConnection(contactId1, transportId1, conn2, true);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+
+		// Set the priority of the second connection to high - the first
+		// connection should be interrupted
+		context.checking(new Expectations() {{
+			oneOf(conn1).interruptOutgoingSession();
+		}});
+		c.setPriority(contactId1, transportId1, conn2, high);
+		context.assertIsSatisfied();
+
+		assertEquals(singletonList(contactId1),
+				c.getConnectedContacts(transportId1));
+		assertEquals(singletonList(contactId1),
+				c.getConnectedOrBetterContacts(transportId1));
+	}
+
+	@Test
+	public void testRegisterAndUnregisterPendingContacts() {
+		context.checking(new Expectations() {{
+			allowing(pluginConfig).getTransportPreferences();
+			will(returnValue(emptyMap()));
+		}});
+
+		ConnectionRegistry c =
+				new ConnectionRegistryImpl(eventBus, pluginConfig);
+
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(
+					RendezvousConnectionOpenedEvent.class)));
+		}});
+		assertTrue(c.registerConnection(pendingContactId));
+		assertFalse(c.registerConnection(pendingContactId)); // Redundant
+		context.assertIsSatisfied();
+
+		context.checking(new Expectations() {{
+			oneOf(eventBus).broadcast(with(any(
+					RendezvousConnectionClosedEvent.class)));
+		}});
+		c.unregisterConnection(pendingContactId, true);
+		context.assertIsSatisfied();
+
+		try {
+			c.unregisterConnection(pendingContactId, true);
+			fail();
+		} catch (IllegalArgumentException expected) {
+			// Expected
+		}
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/contact/ContactExchangeIntegrationTestComponent.java

@@ -2,13 +2,13 @@ package org.briarproject.bramble.contact;
 
 import org.briarproject.bramble.BrambleCoreEagerSingletons;
 import org.briarproject.bramble.BrambleCoreModule;
+import org.briarproject.bramble.api.connection.ConnectionManager;
 import org.briarproject.bramble.api.contact.ContactExchangeManager;
 import org.briarproject.bramble.api.contact.ContactManager;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.identity.IdentityManager;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
 import org.briarproject.bramble.test.BrambleCoreIntegrationTestModule;
 
 import java.util.concurrent.Executor;

bramble-core/src/test/java/org/briarproject/bramble/crypto/PasswordBasedEncryptionTest.java

@@ -1,25 +1,35 @@
 package org.briarproject.bramble.crypto;
 
+import org.briarproject.bramble.api.crypto.DecryptionException;
+import org.briarproject.bramble.api.crypto.KeyStrengthener;
+import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.system.SystemClock;
-import org.briarproject.bramble.test.BrambleTestCase;
+import org.briarproject.bramble.test.BrambleMockTestCase;
 import org.briarproject.bramble.test.TestSecureRandomProvider;
-import org.briarproject.bramble.test.TestUtils;
+import org.jmock.Expectations;
 import org.junit.Test;
 
-import java.util.Random;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_CIPHERTEXT;
-
+import static org.briarproject.bramble.api.crypto.DecryptionResult.INVALID_PASSWORD;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.KEY_STRENGTHENER_ERROR;
+import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
+import static org.briarproject.bramble.test.TestUtils.getSecretKey;
 import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
 
-public class PasswordBasedEncryptionTest extends BrambleTestCase {
+public class PasswordBasedEncryptionTest extends BrambleMockTestCase {
+
+	private final KeyStrengthener keyStrengthener =
+			context.mock(KeyStrengthener.class);
 
 	private final CryptoComponentImpl crypto =
 			new CryptoComponentImpl(new TestSecureRandomProvider(),
 					new ScryptKdf(new SystemClock()));
 
 	@Test
-	public void testEncryptionAndDecryption() {
+	public void testEncryptionAndDecryption() throws Exception {
-		byte[] input = TestUtils.getRandomBytes(1234);
+		byte[] input = getRandomBytes(1234);
 		String password = "password";
 		byte[] ciphertext = crypto.encryptWithPassword(input, password, null);
 		byte[] output = crypto.decryptWithPassword(ciphertext, password, null);
@@ -27,14 +37,80 @@ public class PasswordBasedEncryptionTest extends BrambleTestCase {
 	}
 
 	@Test
-	public void testInvalidCiphertextReturnsNull() {
+	public void testInvalidFormatVersionThrowsException() {
-		byte[] input = TestUtils.getRandomBytes(1234);
+		byte[] input = getRandomBytes(1234);
 		String password = "password";
 		byte[] ciphertext = crypto.encryptWithPassword(input, password, null);
-		// Modify the ciphertext
+
-		int position = new Random().nextInt(ciphertext.length);
+		// Modify the format version
-		ciphertext[position] = (byte) (ciphertext[position] ^ 0xFF);
+		ciphertext[0] ^= (byte) 0xFF;
-		byte[] output = crypto.decryptWithPassword(ciphertext, password, null);
+		try {
-		assertNull(output);
+			crypto.decryptWithPassword(ciphertext, password, null);
+			fail();
+		} catch (DecryptionException expected) {
+			assertEquals(INVALID_CIPHERTEXT, expected.getDecryptionResult());
+		}
+	}
+
+	@Test
+	public void testInvalidPasswordThrowsException() {
+		byte[] input = getRandomBytes(1234);
+		byte[] ciphertext = crypto.encryptWithPassword(input, "password", null);
+
+		// Try to decrypt with the wrong password
+		try {
+			crypto.decryptWithPassword(ciphertext, "wrong", null);
+			fail();
+		} catch (DecryptionException expected) {
+			assertEquals(INVALID_PASSWORD, expected.getDecryptionResult());
+		}
+	}
+
+	@Test
+	public void testMissingKeyStrengthenerThrowsException() {
+		SecretKey strengthened = getSecretKey();
+		context.checking(new Expectations() {{
+			oneOf(keyStrengthener).strengthenKey(with(any(SecretKey.class)));
+			will(returnValue(strengthened));
+		}});
+
+		// Use the key strengthener during encryption
+		byte[] input = getRandomBytes(1234);
+		String password = "password";
+		byte[] ciphertext =
+				crypto.encryptWithPassword(input, password, keyStrengthener);
+
+		// The key strengthener is missing during decryption
+		try {
+			crypto.decryptWithPassword(ciphertext, password, null);
+			fail();
+		} catch (DecryptionException expected) {
+			assertEquals(KEY_STRENGTHENER_ERROR, expected.getDecryptionResult());
+		}
+	}
+
+	@Test
+	public void testKeyStrengthenerFailureThrowsException() {
+		SecretKey strengthened = getSecretKey();
+		context.checking(new Expectations() {{
+			oneOf(keyStrengthener).strengthenKey(with(any(SecretKey.class)));
+			will(returnValue(strengthened));
+			oneOf(keyStrengthener).isInitialised();
+			will(returnValue(false));
+		}});
+
+		// Use the key strengthener during encryption
+		byte[] input = getRandomBytes(1234);
+		String password = "password";
+		byte[] ciphertext =
+				crypto.encryptWithPassword(input, password, keyStrengthener);
+
+		// The key strengthener fails during decryption
+		try {
+			crypto.decryptWithPassword(ciphertext, password, keyStrengthener);
+			fail();
+		} catch (DecryptionException expected) {
+			assertEquals(KEY_STRENGTHENER_ERROR, expected.getDecryptionResult());
+		}
 	}
 }

bramble-core/src/test/java/org/briarproject/bramble/io/TimeoutInputStreamTest.java

@@ -0,0 +1,143 @@
+package org.briarproject.bramble.io;
+
+import org.briarproject.bramble.test.BrambleTestCase;
+import org.briarproject.bramble.test.SettableClock;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicLong;
+
+import static java.util.concurrent.TimeUnit.MINUTES;
+import static java.util.concurrent.TimeUnit.SECONDS;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public class TimeoutInputStreamTest extends BrambleTestCase {
+
+	private static final long TIMEOUT_MS = MINUTES.toMillis(1);
+
+	private final long now = System.currentTimeMillis();
+
+	private AtomicLong time;
+	private UnresponsiveInputStream in;
+	private AtomicBoolean listenerCalled;
+	private TimeoutInputStream stream;
+	private CountDownLatch readReturned;
+
+	@Before
+	public void setUp() {
+		time = new AtomicLong(now);
+		in = new UnresponsiveInputStream();
+		listenerCalled = new AtomicBoolean(false);
+		stream = new TimeoutInputStream(new SettableClock(time), in,
+				TIMEOUT_MS, stream -> listenerCalled.set(true));
+		readReturned = new CountDownLatch(1);
+	}
+
+	@Test
+	public void testTimeoutIsReportedIfReadDoesNotReturn() throws Exception {
+		startReading();
+		try {
+			// The stream should not report a timeout
+			assertFalse(stream.hasTimedOut());
+
+			// Time passes
+			time.set(now + TIMEOUT_MS);
+
+			// The stream still shouldn't report a timeout
+			assertFalse(stream.hasTimedOut());
+
+			// Time passes
+			time.set(now + TIMEOUT_MS + 1);
+
+			// The stream should report a timeout
+			assertTrue(stream.hasTimedOut());
+
+			// The listener should not have been called yet
+			assertFalse(listenerCalled.get());
+
+			// Close the stream
+			stream.close();
+
+			// The listener should have been called
+			assertTrue(listenerCalled.get());
+		} finally {
+			// Allow the read to return
+			in.readFinished.countDown();
+		}
+	}
+
+	@Test
+	public void testTimeoutIsNotReportedIfReadReturns() throws Exception {
+		startReading();
+		try {
+			// The stream should not report a timeout
+			assertFalse(stream.hasTimedOut());
+
+			// Time passes
+			time.set(now + TIMEOUT_MS);
+
+			// The stream still shouldn't report a timeout
+			assertFalse(stream.hasTimedOut());
+
+			// Allow the read to finish and wait for it to return
+			in.readFinished.countDown();
+			readReturned.await(10, SECONDS);
+
+			// Time passes
+			time.set(now + TIMEOUT_MS + 1);
+
+			// The stream should not report a timeout as the read has returned
+			assertFalse(stream.hasTimedOut());
+
+			// The listener should not have been called yet
+			assertFalse(listenerCalled.get());
+
+			// Close the stream
+			stream.close();
+
+			// The listener should have been called
+			assertTrue(listenerCalled.get());
+		} finally {
+			// Allow the read to return in case an assertion was thrown
+			in.readFinished.countDown();
+		}
+	}
+
+	private void startReading() throws Exception {
+		// Start a background thread to read from the unresponsive stream
+		new Thread(() -> {
+			try {
+				assertEquals(123, stream.read());
+				readReturned.countDown();
+			} catch (IOException e) {
+				fail();
+			}
+		}).start();
+		// Wait for the background thread to start reading
+		assertTrue(in.readStarted.await(10, SECONDS));
+	}
+
+	private class UnresponsiveInputStream extends InputStream {
+
+		private final CountDownLatch readStarted = new CountDownLatch(1);
+		private final CountDownLatch readFinished = new CountDownLatch(1);
+
+		@Override
+		public int read() throws IOException {
+			readStarted.countDown();
+			try {
+				readFinished.await();
+				return 123;
+			} catch (InterruptedException e) {
+				throw new IOException(e);
+			}
+		}
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/plugin/ConnectionRegistryImplTest.java

@@ -1,149 +0,0 @@
-package org.briarproject.bramble.plugin;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.event.EventBus;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
-import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
-import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
-import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
-import org.briarproject.bramble.test.BrambleMockTestCase;
-import org.jmock.Expectations;
-import org.junit.Test;
-
-import java.util.Collection;
-
-import static java.util.Collections.emptyList;
-import static java.util.Collections.singletonList;
-import static org.briarproject.bramble.test.TestUtils.getContactId;
-import static org.briarproject.bramble.test.TestUtils.getRandomId;
-import static org.briarproject.bramble.test.TestUtils.getTransportId;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-public class ConnectionRegistryImplTest extends BrambleMockTestCase {
-
-	private final EventBus eventBus = context.mock(EventBus.class);
-
-	private final ContactId contactId = getContactId();
-	private final ContactId contactId1 = getContactId();
-	private final TransportId transportId = getTransportId();
-	private final TransportId transportId1 = getTransportId();
-	private final PendingContactId pendingContactId =
-			new PendingContactId(getRandomId());
-
-	@Test
-	public void testRegisterAndUnregister() {
-		ConnectionRegistry c = new ConnectionRegistryImpl(eventBus);
-
-		// The registry should be empty
-		assertEquals(emptyList(), c.getConnectedContacts(transportId));
-		assertEquals(emptyList(), c.getConnectedContacts(transportId1));
-
-		// Check that a registered connection shows up - this should
-		// broadcast a ConnectionOpenedEvent and a ContactConnectedEvent
-		context.checking(new Expectations() {{
-			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
-			oneOf(eventBus).broadcast(with(any(ContactConnectedEvent.class)));
-		}});
-		c.registerConnection(contactId, transportId, true);
-		assertEquals(singletonList(contactId),
-				c.getConnectedContacts(transportId));
-		assertEquals(emptyList(), c.getConnectedContacts(transportId1));
-		context.assertIsSatisfied();
-
-		// Register an identical connection - this should broadcast a
-		// ConnectionOpenedEvent and lookup should be unaffected
-		context.checking(new Expectations() {{
-			oneOf(eventBus).broadcast(with(any(ConnectionOpenedEvent.class)));
-		}});
-		c.registerConnection(contactId, transportId, true);
-		assertEquals(singletonList(contactId),
-				c.getConnectedContacts(transportId));
-		assertEquals(emptyList(), c.getConnectedContacts(transportId1));
-		context.assertIsSatisfied();
-
-		// Unregister one of the connections - this should broadcast a
-		// ConnectionClosedEvent and lookup should be unaffected
-		context.checking(new Expectations() {{
-			oneOf(eventBus).broadcast(with(any(ConnectionClosedEvent.class)));
-		}});
-		c.unregisterConnection(contactId, transportId, true);
-		assertEquals(singletonList(contactId),
-				c.getConnectedContacts(transportId));
-		assertEquals(emptyList(), c.getConnectedContacts(transportId1));
-		context.assertIsSatisfied();
-
-		// Unregister the other connection - this should broadcast a
-		// ConnectionClosedEvent and a ContactDisconnectedEvent
-		context.checking(new Expectations() {{
-			oneOf(eventBus).broadcast(with(any(ConnectionClosedEvent.class)));
-			oneOf(eventBus).broadcast(with(any(
-					ContactDisconnectedEvent.class)));
-		}});
-		c.unregisterConnection(contactId, transportId, true);
-		assertEquals(emptyList(), c.getConnectedContacts(transportId));
-		assertEquals(emptyList(), c.getConnectedContacts(transportId1));
-		context.assertIsSatisfied();
-
-		// Try to unregister the connection again - exception should be thrown
-		try {
-			c.unregisterConnection(contactId, transportId, true);
-			fail();
-		} catch (IllegalArgumentException expected) {
-			// Expected
-		}
-
-		// Register both contacts with one transport, one contact with both -
-		// this should broadcast three ConnectionOpenedEvents and two
-		// ContactConnectedEvents
-		context.checking(new Expectations() {{
-			exactly(3).of(eventBus).broadcast(with(any(
-					ConnectionOpenedEvent.class)));
-			exactly(2).of(eventBus).broadcast(with(any(
-					ContactConnectedEvent.class)));
-		}});
-		c.registerConnection(contactId, transportId, true);
-		c.registerConnection(contactId1, transportId, true);
-		c.registerConnection(contactId1, transportId1, true);
-		Collection<ContactId> connected = c.getConnectedContacts(transportId);
-		assertEquals(2, connected.size());
-		assertTrue(connected.contains(contactId));
-		assertTrue(connected.contains(contactId1));
-		assertEquals(singletonList(contactId1),
-				c.getConnectedContacts(transportId1));
-	}
-
-	@Test
-	public void testRegisterAndUnregisterPendingContacts() {
-		ConnectionRegistry c = new ConnectionRegistryImpl(eventBus);
-
-		context.checking(new Expectations() {{
-			oneOf(eventBus).broadcast(with(any(
-					RendezvousConnectionOpenedEvent.class)));
-		}});
-		assertTrue(c.registerConnection(pendingContactId));
-		assertFalse(c.registerConnection(pendingContactId)); // Redundant
-		context.assertIsSatisfied();
-
-		context.checking(new Expectations() {{
-			oneOf(eventBus).broadcast(with(any(
-					RendezvousConnectionClosedEvent.class)));
-		}});
-		c.unregisterConnection(pendingContactId, true);
-		context.assertIsSatisfied();
-
-		try {
-			c.unregisterConnection(pendingContactId, true);
-			fail();
-		} catch (IllegalArgumentException expected) {
-			// Expected
-		}
-	}
-}

bramble-core/src/test/java/org/briarproject/bramble/plugin/PluginManagerImplTest.java

@@ -1,7 +1,7 @@
 package org.briarproject.bramble.plugin;
 
+import org.briarproject.bramble.api.connection.ConnectionManager;
 import org.briarproject.bramble.api.event.EventBus;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
 import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.PluginConfig;
 import org.briarproject.bramble.api.plugin.PluginException;

bramble-core/src/test/java/org/briarproject/bramble/plugin/PollerImplTest.java

@@ -1,10 +1,10 @@
 package org.briarproject.bramble.plugin;
 
+import org.briarproject.bramble.api.connection.ConnectionManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.event.ContactAddedEvent;
 import org.briarproject.bramble.api.plugin.ConnectionHandler;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.PluginManager;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
@@ -157,7 +157,21 @@ public class PollerImplTest extends BrambleMockTestCase {
 	}
 
 	@Test
-	public void testRescheduleAndReconnectOnConnectionClosed()
+	public void testRescheduleOnOutgoingConnectionClosed() {
+		DuplexPlugin plugin = context.mock(DuplexPlugin.class);
+
+		context.checking(new Expectations() {{
+			allowing(plugin).getId();
+			will(returnValue(transportId));
+		}});
+		expectReschedule(plugin);
+
+		poller.eventOccurred(new ConnectionClosedEvent(contactId, transportId,
+				false, false));
+	}
+
+	@Test
+	public void testRescheduleAndReconnectOnOutgoingConnectionFailed()
 			throws Exception {
 		DuplexPlugin plugin = context.mock(DuplexPlugin.class);
 		DuplexTransportConnection duplexConnection =
@@ -166,45 +180,40 @@ public class PollerImplTest extends BrambleMockTestCase {
 		context.checking(new Expectations() {{
 			allowing(plugin).getId();
 			will(returnValue(transportId));
-			// reschedule()
-			// Get the plugin
-			oneOf(pluginManager).getPlugin(transportId);
-			will(returnValue(plugin));
-			// The plugin supports polling
-			oneOf(plugin).shouldPoll();
-			will(returnValue(true));
-			// Get the plugin
-			oneOf(pluginManager).getPlugin(transportId);
-			will(returnValue(plugin));
-			// The plugin supports polling
-			oneOf(plugin).shouldPoll();
-			will(returnValue(true));
-			// Schedule the next poll
-			oneOf(plugin).getPollingInterval();
-			will(returnValue(pollingInterval));
-			oneOf(clock).currentTimeMillis();
-			will(returnValue(now));
-			oneOf(scheduler).schedule(with(any(Runnable.class)),
-					with((long) pollingInterval), with(MILLISECONDS));
-			will(returnValue(future));
-			// connectToContact()
-			// Check whether the contact is already connected
-			oneOf(connectionRegistry).isConnected(contactId, transportId);
-			will(returnValue(false));
-			// Get the transport properties
-			oneOf(transportPropertyManager).getRemoteProperties(contactId,
-					transportId);
-			will(returnValue(properties));
-			// Connect to the contact
-			oneOf(plugin).createConnection(properties);
-			will(returnValue(duplexConnection));
-			// Pass the connection to the connection manager
-			oneOf(connectionManager).manageOutgoingConnection(contactId,
-					transportId, duplexConnection);
 		}});
+		expectReschedule(plugin);
+		expectReconnect(plugin, duplexConnection);
 
 		poller.eventOccurred(new ConnectionClosedEvent(contactId, transportId,
-				false));
+				false, true));
+	}
+
+	@Test
+	public void testRescheduleOnIncomingConnectionClosed() {
+		DuplexPlugin plugin = context.mock(DuplexPlugin.class);
+
+		context.checking(new Expectations() {{
+			allowing(plugin).getId();
+			will(returnValue(transportId));
+		}});
+		expectReschedule(plugin);
+
+		poller.eventOccurred(new ConnectionClosedEvent(contactId, transportId,
+				true, false));
+	}
+
+	@Test
+	public void testRescheduleOnIncomingConnectionFailed() {
+		DuplexPlugin plugin = context.mock(DuplexPlugin.class);
+
+		context.checking(new Expectations() {{
+			allowing(plugin).getId();
+			will(returnValue(transportId));
+		}});
+		expectReschedule(plugin);
+
+		poller.eventOccurred(new ConnectionClosedEvent(contactId, transportId,
+				true, false));
 	}
 
 	@Test
@@ -354,7 +363,7 @@ public class PollerImplTest extends BrambleMockTestCase {
 			// Get the transport properties and connected contacts
 			oneOf(transportPropertyManager).getRemoteProperties(transportId);
 			will(returnValue(singletonMap(contactId, properties)));
-			oneOf(connectionRegistry).getConnectedContacts(transportId);
+			oneOf(connectionRegistry).getConnectedOrBetterContacts(transportId);
 			will(returnValue(emptyList()));
 			// Poll the plugin
 			oneOf(plugin).poll(with(collectionOf(
@@ -397,7 +406,7 @@ public class PollerImplTest extends BrambleMockTestCase {
 			// Get the transport properties and connected contacts
 			oneOf(transportPropertyManager).getRemoteProperties(transportId);
 			will(returnValue(singletonMap(contactId, properties)));
-			oneOf(connectionRegistry).getConnectedContacts(transportId);
+			oneOf(connectionRegistry).getConnectedOrBetterContacts(transportId);
 			will(returnValue(singletonList(contactId)));
 			// All contacts are connected, so don't poll the plugin
 		}});
@@ -431,4 +440,48 @@ public class PollerImplTest extends BrambleMockTestCase {
 		poller.eventOccurred(new TransportEnabledEvent(transportId));
 		poller.eventOccurred(new TransportDisabledEvent(transportId));
 	}
+
+	private void expectReschedule(Plugin plugin) {
+		context.checking(new Expectations() {{
+			// Get the plugin
+			oneOf(pluginManager).getPlugin(transportId);
+			will(returnValue(plugin));
+			// The plugin supports polling
+			oneOf(plugin).shouldPoll();
+			will(returnValue(true));
+			// Schedule the next poll
+			oneOf(plugin).getPollingInterval();
+			will(returnValue(pollingInterval));
+			oneOf(clock).currentTimeMillis();
+			will(returnValue(now));
+			oneOf(scheduler).schedule(with(any(Runnable.class)),
+					with((long) pollingInterval), with(MILLISECONDS));
+			will(returnValue(future));
+		}});
+	}
+
+	private void expectReconnect(DuplexPlugin plugin,
+			DuplexTransportConnection duplexConnection) throws Exception {
+		context.checking(new Expectations() {{
+			// Get the plugin
+			oneOf(pluginManager).getPlugin(transportId);
+			will(returnValue(plugin));
+			// The plugin supports polling
+			oneOf(plugin).shouldPoll();
+			will(returnValue(true));
+			// Check whether the contact is already connected
+			oneOf(connectionRegistry).isConnected(contactId, transportId);
+			will(returnValue(false));
+			// Get the transport properties
+			oneOf(transportPropertyManager).getRemoteProperties(contactId,
+					transportId);
+			will(returnValue(properties));
+			// Connect to the contact
+			oneOf(plugin).createConnection(properties);
+			will(returnValue(duplexConnection));
+			// Pass the connection to the connection manager
+			oneOf(connectionManager).manageOutgoingConnection(contactId,
+					transportId, duplexConnection);
+		}});
+	}
 }

bramble-core/src/test/java/org/briarproject/bramble/properties/TransportPropertyManagerImplTest.java

@@ -24,14 +24,18 @@ import org.briarproject.bramble.test.DbExpectations;
 import org.jmock.Expectations;
 import org.junit.Test;
 
-import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
 import static java.util.Arrays.asList;
+import static java.util.Collections.emptyMap;
 import static java.util.Collections.singletonList;
 import static java.util.Collections.singletonMap;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.GROUP_KEY_DISCOVERED;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MSG_KEY_LOCAL;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MSG_KEY_TRANSPORT_ID;
+import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MSG_KEY_VERSION;
 import static org.briarproject.bramble.api.properties.TransportPropertyManager.CLIENT_ID;
 import static org.briarproject.bramble.api.properties.TransportPropertyManager.MAJOR_VERSION;
 import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
@@ -186,25 +190,25 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		Message message = getMessage(contactGroupId);
 		Metadata meta = new Metadata();
 		BdfDictionary metaDictionary = BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 2),
+				new BdfEntry(MSG_KEY_VERSION, 2),
-				new BdfEntry("local", false)
+				new BdfEntry(MSG_KEY_LOCAL, false)
 		);
 		Map<MessageId, BdfDictionary> messageMetadata =
 				new LinkedHashMap<>();
 		// A remote update for another transport should be ignored
 		MessageId barUpdateId = new MessageId(getRandomId());
 		messageMetadata.put(barUpdateId, BdfDictionary.of(
-				new BdfEntry("transportId", "bar"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "bar"),
-				new BdfEntry("version", 1),
+				new BdfEntry(MSG_KEY_VERSION, 1),
-				new BdfEntry("local", false)
+				new BdfEntry(MSG_KEY_LOCAL, false)
 		));
 		// A local update for the same transport should be ignored
 		MessageId localUpdateId = new MessageId(getRandomId());
 		messageMetadata.put(localUpdateId, BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 1),
+				new BdfEntry(MSG_KEY_VERSION, 1),
-				new BdfEntry("local", true)
+				new BdfEntry(MSG_KEY_LOCAL, true)
 		));
 
 		context.checking(new Expectations() {{
@@ -228,18 +232,18 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		Metadata meta = new Metadata();
 		// Version 4 is being delivered
 		BdfDictionary metaDictionary = BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 4),
+				new BdfEntry(MSG_KEY_VERSION, 4),
-				new BdfEntry("local", false)
+				new BdfEntry(MSG_KEY_LOCAL, false)
 		);
 		Map<MessageId, BdfDictionary> messageMetadata =
 				new LinkedHashMap<>();
 		// An older remote update for the same transport should be deleted
 		MessageId fooVersion3 = new MessageId(getRandomId());
 		messageMetadata.put(fooVersion3, BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 3),
+				new BdfEntry(MSG_KEY_VERSION, 3),
-				new BdfEntry("local", false)
+				new BdfEntry(MSG_KEY_LOCAL, false)
 		));
 
 		context.checking(new Expectations() {{
@@ -265,18 +269,18 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		Metadata meta = new Metadata();
 		// Version 3 is being delivered
 		BdfDictionary metaDictionary = BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 3),
+				new BdfEntry(MSG_KEY_VERSION, 3),
-				new BdfEntry("local", false)
+				new BdfEntry(MSG_KEY_LOCAL, false)
 		);
 		Map<MessageId, BdfDictionary> messageMetadata =
 				new LinkedHashMap<>();
 		// A newer remote update for the same transport should not be deleted
 		MessageId fooVersion4 = new MessageId(getRandomId());
 		messageMetadata.put(fooVersion4, BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 4),
+				new BdfEntry(MSG_KEY_VERSION, 4),
-				new BdfEntry("local", false)
+				new BdfEntry(MSG_KEY_LOCAL, false)
 		));
 
 		context.checking(new Expectations() {{
@@ -342,9 +346,9 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		// A local update for another transport should be ignored
 		MessageId barUpdateId = new MessageId(getRandomId());
 		messageMetadata.put(barUpdateId, BdfDictionary.of(
-				new BdfEntry("transportId", "bar"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "bar"),
-				new BdfEntry("version", 1),
+				new BdfEntry(MSG_KEY_VERSION, 1),
-				new BdfEntry("local", true)
+				new BdfEntry(MSG_KEY_LOCAL, true)
 		));
 
 		context.checking(new DbExpectations() {{
@@ -366,16 +370,16 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		// A local update for another transport should be ignored
 		MessageId barUpdateId = new MessageId(getRandomId());
 		messageMetadata.put(barUpdateId, BdfDictionary.of(
-				new BdfEntry("transportId", "bar"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "bar"),
-				new BdfEntry("version", 1),
+				new BdfEntry(MSG_KEY_VERSION, 1),
-				new BdfEntry("local", true)
+				new BdfEntry(MSG_KEY_LOCAL, true)
 		));
 		// A local update for the right transport should be returned
 		MessageId fooUpdateId = new MessageId(getRandomId());
 		messageMetadata.put(fooUpdateId, BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 1),
+				new BdfEntry(MSG_KEY_VERSION, 1),
-				new BdfEntry("local", true)
+				new BdfEntry(MSG_KEY_LOCAL, true)
 		));
 		BdfList fooUpdate = BdfList.of("foo", 1, fooPropertiesDict);
 
@@ -405,28 +409,28 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		List<Contact> contacts = asList(contact1, contact2);
 		Group contactGroup1 = getGroup(CLIENT_ID, MAJOR_VERSION);
 		Group contactGroup2 = getGroup(CLIENT_ID, MAJOR_VERSION);
-		Map<MessageId, BdfDictionary> messageMetadata2 =
+		Map<MessageId, BdfDictionary> messageMetadata =
 				new LinkedHashMap<>();
 		// A remote update for another transport should be ignored
 		MessageId barUpdateId = new MessageId(getRandomId());
-		messageMetadata2.put(barUpdateId, BdfDictionary.of(
+		messageMetadata.put(barUpdateId, BdfDictionary.of(
-				new BdfEntry("transportId", "bar"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "bar"),
-				new BdfEntry("version", 1),
+				new BdfEntry(MSG_KEY_VERSION, 1),
-				new BdfEntry("local", false)
+				new BdfEntry(MSG_KEY_LOCAL, false)
 		));
 		// A local update for the right transport should be ignored
 		MessageId localUpdateId = new MessageId(getRandomId());
-		messageMetadata2.put(localUpdateId, BdfDictionary.of(
+		messageMetadata.put(localUpdateId, BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 1),
+				new BdfEntry(MSG_KEY_VERSION, 1),
-				new BdfEntry("local", true)
+				new BdfEntry(MSG_KEY_LOCAL, true)
 		));
 		// A remote update for the right transport should be returned
 		MessageId fooUpdateId = new MessageId(getRandomId());
-		messageMetadata2.put(fooUpdateId, BdfDictionary.of(
+		messageMetadata.put(fooUpdateId, BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 1),
+				new BdfEntry(MSG_KEY_VERSION, 1),
-				new BdfEntry("local", false)
+				new BdfEntry(MSG_KEY_LOCAL, false)
 		));
 		BdfList fooUpdate = BdfList.of("foo", 1, fooPropertiesDict);
 
@@ -440,19 +444,25 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 			will(returnValue(contactGroup1));
 			oneOf(clientHelper).getMessageMetadataAsDictionary(txn,
 					contactGroup1.getId());
-			will(returnValue(Collections.emptyMap()));
+			will(returnValue(emptyMap()));
+			oneOf(clientHelper).getGroupMetadataAsDictionary(txn,
+					contactGroup1.getId());
+			will(returnValue(new BdfDictionary()));
 			// Second contact: returns an update
 			oneOf(contactGroupFactory).createContactGroup(CLIENT_ID,
 					MAJOR_VERSION, contact2);
 			will(returnValue(contactGroup2));
 			oneOf(clientHelper).getMessageMetadataAsDictionary(txn,
 					contactGroup2.getId());
-			will(returnValue(messageMetadata2));
+			will(returnValue(messageMetadata));
 			oneOf(clientHelper).getMessageAsList(txn, fooUpdateId);
 			will(returnValue(fooUpdate));
 			oneOf(clientHelper).parseAndValidateTransportProperties(
 					fooPropertiesDict);
 			will(returnValue(fooProperties));
+			oneOf(clientHelper).getGroupMetadataAsDictionary(txn,
+					contactGroup2.getId());
+			will(returnValue(new BdfDictionary()));
 		}});
 
 		TransportPropertyManagerImpl t = createInstance();
@@ -463,6 +473,62 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		assertEquals(fooProperties, properties.get(contact2.getId()));
 	}
 
+	@Test
+	public void testReceivePropertiesOverrideDiscoveredProperties()
+			throws Exception {
+		Transaction txn = new Transaction(null, true);
+		Contact contact = getContact();
+		List<Contact> contacts = singletonList(contact);
+		Group contactGroup = getGroup(CLIENT_ID, MAJOR_VERSION);
+		MessageId updateId = new MessageId(getRandomId());
+		Map<MessageId, BdfDictionary> messageMetadata = singletonMap(updateId,
+				BdfDictionary.of(
+						new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
+						new BdfEntry(MSG_KEY_VERSION, 1),
+						new BdfEntry(MSG_KEY_LOCAL, false)
+				));
+		BdfList update = BdfList.of("foo", 1, fooPropertiesDict);
+		TransportProperties discovered = new TransportProperties();
+		discovered.put("fooKey1", "overridden");
+		discovered.put("fooKey3", "fooValue3");
+		BdfDictionary discoveredDict = new BdfDictionary(discovered);
+		BdfDictionary groupMeta = BdfDictionary.of(
+				new BdfEntry(GROUP_KEY_DISCOVERED, discoveredDict)
+		);
+		TransportProperties merged = new TransportProperties();
+		merged.putAll(fooProperties);
+		merged.put("fooKey3", "fooValue3");
+
+		context.checking(new DbExpectations() {{
+			oneOf(db).transactionWithResult(with(true), withDbCallable(txn));
+			oneOf(db).getContacts(txn);
+			will(returnValue(contacts));
+			// One update
+			oneOf(contactGroupFactory).createContactGroup(CLIENT_ID,
+					MAJOR_VERSION, contact);
+			will(returnValue(contactGroup));
+			oneOf(clientHelper).getMessageMetadataAsDictionary(txn,
+					contactGroup.getId());
+			will(returnValue(messageMetadata));
+			oneOf(clientHelper).getMessageAsList(txn, updateId);
+			will(returnValue(update));
+			oneOf(clientHelper).parseAndValidateTransportProperties(
+					fooPropertiesDict);
+			will(returnValue(fooProperties));
+			oneOf(clientHelper).getGroupMetadataAsDictionary(txn,
+					contactGroup.getId());
+			will(returnValue(groupMeta));
+			oneOf(clientHelper).parseAndValidateTransportProperties(
+					discoveredDict);
+			will(returnValue(discovered));
+		}});
+
+		TransportPropertyManagerImpl t = createInstance();
+		Map<ContactId, TransportProperties> properties =
+				t.getRemoteProperties(new TransportId("foo"));
+		assertEquals(merged, properties.get(contact.getId()));
+	}
+
 	@Test
 	public void testMergingUnchangedPropertiesDoesNotCreateUpdate()
 			throws Exception {
@@ -470,9 +536,9 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		MessageId updateId = new MessageId(getRandomId());
 		Map<MessageId, BdfDictionary> messageMetadata = singletonMap(updateId,
 				BdfDictionary.of(
-						new BdfEntry("transportId", "foo"),
+						new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-						new BdfEntry("version", 1),
+						new BdfEntry(MSG_KEY_VERSION, 1),
-						new BdfEntry("local", true)
+						new BdfEntry(MSG_KEY_LOCAL, true)
 				));
 		BdfList update = BdfList.of("foo", 1, fooPropertiesDict);
 
@@ -505,7 +571,7 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 			// There are no existing properties to merge with
 			oneOf(clientHelper).getMessageMetadataAsDictionary(txn,
 					localGroup.getId());
-			will(returnValue(Collections.emptyMap()));
+			will(returnValue(emptyMap()));
 			// Store the new properties in the local group, version 1
 			expectStoreMessage(txn, localGroup.getId(), "foo",
 					fooPropertiesDict, 1, true, false);
@@ -517,7 +583,7 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 			will(returnValue(contactGroup));
 			oneOf(clientHelper).getMessageMetadataAsDictionary(txn,
 					contactGroup.getId());
-			will(returnValue(Collections.emptyMap()));
+			will(returnValue(emptyMap()));
 			expectStoreMessage(txn, contactGroup.getId(), "foo",
 					fooPropertiesDict, 1, true, true);
 		}});
@@ -532,9 +598,9 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		Contact contact = getContact();
 		Group contactGroup = getGroup(CLIENT_ID, MAJOR_VERSION);
 		BdfDictionary oldMetadata = BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 1),
+				new BdfEntry(MSG_KEY_VERSION, 1),
-				new BdfEntry("local", true)
+				new BdfEntry(MSG_KEY_LOCAL, true)
 		);
 		MessageId localGroupUpdateId = new MessageId(getRandomId());
 		Map<MessageId, BdfDictionary> localGroupMessageMetadata =
@@ -589,14 +655,14 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		// The latest update for transport "foo" should be returned
 		MessageId fooVersion999 = new MessageId(getRandomId());
 		messageMetadata.put(fooVersion999, BdfDictionary.of(
-				new BdfEntry("transportId", "foo"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "foo"),
-				new BdfEntry("version", 999)
+				new BdfEntry(MSG_KEY_VERSION, 999)
 		));
 		// The latest update for transport "bar" should be returned
 		MessageId barVersion3 = new MessageId(getRandomId());
 		messageMetadata.put(barVersion3, BdfDictionary.of(
-				new BdfEntry("transportId", "bar"),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, "bar"),
-				new BdfEntry("version", 3)
+				new BdfEntry(MSG_KEY_VERSION, 3)
 		));
 		BdfList fooUpdate = BdfList.of("foo", 999, fooPropertiesDict);
 		BdfList barUpdate = BdfList.of("bar", 3, barPropertiesDict);
@@ -627,9 +693,9 @@ public class TransportPropertyManagerImplTest extends BrambleMockTestCase {
 		Message message = getMessage(g);
 		long timestamp = message.getTimestamp();
 		BdfDictionary meta = BdfDictionary.of(
-				new BdfEntry("transportId", transportId),
+				new BdfEntry(MSG_KEY_TRANSPORT_ID, transportId),
-				new BdfEntry("version", version),
+				new BdfEntry(MSG_KEY_VERSION, version),
-				new BdfEntry("local", local)
+				new BdfEntry(MSG_KEY_LOCAL, local)
 		);
 
 		context.checking(new Expectations() {{

bramble-core/src/test/java/org/briarproject/bramble/rendezvous/RendezvousPollerImplTest.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.rendezvous;
 
+import org.briarproject.bramble.api.connection.ConnectionManager;
 import org.briarproject.bramble.api.contact.PendingContact;
 import org.briarproject.bramble.api.contact.PendingContactState;
 import org.briarproject.bramble.api.contact.event.PendingContactAddedEvent;
@@ -13,7 +14,6 @@ import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.identity.IdentityManager;
 import org.briarproject.bramble.api.plugin.ConnectionHandler;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
 import org.briarproject.bramble.api.plugin.PluginManager;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;

bramble-core/src/test/java/org/briarproject/bramble/sync/SyncRecordReaderImplTest.java

@@ -8,6 +8,7 @@ import org.briarproject.bramble.api.record.RecordReader;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.MessageFactory;
 import org.briarproject.bramble.api.sync.Offer;
+import org.briarproject.bramble.api.sync.Priority;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.api.sync.SyncRecordReader;
 import org.briarproject.bramble.api.sync.Versions;
@@ -24,11 +25,14 @@ import javax.annotation.Nullable;
 import static org.briarproject.bramble.api.record.Record.MAX_RECORD_PAYLOAD_BYTES;
 import static org.briarproject.bramble.api.sync.RecordTypes.ACK;
 import static org.briarproject.bramble.api.sync.RecordTypes.OFFER;
+import static org.briarproject.bramble.api.sync.RecordTypes.PRIORITY;
 import static org.briarproject.bramble.api.sync.RecordTypes.REQUEST;
 import static org.briarproject.bramble.api.sync.RecordTypes.VERSIONS;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_IDS;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_SUPPORTED_VERSIONS;
+import static org.briarproject.bramble.api.sync.SyncConstants.PRIORITY_NONCE_BYTES;
 import static org.briarproject.bramble.api.sync.SyncConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
 import static org.briarproject.bramble.test.TestUtils.getRandomId;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@@ -119,6 +123,31 @@ public class SyncRecordReaderImplTest extends BrambleMockTestCase {
 		reader.readVersions();
 	}
 
+	@Test(expected = FormatException.class)
+	public void testFormatExceptionIfPriorityNonceIsTooSmall()
+			throws Exception {
+		expectReadRecord(createPriority(PRIORITY_NONCE_BYTES - 1));
+
+		reader.readPriority();
+	}
+
+	@Test(expected = FormatException.class)
+	public void testFormatExceptionIfPriorityNonceIsTooLarge()
+			throws Exception {
+		expectReadRecord(createPriority(PRIORITY_NONCE_BYTES + 1));
+
+		reader.readPriority();
+	}
+
+	@Test
+	public void testNoFormatExceptionIfPriorityNonceIsCorrectSize()
+			throws Exception {
+		expectReadRecord(createPriority(PRIORITY_NONCE_BYTES));
+
+		Priority priority = reader.readPriority();
+		assertEquals(PRIORITY_NONCE_BYTES, priority.getNonce().length);
+	}
+
 	@Test
 	public void testEofReturnsTrueWhenAtEndOfStream() throws Exception {
 		expectReadRecord(createAck());
@@ -173,6 +202,11 @@ public class SyncRecordReaderImplTest extends BrambleMockTestCase {
 		return new Record(PROTOCOL_VERSION, VERSIONS, payload);
 	}
 
+	private Record createPriority(int nonceBytes) {
+		byte[] payload = getRandomBytes(nonceBytes);
+		return new Record(PROTOCOL_VERSION, PRIORITY, payload);
+	}
+
 	private byte[] createPayload() throws Exception {
 		ByteArrayOutputStream payload = new ByteArrayOutputStream();
 		while (payload.size() + UniqueId.LENGTH <= MAX_RECORD_PAYLOAD_BYTES) {

bramble-core/src/test/java/org/briarproject/bramble/test/TestDuplexTransportConnection.java

@@ -4,6 +4,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportConnectionReader;
 import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportProperties;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -37,6 +38,11 @@ public class TestDuplexTransportConnection
 		return writer;
 	}
 
+	@Override
+	public TransportProperties getRemoteProperties() {
+		return new TransportProperties();
+	}
+
 	/**
 	 * Creates and returns a pair of TestDuplexTransportConnections that are
 	 * connected to each other.

bramble-core/src/test/java/org/briarproject/bramble/test/TestPluginConfigModule.java

@@ -10,12 +10,15 @@ import org.briarproject.bramble.api.plugin.simplex.SimplexPlugin;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 
 import java.util.Collection;
+import java.util.List;
+import java.util.Map;
 
 import javax.annotation.Nullable;
 
 import dagger.Module;
 import dagger.Provides;
 
+import static java.util.Collections.emptyMap;
 import static java.util.Collections.singletonList;
 import static org.briarproject.bramble.test.TestUtils.getTransportId;
 
@@ -85,6 +88,12 @@ public class TestPluginConfigModule {
 			public boolean shouldPoll() {
 				return false;
 			}
+
+			@Override
+			public Map<TransportId, List<TransportId>> getTransportPreferences() {
+				return emptyMap();
+			}
+
 		};
 		return pluginConfig;
 	}

bramble-java/build.gradle

@@ -16,7 +16,7 @@ dependencies {
 	implementation fileTree(dir: 'libs', include: '*.jar')
 	implementation 'net.java.dev.jna:jna:4.5.2'
 	implementation 'net.java.dev.jna:jna-platform:4.5.2'
-	tor 'org.briarproject:tor:0.3.5.9@zip'
+	tor 'org.briarproject:tor:0.3.5.10@zip'
 	tor 'org.briarproject:obfs4proxy:0.0.7@zip'
 
 	annotationProcessor 'com.google.dagger:dagger-compiler:2.24'

bramble-java/src/main/java/org/briarproject/bramble/plugin/DesktopPluginModule.java

@@ -1,11 +1,15 @@
 package org.briarproject.bramble.plugin;
 
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.lifecycle.ShutdownManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
+import org.briarproject.bramble.api.plugin.BluetoothConstants;
+import org.briarproject.bramble.api.plugin.LanTcpConstants;
 import org.briarproject.bramble.api.plugin.PluginConfig;
+import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 import org.briarproject.bramble.api.reliability.ReliabilityLayerFactory;
@@ -16,6 +20,8 @@ import org.briarproject.bramble.plugin.tcp.WanTcpPluginFactory;
 
 import java.security.SecureRandom;
 import java.util.Collection;
+import java.util.List;
+import java.util.Map;
 import java.util.concurrent.Executor;
 
 import dagger.Module;
@@ -23,6 +29,8 @@ import dagger.Provides;
 
 import static java.util.Arrays.asList;
 import static java.util.Collections.emptyList;
+import static java.util.Collections.singletonList;
+import static java.util.Collections.singletonMap;
 
 @Module
 public class DesktopPluginModule extends PluginModule {
@@ -31,10 +39,10 @@ public class DesktopPluginModule extends PluginModule {
 	PluginConfig getPluginConfig(@IoExecutor Executor ioExecutor,
 			SecureRandom random, BackoffFactory backoffFactory,
 			ReliabilityLayerFactory reliabilityFactory,
-			ShutdownManager shutdownManager, EventBus eventBus) {
+			ShutdownManager shutdownManager, EventBus eventBus,
-		DuplexPluginFactory bluetooth =
+			TimeoutMonitor timeoutMonitor) {
-				new JavaBluetoothPluginFactory(ioExecutor, random, eventBus,
+		DuplexPluginFactory bluetooth = new JavaBluetoothPluginFactory(
-						backoffFactory);
+				ioExecutor, random, eventBus, timeoutMonitor, backoffFactory);
 		DuplexPluginFactory modem = new ModemPluginFactory(ioExecutor,
 				reliabilityFactory);
 		DuplexPluginFactory lan = new LanTcpPluginFactory(ioExecutor,
@@ -60,6 +68,13 @@ public class DesktopPluginModule extends PluginModule {
 			public boolean shouldPoll() {
 				return true;
 			}
+
+			@Override
+			public Map<TransportId, List<TransportId>> getTransportPreferences() {
+				// Prefer LAN to Bluetooth
+				return singletonMap(BluetoothConstants.ID,
+						singletonList(LanTcpConstants.ID));
+			}
 		};
 		return pluginConfig;
 	}

bramble-java/src/main/java/org/briarproject/bramble/plugin/bluetooth/JavaBluetoothPlugin.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.plugin.bluetooth;
 
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
@@ -34,10 +35,11 @@ class JavaBluetoothPlugin extends BluetoothPlugin<StreamConnectionNotifier> {
 	private volatile LocalDevice localDevice = null;
 
 	JavaBluetoothPlugin(BluetoothConnectionLimiter connectionManager,
-			Executor ioExecutor, SecureRandom secureRandom,
+			TimeoutMonitor timeoutMonitor, Executor ioExecutor,
-			Backoff backoff, PluginCallback callback, int maxLatency) {
+			SecureRandom secureRandom, Backoff backoff,
-		super(connectionManager, ioExecutor, secureRandom, backoff, callback,
+			PluginCallback callback, int maxLatency, int maxIdleTime) {
-				maxLatency);
+		super(connectionManager, timeoutMonitor, ioExecutor, secureRandom,
+				backoff, callback, maxLatency, maxIdleTime);
 	}
 
 	@Override
@@ -119,7 +121,9 @@ class JavaBluetoothPlugin extends BluetoothPlugin<StreamConnectionNotifier> {
 		return "btspp://" + address + ":" + uuid + ";name=RFCOMM";
 	}
 
-	private DuplexTransportConnection wrapSocket(StreamConnection s) {
+	private DuplexTransportConnection wrapSocket(StreamConnection s)
-		return new JavaBluetoothTransportConnection(this, connectionLimiter, s);
+			throws IOException {
+		return new JavaBluetoothTransportConnection(this, connectionLimiter,
+				timeoutMonitor, s);
 	}
 }

bramble-java/src/main/java/org/briarproject/bramble/plugin/bluetooth/JavaBluetoothPluginFactory.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.plugin.bluetooth;
 
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
@@ -21,22 +22,25 @@ import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
 public class JavaBluetoothPluginFactory implements DuplexPluginFactory {
 
 	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
+	private static final int MAX_IDLE_TIME = 30 * 1000; // 30 seconds
 	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
 	private static final int MAX_POLLING_INTERVAL = 10 * 60 * 1000; // 10 mins
 	private static final double BACKOFF_BASE = 1.2;
 
 	private final Executor ioExecutor;
 	private final SecureRandom secureRandom;
-	private final BackoffFactory backoffFactory;
 	private final EventBus eventBus;
+	private final TimeoutMonitor timeoutMonitor;
+	private final BackoffFactory backoffFactory;
 
 	public JavaBluetoothPluginFactory(Executor ioExecutor,
 			SecureRandom secureRandom, EventBus eventBus,
-			BackoffFactory backoffFactory) {
+			TimeoutMonitor timeoutMonitor, BackoffFactory backoffFactory) {
 		this.ioExecutor = ioExecutor;
 		this.secureRandom = secureRandom;
-		this.backoffFactory = backoffFactory;
 		this.eventBus = eventBus;
+		this.timeoutMonitor = timeoutMonitor;
+		this.backoffFactory = backoffFactory;
 	}
 
 	@Override
@@ -56,7 +60,8 @@ public class JavaBluetoothPluginFactory implements DuplexPluginFactory {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		JavaBluetoothPlugin plugin = new JavaBluetoothPlugin(connectionLimiter,
-				ioExecutor, secureRandom, backoff, callback, MAX_LATENCY);
+				timeoutMonitor, ioExecutor, secureRandom, backoff, callback,
+				MAX_LATENCY, MAX_IDLE_TIME);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-java/src/main/java/org/briarproject/bramble/plugin/bluetooth/JavaBluetoothTransportConnection.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.plugin.bluetooth;
 
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.duplex.AbstractDuplexTransportConnection;
@@ -14,20 +15,24 @@ import javax.microedition.io.StreamConnection;
 class JavaBluetoothTransportConnection
 		extends AbstractDuplexTransportConnection {
 
-	private final BluetoothConnectionLimiter connectionManager;
+	private final BluetoothConnectionLimiter connectionLimiter;
 	private final StreamConnection stream;
+	private final InputStream in;
 
 	JavaBluetoothTransportConnection(Plugin plugin,
-			BluetoothConnectionLimiter connectionManager,
+			BluetoothConnectionLimiter connectionLimiter,
-			StreamConnection stream) {
+			TimeoutMonitor timeoutMonitor,
+			StreamConnection stream) throws IOException {
 		super(plugin);
+		this.connectionLimiter = connectionLimiter;
 		this.stream = stream;
-		this.connectionManager = connectionManager;
+		in = timeoutMonitor.createTimeoutInputStream(
+				stream.openInputStream(), plugin.getMaxIdleTime() * 2);
 	}
 
 	@Override
-	protected InputStream getInputStream() throws IOException {
+	protected InputStream getInputStream() {
-		return stream.openInputStream();
+		return in;
 	}
 
 	@Override
@@ -40,7 +45,7 @@ class JavaBluetoothTransportConnection
 		try {
 			stream.close();
 		} finally {
-			connectionManager.connectionClosed(this);
+			connectionLimiter.connectionClosed(this);
 		}
 	}
 }

bramble-java/witness.gradle

@@ -24,7 +24,7 @@ dependencyVerification {
         'org.apache.ant:ant:1.9.4:ant-1.9.4.jar:649ae0730251de07b8913f49286d46bba7b92d47c5f332610aa426c4f02161d8',
         'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8',
         'org.briarproject:obfs4proxy:0.0.7:obfs4proxy-0.0.7.zip:5b2f693262ce43a7e130f7cc7d5d1617925330640a2eb6d71085e95df8ee0642',
-        'org.briarproject:tor:0.3.5.9:tor-0.3.5.9.zip:6c3994b129db019cc23caaf50d6b4383903c40d05fbc47fc94211170a3e5d38c',
+        'org.briarproject:tor:0.3.5.10:tor-0.3.5.10.zip:7b387d3523ae8af289c23be59dc4c64ec5d3721385d7825a09705095e3318d5c',
         'org.checkerframework:checker-compat-qual:2.5.3:checker-compat-qual-2.5.3.jar:d76b9afea61c7c082908023f0cbc1427fab9abd2df915c8b8a3e7a509bccbc6d',
         'org.checkerframework:checker-qual:2.5.2:checker-qual-2.5.2.jar:64b02691c8b9d4e7700f8ee2e742dce7ea2c6e81e662b7522c9ee3bf568c040a',
         'org.codehaus.mojo:animal-sniffer-annotations:1.17:animal-sniffer-annotations-1.17.jar:92654f493ecfec52082e76354f0ebf87648dc3d5cec2e3c3cdb947c016747a53',

briar-android/src/androidTestScreenshot/java/org/briarproject/briar/android/ScreenshotTest.java

@@ -3,7 +3,7 @@ package org.briarproject.briar.android;
 import android.app.Activity;
 import android.util.Log;
 
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.briar.api.test.TestDataCreator;
 import org.junit.ClassRule;

briar-android/src/androidTestScreenshot/java/org/briarproject/briar/android/SetupDataTest.java

@@ -120,7 +120,8 @@ public class SetupDataTest extends ScreenshotTest {
 
 		// TODO add messages
 
-		connectionRegistry.registerConnection(bob.getId(), ID, true);
+		connectionRegistry.registerConnection(bob.getId(), ID, () -> {
+		}, true);
 	}
 
 }

briar-android/src/main/java/org/briarproject/briar/android/AndroidComponent.java

@@ -7,6 +7,7 @@ import org.briarproject.bramble.BrambleCoreModule;
 import org.briarproject.bramble.account.BriarAccountModule;
 import org.briarproject.bramble.api.FeatureFlags;
 import org.briarproject.bramble.api.account.AccountManager;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
 import org.briarproject.bramble.api.contact.ContactExchangeManager;
 import org.briarproject.bramble.api.contact.ContactManager;
 import org.briarproject.bramble.api.crypto.CryptoExecutor;
@@ -19,7 +20,6 @@ import org.briarproject.bramble.api.keyagreement.PayloadEncoder;
 import org.briarproject.bramble.api.keyagreement.PayloadParser;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.PluginManager;
 import org.briarproject.bramble.api.settings.SettingsManager;
 import org.briarproject.bramble.api.system.AndroidExecutor;

briar-android/src/main/java/org/briarproject/briar/android/AndroidKeyStrengthener.java

@@ -28,7 +28,9 @@ import static android.security.keystore.KeyProperties.PURPOSE_SIGN;
 import static java.util.Arrays.asList;
 import static java.util.Collections.singletonList;
 import static java.util.logging.Level.INFO;
+import static java.util.logging.Level.WARNING;
 import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.util.LogUtils.logException;
 
 @RequiresApi(23)
 @NotNullByDefault
@@ -79,7 +81,10 @@ class AndroidKeyStrengthener implements KeyStrengthener {
 				return true;
 			}
 			return false;
-		} catch (GeneralSecurityException | IOException e) {
+		} catch (GeneralSecurityException e) {
+			logException(LOG, WARNING, e);
+			return false;
+		} catch (IOException e) {
 			throw new RuntimeException(e);
 		}
 	}

briar-android/src/main/java/org/briarproject/briar/android/AppModule.java

@@ -14,12 +14,16 @@ import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.event.EventBus;
+import org.briarproject.bramble.api.io.TimeoutMonitor;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.network.NetworkManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
+import org.briarproject.bramble.api.plugin.BluetoothConstants;
+import org.briarproject.bramble.api.plugin.LanTcpConstants;
 import org.briarproject.bramble.api.plugin.PluginConfig;
+import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 import org.briarproject.bramble.api.reporting.DevConfig;
@@ -36,6 +40,7 @@ import org.briarproject.bramble.util.AndroidUtils;
 import org.briarproject.bramble.util.StringUtils;
 import org.briarproject.briar.android.account.LockManagerImpl;
 import org.briarproject.briar.android.keyagreement.ContactExchangeModule;
+import org.briarproject.briar.android.login.LoginModule;
 import org.briarproject.briar.android.viewmodel.ViewModelModule;
 import org.briarproject.briar.api.android.AndroidNotificationManager;
 import org.briarproject.briar.api.android.DozeWatchdog;
@@ -46,6 +51,8 @@ import java.io.File;
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
 import java.util.Collection;
+import java.util.List;
+import java.util.Map;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ScheduledExecutorService;
 
@@ -60,11 +67,17 @@ import static android.content.Context.MODE_PRIVATE;
 import static android.os.Build.VERSION.SDK_INT;
 import static java.util.Arrays.asList;
 import static java.util.Collections.emptyList;
+import static java.util.Collections.singletonList;
+import static java.util.Collections.singletonMap;
 import static org.briarproject.bramble.api.reporting.ReportingConstants.DEV_ONION_ADDRESS;
 import static org.briarproject.bramble.api.reporting.ReportingConstants.DEV_PUBLIC_KEY_HEX;
 import static org.briarproject.briar.android.TestingConstants.IS_DEBUG_BUILD;
 
-@Module(includes = {ContactExchangeModule.class, ViewModelModule.class})
+@Module(includes = {
+		ContactExchangeModule.class,
+		LoginModule.class,
+		ViewModelModule.class
+})
 public class AppModule {
 
 	static class EagerSingletons {
@@ -117,11 +130,12 @@ public class AppModule {
 			LocationUtils locationUtils, EventBus eventBus,
 			ResourceProvider resourceProvider,
 			CircumventionProvider circumventionProvider,
-			BatteryManager batteryManager, Clock clock) {
+			BatteryManager batteryManager, Clock clock,
+			TimeoutMonitor timeoutMonitor) {
 		Context appContext = app.getApplicationContext();
-		DuplexPluginFactory bluetooth =
+		DuplexPluginFactory bluetooth = new AndroidBluetoothPluginFactory(
-				new AndroidBluetoothPluginFactory(ioExecutor, androidExecutor,
+				ioExecutor, androidExecutor, appContext, random, eventBus,
-						appContext, random, eventBus, clock, backoffFactory);
+				clock, timeoutMonitor, backoffFactory);
 		DuplexPluginFactory tor = new AndroidTorPluginFactory(ioExecutor,
 				scheduler, appContext, networkManager, locationUtils, eventBus,
 				torSocketFactory, backoffFactory, resourceProvider,
@@ -146,6 +160,13 @@ public class AppModule {
 			public boolean shouldPoll() {
 				return true;
 			}
+
+			@Override
+			public Map<TransportId, List<TransportId>> getTransportPreferences() {
+				// Prefer LAN to Bluetooth
+				return singletonMap(BluetoothConstants.ID,
+						singletonList(LanTcpConstants.ID));
+			}
 		};
 		return pluginConfig;
 	}

briar-android/src/main/java/org/briarproject/briar/android/activity/ActivityModule.java

@@ -8,8 +8,6 @@ import org.briarproject.briar.android.controller.BriarController;
 import org.briarproject.briar.android.controller.BriarControllerImpl;
 import org.briarproject.briar.android.controller.DbController;
 import org.briarproject.briar.android.controller.DbControllerImpl;
-import org.briarproject.briar.android.login.ChangePasswordController;
-import org.briarproject.briar.android.login.ChangePasswordControllerImpl;
 import org.briarproject.briar.android.navdrawer.NavDrawerController;
 import org.briarproject.briar.android.navdrawer.NavDrawerControllerImpl;
 
@@ -46,13 +44,6 @@ public class ActivityModule {
 		return setupController;
 	}
 
-	@ActivityScope
-	@Provides
-	ChangePasswordController providePasswordController(
-			ChangePasswordControllerImpl passwordController) {
-		return passwordController;
-	}
-
 	@ActivityScope
 	@Provides
 	protected BriarController provideBriarController(
@@ -80,5 +71,4 @@ public class ActivityModule {
 	BriarServiceConnection provideBriarServiceConnection() {
 		return new BriarServiceConnection();
 	}
-
 }

briar-android/src/main/java/org/briarproject/briar/android/activity/BaseActivity.java

@@ -92,6 +92,9 @@ public abstract class BaseActivity extends AppCompatActivity
 				.build();
 		injectActivity(activityComponent);
 		super.onCreate(state);
+		if (LOG.isLoggable(INFO)) {
+			LOG.info("Creating " + getClass().getSimpleName());
+		}
 
 		// WARNING: When removing this or making it possible to turn it off,
 		//          we need a solution for the app lock feature.
@@ -127,8 +130,9 @@ public abstract class BaseActivity extends AppCompatActivity
 	@Override
 	protected void onStart() {
 		super.onStart();
-		if (LOG.isLoggable(INFO))
+		if (LOG.isLoggable(INFO)) {
-			LOG.info("Starting " + this.getClass().getSimpleName());
+			LOG.info("Starting " + getClass().getSimpleName());
+		}
 		for (ActivityLifecycleController alc : lifecycleControllers) {
 			alc.onActivityStart();
 		}
@@ -144,11 +148,28 @@ public abstract class BaseActivity extends AppCompatActivity
 		return (ScreenFilterDialogFragment) f;
 	}
 
+	@Override
+	protected void onResume() {
+		super.onResume();
+		if (LOG.isLoggable(INFO)) {
+			LOG.info("Resuming " + getClass().getSimpleName());
+		}
+	}
+
+	@Override
+	protected void onPause() {
+		super.onPause();
+		if (LOG.isLoggable(INFO)) {
+			LOG.info("Pausing " + getClass().getSimpleName());
+		}
+	}
+
 	@Override
 	protected void onStop() {
 		super.onStop();
-		if (LOG.isLoggable(INFO))
+		if (LOG.isLoggable(INFO)) {
-			LOG.info("Stopping " + this.getClass().getSimpleName());
+			LOG.info("Stopping " + getClass().getSimpleName());
+		}
 		for (ActivityLifecycleController alc : lifecycleControllers) {
 			alc.onActivityStop();
 		}
@@ -203,6 +224,9 @@ public abstract class BaseActivity extends AppCompatActivity
 	@Override
 	protected void onDestroy() {
 		super.onDestroy();
+		if (LOG.isLoggable(INFO)) {
+			LOG.info("Destroying " + getClass().getSimpleName());
+		}
 		destroyed = true;
 		for (ActivityLifecycleController alc : lifecycleControllers) {
 			alc.onActivityDestroy();

briar-android/src/main/java/org/briarproject/briar/android/activity/BriarActivity.java

@@ -95,12 +95,14 @@ public abstract class BriarActivity extends BaseActivity {
 			// Also check that the activity isn't finishing already.
 			// This is possible if we finished in onActivityResult().
 			// Launching another StartupActivity would cause a loop.
+			LOG.info("Not signed in, launching StartupActivity");
 			Intent i = new Intent(this, StartupActivity.class);
 			startActivityForResult(i, REQUEST_PASSWORD);
 		} else if (lockManager.isLocked() && !isFinishing()) {
 			// Also check that the activity isn't finishing already.
 			// This is possible if we finished in onActivityResult().
 			// Launching another UnlockActivity would cause a loop.
+			LOG.info("Locked, launching UnlockActivity");
 			Intent i = new Intent(this, UnlockActivity.class);
 			startActivityForResult(i, REQUEST_UNLOCK);
 		} else if (SDK_INT >= 23) {

briar-android/src/main/java/org/briarproject/briar/android/contact/ContactListFragment.java

@@ -10,6 +10,7 @@ import android.widget.TextView;
 import com.google.android.material.floatingactionbutton.FloatingActionButton;
 import com.google.android.material.snackbar.Snackbar;
 
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
 import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.ContactManager;
@@ -24,7 +25,6 @@ import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
 import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
 import org.briarproject.briar.R;

briar-android/src/main/java/org/briarproject/briar/android/controller/SharingControllerImpl.java

@@ -1,11 +1,11 @@
 package org.briarproject.briar.android.controller;
 
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
 import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
 

briar-android/src/main/java/org/briarproject/briar/android/conversation/ConversationActivity.java

@@ -21,6 +21,7 @@ import com.google.android.material.snackbar.Snackbar;
 
 import org.briarproject.bramble.api.FeatureFlags;
 import org.briarproject.bramble.api.Pair;
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.ContactManager;
 import org.briarproject.bramble.api.contact.event.ContactRemovedEvent;
@@ -33,7 +34,6 @@ import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
 import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
 import org.briarproject.bramble.api.sync.ClientId;

briar-android/src/main/java/org/briarproject/briar/android/introduction/ContactChooserFragment.java

@@ -5,13 +5,13 @@ import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
 
+import org.briarproject.bramble.api.connection.ConnectionRegistry;
 import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.ContactManager;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionRegistry;
 import org.briarproject.briar.R;
 import org.briarproject.briar.android.activity.ActivityComponent;
 import org.briarproject.briar.android.contact.BaseContactListAdapter.OnContactClickListener;

briar-android/src/main/java/org/briarproject/briar/android/keyagreement/ContactExchangeViewModel.java

@@ -2,6 +2,7 @@ package org.briarproject.briar.android.keyagreement;
 
 import android.app.Application;
 
+import org.briarproject.bramble.api.connection.ConnectionManager;
 import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactExchangeManager;
 import org.briarproject.bramble.api.crypto.SecretKey;
@@ -10,7 +11,6 @@ import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 

briar-android/src/main/java/org/briarproject/briar/android/login/ChangePasswordActivity.java

@@ -15,27 +15,33 @@ import android.widget.Toast;
 
 import com.google.android.material.textfield.TextInputLayout;
 
+import org.briarproject.bramble.api.crypto.DecryptionResult;
 import org.briarproject.briar.R;
 import org.briarproject.briar.android.activity.ActivityComponent;
 import org.briarproject.briar.android.activity.BriarActivity;
-import org.briarproject.briar.android.controller.handler.UiResultHandler;
-import org.briarproject.briar.android.util.UiUtils;
 
 import javax.inject.Inject;
 
-import androidx.annotation.NonNull;
+import androidx.annotation.VisibleForTesting;
+import androidx.lifecycle.ViewModelProvider;
+import androidx.lifecycle.ViewModelProviders;
 
 import static android.view.View.INVISIBLE;
 import static android.view.View.VISIBLE;
+import static android.widget.Toast.LENGTH_LONG;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.KEY_STRENGTHENER_ERROR;
+import static org.briarproject.bramble.api.crypto.DecryptionResult.SUCCESS;
 import static org.briarproject.bramble.api.crypto.PasswordStrengthEstimator.QUITE_WEAK;
+import static org.briarproject.briar.android.login.LoginUtils.createKeyStrengthenerErrorDialog;
 import static org.briarproject.briar.android.util.UiUtils.hideSoftKeyboard;
+import static org.briarproject.briar.android.util.UiUtils.setError;
 import static org.briarproject.briar.android.util.UiUtils.showSoftKeyboard;
 
 public class ChangePasswordActivity extends BriarActivity
 		implements OnClickListener, OnEditorActionListener {
 
 	@Inject
-	protected ChangePasswordController passwordController;
+	ViewModelProvider.Factory viewModelFactory;
 
 	private TextInputLayout currentPasswordEntryWrapper;
 	private TextInputLayout newPasswordEntryWrapper;
@@ -47,11 +53,17 @@ public class ChangePasswordActivity extends BriarActivity
 	private Button changePasswordButton;
 	private ProgressBar progress;
 
+	@VisibleForTesting
+	ChangePasswordViewModel viewModel;
+
 	@Override
 	public void onCreate(Bundle state) {
 		super.onCreate(state);
 		setContentView(R.layout.activity_change_password);
 
+		viewModel = ViewModelProviders.of(this, viewModelFactory)
+				.get(ChangePasswordViewModel.class);
+
 		currentPasswordEntryWrapper =
 				findViewById(R.id.current_password_entry_wrapper);
 		newPasswordEntryWrapper = findViewById(R.id.new_password_entry_wrapper);
@@ -102,13 +114,12 @@ public class ChangePasswordActivity extends BriarActivity
 		String firstPassword = newPassword.getText().toString();
 		String secondPassword = newPasswordConfirmation.getText().toString();
 		boolean passwordsMatch = firstPassword.equals(secondPassword);
-		float strength =
+		float strength = viewModel.estimatePasswordStrength(firstPassword);
-				passwordController.estimatePasswordStrength(firstPassword);
 		strengthMeter.setStrength(strength);
-		UiUtils.setError(newPasswordEntryWrapper,
+		setError(newPasswordEntryWrapper,
 				getString(R.string.password_too_weak),
 				firstPassword.length() > 0 && strength < QUITE_WEAK);
-		UiUtils.setError(newPasswordConfirmationWrapper,
+		setError(newPasswordConfirmationWrapper,
 				getString(R.string.passwords_do_not_match),
 				secondPassword.length() > 0 && !passwordsMatch);
 		changePasswordButton.setEnabled(
@@ -127,32 +138,34 @@ public class ChangePasswordActivity extends BriarActivity
 		// Replace the button with a progress bar
 		changePasswordButton.setVisibility(INVISIBLE);
 		progress.setVisibility(VISIBLE);
-		passwordController.changePassword(currentPassword.getText().toString(),
+
-				newPassword.getText().toString(),
+		String curPwd = currentPassword.getText().toString();
-				new UiResultHandler<Boolean>(this) {
+		String newPwd = newPassword.getText().toString();
-					@Override
+		viewModel.changePassword(curPwd, newPwd).observeEvent(this, result -> {
-					public void onResultUi(@NonNull Boolean result) {
+					if (result == SUCCESS) {
-						if (result) {
+						Toast.makeText(ChangePasswordActivity.this,
-							Toast.makeText(ChangePasswordActivity.this,
+								R.string.password_changed,
-									R.string.password_changed,
+								LENGTH_LONG).show();
-									Toast.LENGTH_LONG).show();
+						setResult(RESULT_OK);
-							setResult(RESULT_OK);
+						supportFinishAfterTransition();
-							supportFinishAfterTransition();
+					} else {
-						} else {
+						tryAgain(result);
-							tryAgain();
-						}
 					}
-				});
+				}
+		);
 	}
 
-	private void tryAgain() {
+	private void tryAgain(DecryptionResult result) {
-		UiUtils.setError(currentPasswordEntryWrapper,
-				getString(R.string.try_again), true);
 		changePasswordButton.setVisibility(VISIBLE);
 		progress.setVisibility(INVISIBLE);
-		currentPassword.setText("");
+		if (result == KEY_STRENGTHENER_ERROR) {
-
+			createKeyStrengthenerErrorDialog(this).show();
-		// show the keyboard again
+		} else {
-		showSoftKeyboard(currentPassword);
+			setError(currentPasswordEntryWrapper,
+					getString(R.string.try_again), true);
+			currentPassword.setText("");
+			// show the keyboard again
+			showSoftKeyboard(currentPassword);
+		}
 	}
 }

briar-android/src/main/java/org/briarproject/briar/android/login/ChangePasswordControllerImpl.java

@@ -1,43 +0,0 @@
-package org.briarproject.briar.android.login;
-
-import org.briarproject.bramble.api.account.AccountManager;
-import org.briarproject.bramble.api.crypto.PasswordStrengthEstimator;
-import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.briar.android.controller.handler.ResultHandler;
-
-import java.util.concurrent.Executor;
-
-import javax.inject.Inject;
-
-@NotNullByDefault
-public class ChangePasswordControllerImpl implements ChangePasswordController {
-
-	protected final AccountManager accountManager;
-	protected final Executor ioExecutor;
-	private final PasswordStrengthEstimator strengthEstimator;
-
-	@Inject
-	ChangePasswordControllerImpl(AccountManager accountManager,
-			@IoExecutor Executor ioExecutor,
-			PasswordStrengthEstimator strengthEstimator) {
-		this.accountManager = accountManager;
-		this.ioExecutor = ioExecutor;
-		this.strengthEstimator = strengthEstimator;
-	}
-
-	@Override
-	public float estimatePasswordStrength(String password) {
-		return strengthEstimator.estimateStrength(password);
-	}
-
-	@Override
-	public void changePassword(String oldPassword, String newPassword,
-			ResultHandler<Boolean> resultHandler) {
-		ioExecutor.execute(() -> {
-			boolean changed =
-					accountManager.changePassword(oldPassword, newPassword);
-			resultHandler.onResult(changed);
-		});
-	}
-}

briar-android/src/main/java/org/briarproject/briar/android/login/ChangePasswordViewModel.java

@@ -0,0 +1,53 @@
+package org.briarproject.briar.android.login;
+
+import org.briarproject.bramble.api.account.AccountManager;
+import org.briarproject.bramble.api.crypto.DecryptionException;
+import org.briarproject.bramble.api.crypto.DecryptionResult;
+import org.briarproject.bramble.api.crypto.PasswordStrengthEstimator;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.briar.android.viewmodel.LiveEvent;
+import org.briarproject.briar.android.viewmodel.MutableLiveEvent;
+
+import java.util.concurrent.Executor;
+
+import javax.inject.Inject;
+
+import androidx.lifecycle.ViewModel;
+
+import static org.briarproject.bramble.api.crypto.DecryptionResult.SUCCESS;
+
+@NotNullByDefault
+public class ChangePasswordViewModel extends ViewModel {
+
+	private final AccountManager accountManager;
+	private final Executor ioExecutor;
+	private final PasswordStrengthEstimator strengthEstimator;
+
+	@Inject
+	ChangePasswordViewModel(AccountManager accountManager,
+			@IoExecutor Executor ioExecutor,
+			PasswordStrengthEstimator strengthEstimator) {
+		this.accountManager = accountManager;
+		this.ioExecutor = ioExecutor;
+		this.strengthEstimator = strengthEstimator;
+	}
+
+	float estimatePasswordStrength(String password) {
+		return strengthEstimator.estimateStrength(password);
+	}
+
+	LiveEvent<DecryptionResult> changePassword(String oldPassword,
+			String newPassword) {
+		MutableLiveEvent<DecryptionResult> result = new MutableLiveEvent<>();
+		ioExecutor.execute(() -> {
+			try {
+				accountManager.changePassword(oldPassword, newPassword);
+				result.postEvent(SUCCESS);
+			} catch (DecryptionException e) {
+				result.postEvent(e.getDecryptionResult());
+			}
+		});
+		return result;
+	}
+}

briar-android/src/main/java/org/briarproject/briar/android/login/LoginModule.java

@@ -0,0 +1,23 @@
+package org.briarproject.briar.android.login;
+
+import org.briarproject.briar.android.viewmodel.ViewModelKey;
+
+import androidx.lifecycle.ViewModel;
+import dagger.Binds;
+import dagger.Module;
+import dagger.multibindings.IntoMap;
+
+@Module
+public abstract class LoginModule {
+
+	@Binds
+	@IntoMap
+	@ViewModelKey(StartupViewModel.class)
+	abstract ViewModel bindStartupViewModel(StartupViewModel viewModel);
+
+	@Binds
+	@IntoMap
+	@ViewModelKey(ChangePasswordViewModel.class)
+	abstract ViewModel bindChangePasswordViewModel(
+			ChangePasswordViewModel viewModel);
+}